Bitcoin Q&A: Scaling, privacy, and protocol ossification

Andrew asks about Moore’s Law and Bitcoin scaling.
“It has been nearly six years since the
one megabyte block size debates began.”
“If Moore’s law has held true, computational speed
and memory capacity should have increased…
by a factor of 8x since then.”
“Accordingly, do you think decentralization would
be compromised by increasing the block size limit…
from one megabyte to eight megabytes?”
“Can the average node now handle an 8 megabyte block
as easily as it could 1 megabyte blocks in 2013?”
That is a great question. First of all, Moore’s Law
isn’t exactly a doubling [of capacity] every year.
At its peaking, it was an approximate doubling every
18 months, but we are already seeing Moore’s Law…
has slowed down.
In terms of the increase in clock speed
and the number of transistors on a chip,
things have slowed down.
Of course, everybody is writing articles about
why we have hit a wall and will never exceed it.
I’m skeptical about articles like that,
because we have heard it before.
Nevertheless, we are not quite at a factor
of 8x [anymore], but that is not the problem.
The real issue isn’t [so much] storage
or CPU capacity for validating blocks.
The really important bottleneck in decentralized,
open, public cryptocurrencies and blockchains is…
network bandwidth and network latency.
Moore’s Law has not operated on network bandwidth
at anywhere near the rate it [effects] CPUs and storage.
One of the big problems with network
bandwidth is ‘the last mile problem.’
Yes, you can stuff a hundred times more [data]
into optical fiber than you could ten years ago,
but that optical fiber hasn’t reached here,
[as in, residential end-users].
Maybe I have fiber-coaxial [cable]
if I am in an advanced country.
There are a few densely populated, first-world,
developed metropoles that have fiber to the home.
But that is a fairly rare phenomenon, representing
a tiny percentage of the overall installed fiber.
Maybe you have coaxial [cable] through your cable
modem, with speeds of about a hundred megabits.
It has been kind of stagnant in terms of development.
If you are down to DSL, then you are looking
at speeds of up to 25 megabits at best.
In most rural areas, you would be lucky to get
10 megabits. In many cases, not even get half that.
In talking about the impact these kinds
of choices have on decentralization…
Bandwidth is an important consideration,
not only on people running nodes, wallets,
and other activities on the Bitcoin network,
but also on the people mining nodes.
The end result of putting pressure on bandwidth and
latency would be further centralization of mining.
Mining is already centralized because of its
reliance on [the shipment schedule of chips].
Furthermore, the other impact it has is
on the initial blockchain download (IBD).
The initial blockchain download is when you bootstrap
a node completely fresh, with no reference to anything…
other than the hash of the genesis block.
To get the entire blockchain, they have to
not only download the entire blockchain,
but then validate every transaction
in every block from the beginning,
while simultaneously [adapting to]
consensus rule changes as it goes along.
Essentially, these nodes are going
back in time to January 3rd 2009,
and replaying history — as if it is happening
in real time — as fast as possible.
That initial blockchain download time takes, at best,
about six hours on a really powerful machine…
with very good bandwidth, able to download
about 250 gigabytes at this point in Bitcoin.
[IBDs] are almost impossible
to do on Ethereum right now.
We see these scaling problems
on many different blockchains.
Again, that affects decentralization of nodes. Moore’s
Law isn’t the be-all, end-all of the scaling problem.
There are broader scaling problems that have to do with
bandwidth, unequal access to hardware, relating to..
how you bootstrap a new node for the first time.
It means that increasing the block size may be possible,
from one megabyte to eight megabyte. Maybe.
But I’m not entirely sure it is necessary or
advisable to do that on the base block size.
There is another consideration. My personal opinion
in the scaling debate is that it demonstrated we have…
a very narrow window in which we can see
[significant] changes to the base protocol.
After that, eventually it [may become]
impossible to make any [significant] changes…
due to a lack of consensus, ossification of the protocol,
and it has been embedded in too many devices.
Then it becomes a matter of choices.
What changes need to be done in the base layer?
What changes that can be done in the base,
but could also be done on layer two?
My personal opinion: privacy is the change
that needs to be done in the base layer,
and it needs to be done before the window closes.
Scaling can be done in the second layer quite effectively.
We will also need some scaling on the base layer,
to support even more scaling on the second layer.
Our real focus right now should be privacy,
not increasing the block size further.
That is just my personal opinion.
[AUDIENCE] After the recent bug, there has been some
calls for more rapid ossification of the Bitcoin protocol.
[ANDREAS] Mm-hmm. [AUDIENCE] I would like
to hear more of your thoughts about that.
In the context of- If Bitcoin really succeeds,
eventually there will be pressure on developers..
to influence the protocol.
[ANDREAS Uh-huh. It is a good thing that they are
not really in charge, that no one is in charge.
It’s funny… If you look at the history of Bitcoin,
there has been a series of moments…
when one or another group says, “We’re in charge!”
and then quickly discovers that they are not in charge.
In Bitcoin, the very expression of power actually
causes it to evaporate. We are all in charge.
As long as none of us try to stick our head above
the parapets and pretend that we are in charge.
We will be yanked back down. Developers, miners,
merchants, exchanges all learned that lesson…
throughout different parts of Bitcoin’s history.
Developers may come under pressure.
I am glad you are using the term “protocol ossification.”
I think I coined that in 2013.
Like every other protocol and technology…
TCP/IP got stuck in IPv4 and then we said
“Oh, that’s ok. We will just upgrade everything to IPv6.”
[Laughter] Nineteen years later… “It’s happening,
any moment now. We are at 40% and growing.
This will happen to any protocol. The question is not
whether it will happen, or even when it will happen.
My most important question is, what can
we put into the protocol before it happens?
To that, the answer is: privacy.
I have been saying this for three years now.
At one point, I was really concerned about scalability.
Then I changed my mind because I realized…
The debate over scalability showed
that ossification was already happening.
We were unable to get agreement on a
hard fork that changed the core protocol.
[Since] we were unable to get agreement on that,
we may not be able to get agreement on other things.
Ossification was already setting in.
To me, privacy became the biggest urgency.
Scalability became a second importance.
You can solve scalability layer two.
You can’t fix privacy a layer two.
[AUDIENCE] Quick question about Bitcoin’s anonymity.
Will that issue be resolved on layer two?
[ANDREAS] I hope not. That is a really good question.
A lot of people think Bitcoin is anonymous.
It is not anonymous; it is loosely pseudonymous,
which means, if you expend an enormous amount
of effort on operational security and [transact] carefully,
you may retain anonymity for a limited period of time.
That doesn’t sound like a good thing, right?
Anonymity is a very touchy subject.
To some people, the idea of money being
spent anonymously is a terrifying possibility…
that will surely mean the end of our civilization.
Of course, the [other] form of peer-to-peer,
anonymous, untraceable money that has…
existed for thousands of years is called “cash.”
Completely peer-to-peer, anonymous,
fungible, and [somewhat] self-verifying.
Civilization didn’t come to an end. In fact, the idea
of surveillance on money is a relatively recent idea.
It was born in 1971 under the Bank Secrecy Act signed
by President Nixon, who we thought would be…
the worst president ever… [Laughter]
There is no bottom, don’t ever assume that.
‘Surely, they can’t go that low?’ Oh yes, they can.
There is no bottom.
That dream started in 1971
and died on January 3rd 2009.
Not immediately, but we put the first nail in that coffin.
Bitcoin needs to be much stronger in
confidentiality and privacy on the base layer.
We learned a very important lesson with the Internet.
IPv4 didn’t have enough security, encryption, anonymity.
We try to retrofit these things with IPsec, SSL, and Tor,
but when you try to do this on the second layer,
it is not as strong and the people who do use
the second layer stick out like a sore thumb.
“Why are you using encryption, man?
You must be doing something wrong!”
As a result, we must do this on layer one.
I think that is our biggest priority in Bitcoin.
There is a bunch of [options].
If you are interested, read up on Bulletproofs,
Taproot, Graftroot, and confidential transactions.
If we do that well on layer one, we can do it
even better and even stronger on layer two.

37 thoughts on “Bitcoin Q&A: Scaling, privacy, and protocol ossification

  1. It's not video… final mile bandwidth won't matter for retailers. And won't matter to miners because PoW will not be feasible for small miners unless they have access to unusually cheap electcicty.

  2. What do you think about the concern that having privacy on the base layer could make it harder or impossible to detect if an inflation bug has been exploited?

  3. I really like how you speak out against bigger blogsize and argue that scaling can, will and should happen on the 2nd layer. However you mention that privacy should happen in the base layer. Why isn't the privacy provided by the lightning network sufficient in your opinion? Why would we still need to update the base layer for that?

  4. Pretty sure Moore's law doesn't apply for distributed systems, I think Amdahl's law applies though. I could be wrong not a CS guy.

    by Larken Rose
    1) Is there any means by which any number of individuals can delegate to someone else the moral right to do something which none of the individuals have the moral right to do themselves?
    2) Do those who wield political power (presidents, legislators, etc.) have the moral right to do things which other people do not have the moral right to do? If so, from whom and how did they acquire such a right?
    3) Is there any process (e.g., constitutions, elections, legislation) by which human beings can transform an immoral act into a moral act (without changing the act itself)?
    4) When law-makers and law-enforcers use coercion and force in the name of law and government, do they bear the same responsibility for their actions that anyone else would who did the same thing on his own?
    5) When there is a conflict between an individual's own moral conscience, and the commands of a political authority, is the individual morally obligated to do what he personally views as wrong in order to "obey the law"?

  6. If bitcoin fails to become private, what about exchanging bitcoin for something like Monero, then back to BTC and transferring to a new wallet? Could that anonymize you?

  7. Blockchain size problem (initial download time…) and privacy problem are kind of interconnected. Mimblewimble seems like a very elegant solution to both.

  8. I have ask the question has network bandwidth not increased in 10 years? Thus 2 MB is just too much somehow. I have to say I don't agree. 2MB is not too much to ask. Also bootstrapping can be done via fixed basis 6 years is fixed and signed and as absolute.

  9. andreas voice comforts us all through this difficult time, regarding BTC price (eventhough fundamentals increase by the hour)

  10. This is my biggest fear with bitcoin's development. That we wait too long and privacy is never implemented on layer 1. I'm really worried since right now, at least to me, it doesn't look like development is being prioritized to implement privacy features to the base protocol. I don't see a future for bitcoin where all transactions are traceable as is today. Monero is super cool but Bitcoin is the big thing that is carrying everything forward.

    I don't want too waut too long until it's too late and we have to settle with coinjoins using sidechains to get "privacy" (it'd still be a cool use for mimblewimble but I don't think that should be the basis for privacy on bitcoin).

  11. Let me bring a perspective that is difficult to answer for smallblockers:
    If pN is the cost of running a node/year and pT is the cost of making an on-chain transaction:
    What values of pT/pN are reasonable?
    I.e. how many onchain transactions is it reasonable that you should be able to make at the same cost as running a node?

  12. Love your way of explaining. U should do a video about cardano since its pos and way more accesibile to the third world countries people, the people that really need this tech. We the poor will never have the money to own one btc or buy one asic…that means we will never have a chance to vote or feel as a part of the btc ecosistem. Not to mention the limitations of the btc tech regarding the future. 2 years ago i managed to buy some used video cards and mine eth and etc, it was good for a while, but then asics got online and reward drpped hard. Asics again. Money again. Money wins all the time, the poor have no chance, and u all shouting bank the unbanked. The unbanked are too broke to buy btc or expensive mining gear…we work for 10$ one full day…

  13. Andreas as always thanks for the great explation, I do not fully agree on the fact that bandwidth do not grow fast enought for increasing blocksize, but this is just speculation on technological trends. Always on the scaling debate, what is your view on the impact of next halving on transaction fees? What if lightning network does not get adoption by than? Thanks

  14. Isn't diversity already a kind of scaling? I'm not sure if "Winner takes it all" applies to the crypto currency world. Maybe we are asking the wrong questions. Not scaling but interfaces for diversity (atomic swaps / LN in a certain way …). Very chaotic blockchain world.

  15. Hi Andreas,

    What you said about DSL limitation in term of speed is not fully accurate.

    Here in Belgium (quite a small country I give you that) we have VDSL and coax that goes up to 100 MB/s (in theory). To give you an idea my VDSL connection is capable 90MB/s spikes but most of the time it's beetween 55-70MB/s sustain but depending on the file(s) size(s) and the place where the server is.
    They have deployed fiber to the "distribution box" (sry I forgot the real name of it) and they still use their copper pairs for the last km.

    It is almost the same for coax. They have deployed quite large rings of very high speed fiber (DWDM or smthg like that) in each "provinces". Then to their "distribution box" and then in coax to the homes. They have had to replace all their old coax infrastructure by a new one (can't imagine the cost of it…). Speeds are about the same but their contract prices are quite higher than DSL though.

    Depending on the contract you have chosen, you get ADSL (20-25MB/s) (Internet access only) or VDSL/coax you'll have Internet access + TV * + VoIP . ( = optional)

    About the Fiber To The Home, they have already started to deploy some in Brussels for testing purpose only. If I recall right, they started two or three years ago.

    Nice video as usual!


Leave a Reply

Your email address will not be published. Required fields are marked *