WBD342 Audio Transcription
Bitcoin Tech #4 - Wrapped Bitcoin & Sidechains with Shinobi & Nadav Kohen
Interview date: Friday 30th April
Note: the following is a transcription of my interview with Shinobi & Nadav Kohen. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.
In this interview, I talk to Shinobi, the host of Block Digest and Suredbits software engineer Nadav Kohen. We discuss Bitcoin scaling, the Lightning Network, wrapped Bitcoin and Liquid.
“Blockchains solve a very specific problem, that’s their big innovation, but they suck at pretty much everything else.”
— Nadav Kohen
Interview Transcription
Peter McCormack: Shinobi, how are you man, are you well?
Shinobi: Well enough, wondering why I lost power for such a long time period that my phone died and wasn't on when the charger came back on.
Peter McCormack: Shut up! Is this some bullshit excuse?
Shinobi: No, if I did something, like get shitfaced and just overslept, I would have sat here and said, "Hey, guys, I got shitfaced and I overslept".
Peter McCormack: Well, we've got a guest today. For the first time on our tech shows, we've got a guest. Nadav, what do you think; do you trust Shinobi?
Nadav Kohen: I do, because he's definitely told me that he's gotten shitfaced before podcasts that I've been on with him!
Peter McCormack: All right, we'll let this one slide. Nadav, welcome to the show. I've been really enjoying your super civilised and intellectual takedowns of people on Clubhouse; it's been an absolute joy to watch. Well, actually, I think I was messaging D++ straightaway, I was like, "This dude's amazing". She was like, "He's the smartest guy in the whole world", so I'm glad to get you on the show. I'd like to welcome you to the listeners of What Bitcoin Did. I'm looking forward to some of your smart, intellectual comments today. Sorry if I'm embarrassing you here.
Nadav Kohen: It's all right, it's very kind. I'm glad to be here.
Peter McCormack: Right so, Shinobi, the background to wanting to make this show is a couple of things. But, can I remind you of that thing you said to me once; I don't know if you still stand by it?
Shinobi: Yup, go right ahead.
Peter McCormack: You said to me, "Base layer Bitcoin, sats, Liquid, wrapped Bitcoin; they're all Bitcoin, but different trade-offs". Now, I'm not sure everyone would agree with that. Do you remember saying that and do you stand by it?
Shinobi: Yep, I still stand by it. I think that trying to play games like that is like a person who's playing games like, "Only if my cash is physically in my hand is this US dollars; if it's in a bank, it's not". Yes it is, it's just in a bank and you need their permission to get it.
Peter McCormack: Right, so they're all Bitcoin with different trade-offs. So, it's a really interesting point because I kind of want to understand those trade-offs. I'm definitely going to push Nadav a bit on the wrapped Bitcoin stuff, because I've heard some interesting takedowns on Clubhouse and I think it's worth people understanding what it means to be using a wrapped Bitcoin and the trade-offs and the risks they're taking, if there are any. You might love them, Nadav; I've got a feeling you don't, but we'll come to that anyway.
So, Nadav, I don't know how much you know about the background to these shows that we make? Me and Shinobi used to be enemies. He harassed me and abused me while I was sat on a plane in Boston for interviewing Peter Rizun and then since then, we've built this beautiful friendship around Bitcoin tech. And without really admitting it, he's basically said I was right about everything and we now make these once-a-month shows!
Shinobi: Ahem…
Peter McCormack: No, we make these once-a-month shows about the technical side of Bitcoin. We go into detail; I make him explain to me like I'm a five-year-old; and if I don't explain, we go like a two-year-old. We've covered UTXOs, we've covered wallets; what was the other thing we did, Shinobi; what was the third one?
Shinobi: Nodes and why they're important.
Peter McCormack: Yeah, nodes; forgot about those. Of course I forgot about those! But, these have proved to be really popular shows. They might not be the most downloaded, but they're the shows that get the most feedback. I get a lot of emails and DMs, people saying, "I love them". I think Shinobi's had a lot of people reach out to him as well, so they're really useful; but it's trying to help people understand this technical stuff at a basic level.
Shinobi: Real quick though, I do want to just reiterate, to anybody who is sending me DM requests that haven't got a response, I'm sorry. It's not that I hate you, it's just I have to juggle a bunch of stuff with my time. So, I try to avoid that folder, except occasional checks.
Peter McCormack: I mean, it's tough being famous and smoking weed all day; I don't know how you fit it all in, dude! Right, listen, to get into this, I know you guys did some planning. We need to talk about why -- are we seeing these are all Layer 2, because obviously I understand that Lightning Network's Layer 2 and I understand that Liquid's Layer 2; are we essentially saying that wrapped Bitcoin are Layer 2, because it seems a different point, but I guess it is?
Shinobi: Yeah, I mean I would say all of these are. I think Nadav agrees with me?
Nadav Kohen: Yeah. I mean, I think a lot of people quibble about what Layer 2 means and there's not really much consensus on it. I personally use it very loosely and I think Shinobi does too, just to mean off-chain Bitcoin, which all these would count as.
Peter McCormack: All right. So, a good starting point, and I'm going to let you take this one, Nadav, because you're new; I'm going to throw you right into the cauldron; do you want to talk about why Layer 2 exists, why Layer 2 is necessary to be built upon, or why technologies are required to be built on top of Bitcoin, because some people might be like, "What the hell? Why can't the Bitcoin basechain do all of this?"
Nadav Kohen: Yeah. So essentially blockchains solve a very specific problem and that's their big innovation, but they suck at pretty much everything else, which maybe this is just a tautology; they're good at everything that they're good at and they suck at the things they're not good at. But, I guess the point here is that they're good at very little.
They're good at this kind of distributed, decentralised, permissionless, somewhat trustless settlement system. But, if you try to add anything on top of that, then you start to trade-off and give up some of those things, either the decentralisation or the permissionless or something like this, censorship resistance.
So essentially, Bitcoin was designed very minimally for this reason and you can't just execute arbitrary programmes on the Bitcoin blockchain, because then no one would be able to run a Bitcoin node, like you all discussed in the last one. So essentially, the idea behind Layer 2 and just layering on top of the Bitcoin blockchain is kind of to take these trade-offs in a way that doesn't affect people who don't want to take those trade-offs.
So, it's a way of scaling, and there are other things you can get with this too, like privacy, benefits and more expressive contracting and programming. But essentially, at the end of the day, you want to be using a blockchain for this base layer settlement that you build on top of, because blockchains really suck and you shouldn't be storing arbitrary amounts of data or executing non-trivial programmes on a blockchain.
Shinobi: Can I attempt to TLDR?
Peter McCormack: Yeah, TLDR that, man.
Shinobi: So, blockchains can't scale. Anybody who's telling you a blockchain can scale is lying to you. So, when you have a bunch of people like us who want Bitcoin to be this super decentralised hard money that anybody can settle in, and somebody else wants to do Bitcoin PayPal, you can't put that on the blockchain, so you have people send you your Bitcoin and you do Bitcoin PayPal with your own centralised database, because that does scale.
So, all the things that people want to do on top of Bitcoin, besides just that super hard money we can verify, you just can't do that on the blockchain; it just won't work.
Peter McCormack: Well, Shinobi, let's break it down even further. Define super hard money. What is it about Bitcoin that makes it super hard money?
Shinobi: That we can all see the supply; we can all see when new coins are issued; we can all see that none of the rules are being broken there; and if all of us can't run a node, none of us can verify that. Well do you think you could fit PayPal's entire transaction database on your MacBook, Peter?
Peter McCormack: No, but let's break that down; because again, let's get to the absolute basics. I'll have a shot for once. The way I see it, the simple way I see it, is that for anyone to be able to run a node, they have to be able to store the entire blockchain of data. And, to be able to store the entire blockchain of data, we have to try and attempt, or people who have programmed Bitcoin have to try and attempt to keep the blockchain as small as possible.
That's what it's about really, so it can keep all transactions. And I would say that any trade-off to allow more data, or anything else to be built on top of that, is going to change the trade-off in terms of how many people can run a node. How did I do?
Nadav Kohen: That's great. I also use Layer 2 very broadly and I also use the big blocks very broadly, so I talk about smart contracting platforms as just bigger blocks with extra steps. The goal is to keep things small.
Peter McCormack: Nadav, let's talk about the trade-offs, say, that Ethereum makes and rather than just have a, "Ethereum is shit", let's just be neutral about it. But, what is the trade-off Ethereum makes versus Bitcoin and what does that mean for users of Ethereum?
Nadav Kohen: So, there are a lot of ways in which they differ, but I think the one we're talking about right now is just about kind of the considerations for decentralisation of running nodes. In those terms, Ethereum has more blocks with more computation required in order to do validation and you have to keep track of state on top of accounts and all sorts of other things.
So essentially, in the Ethereum world, the majority of users are not running fully validating clients; they're trusting some set of trusted clients that they just -- they essentially are running light clients. So, this has some trade-offs. The benefit of people running light clients is that you can have the base layer do a ton of stuff because not many people are validating it, in comparison to something like Bitcoin.
Of course, the downside is that not many people are validating it. So, if your trusted people are lying to the people trusting them, then they can run away with all sorts of funds and all sorts of other attacks that you open yourself up to.
Peter McCormack: Right, okay. So, moving on from that, if we know that, with regards to the Bitcoin basechain, Shinobi, that we want to ensure that Bitcoin is maximally decentralised, which means keeping the blocks small, which means anyone can run a node from almost any device, old laptops, Raspberry Pis, etc, what is the history of scaling, before we start actually talking about these Layer 2 solutions; can you talk to us about the history of scaling and when the discussions, or the initial discussions around Layer 2 technologies and how we've got to where we are now?
Shinobi: Well, that's going to be a long deviation from this outline here.
Peter McCormack: Well, give me the short version.
Nadav Kohen: Yeah, the TLDR.
Peter McCormack: Yeah, TLDR.
Shinobi: Well honestly, that conversation started the instant Satoshi published the whitepaper to the mailing list. Literally the first response to that paper was from a man named James Donald, who literally his first response was, "This is a very interesting system; this is cool; but, this doesn't scale; this is not going to scale big enough for everybody just to transact on it".
So, he specifically started talking about Chaumian eCash servers, a centralised, private, digital cash that David Chaum invented in the 1980s and actually deployed a little bit with two banks in the 1990s, and using those on top of Bitcoin as a way to actually be able to scale to transact and get some privacy benefits out of it too. That was literally the first response to Satoshi when he published the whitepaper.
Then from there, you had Hal Finney and a lot of other people just come to the conclusion that banks are going to be how we settle this and use this for money. And then obviously, during the same period, you had a lot of people, Roger Ver, the people who eventually started the Bitcoin Cash crowd; they just wanted to make blocks bigger. Then, during this whole period, a kind of quiet period where there wasn't really much discussion publicly about these different attitudes, you started having things like basic payment channels get developed. And then, the paper for the Lightning Network came out, in 2015 I think it was.
So, by the time that you would have had these two groups, the big-blockers and the "Let's do Bitcoin banks" kind of smashing heads when all the blocksize wars started, by that time you had these ideas for the Lightning Network, sidechains, these payment channel constructs. So, when that really came to a head, instead of just banks versus bigger blocks as an argument, we had this whole new toolkit of all these second layers, like sidechains and the Lightning Network to play with as an alternative to bigger block.
So, it kind of naturally got to the point where the people who wanted to do bigger blocks left and did that, and we're building out all these way better options than "just use banks".
Nadav Kohen: Yeah, and I think sidechain discussions started around 2014, so around the same time as Lightning.
Peter McCormack: For me, as somebody who doesn't really understand the technical side too well, it seems to me like the Lightning Network is a specific Layer 2 technology and then most of the other things that we've talked about, Liquid, wrapped Bitcoin and some of the other sidechain technologies I've heard of, all feel very similar in that they maintain some kind of peg. So, your Bitcoin gets locked up and you get issued some kind of other token. Am I right to think that there's the Lightning Network versus sidechains; is that a fair way of seeing things?
Nadav Kohen: I think I know what -- Shinobi, was your response going to be, "They're both Layer 2s, they just have different trade-offs", or something like that?
Shinobi: Yeah, pretty much. I wouldn't say they're "versus" each other, it's just they're both optimised for different trade-offs. And also, a kind of nit-picky point to make is, as long as a sidechain is based on Bitcoin, you can put Lightning on top of a sidechain and Lightning on the sidechain can talk to Lightning on the mainchain and those things can interoperate between each other.
Nadav Kohen: Yeah. One cool feature of Bitcoins being so restrictive is that essentially, any layer on top of it that isn't more restrictive can interoperate with any other, because at the end of the day, they both settle down to Bitcoin.
Peter McCormack: Right, okay; that's fair. So, what's a better starting point; shall we start with the Lightning Network itself, or shall we look at sidechains?
Shinobi: I'd say sidechains, just because it's probably going to be easier for less technical users to wrap their head around.
Peter McCormack: Okay, you start then, Shinobi. Explain what a sidechain is and how it works.
Shinobi: Okay, so pretty much, Bitcoin's blockchain doesn't scale, so let's make a new one. And, when we make a new blockchain, you can really do whatever you want. We could just copy/paste the Bitcoin code as it exists now and replace mining with something, and that's a sidechain. Or, we could take the Ethereum codebase. Why would you want to do this? I don't know; some people have though, and you could just make a sidechain on Bitcoin with that.
So really, the important thing to think about is you're just making a new blockchain and those rules can be whatever you want them to be. But the catch is pegging the Bitcoin in. You have to put that Bitcoin on the mainchain somewhere to create some kind of guarantee that when you get this new Bitcoin token on the sidechain and you spend that and you do things with that, that the money sitting on the mainchain doesn't just disappear before you go to claim it; to make sure that anybody who moves that mainchain Bitcoin is only people who have Bitcoin on the sidechain, so nobody can lose their money.
There are really a lot of different ways to do that, but the real only deployed way today is with a multisig address.
Peter McCormack: I'm going to slow you up; we're going to go on a few slower steps. Okay sorry, Shinobi, you know I do this. Okay, firstly, I just want to cover what we mean by scaling. What we're trying to do here by scaling Bitcoin is trying to either/or, or either/and I should say, we're trying to allow for people to do a little bit more with their Bitcoin; whether it's to move Bitcoin around a little bit faster, or achieve more transactions, throughput; that's what we're trying to achieve. Or perhaps, you may even say, execute some kind of smart contract code.
But, we're trying to do more with Bitcoin, but we're trying to do that in a separate environment without affecting the basechain. God, I always think I know what I'm saying, but I explain it badly. Is that okay; have I got that?
Nadav Kohen: Yeah. At the end of the day, block space is scarce, so we want to be able to use Bitcoin without competing with everyone else for the scarce block space.
Peter McCormack: But these sidechains, also themselves, come with trade-offs. So, I think one of the easiest ways, why don't we use a specific sidechain as an example; can we go with Liquid, Shinobi?
Shinobi: Yeah, that works.
Peter McCormack: And just, my basic understanding of Liquid is that, I lock up Bitcoin and then I receive Liquid Bitcoin. And with Liquid Bitcoin, I'm in a new specific blockchain which allows me to do other things; am I correct?
Shinobi: Yeah, pretty much in order to get Bitcoin on Liquid, how Liquid works is you have the Federation. So, that's just a big multisig address and that's used to actually sign blocks on the sidechain. So, instead of proof of work and mining for blocks, you just have the Federation sign them. And, as long as the threshold of the Federation signs it, that's a valid block accepted.
Also, the Federation also has custody of all the Bitcoin on the sidechain in a multisig on the main Bitcoin chain. So, the real high level of the consensus is you just put Bitcoin into this Federation's multisig and they issue this token backed by that Bitcoin on the sidechain. Then, that multisig address is totally in control of the coins on the mainchain, of what's happening on the sidechain. You completely have to trust that at least that threshold required to sign from the Federation will act honestly; both in operating the sidechain itself, and not stealing anybody's Bitcoin on the mainchain.
Peter McCormack: Okay. Is it fair to say that Liquid Bitcoin is a form of custodial Bitcoin, if I'm having to trust the Federation?
Shinobi: I would say it's fair to point out similarities there. I wouldn't call it outright custodial, because instead of a single entity having total control to do whatever you want, you have to have that threshold of members in the Federation agree to do something, so multiple people have to agree in order to steal your money; there isn't the one person that can just do that.
Nadav Kohen: I think I would consider it like a distributed custodianship, where the most distributed custodianship is just having your own keys on Bitcoin and then there are things in between, and then there's putting your funds on Coinbase or Gemini or Kraken, or something; this is a bit more distributed than that.
Peter McCormack: Okay, just so people understand with the Bitcoin base layer blockchain, every ten minutes, a miner mines a new block, approximately, and that will include all the transactions that have been created, etc. But, on the Liquid blockchain, the blocks aren't mined; they're signed for by the Federation. So, we should probably explain the Federation a bit, who's in the Federation; what are the type of people who've signed up; how many have to sign a block; how does that all work?
Shinobi: Well, it's pretty much just run by exchanges in the space and actually some legacy financial institutions, like the Swiss Stock Exchange is one of the Federation members. But, I think for the on-chain wallet, it's a 12-of-15, I think, multisig because until we get Taproot, that's the biggest multisig you can make, is 15 people.
Then, for the sidechain consensus, I think there might actually be more signers than that, because there is a membership tier in Liquid where you can be part of the Federation, so to say, in that you are a registered business; you can process withdrawals out of Liquid for customers; but you're not actually part of the multisig that's holding keys on the mainchain or signing sidechain blocks. Then, there's the higher-tiered Federation member, where you're actually participating in custodying the funds on the mainchain and signing the blocks.
They also just released, in the newest node client for that, support for something called a Dynamic Federation. So now, pretty much the members with whatever thresholds are needed, can add or remove different members from the Federation. So, let's say one company, they haven't been managing their servers right, they went down, that company is just consistently not signing blocks for the sidechain, they're not signing withdrawals when they should; a majority of the Federation can just kind of kick them out of the multisig, remove them from signing blocks on the sidechain, move the coins on the mainchain and remove their key from that.
They can also add new members. So, we just lost a member of the Federation. Somebody else who is going to be reliable wants to join. They can just add him in as well. So, instead of just this static group, it's this evolving set that can change whenever a majority of them want to change. And I point that out because I think for people who want to use something like Liquid, that's an important thing to pay attention to.
Let's stay you start using the network right now because you trust the people operating it right now, there is the possibility that that changes over time. So, if you're a user of that network, that's something that you should pay attention to and be aware of.
Peter McCormack: Okay.
Nadav Kohen: So, yeah, with something like Liquid, the Federation is this consortium of businesses that have a vested interest in Liquid existing and they're trusted, not as individuals, but as a group.
Peter McCormack: Right, okay. So, what's the use case for Liquid? Who's using Liquid; and why would they use it? It seems to me something like Lightning is something I can pretty much send Bitcoin to anyone with. Like, Nadav, if you wanted to receive some sats, I could send it to you. You've probably got a Lightning wallet, same with you, Shinobi; a lot of people in Bitcoin do. Liquid seems a bit different. Who would be using Liquid and for what purpose?
Shinobi: Well originally, the main idea behind it is for traders. If you look at transactions on the blockchain, I think at times, up to 50% of them are literally just coins moving between exchanges, because you have traders taking advantage of price differences. So, the original purpose for Liquid was just give traders a little walled garden where they can just move things between exchanges quickly and not eat up all this mainchain block space that could be used by Lightning users, or people actually using it as money.
But really though, there are a lot of potential uses beyond that, like the ability to upgrade it much more quickly, because it's not the mainchain. These businesses can just coordinate and upgrade things. There's a lot of potential for more flexible smart contract stuff that we can't do, or can't do as easily right now on the mainchain. If you're okay with that trust environment, and that's the key point here, it's also just a cheaper layer to move or manage Bitcoin.
Over the next couple of years, fees start going up, they stay up, it's going to be very hard for somebody who wants to buy $100 of Bitcoin and self-custody it; that's going to be very expensive for them. But, if they're okay with the kind of trust model of a sidechain like Liquid, that might actually be much more affordable for them.
Peter McCormack: Do the Liquid blocks have a block size?
Shinobi: Yes.
Nadav Kohen: They do come every minute though, instead of ten minutes.
Peter McCormack: And when they come every minute, do they confirm every minute, rather than waiting for a certain number of combinations?
Shinobi: Yeah, you can pretty much treat, after the first block built on top of that, as good enough, because none of the Federation members will ever do a reorg more than one block.
Peter McCormack: Okay. So really, it sounds to me like Liquid is, well almost what it says; it's a sidechain; it's a separate environment whereby you trade in your Bitcoin, you receive Liquid Bitcoin, you can move it around their network quickly. I could move some Liquid Bitcoin to Nadav; Nadav, you could move it on to an exchange; you can move it one exchange to another.
It just gives you a lot more flexibility and then, perhaps when you're done in that environment, you can withdraw your Lightning and you get basechain Bitcoin back. But also, like you said, Shinobi, it might get to some point in the future where actually, people just hold Liquid Bitcoin and don't actually hold basechain Bitcoin.
Nadav Kohen: Yeah, and I also think they have some other experiments going on in Liquid, like Shinobi mentioned; it's a good breeding ground for experimentation since it's much easier and more centralised to do updates than on a public ledger like Bitcoin. So I think Liquid also has confidential actions, like Zcash, like technology that they're experimenting with; and they have issuing of new assets and things, so people are playing around with NFTs, however we think about them. You can do these kinds of things on a sidechain as well.
Peter McCormack: Okay, so just my final question on something specific to Liquid: if we trust it enough and it is faster and cheaper to move Liquid Bitcoin around within that network than on the basechain, is there a scenario where Liquid expands so much that so many people have put in their Bitcoin with Liquid that that actually is a risk to the basechain?
Shinobi: Well, I mean potentially, but I say that risk exists for anything. That could be Coinbase or that could be JP Morgan or a Bitcoin ETF. Too much of all the coins going to one place is bad, no matter where that place is, if it's a centralised place.
Nadav Kohen: Yeah, though I would say it's probably worse for the people using Liquid than for the people who just have Bitcoin on mainchain, because it's this bigger honey pot now and maybe there's more incentive to exit scam, or something like this.
Peter McCormack: Yeah, but I guess then it comes down to who is part of that Federation and it has to be the right companies where there's no incentive for them to do that, because it destroys Bitcoin.
Shinobi: Peter, I'm going to blow your mind right now.
Peter McCormack: Go on, blow my mind, dude.
Shinobi: You could have multiple federations on a single sidechain like Liquid. There is actually no reason why the "official" Liquid Federation has to be the only people who accept Bitcoin on the mainchain and give you Bitcoin tokens on the sidechain. You could have 12 different federations on Liquid, if people wanted to do that.
Nadav Kohen: To be clear though, Shinobi, that would mean that there are 12 different sidechains, right; it's not like there's one sidechain with multiple federations.
Shinobi: No, you could do that on one sidechain. Right now, Nadav, I could go issue an asset on Liquid, you could send me Bitcoin and you could have Shinobi's Bitcoin on Liquid, instead of the official Federation.
Nadav Kohen: Got you, so you're talking about a sidechain off of a sidechain, kind of, if I'm understanding you correctly?
Shinobi: I mean, you could do it that way, or just directly on the same sidechain.
Peter McCormack: Okay, well look, my general understanding for Liquid therefore is that it has a certain use case for certain people who want to move around Bitcoin in a certain environment, quickly and easy at a lower cost. I don't personally have a use for that right now; I'm not a trader. Perhaps if I was arbing between certain exchanges, I might look at it, but I understand it.
Nadav Kohen: One last important thing to note is that part of the reason why this makes a lot of sense for traders is the downside of the sidechain -- at least, it's federated to a pegged sidechain, is that you have to trust the Federation, but traders are already trusting all of these exchanges while they're doing their normal business activities, so it makes a lot of sense for them.
Peter McCormack: Can you explain what the peg is and how that is maintained?
Shinobi: Actually I think, Nadav, if you want to go into this, this would probably be a good point to kind of generalise the concept of the peg and kind of get into that?
Nadav Kohen: Sure, yeah; at a super high level and then I'll let Shinobi maybe take it a bit deeper. A peg is just any mechanism that you can use to essentially take Bitcoin off or out of the Bitcoin blockchain and essentially bring it elsewhere, such as onto a sidechain or onto Lightning -- well, maybe we don't want to get into that yet -- but such as onto a sidechain. And then, if it's a two-way peg, you should also be able to then take it back so essentially, destroy the off-chain Bitcoin and reclaim the on-chain Bitcoin.
Though maybe as a quick note, the simplest kind of peg is just a one-way peg where you burn your coins on-chain; so you provably destroy Bitcoin by sending it to a random -- not a random address, but an address that no one knows the private key for. So, you could send it to some specific message that was not constructed by generating a private key, or something like this; or just to an unspendable location, like an OP Return. So, you provably burn your Bitcoin in a way that gives you this off-chain token, but then you can never claim it back.
So, this has probably very different use cases than something like Liquid, where you want to be able to get your Bitcoin back. But, yeah, most people, I think, are more interested in two-way pegs, although I think there are some fun little projects out there where you literally just burn your Bitcoin and get this off-chain kind of Bitcoin.
Peter McCormack: Burning your Bitcoin sounds scary?
Nadav Kohen: It does, but I think it's maybe a little less scary than you might initially think. For one, I don't think any of these proof-of-burn one-way pegs are advertised as a store of value; it's more so to users, so maybe you burn $5 and now you can use this other smart contracting platform, or whatever, on a sidechain without introducing a new token.
Then the other thing to note, when other people are burning your coins, you shouldn't mind too much, because that's good for you as a Bitcoin holder.
Peter McCormack: Yeah, good, burn those coins!
Nadav Kohen: Yeah, go burn those coins! So, a notable one-way peg would be a counterparty, which is a Bitcoin -- I think we call it a sidechain, where you burn -- I know not too much about counterparty, other than that's where the Rare Pepes existed. So, the original NFTs were on this one-way peg sidechain of Bitcoin back in, I don't remember when, but a while ago. But, yeah, maybe more interesting are two-way peg mechanisms, because they're harder.
Provably burning coins and then never having to worry about bringing those coins back onto Bitcoin is not as difficult as trying to maintain a two-way peg, where you can freeze on-chain funds in order to get off-chain funds and then burn the off-chain funds in order to unfreeze your on-chain funds, is I guess how I would describe a normal two-way peg.
Peter McCormack: Yeah, still that concept of burning your Bitcoin to get some other token coin somewhere else; I don't know, that sounds scary. Let's move on to the wrapped Bitcoin. I think there's a potential some people listening so far are going to be, "What the fuck? I've got no idea what you lot just talked about".
Shinobi: There's still one fun thing I think you should get into.
Peter McCormack: Go on; what have I missed?
Shinobi: So, I think when it comes to sidechain pegs there's one important thing to understand; this is the most important thing. Whatever security claims that the sidechain is making about the actual sidechain itself, can never be greater than the security claims of the peg that's actually putting Bitcoin on that chain. One thing we didn't get into is there are proposals to, instead of using the Federation in a multisig as a two-way peg, you can use miners. We would create a new opcode that would let miners just take control of coins with a long timelock.
The idea would be that you trust the majority of miners to be honest and when you want to leave the sidechain, you would make your transaction on the sidechain. After a long time delay to guarantee that honest miners can call shenanigans, if some miners are trying to steal money, it would just unlock the coins and give them back on the mainchain.
But, there are a lot of incentive concerns there in terms of maybe bringing more centralisation pressures to mining doing that, but there are some sidechains out there, such as Rootstock, that use proof of work for the sidechain block consensus; but, they use a multisig for the peg, because there's no support for using miners for that right now.
So, I just want to point out that even though they're using mining and proof of work on the sidechain, none of that security transfers over to the Bitcoin on that sidechain. It would apply to some new tokens, or NFT stuff that you minted there, because those only exist on the sidechain; but, the security of the Bitcoin, it gains absolutely nothing by the sidechain having miners, because that peg is still a multisig that some group of people control.
Nadav Kohen: Yeah, and as a last note, I think it's probably worth mentioning, the state of sidechains these days is very much oriented around these kinds of federations that you trust, that use some kind of multisig on-chain. But, sidechain research is very much cutting edge active research that people are doing today; so, I wouldn't be surprised if in ten years, we have a much cooler, different story. But, it's very much open research that's still happening.
Peter McCormack: So, back to wrapped Bitcoin as I said. This one's a little bit more, I think, going to be interesting for some people, because I'm pretty sure a lot of people will have heard us talk about Liquid sidechain and for a lot will have been, "What the fuck are you guys on about?" But I think wrapped Bitcoin, there's a bit more interest because, not that I agree with it and I would never wrap my Bitcoin, it sounds scary as hell; but, the idea that people can do a little bit more with their Bitcoin on the Ethereum blockchain, they can essentially use it to earn yield, etc, I think there's going to be some more interest in that.
I think at the same time, there's going to be some people losing their shit going, "Why are you covering this? Just call it a scam. Wrapped Bitcoin are not Bitcoin. Go to fucking hell", etc, but I think just to do it justice, I think it's over $1 billion or something, maybe it's even more, is locked up. There is a lot of Bitcoin that is locked up as wrapped Bitcoin right now, so I think people should definitely hear about it and if it's a negative, they should hear why.
Just first and foremost, and you both should answer, but I'll start with you, Nadav; do you have a general opinion on wrapped Bitcoin?
Nadav Kohen: Yeah. So I think honestly, it's not too far removed from things like sidechains, in the sense that if you're willing to trust some parties, then it's not too different between using a sidechain and using wrapped Bitcoin; though I will say, using wrapped Bitcoin is just inherently going to be a little bit more risky, because you not only need to trust some peg, but you also need to trust that this other blockchain you're using works, you know, its consensus mechanism works and its cryptography works and it doesn't have any bugs and it isn't going to be forked tomorrow into something entirely different, and all sorts of these kinds of other, newer considerations.
I think though one of the key differentiators that makes this maybe a little less interesting to me than sidechains is that, at the end of the day, in order for these things to work, you are kind of relying on another token as storing some kind of value in order to maintain the security of that other system. So, if you're someone who thinks in the long term, Bitcoin is going to be much, much more valuable than these other tokens just as a thing that stores value, then you're not actually going to be able to securely lockup very much Bitcoin elsewhere; it just won't make very much sense.
So, I think it's more interesting today than it will be in the future; so, just from a research and technology perspective, I find it a little bit less interesting, but I guess I'm trying to stay pretty open-minded about it as something, at least for now, as a way to play around with Bitcoin elsewhere. Shinobi, I'd be curious what your opinion is though?
Shinobi: Well, I think you are exactly correct as far as framing it as a sidechain; I mean, that's literally all it is. It's a trusted peg with, I think, BitGo and, yeah, it's just using Ethereum as if it were a sidechain. So, Peter, I think this is just as much Bitcoin as any Bitcoin on the Liquid sidechain is.
But really, the only reason this exists is because there is so much degenerate trading nonsense that exists for no reason than to take sucker's money on Ethereum, and there are enough traders in this space who denominate and want to trade in Bitcoin off of that; so, here you go, somebody did it!
Peter McCormack: So, in some ways, the wrapped Bitcoin is similar to Liquid in that you are sending your Bitcoin to a multisig where it's locked up, and you are being issued a token on Ethereum in return; and at the point you want your basechain Bitcoin back, you're sending the Ethereum back to whatever wallet that goes to and you're receiving your Bitcoin back. I understand that; it's very similar in terms of that.
But, once you're on the Ethereum Network with your Bitcoin, we know there's a little bit more flexibility. You can move it around quicker; they have yield services; they have trading; there are a whole bunch of things you can do.
Shinobi: Yes, Peter, there is an infinitely larger number of ways to lose your money, Peter; yes, there is! You can experience the joys of paying the transaction fees when the transaction fails and doesn't go through; you can experience the joys of thinking you're about to get your winning shitcoin traded, having some miner undercut your trade transaction with their own in a block; you can experience the joys of smart contract failures, fees higher than Bitcoin fees were at the highest peak; all of these joys can be yours if you just wrap your Bitcoin on Ethereum!
Peter McCormack: So basically, you're exposing yourself to all the issues or problems that people have identified with Ethereum; basically that's what you're saying? Are there any examples where people have lost their wrapped Bitcoin, or wrapped Bitcoin have been stolen; do we know of any of those yet?
Shinobi: Not off the top of my head but honestly, these days, I really don't pay attention to the shit show of Ethereum that much.
Peter McCormack: Nadav is furiously searching!
Shinobi: I feel confident saying it's likely that some have been stolen in a smart contract exploit; I would say that is highly likely by now.
Nadav Kohen: Depending on your semantics for whether you consider that stealing, right, Shinobi, if it's just about contracts that you put your money into?
Shinobi: That's definitely an argument to have.
Peter McCormack: So, Nadav, I want you to do one of your more interesting Clubhouse takedowns of this. Start talking about some of the risks that people are exposing themselves to, specifically with Ethereum. I've heard you explain, in a very civil and very detailed and understandable way, of some of the massive issues associated with Ethereum. Do you want to take that very broad question and pick off what you want to choose from that?
Nadav Kohen: I guess there are a couple of things. One of them, we've already discussed, which is it's very challenging to actually run a validating Ethereum node. So, in most cases, people aren't just trusting this peg in order to have this wrapped Bitcoin, but they'll also be running a light client and trusting some other validating entity in order to do validation.
So, you could be told that you received something in return for your wrapped Bitcoin when you really didn't; there are all sorts of gains that your -- essentially you are just inherently, as not being a full validator, you are inherently at greater risk of being lied to or thinking that things are a certain way that they aren't.
There are also the risks Shinobi mentioned where Ethereum in particular uses Solidity as a programming language. It's not an ideal programming language for contracting. I guess that's an opinion, but as someone who works in strong-type system programming languages for the purpose of not burning people's money, the idea of using anything like JavaScript to store people's funds and decide who gets what funds in a contract is just absolutely mortifying to me. There's so much attack surface when it comes to complex Solidity scripts.
Though, I will note this isn't something that's inherent to a smart contracting platform, but you do, I guess, just inherently, if there's more functionality, there are more things that could go wrong, just at a high level. So, I think those are probably two of the bigger risks. I guess there are also some others with respect to how Ethereum changes. They hard fork very frequently; they have a very centralised leadership that makes decisions on how Ethereum is going to change; it's kind of just a bunch of these risks wrapped into this one ecosystem where everything in the background, you always have to keep in mind.
The security of this blockchain is actually tied to the value of this token. And, in Bitcoin, we have this nice property that Bitcoin, the asset, is a desirable thing. Well people are using Ethereum, Ethereum in some sense is kind of analogous to -- I'm being a bit loose here, so don't come after me on Twitter, but ETH, the token, is not an asset that you want to hold in the same way that Bitcoin is. When people are buying Bitcoin, they are thinking of it as a long-term store of value investment.
Ethereum acts more like a banking fee. It's like this fee that you pay in order to use the Ethereum Network. If you're buying ETH and these other tokens for blockchains as an investment in your head, it's like investing in banking fees; it doesn't really make much sense as this store of value token. And, at the end of the day, the security of not only proof of work and the Ethereum blockchain, but also lots of these contract schemes that are distributed -- well, it depends on the model, but some of these decentralised exchanges and things like this are also relying on the value of ETH not dropping, especially if you're thinking about this in the long term.
I just think that there is a lot to unwrap when it comes to what are these extra risks you're taken if you're using something like wrapped Bitcoin, or Ethereum just more generally. I will say though, I don't want to paint a picture of, this is garbage; no one should ever use it. I mean, maybe in the long term, but the bigger point I just want to make is that you should not view holding ETH as an investment in the same way as holding Bitcoin. I think that there are some fundamental differences there and I think that a lot of people not understanding those fundamental differences leads to the information asymmetry that's just perfect for scammers. You don't want to expose yourself to that; you want to really understand what it is that you're holding.
Peter McCormack: Not to defend ETH, because I don't own any, despite somebody giving me lots of hot tips to buy it recently; ETH might be one of the few cryptocurrencies that actually also trends upwards over multiple years and cycles. Now, look, there's a lot of bullshit that goes in there; they're changing their monetary policy, etc. But, at the same time, some people would argue, "Well, it's still proven to be a good investment over a long enough time period, perhaps how Bitcoin has".
Are you saying you shouldn't treat it like Bitcoin because in some ways, I see Bitcoin now as not a beta? I was doing an interview with Dan Held earlier. He said, "If Bitcoin succeeds…"; I kind of feel like it already has. Are you saying that there are too many long-term risks with ETH for it to be trusted as an investment?
Nadav Kohen: I think that's part of it. But, I also think, just fundamentally speaking, if you put speculation aside, which maybe you can't, Bitcoin's goal is to store value and Ethereum -- again, speaking loosely, Bitcoin is not one person who has a goal; it's a bunch of different people. It's different for different people what it is. But generally speaking, I think it's relatively fair to say that Bitcoin's goal is to be this store of value, this thing that people put value into. You can see in its monetary policy and in its design and in the way that it changes when we're discussing things like soft forks and Taproot and things like this, that it's really fundamentally speaking, we want to make sure that it's this good money; whereas, I think it you look at how ETH is designed, it's really meant for experimenting with these smart contract things and decentralised computing of some kind.
First of all, I personally think that moving to proof of stake and these other things that are in the plans, or in the road map, or whatever for ETH; I have my own very, very large issues with proof of stake. I think that comparing it to proof of work is pretty silly. It's really just this very different trust model; it's not a consensus model in the same way that proof of work is. I think, value and speculation aside, Bitcoin has proven itself to be a protocol that has the properties that you would want in a store of value in terms of, it's very hard to change; when it does change, it requires this broad consensus; and, it has these certain priorities.
Whereas if you look at ETH, they hard fork all the time; centralised leadership, relatively speaking, at the very least; I think that the value of it aside, the actual what it is, technologically speaking, like what is ETH, isn't as conducive as an investment so much as the other arguments that have been made that I'm more sympathetic with, that it's a utility of some kind, as opposed to this money, this store of value.
Shinobi: Peter, I'm going to eviscerate this topic in about 30 seconds.
Peter McCormack: Okay.
Shinobi: Anybody who is thinking of ETH as an investment should ask themselves these questions. Look at all the clones of Ethereum, the more and more centralised clones, like Binance chain; think about the fact that JP Morgan has forked and made a private version of Ethereum before; and, start thinking about the direction they're going to solve all of their problems with zero-knowledge proofs to handle all scalability.
At this point, really why isn't that going to go any way except all of these financial institutions, because they are going to be the only ones who could run validating nodes for something that unscalable in the first place, just have their own little private database. And they just reconcile their completely private databases with zero-knowledge proofs. And then, what value does a public Ethereum Network and the asset of Ether have, when all the utility of all of this just boiled down to, you guys finally got banks to replace COBOL.
Peter McCormack: That's fair. I mean, I don't invest in ETH anyway. I mean, I don't care about people who do; I'm not going to go on Twitter and yell at people anymore for that, because I've tried that and first, I can't technically argue it and at the same time, if people want to do stupid stuff, they want to. I think you could make a fair argument that if you pick the right timeframe, ETH is a good investment. Whether you think ETH is a good product is a different thing, but people invest to make money on bad products. I think it's a bad product, but on the right timeframe you could.
Shinobi: Pete, that's a good trade.
Peter McCormack: Yeah, it's a good trade.
Shinobi: It's not an investment; you're making a trade. You are short-term timing the market to profit on something; you're not making a long-term investment.
Peter McCormack: But, what's the difference between an investment and a trade; what's the timeframe that makes a difference between a trade and an investment? A trade to me is something, you know, traders going in and out the market; but, there are some people who will invest in Ethereum and perhaps over multiple months, even over a couple of years, they might, on the right timeframe, outperform Bitcoin; that is a potential.
Nadav Kohen: I think maybe one thing to point out though, even on this point is that, even if we want to call it investing, we should still make sure to delineate in our minds this is not like investing in a stock, right. As I mentioned, ETH does -- well, I mean there's this speculative aspect to it, but in some sense, it's at least a little bit similar to, as I mentioned, investing in the thing you pay fees with, like investing in banking fees, in some sense, as opposed to investing in a bank, or in a company, or something like this.
I don't think that it's fair to market investing in ETH as like investing in the ecosystem, because that's not what you're doing, at the end of the day; which is also, I think, why I semantically would go closer to calling it trading, because you're just taking part in this speculative environment. The way to invest in the ETH ecosystem is not to buy ETH; that's not equity. You could invest in companies built on top of Ethereum by actually buying equity, you could do things like this and I would maybe call that something closer to investment.
I guess, yeah, the difference between a trade and an investment is just the semantic, somewhat murky water, but I would err on the side of -- I mean, I get when people talk about investing in something like ETH; it's just I hope that they also internally understand what the differences are, compared to other things that they would call investments.
Peter McCormack: Maybe. Yeah, I mean I've got no reason to defend ETH, but I still know that yelling at people has never stopped them. And I also imagine even some of your more civilised takedowns, Nadav, have still not changed people's opinion on it and people are going to do what they're going to do.
Nadav Kohen: I hope they don't view them as takedowns when I'm just having a discussion, but I know what you're saying!
Peter McCormack: I do; I love it!
Nadav Kohen: Oh, okay!
Peter McCormack: But it was mainly, the one I remember most was the guy from Polkadot; that was pretty savage! Okay, well listen, we've dealt with wrapped Bitcoin; let's move on to Lightning. I'll let you kick this one off, Shinobi. Is Lightning the best Layer 2 technology we have?
Shinobi: I'm going to pass the baton to the man actually building in this space and just maybe normie it down a bit if necessary, but I think Nadav should start this one.
Peter McCormack: All right. So, Nadav, would you say that the Lightning Network is the best 2nd layer technology we have; and then the reasons why you would say that?
Nadav Kohen: Yes, if the trade-offs you're going for have to do with -- if you're a trader and you're trusting exchanges anyway, then I could see arguments being made for other kinds of Layer 2s. But, I think for what a lot of bitcoiners are looking for, they kind of want to be able to spend their Bitcoin maybe, or at least use it for payments; and they want to do it in a way where they're never giving custody to someone else and requiring trust in that way; and they want to remain these fully validating, fully sovereign, in some sense, entities, I think that Lightning is the thing they're looking for.
So, I should explain what Lightning is, okay?
Peter McCormack: Yeah, let's explain how it works.
Shinobi: Assume you're talking to people who just learned what a UTXO is.
Nadav Kohen: All right. So, you understand if you have Bitcoin, what you really have is the ability to spend a UTXO. So, I guess, we also discussed sidechains a little bit, so there is some similarity here, though there are some important differences. The similarity is, what we're going to be doing is we're going to be locking up our Bitcoin on-chain in order to get our Bitcoin on Lightning and then we can spend it on Lightning and then later, reclaim it on-chain. But, we're not going to be using a Federation or a peg really.
So, how this works is, maybe let's start by talking about what a single Lightning channel looks like. We're get to this whole network that is called the Lightning Network, but one of the more fundamental pieces of technology is just the ability to have a payment channel. So, you can think of a payment channel a bit like a bar tab.
If you go to a bar, at least in the US, you can hand them your credit card, they'll open a tab, you can make as many payments in exchange for drinks or whatever else, food, as you want and then at the end, when it's time to leave, you close the tab and then you make a single payment. You can think of this as helping avoid using the actual payment rails except for at the very end, essentially, to avoid fees; and if you're talking about something like Bitcoin, it's also much faster, they don't have to swipe your card each time, where swiping your card in Bitcoin, or the analogy here, takes ten minutes; maybe 30; maybe an hour. So, it's this much faster, instant settlement, if you will.
So, this is kind of what channels are attempting to do. It's essentially this trustless, cooperation mechanism where, if I open a channel with Shinobi, it's like an open tab between the two of us. We can send funds back and forth; it's like a private ledger instead of a public ledger. And then, if we're done interacting with one another, then maybe we can go on-chain and just do the aggregate of all of our transactions.
But the key thing here is that unlike these analogies I've been making, since this is actually built on top of Bitcoin in a relatively clever way, it doesn't require that me and Shinobi trust each other to uphold this tab. If we were just willing to trust one another, not really much use in a blockchain if everyone is just willing to trust one another.
So, what Lightning channels look like are, we are going to move our funds into a shared UTXO, a 2-of-2 multi-signature between, say, me and my channel counterparty, Shinobi. And the reason that we do that, now those funds cannot be spent on-chain. It would require me and Shinobi in order to sign off on that. And so that means that I can't take my funds, which are supposed to be locked up in this tab, and spend them on-chain without Shinobi knowing about it, because it requires his signature.
So, on-chain, what we have is this shared custody model, this 2-of-2 multi-signature, and so this is what makes it so that we know we're not double-spending; that's the locking mechanism. Then to unlock, if we're both agreeing, we can just sign who has what and send those funds off in Bitcoin world, if one were closing our Lightning channel.
Then the last piece of this puzzle is, in order to make this actually trustless, we need a way in order to essentially have some kind of state of our tab, of our channel, who has what funds, that doesn't require cooperation in order to enforce. We want to be able to commit to a state in a way that once I've committed to a state, then Shinobi can send the coins into me and him as we can deserve them, on-chain without me; unilaterally.
How this works is, we have what's called a "pre-signed transaction". Or, you can think of this as just a transaction that's fully valid; me and Shinobi have both signed it; that spends our shared custody funds, our 2-of-2 multisig; and outputs his balance to him and my balance to me. But, the thing we do with this transaction is we just don't broadcast it, we just hold onto it. And then, so long as we are both cooperating, we are able to essentially update this transaction and revoke the old state. So, you can essentially update this transaction and then at any time, if ever there's a disagreement, Shinobi disappears, I just want to close my channel and I'm done with it; then, I just broadcast this fully valid transaction and it doesn't require any cooperation from Shinobi in order to do that.
So essentially, the Lightning Network is just a way to use Bitcoin in a way that so long as me and my channel counterparty are cooperating, we can send funds back and forth, have essentially instant settlement, pay no on-chain fees, don't even touch a blockchain unless there's a dispute or we have some other reason why we need to close that channel.
So this is maybe, as I've described it so far, useful for two businesses that pay each other often, or two friends that pay each other often; but what about, how does this actually help us scale to do payments between two arbitrary peers; how am I supposed to pay someone I've never met, that I just met, that I want to pay over the Lightning Network? How it works is, you can actually connect Lighting channels. So, if I have a channel to Shinobi and Shinobi has a channel open to Peter, then I can essentially pay Shinobi to pay Peter and we can essentially do these routed payments.
Then, the cool thing about Lightning and the way that this is all set up is, since our Lightning channel state is just a Bitcoin transaction, you can think of that as essentially, as I mentioned, a private ledger between me and Shinobi where this ledger, normally it just has my balance and his balance. But really, it's as powerful, as expressive as the Bitcoin blockchain, in terms of the kinds of contracts that you can write up. Bitcoin has some minimal scripting; you can do multisig; you can do timelocks, hashlocks, these kinds of things; so essentially, anything that you could put on the Bitcoin blockchain, you can put on this private channel between me and Shinobi.
So, one example of a contract that you can have in Bitcoin is called an "atomic swap", which is essentially a trustless way of, I send coins to you and you send different coins to me and we can essentially use these things called hashlocks to make this atomic, so that I can only claim my funds if I've sent you your funds; so, they either both fail or they both succeed.
So, we can just put these in Lightning channels and how this happens then is, I essentially don't just pay Shinobi right away; I don't move my money into his balance. Instead, I move it into this intermediary place, just as an output on our transaction, on our state, so that it says, Shinobi can claim these funds if he tells me this secret, the preimage to a hash, or something like that. Reveal the secret behind this thing and you can claim these funds.
But, the trick here is that Shinobi doesn't know the secret, Peter does. So then I tell Shinobi, if you want to know what the secret is, you have to pay Peter this much; that's what he's expecting. And then Shinobi sets up the same contingent payment in his channel with Peter where he's like, "I'll pay you if you give me this secret", and then he takes maybe a small fee; we're talking milisatoshis. And then Peter, who wants to get paid by me, will accept that payment and how he does that is he reveals the secret to Shinobi so that he can claim his funds and then, they update it and actually move it into his balance.
Now Shinobi knows the secret and so he gives it to me and keep in mind, if he never got the secret from Peter, that means he never lost funds. So, if he did get the secret, that's the only way he could have lost funds; but since he has the secret, now he can claim the payment from me. So, the routing nodes never get footed with the bill and essentially, this is the technology that allows us to link these channels up. So, you can imagine this is a very simple, we just routed through Shinobi for me to pay Peter, even though I don't even have a channel open to Peter; but, you can have, like, 20 hops. I can pay through a bunch of different channels and eventually reach the person who I've never met before who I'm trying to pay.
So, really just by opening a single Lightning channel with another person who has some Lightning channels open, if you're just joining the network, you already have access to basically the entire network that you would want to have access to, after just opening a channel or two.
Peter McCormack: Right, I'm going to make you break this down a little bit easier now. That's a good explanation and I'm going to say one of those things that pisses people off and they say, "Pete, don't do this", but I think a lot of people just won't give a shit; they'll be like, "I just want to use it".
Nadav Kohen: That's fair.
Peter McCormack: Yeah, and I'm glad you explained it and it's not that I don't appreciate it; I do. It's more to say that, you know, when I use the Visa Network, I don't understand how money gets moved behind it. I swipe my card and the money goes. And yes, I understand with Bitcoin we need a little bit more responsibility, I do understand that.
But just for the basics, I want to use the Lightning Network, Nadav; I've got my Lightning wallet; I've set up my node; I've downloaded Umbrel; I've set it all up and it says, "Open channels". What is happening when I click and open the channel?
Nadav Kohen: Yeah, great question. So, when you open a channel, what that means is that you are moving your funds into a shared custody with the channel counterparty. That allows you then to spend it over Lightning and no longer to spend it on the Bitcoin blockchain itself.
Peter McCormack: So, if I open up a channel with you and that's my only channel, but say you've got ten channels, by the time I've used you to send some sats to somebody random across the network, it's going to go via our channel, via a bunch of other channels to get to that person?
Nadav Kohen: That's right. And all this should be hidden from you, using any reasonable wallet. You'll just open a channel to me and then, you'll be able to just pay. Like, someone gives you an invoice; you pay that invoice; it's a QR code or something; and then behind the scenes, you'll be using your channel to me. You'll pay me; I'll pay someone else; they'll pay someone else; they'll pay the person you're trying to pay; and then, it'll all happen in a way where either the payment fails for everyone, or it succeeds for everyone.
So essentially, when you are paying over Lightning, the key thing is you're not actually going on-chain, so it's very fast, you know, a second or two; you don't have to wait for block times and things like this; and also, you're not paying for block space. There is still a fee involved; you have to pay in order to use other people's liquidity, because they're essentially locking up their own Bitcoin in their channels for you in order to facilitate this, so they'll take a small fee, but it's nothing like block fee. As I mentioned, everything on the Lightning Network is denominated in milisatoshis.
Peter McCormack: Right, okay, but let's just say I owe --
Shinobi: So, Peter, when you guys get through this, I'm going to do what I always do when you respond with, "People won't care" and I'm going to jump in with something that they have to care about.
Peter McCormack: That's good, and you should do. But, I just want to do a couple more questions with Nadav. Okay, so Nadav, I open up a channel with you, that's my only channel open and I've opened it up with, I don't know, 0.05 Bitcoin; that's the maximum amount that I can spend. Once I've spent that, I'm out of liquidity?
Nadav Kohen: If you don't receive anything and you're just spending, then yeah; that's the Bitcoin that you have to spend. If you wanted more, you would have to lock up more open channels.
Peter McCormack: Okay. What about if I open up with 0.05 Bitcoin a channel with you, but your channel -- does your channel have to match mine, or can you have less Bitcoin in your side?
Nadav Kohen: Good question. So, these days, and this is already changing; I believe C-Lightning, which is an implementation of a Lightning node, already has this feature; but these days, when you open a channel, only one side funds the channel, so they start with all of the funds. But, in the very near future, as I mentioned, this has already been done in the real world in the wild, we will have dual-funded channels, where both parties -- the opening process is a bit more complicated; it requires this coordination when you open a channel, which is why we didn't start with this, it was a next step. But, with dual-funded channels, essentially both parties will have funds and since this is just locked up on-chain, each channel has a fixed capacity for the sum of both sides.
But, yeah, when you make a payment, your side will have less; my side will have more. And then, if you receive a payment, it will go back. So, when you're running a Lightning channel, you do have to think about, at least a little bit, this liquidity. If somebody wanted to pay you, then I have to have enough on my side of the channel in order to facilitate that payment, otherwise I'm not going to be able to.
If you wanted to pay more than 0.05, then you wouldn't be able to just by using this one channel. Likewise, if I only have 0.001 on my side and someone wants to pay you 0.002, then I'm not going to be able to facilitate that either. So, you need both inbound and outbound liquidity, or Bitcoin, that's pointing at you and Bitcoin that you are pointing outwards. In the future, this is all just going to be handled for you.
I think some wallets even today, like I think Phoenix, does a lot of this for you; you don't have to worry about all of this rebalancing and stuff like that. Though, it is pretty early days for the Lightning Network, so there are still plenty of wallets out there and desktop apps and such that you would have to do a lot of this management somewhat manually and that is a big barrier to entry for a lot of people, if they're using those kinds of wallets. But rest assured that not only are there already these things but in the future, all of this stuff is going to be hidden, you're just going to have a wallet on your phone or something where you can pay people and people can pay you and it will just manage who has how much in your channels and things like this.
Peter McCormack: Okay. So, the next thing I'm thinking about with this, Nadav, is that when I open a channel, I am essentially committing Bitcoin to the blockchain, so I am paying a transaction fee for that. And, when we close a channel, the same happens. Now sometimes, the network can be quite congested, so I could be paying a fairly high fee. Let's just pick a moderately high fee, say $20, to open a channel. So really, I don't want to be opening a channel with $50 of liquidity, because I could be paying a high fee. So, it feels I need to be opening one with a certain amount of liquidity. But, could you also be a bit of a dick and force close a channel and I suddenly have to pay a fee?
Nadav Kohen: Yes. So, that's certainly the right kind of concern to have. I will say some of this stuff is made better, especially for channel opening, by soon there will be services, if there aren't already -- I know that at least some of this stuff has been done in the wilds, though it might have been more of a proof of concept -- but, you can essentially open a channel, along with a bunch of other people opening a channel, all in this one big transaction, where everyone essentially saves on fees by doing this; and, it's better for privacy. It's like a CoinJoin mixed into opening a Lightning channel; no one knows which one's yours.
Peter McCormack: Awesome.
Nadav Kohen: So, that helps a little bit but at the end of the day, yes, opening and closing channels requires on-chain attraction, at least today; in the future, there's super futuristic awesome tech, like channel factories and other stuff that hopefully will help mitigate this even further, where you can open -- or there's other things like, as Shinobi mentioned, you could in theory have Lightning channels on Liquid, that you open and close them on Liquid and then you're still able to interact with people who have channels open on Bitcoin itself and things like this.
So, I think there are, as time goes on, when this becomes a bigger problem, we're going to have better solutions for it. But, yeah, I think one of the key things is you're going to want to lock up -- you're not going to want to open very small channels. You're going to want to have a few, not a ton of channels, but you're going to want some relatively larger, more reliable channels with people who aren't just going to force close on you.
So, that's another piece, is that as the Lightning Network matures, new nodes are going to be more conscientious about who they open channels with. And, if someone is just consistently force closing on them, you're not going to open a channel with them.
Shinobi: Also, splicing too is another potential here, where instead of closing out a channel, your party could just kind of take their money out of it, but then open it up right again with your money still in the channel, if they needed to do something else.
Nadav Kohen: Yeah, so essentially, one reason someone might want to close a channel on you is because they need these funds. So, if it's not a griefing attack, where they're doing it just to mess with you, then there are some alternatives for them so that they won't have to close your channel and make things inconvenient for you. What they can do instead; two things.
One, Shinobi just mentioned, is called "splicing", which is where you can essentially, via an on-chain transaction, presumably that they would pay for at least some of, you can essentially take your on-chain shared custody and spend it into a new on-chain shared custody spot, so your 2-of-2 into a new 2-of-2, but where it has less in it and they took some of their balance and just had an on-chain output. So, that's one way of just withdrawing without closing your channel.
Another way is to use something called a "submarine swap". These days, I think it's usually called "loop out" instead, because Lightning Labs has a project called Loop. Essentially what this lets you do is, you pay someone on Lightning and they pay you on-chain, and you use that same atomic swap I talked about, that you use for routing; you use that with the on-chain Bitcoin payment to make it atomic as well. So essentially, it's a way of doing a swap of on-chain for off-chain coins. So, you go to Lightning Labs, or someone who's running one of these services, you pay them on Lightning and you withdraw on-chain. So, there really isn't a need to close your channel if you just need to withdraw your funds; there are alternatives.
But, Peter, I think you are still right in worrying about, "What if Shinobi and I have a channel open and he's mad at me and he just wants to be a dick and close his channel on me?"
Shinobi: Jerk!
Nadav Kohen: That is something to think about.
Peter McCormack: Well, it just sounds like to me, we're very early and all these scenarios are still being figured out. Do you imagine we will get to a scenario whereby some people will only ever hold Bitcoin which is on the Lightning Network; they won't know the difference; it will be on their phone? I'm trying to imagine that scenario, but for that scenario to happen, there has to be Bitcoin locked up on the mainchain, so who is that locked up by, where and how do they not steal that Bitcoin? But, that's something in my mind.
Nadav Kohen: Yeah, so I think it's totally feasible and I think it's already happening to a small degree, especially with things like Strike, which let you essentially debit from your bank account and then get funds directly over Lightning. And as I mentioned, we will have dual-funded channels, but you can still have channels that are just singly funded, where your counterparty put in all of the initial on-chain funds and, say, you pay them from your bank account, or something like this.
You can have those kinds of schemes where you end up with funds on Lightning, which means you have private keys. You're one of the two signers on that shared custody 2-of-2 multisig, but you didn't fund any of that Bitcoin that went into that shared custody; they took your US dollars or your pounds, or something like this.
So, I think it's totally feasible and definitely part of the vision for a lot of people working on the Lightning Network, working on Lightning Network wallets and things like this, that in the future you won't even have to go through on-chain Bitcoin in order to get onboarded and instantly start using Lightning-enabled applications and things like this.
Shinobi: So, Peter --
Peter McCormack: Do it, man.
Shinobi: -- I think this is a perfect transition into the things users have to care about and understand.
Peter McCormack: All right, do it.
Shinobi: So, one of the things we didn't get into so far is the mechanism that really makes this kind of updating the transactions something you can do securely. So, pretty much every time you do that, what you're doing is you're exchanging a key, or you're passing that off to the other party, that goes to a little "if" clause in the Bitcoin that is another way to spend the outputs that this pre-signed transaction creates.
So that key pretty much, if they take the transaction that you do this exchange for and they try to submit it to the blockchain in the future, this extra key just lets you take all of their Bitcoin; because pretty much what they're doing is they're taking an old balance that you guys have since changed, so this is not where the money should be going, and they're submitting it to try to steal from you. And so, that's kind of enforced with this extra clause in those outputs and this key that you exchange that if somebody does that, the other guy can just take all of your money; like, "Bad, you tried to steal from me, this is your punishment for it".
So, there are some things that users just have to be aware of if they're going to use the Lightning Network. The first one is, if you lose any of those keys for old transactions that you guys have revoked, or if you lose the most recent pre-signed transaction that hasn't been revoked yet, you're in big trouble because that means, one, you don't have the ability now to just take your money out by yourself. You need that person's cooperation, because all you have is these old ones that if he sees on-chain, he's just going to steal all your money.
On the other token, if you lose some of those keys for the revoked transactions to punish them, if they ever found out about that or became aware of that, they have a bunch of these old transactions where they might have more money than they should and they could get away with submitting that if they got that confirmed before you confirmed the most recent one; and you don't have that key that lets you take the money to make things right.
So, you have to be very aware of that. Losing that information puts you in a very bad situation where your money's at risk. Also, this is kind of enforced on the other side by timelocks; so, you have to come online within that timelock and check things every once in a while to make sure that your counterparty didn't do something like take an old transaction and try to steal money from you, or you have to have somebody doing that for you.
There's plans for something called a "watchtower", which is something you would talk to when you transact, and it would have all of the things necessary to punish somebody if they tried to steal from you and just always be online looking for that. But, these are things you have to understand if you're using Lightning, or you're not really aware of the risks you're taking.
Nadav Kohen: Yeah, I think maybe as a synced way of thinking about what are the, say, new security considerations is, let's picture this scenario, where somebody is trying to, say, double-spend you.
So, we have our current state, which is this fully valid, fully signed Bitcoin transaction that spends our 2-of-2, our shared custody coins to you and me, but that we just don't broadcast, right. So, we have that and now, say, me and Shinobi have a channel open and I pay Shinobi a large amount and then, say, after I pay him a large amount, I attempt to broadcast that old state, where I hadn't yet paid him. So, this would be like me trying to double-spend, right? I've spent it on the Lightning Network, and now I'm trying to reclaim it on-chain.
So, what stops me from doing that? The key thing, no pun intended, is that when I made that payment to Shinobi, how I do it is we create a new state, a new transaction, that spends that same 2-of-2 shared custody, that now, instead of sending, let's put numbers to it, say we each start with 1 Bitcoin in the channel; so, I get 1, he gets 1 and then in this new state, I get 0.5 and gets 1.5. So, say I pay him 0.5 Bitcoin over the Lightning Network.
Then what happens is we create this new transaction where I get 0.5, he gets 1.5, then we fully sign it. But, this isn't considered the new state until we do one more thing, which is revoke the old transaction. Now the question is, how do you revoke a Bitcoin transaction, right? There's kind of this key thing where, once something is valid, it's never going to become invalid; you can't literally make it so that the signatures are no longer valid, or something like this. There's no way of doing that.
So instead, what we do is actually, rather than saying I get 1 Bitcoin, he gets 1 Bitcoin, we make it conditional. We say, "I get 1 Bitcoin, but I can only claim it after this waiting period", and that's the waiting period he has to go to court to contest. If I publish an old state, he has that amount of time in order to go on the blockchain and be, "No, this isn't an old state". So, there's another spending branch.
So, the coins that are on my side of the channel, I can only spend after a timelock, but Shinobi can spend them without a timelock if he knows a secret, called the "revocation secret". So, when I revoke an old state, what that means is I just give him that secret. I essentially give him the ability to take all of my coins if I publish an old state. And that's how we update our Lightning channels. We are just constantly giving the other person the ability to punish us, if we do something that we're not supposed to; if we violate the rules of this Lightning channel.
What that means is, you have to keep all of these secrets, you have to keep the ability to punish your counterparty and you have to be online at least once every contest period, in order to make sure that they haven't cheated you. So for example, on LND, or LND-backed wallets, I believe the default these days is two weeks; so, you have to have your nodes synced, you have to look at the blockchain and make sure your UTXO still hasn't been spent, at least once every two weeks. Or, as Shinobi mentioned, have a watchtower doing that for you; but then you're trusting them, or you could have a bunch of watchtowers and you're trusting that at least one of them is online and playing nice.
The second thing is, you also have to keep the current state, because if you don't have that, then you no longer have the ability to close the channel and claim your funds. So, those are the new things that you do need to be aware of, is that you have to be online at least once every contest period, where there's a default. I think on some wallets, it is even as small as every day, but those are wallets that you would have to run on your laptop and set up and know what you're doing. I think the default these days -- nodes that more normal, non-engineer people use, tend to have a default closer to once every two weeks. And, if you do know what you're doing, you can change this to be more.
The trade-off though is, the longer you have, the less you have to be online, less constraint; but, if you do close your channel non-cooperatively, then you have to wait longer before you actually get those funds back. So, that's just a built-in trade-off.
Shinobi: It's kind of like multisig. It's just more complicated than just one key on chain, so you just have to think about this other data. I think that's universal to any new way of interacting with Bitcoin.
Peter McCormack: But, Peter, I will note that I think while these are important, especially moving forward if you have larger amounts, a lot of people using Lightning today, you just have $10 on your phone or something. Worst case, you lose $10. I think for small amounts, it's entirely reasonable to be a bit more laissez-faire about these things; an I think there are a lot of use cases for Lightning in gaming and things like this, where you really don't need much more than that.
Peter McCormack: Yeah. I'd still very much like -- I don't want to know all this. I know it pisses people off, I just don't.
Nadav Kohen: We're working on hiding it; we're doing our best!
Peter McCormack: Yeah, well that's what I'm saying. And, it's not to be disrespectful at all, in any way at all, but I'm just trying to think generally speaking, I'm looking forward to this all being abstracted away. And I know a lot of it is and there's some amazing work being done and, Shinobi, I know you're saying I should know this stuff, but the Bitcoin basechain's really easy for me to understand, right? I know I can self-custody it; I know I can run my own node; I know how a multisig kind of works; and if I just want to transfer value, I just send it to another address and it's gone. It's either in my wallet or in their wallet.
There's a lot of intricacies and I know people don't need to know this, but when you talk about, "If you know a secret, etc, and you have to keep the secret", I think a lot of that just needs to be abstracted away. I still think I will use the Lightning Network and just hope it works and not care about these things in the background.
Shinobi: But there's still the key things you need to understand. To use Bitcoin on-chain, you need to understand your keys, your mnemonic seed, how to keep that safe and you need to understand the consequences of what a UTXO are. So, if you're going to use Lightning, you need to at least understand the basic concept of these channel updates and these things that you can't lose without putting your money at risk.
Peter McCormack: No, I understand.
Nadav Kohen: I do think though that a lot of this, like if you're thinking about, for example, on-chain, a lot of it just reduces to keeping your seed safe. If you have the backup, you're going to be okay. And I think one of the things in Lightning that's going to make this a lot more user-friendly, and there are a lot of different ways of doing this being tested, a lot of them are already out there, but backup mechanisms for Lightning channels.
If we can reduce this to, so long as you have access to your Lightning channel backup, then you don't need to worry, is kind of the goal for where we want to go with a lot of this stuff as well. So, I think that will make it a lot easier to use as well, at least for the things you have to know, become simpler if you have a way of generating all of the things you need to know from just one thing.
Shinobi: You know actually, I think this is a good place to just get into the concept of a Lightning service provider and how that's functioning today to abstract things.
Peter McCormack: I hope that's what I think it might be, because I'll tell you what, again, another controversial thing; right now, because I keep so little Bitcoin in Lightning -- actually, I've got a counterpoint to that. I did used to keep so little Bitcoin in Lightning, I had $400 in, but obviously since then, we've had a massive price run-up, so that Bitcoin's worth a lot more. But generally speaking, I was quite happy with a custodial Lightning solution, because I had so little Bitcoin in there. I know that's not what people want to hear, but I was happy to risk that amount in a custodial service. Ironically now I'm not, because the price has gone up 12X.
Shinobi: Well, I would say custodial Lightning services would definitely qualify as OSPs, but I'd say it's a little bit more expansive than just that. I think the best non-custodial example would probably be Breez. It's a very simple wallet. I think they've even recently integrated the Sphinx Chat, or Podcasting 2.0 streaming payments for that.
But, the way they structure that is, in addition to just being a wallet, they're actually a service provider beyond that; they will actually open a channel to you with liquidity, so that you can actually receive money easily over the Lightning Network. All of the issues Nadav brought up, with him having to have enough on his side of the channel for you to be able to receive those payments; they step in and they will front-load a channel with money on their end, so that the user can just open the wallet, click and they're receiving money.
They also function, and this is something I would say users should think about and be aware of, they will watch the blockchain for you as well to scan and check and react to that. But, given that they open the channel to you and they're literally the person, you know, the other side of that channel, the other part of that key, they're watching in case of a screw-up or a malicious employee. But, that doesn't really add anything if you assume Breez themselves will just start acting maliciously.
So, that's something that a user should be aware of and consider when they're using that. But, these kinds of opportunities to offer the little services there to smooth over the user experience problems, that's becoming a thing now; that's how a lot of these wallets have been able to capture a non-technical user base and actually get them using Lightning. I think that's really, for at least the next couple of years I think, going to be the way that issues get papered over and managed.
Another thing they'll do is, I believe, Breez and a lot of other wallets, they will handle encrypting all the channel backup stuff you need to a key from your seed mnemonic and then push it encrypted to a cloud storage, like Apple or Google Drive. And, it's just all these little ways to kind of automate and hide that from the user. So, I think it's really important, if you're going to run out and start using Lightning with these apps and wallets like this, you should just be aware of and consider the fact that there's a little more trust sometimes getting interjected into that that wouldn't exist with just an on-chain wallet you get from Google Play, you know what I mean?
Peter McCormack: Okay.
Nadav Kohen: Yeah, I think Lightning, and with Lightning service providers, you get this really -- there's the trade-off between, at least these days, hopefully a lot of this goes away in the future; but, this trade-off between how much you're trusting someone else and how easy it is for you to use this complex, new technology.
But, I think the cool thing is there's this very wide spectrum and you can go all in and don't trust anybody and always have a node online somewhere, multiple nodes, do whatever you want and take care of this all yourself, but you're going to have to have maybe a little bit more technical expertise. Or, you can go custodial; you don't have to worry about anything.
But then there's also all of this room in between that we can start filling in using Lightning service providers, where you only have to worry about these things and everything else, you're trusting other people for. So, it's not custodial, so it's better than something that's custodial, but there's still some trust involved; not as much as a custodial wallet, but I think there's this nice spectrum of how much you're trusting versus how much you need to do, and there's probably some nice middle point for everyone.
Though I think everyone should start just with a little bit on a custodial wallet; I think it's just a great way to get started. Then later on, if it's something that you're going to use regularly, or have a decent amount of funds in, then you're going to want to figure out somewhere closer to the middle.
Peter McCormack: Okay, right. There's lots to think about here. I think I'm going to call time on this one, because we've done a lot; there's a lot to contemplate here. I think, in summary for myself, I have no use for Liquid right now, but I'm going to keep an eye on it. I can see scenarios where I would maybe consider using it, but right now I won't. Absolutely no chance in hell I'm going to wrap any of my Bitcoin and risk that shit.
Nadav Kohen: You're not planning on minting WhatBitcoinDidcoin?!
Peter McCormack: Petecoin, maybe I'll do Petecoin at some point! But, I definitely need to spend a bit more time looking at Lightning, bit more time understanding Lightning, but I think I'm going to spend some time playing with some wallets that I like and that work without me having to think about it. I think I'm going to take a look at Breez, have a bit of a play with that.
But this is very useful. Appreciate both of you. I am interested to see what the feedback from this will be, whether we've gone too techy or not techy enough, but I'll let you both know.
Nadav Kohen: Do we want to really briefly mention some wallets for people?
Peter McCormack: Yeah, list some favourite wallets.
Nadav Kohen: Yeah, so I think BlueWallet is most people's custodial wallet of choice.
Peter McCormack: I have that.
Nadav Kohen: It's like, you don't want to worry about anything; just use BlueWallet. Then they have Lightning wallets as their custodial solution. Breez is another great one that's somewhere closer to the middle. It's technically non-custodial, but you are using Breez and maybe trusting them a little bit. I think Wallet of Satoshi is another, I want to say, custodial wallet.
Then, for non-custodial wallets, you have Phoenix, which tries to hide a decent amount from you in terms of, you don't have to do everything, but it's doing it for you, the app, and it's with your keys on your phone; it's non-custodial. And then, there's Zeus, is another non-custodial option. There are others out there, but I think --
Shinobi: Zap from Jack Mallers too. It's another nice non-custodial one.
Peter McCormack: Yeah.
Nadav Kohen: Anyway, I just wanted to mention those in case people listen to this and want to play around.
Peter McCormack: And that's useful and we'll stick it in the show notes. I think I'm going to have a play with them though. I mean, I know BlueWallet, I know Noona; I've got BlueWallet. I think he's done some great work working on the UX of that recently which is very cool. I think I've downloaded Breez but never played with it, so I think I'm going to go and have a play with two or three of those, see how I get on.
Nadav, I do want to say thank you for coming on; that's your first appearance. I know we've got something else planned in the future, so we're going to --
Shinobi: You'd best be having him on shortly to talk about DLCs!
Peter McCormack: We don't and I don't know -- I've got to think what's useful to the people listening to my show. I think that's a cool topic, but I think that's probably more aligned with someone like Marty or Stephan Livera. I know my audience and I think some of Nadav's more detailed explanations and what's wrong with other blockchains, or the risks they're making so they can consider their investment, is the kind of show I want to make with him, because I know I've probably got the less hardcore bitcoiners, some of those people who might be considering putting money into other investments/trades. I think we're going to touch on that.
Shinobi: It's okay, Nadav, I'll dump a bucket of water on his head in Miami!
Peter McCormack: We will do DLCs at one point; we will cover it at some point. All right, well listen, Shinobi, I will see you in Miami secretly somewhere.
Nadav Kohen: I will be there too.
Peter McCormack: Well, I'll see you both there. I'm going to organise a party, so you should both come.
Shinobi: Sold!
Peter McCormack: Yeah, that should be fun. Shinobi was a secret guest at the last one, but nobody knew who he was!
Shinobi: They knew the guy with the beard though; if you ask anybody, they've remembered him.
Peter McCormack: That photo came up; did I send it to you? That photo came up on my phone recently.
Shinobi: I don't think you did. I just still chuckle over the fact that half of Bitcoin Twitter thought that I would somehow sneakily get selfied without my permission!
Peter McCormack: You gave me permission; I got permission.
Shinobi: Yeah, and then everybody immediately screamed at you, "Shinobi wouldn't have given you permission!"
Peter McCormack: I fucking did; he's smiling in it! But I never -- I didn't put it on Twitter or anything, did I?
Shinobi: You did. I told you too and then everyone started yelling at you!
Peter McCormack: Oh, that was it, yeah, "Fuck Pete; Pete's done something wrong again!" Well listen, look, I loved this, appreciate it, appreciate you, Nadav; it's good to get to know you now and yeah, will be good to get you back on the show. Shinobi, we will circle back and figure out what we're going to do next month and, yeah, thanks guys. My head's a bit scrambled right now, but I'm going to go away and think about this.
Nadav Kohen: Yeah, it's been fun.