Jimmy Song on the Game Theory of Bitcoin Attacks and why Proof of Work Needs to be Expensive
Download Episode MP3 File
The file will open in a new window. Click down arrow to download the file.
Interview location: Skype
Interview date: Monday 1st October 2018
Company: Programming Blockchain | Blockchain Capital
The recent Bitcoin protocol bug, CVE-2018-1744, received considerable amounts of alarmist press, “For less than $80,000, you could have brought down the entire network,” “The most catastrophic bug in recent years, and certainly one of the most catastrophic bugs in Bitcoin ever.” Despite these claims, few looked into the detail of the bug and the game theory behind executing an attack.
Code has bugs; code has always had bugs, rather than focus on criticising developers it is important to assess how it happened, why it happened and how to avoid similar problems in the future. Alongside process, it is also important to not just analyse the potential damage a bug can cause but also the game theory behind an attack.
While the founder of the bug, Awemany, used his discovery of the bug to launch a scathing and personal attack on Bitcoin, Jimmy Song analysed the bug, how it could be exploited and the game theory behind such an attack.
This week I caught up with Jimmy to discuss his findings, and also:
State level attacks
51% attack game theory
Why proof of work needs to be expensive
How non-techies can support Bitcoin
SUPPORT THE SHOW
If you enjoy The What Bitcoin Did Podcast you can help support the show my doing the following:
Become a Patron and get access to shows early or help contribute
Make a tip:
Leave a review on iTunes
Share the show and episodes with your friends and family
Subscribe to the newsletter on my website
Blockfi can help you to use your Cryptocurrencies without having to sell them.
If you trying to buy a house, maybe fund a business, or even pay off your taxes, you might be faced with the choice of selling your Crypto, but with BlockFi you can keep your crypto and still pay for those outgoings with a crypto-backed loan.
You can use your Bitcoin or Ether and get USD funded directly to your bank account, and with loan sizes ranging from $2,000 to $10 million, BlockFi is perfect for supporting financial goals of any size.
With the largest crypto backed lending footprint in the U.S., BlockFi offers regulatory compliant loans that can be delivered into your bank account in less than 90 minutes. They are the only cryptocurrency-to-USD lender to receive institutional investment, enabling them to provide the most affordable and trustworthy lending service within the ecosystem.
They have created a special offer to listeners of my podcast. Sign up at blockfi.com/whatbitcoindid to get $25 in free crypto added to customer collateral for loans under $10k or $50 in free crypto added to customer collateral for loans over $10k. Applying takes less than 2 minutes.
Distributed Health Conference
BTC Inc is excited to announce its upcoming conference, Distributed Health, November 5 & 6 in Nashville, TN. This is the first conference to bridge the gap between blockchain technology and the healthcare industry. Now in its third year, this two-day event is an opportunity for all members of the ecosystem, including payers, providers, law makers, retailers, investors and innovators, to reshape the future of healthcare.
For more information, visit: health.distributed.com and use the promo code: WBD20 to secure a 20% discount!
Connect with Jimmy:
Relevant posts by Jimmy:
Other important articles
Awemany’s article on discovering the bug: 600 Microseconds
Core fields article on discovering a bug in Bitcoin Cash: Responsible disclosure in the era of cryptocurrencies
Bitcoin Core: CVE-2018-17144 Full Disclosure
Other topics discused:
Other relevant WBD podcasts:
A big thanks to my WBD Maximalist Patrons for helping support the show: JP Petit, Logan, Seb Walhain, Steve Foster and Tony Rousmaniere.
Peter McCormack: Thanks for coming on the podcast. I’m not the most technical person and so I’ve read a number of your articles and a lot of them go over my head. I found the one you wrote recently about the CVE-2018–1744 bug, quite interesting, and also you recorded a podcast explaining about it. So let’s go into that. A lot of people got worried. You wrote about the bug itself and about the game theory. I also read Awemany’s post who said: “It’s the most catastrophic bug in recent years and certainly one of the most catastrophic bugs in Bitcoin ever.” Was He exaggerating?
Jimmy Song: I think so. I, I mean the guy’s a BU developer and he wanted to make that bug seem worse so that his project looks better. Fact of the matter is Bitcoin unlimited has had many such bugs, well maybe not consensus breaking, but at least at the denial of service level. Now Code just wasn’t that break, but the fact that he found it is, I’m grateful for that, but blowing it out of proportion, I think is kind of what he’s been doing. I mean, that’s, that, you know, people can disagree. A lot of developers are like, this was a really, really bad bug. It could have been exploited this way and that way I don’t think they’ve really looked into the game theory of it just because the way that you have to set up the exploit is actually quite costly and there’s a very good chance of failure, in which case not a very good bet for somebody that’s trying to exploit it.
Jimmy Song: Most exploits, most things that people do in the wild tend to have a definite payoff. You know, people that are trying to exploit things. People that are trying to take your money or whatever, generally they’re already taking a huge degree of risk. They want to reduce all kinds of other risks that they can so that the payoff is better. If you’re just looking for a big score, then you might as well play the lottery if you’re willing to take a significant amount of risk. So, you know, I don’t think that was really taken into account and Awemany’s, analysis and really there wasn’t any analysis. It was just sort of like declarative, hey, this is the worst thing ever, you know, without any justification. Didn’t explain why we know that inflation was possible, but it was in a very particular set of cases and it would have been caught.
Jimmy Song: So, it’s kind of like saying, okay, well, you know, this would’ve been the absolute worst disaster if 800 things went the exact same way at the same time. To me kind of a nonsense argument.
Peter McCormack: So, I think it’d be good to unpack it and go through the details just because there’s going to be people like me who own some Bitcoin who going to be a little bit nervous who want to understand what’s going on. But before that I did want to pick up on one thing that he said, which I did take issue with. So he said: “Core recklessly, endangered the security of Bitcoin Cash as well as put in danger a myriad of altcoins.” I can’t understand why Core have any responsibility for any fork.
Jimmy Song: Yeah, they don’t. And this is one that I didn’t even catch that I thought I read through the entire article, but so much of it was like just crowing at the fact that he found a bug that I couldn’t read everything that carefully.
Jimmy Song: But that sentence right there is very indicative. It’s blaming Core for pretty much anything and everything. That’s been their MO, and you know, if you choose to fork a project then you take all of the responsibility. That’s what the license agreement in the open source project says. You don’t get to blame anybody else. We don’t share any liability. There is no endangerment here. If you fork, then that code is now yours. You don’t get to go and say, well, you didn’t fix this for me. I’m going to blame you and sue you. That’s not how it works. It’s not that way legally. It’s not that way socially. It’s certainly not that way economically. Again, this a Bitcoin Unlimited developer, that’s just trying to take best political advantage of a situation. He did find the bug, but you know, his politics and his beliefs are totally not in line with reality.
Peter McCormack: Did you see a distinct difference between his approach to publishing the bug he found with Corey Fields approach to publishing the bug he found in Bitcoin Cash?
Jimmy Song: Yeah, absolutely. Corey was extremely careful. He thought through all of the game theory, if he identified himself and gave them the heads up on what was happening, but it got exploited anyway, then he would get accused of splitting the Bitcoin Cash network. We know that there is a lot of people with a lot of money on the Bitcoin Cash network, and he was sort of fearing for his life. It’s like, well, what would happen? So he submitted it anonymously, which was a smart move, you know, in case that low probability scenario happens, he proceeded to lay out exactly what was wrong.
Jimmy Song: He didn’t really crow about it. He just said, here’s what I wrote them. Amen. He only revealed it months later after he was insured of his physical safety because the network didn’t split. So that was his way of saying, okay, well, you know, now that all of this stuff has blown over, let me just tell you that I reported the bug and here’s what I found and I did a responsibility and all that stuff. Awemany’s post was, I reported the bug, here are all the reasons why Core is really bad and they’re evil and like just brought in all sorts of nonsensical non-relevant things into his post as if they were so he would get the glow of bug finding into the rest of the article somehow and that, you know, he’s taking advantage of the credibility, right? Somebody doing something good but also shilling for something else at the same time. It’s very distasteful in my mind. Nobody really knows who this guy is, but whoever Awemany is. I thought it was very distasteful. How, how much like that post wasn’t about the bug. It was more about ranting against Core.
Peter McCormack: Okay. So let’s, let’s unpack the bug. So it’s kind of a whole new area for me looking into the detail of things like this. My background’s advertising Jimmy, so this is all new to me, but so as I see it, it was a denial of service vector which would allow the possibility of inflation and what was quite interesting to hear, as I’ve never fully understood UTXs, I’m not a technical person and I never fully understood how the problem with double spending was solved. Now I think I get it, I think I understand it because each spend has to have an unspent output. Can you explain that like I’m an eight year old, how this double spending thing works?
Jimmy Song: Let’s, let’s start with a what UTXO is, UTXO stands for unspent transaction output and that’s just sort of like fancy word for saying like current coins on the network. So, when I send to you like 0.03 Bitcoin or something like that, that’s the coin that you get. It’s literally an atomic unit. You get 0.03. It’s kind of like, if somebody handed you cash and they gave you a $20 bill, it would be the equivalent of that $20 bill. Now you could get change for it and stuff, but that’s another transaction, right? Like if you’re getting change for a 20, then hand somebody a 20 and they give you a 10, a five or something like that. With Bitcoin, you’re not limited to nice round number of bills. It can be any number, and that’s part of the advantage of it being digital. You don’t need nice round numbers.
Jimmy Song: So, you can have a 0.03 bill or 17.3 Bitcoin bill or a 0.0005 Bitcoin bill or something like that. That’s essentially what a UTXO is, it’s this thing that you are spending, it’s what you have possession of. When you have Bitcoin is certain UTXOs in the UTXO, these are all the bills in existence. If you add them all up, it comes out to something like 17.5 million Bitcoins, right? Like if you add up all of the ones in existence. The thing about UTXOs that’s interesting in Bitcoin is that every time you have a transaction, some UTXOs are consumed, so they go away. So they’re now spent, they’re no longer in this set of possible things that can be spent on the ledger. And you create new UTXOs.
Jimmy Song: That’s why they’re called transaction outputs because they’re part of the transaction. So you consume some UTXOs and you produce new UTXOs. This is kind of like, I’m making change, right? Like you put in a $20 bill and you get a $10 bill, $5 bill, and five ones, or you could go the other way. You put in five $20 bills and you get $100 bill back, but of course these numbers can be arbitrary because this is Bitcoin. That’s, what a UTXO set is. And anytime you spend you have to look to use UTXOs, not spent ones. And that’s how we solve the double spend problem. Whenever a node looks at the transaction, it looks to see if the inputs are in the UTXO set. These are bills that are available to be spent, right?
Jimmy Song: If it’s in that set, then they go, okay, well this is a valid transaction. If it’s not, then they go, okay, well this is a double spend this time. This was spent at this point in the past and they’re trying to spend it again or they’re spending something that doesn’t exist, something like that. That’s how you identify it. This bug was about a particular form of double spending. Now most double spending attempts are multiple transactions, so it’d be the equivalent of me paying you a $20 bill for something and using that same $20 bill to somebody else. Now when it’s a physical $20 bill, it’s very obvious because, you know, you can’t spend something physical. have to hand it over to you so I can’t do it a second time. In the digital realm, it’s a little more subtle.
Peter McCormack: The act of me handing it over to you is the transaction. So whether or not that gets into the blockchain is that act of the actual transferring of money. So that’s usually how double spends are done. This particular one, it was interesting. It’s a very pathological kind of transaction. It’s using the same $20 bill multiple times in the same transaction. So pretend that I have one UTXO, that’s $20 and I’m kind of using sleight of hand to hand you the 20 two times, and you believe that you received $40, but I really only gave you 20. That’s bad. That’s not a valid transaction, right? Like I didn’t actually hand you $40, I only gave you $20. That’s essentially what this type of transaction has to be.
Jimmy Song: The bug wasn’t that you could construct this transaction and then everything would blow up. You not only had to construct this transaction, but you also had to be a miner that was willing to include it in a block and a block of course is secured by something called proof of work and proof of work is kind of like gold mining. It takes a lot of energy and effort to go and find and you could find it for almost anything. It’s just very, very expensive to go and find. Typically it takes about 12.5 Bitcoin to go find one. Somebody that wants to exploit this actually has to spend 12.5 Bitcoin worth of electricity in order to create this block with this weird transaction in it. And that’s the way that you get sort of an inflation that that’s what it was.
Jimmy Song: Most of the time, like, from 0.15, it would just crash the node or at least from 0.14. It would just crash the node, and there are ways to crash it also in 0.15. But it turned out that this inflation thing was possible and that was basically what the bug was. Does that make sense?
Peter McCormack: Yeah, it does make sense. So, but I’ve got a few questions on that. So only a miner that can get it into the a block and you say it’ll cost 12.5 Bitcoin to do this, but is there any guarantee that they can. Is it that they have to find a block to include it. And therefore do they permanently include this transaction as they’re trying to find a blog? As in eventually they will find one.
Jimmy Song: Well, so if they find one here, here’s the thing, if they find one, there will be some nodes on the network that will reject that. Right? And that’s the key and once some nodes reject it, then you have a fork at that point you have some nodes that are saying this as valid some other ones that are saying this is invalid. It plays out a little bit like a soft fork, in the sense that the people that are enforcing more rules have the advantage if there ever a longer than all of the other guys and reorganizing. So it’s actually a very dicey type of attack, largely because there’s just so much risk and you’re most likely not going to get away with it. And you know, it’s possible that, you can cheat in this way, but it’s also like the payoff just isn’t there. Right?
Jimmy Song: You could try to like to duplicate a thousand Bitcoin. Say you have a thousand Bitcoin bill, right? And you duplicate that and you get 2,000 out. It’ll be very obvious to people very, very quickly because it’s a public ledger. Everyone can see that this is a weird transaction. They know exactly who you are, maybe you deposited to an exchange or something like that, traded it for Litecoin or whatever and tried to get away with it. In that case, the exchange would be out of money and it would be their fault for not enforcing the rules very well. It’s an extremely difficult thing to actually be able to pull off and the liquidity for a thousand Bitcoins is extremely hard for any altcoin like, to be able to get it in cash is even harder. So like the game theory around this is like extremely difficult? Like as soon as you do that price of Bitcoin drops possibly, maybe you’re short Bitcoin, but then it might recover very fast.
Jimmy Song: We had this situation a lot before where an adverse event happens in Bitcoin and Bitcoin goes up in price, which is kind of surprising and that’s happened multiple times. From a technical perspective, inflation as possible, from a game theory perspective, it doesn’t make any sense to exploit this bug just because it costs so much money.
Peter McCormack: How would it be recognized though, would it be recognized because a number of nodes would be rejecting it?
Jimmy Song: So, there will be a number of nodes that would just stop. They would reject this block and there might even be miners that would have rejected this block, in which case you would have had a real fork and then people would have been like, what’s going on, one block explorer says one thing, one block explorer says something else.
Jimmy Song: It would have been very obvious, and people would have said something. It’s kind of like, uh, trying to get away with like robbing a bank, but that the act of doing that is recorded on a jumbo tron in Times Square. You can’t really do it very easily, there’s a lot of exposure and you’re going to need at least some amount of time for things to confirm on an exchange and so on. So, you know, as soon as somebody finds something like this out, they normally just stop this, right? Like they go, okay, here’s the an emergency and that’s usually how these things go. A lot of people are assuming, well, if you had this inflation bug and you had an exchange that wasn’t checking and not only that, the exchange wasn’t checking, but the attacker would have to know that the exchange wasn’t checking or the software behind it and they were able to sustain this attack for, you know, at least six blocks or something like that. So they can get the money in their trade it and get it out. You know, these are all very dicey assumptions to make. For that reason, I mean, unless you brought over like three or four attacks at the same time, this is by itself just isn’t going to really do it.
Peter McCormack: Let me ask you a different question. It made me think of something else. I had an interview last week with Saifdean and Caitlin Long and one of the things we talked about is fractional reserve bitcoins. What came up was that it’s quite unlikely that you would be able to get away with it because it’s an open ledger, right? So if Wall Street tries to operate a fractional reserve Bitcoins, the only people at risk of those are engaged in the activity. You own your private, I own my private keys we’re at no risk. But what we discussed is that if Bitcoin was private, if Bitcoin introduced full privacy, then the risk is there because the ledger of those operating a fractional Bitcoin aren’t exposed. Therefore, if we had a full privacy with Bitcoin, is there a heightened risk with this kind of bug in that if you were moving coins to the exchange and nobody would know which ones they were?
Jimmy Song: Well, so I’m not so sure that fractional reserve is impossible because that’s essentially what Mt Gox did for a couple of years from 2011 to 2013. They had coins stolen way back from 2011 and they just sort of kept the operation going based on a fractional reserve basis. Now in the sense that they weren’t able to sustain it, I guess they didn’t get away with it, but enough people were fooled that they lost a lot of money. So I mean like any bank can say, okay, well we’re going to take in some Bitcoin and we’re going to do a fractional reserve or not tell anybody that they’re doing a fractional reserve. They just have to refuse audits and so on. So, I mean you got to do your own research, right? Keep your private keys. It depends on how much trust that these entities can engender from the public. And if they get enough trust, of course they can do fractional reserve. I’m not sure there’s really any way to stop that because, it’s one person saying please trust me and some people say, okay, I trust you, and if they can abuse that trust anytime there is something like that.
Peter McCormack: What I was meaning specifically though is my challenge to them was if Bitcoin had full privacy, you wouldn’t ever be able to track the ledger of the bank.
Jimmy Song: You could still have zero knowledge proofs or something like that in that person. The thing that I don’t like about full privacy, especially with like confidential transactions which hide the amounts, is that you wouldn’t necessarily know if there was a mathematical exploit. So you have to trust that the math will be sound in the future. And I believe that the math is sound now, but who knows, right? Like the NSA might have some sort of advantage. They could have figured out some cryptographic solution to the discrete log problem or something like that. Rh, right now and Monero, it’s possible that they can, if they had some moon math that is impossible to everybody else, but they know how to do it, they could probably inflate Monero in some way and not have anyone know. So having the amounts in the clear I think is the key thing for making sure that the 21 million limit as secret.
Jimmy Song: As far as like institutions and their ability to audit, there are tools, if you trust the map behind like ZCash for example, you can come up with a zero-knowledge proof that says, okay, well this bank has enough reserves for all of the outstanding loans. Something like that. That’s entirely possible. What, sorry.
Peter McCormack: Again, the point is trying to make is would privacy had an increased risk with bugs such as the one we had this week, in that, if there was say an inflation bug, is there a higher chance that a adversarial minor would get away with it due to the private nature of a transaction because you wouldn’t be able to track it.
Jimmy Song: Possibly. It’s certainly possible. Basically, the more complicated you make anything, the easier it is to get away with, bugs. The reason why Bitcoin works so well is that they’ve simplified a lot of stuff, whereas something like Ethereum, even ZCash or Monero, a lot easier to exploit for that reason. There’s a layer of complexity and that attack surface is much, much higher as a result. mean, I, I think there’s some truth to that. I definitely think, uh, you know, there, there’s probably more risk as you add features like ow, privacy or whatever. But that said like if you have privacy on a side chain instead, then you know the risks going in and you know the risks coming out. So for me that’s, that’s the way to really solve that problem. It isn’t necessarily to be like, hey, you know, you can’t have privacy ever. It’s just, you can have privacy, but in this particular domain and all of the risk is born by you.
Peter McCormack: Yeah it is funny, we’re going off on a tangent now, the more I think about privacy. I understand the benefits, so I did a really great interview with a fluffypony as well covering this, but at the same time I actually started to feel like privacy, like private transaction on the main chain actually probably caused more problems than they solve. Also, I read an article recently on a whole bunch of things that are coming for Bitcoin and one of them things is private transactions, and I started to think, do you know what? I don’t think this is a good thing. I think the open nature of the ledger is good and privacy brings a whole heap of problems. It sounds like you feel the same.
Jimmy Song: To some degree. Some of those private transactions, like once again, it’s all something that you can do voluntarily. It isn’t something that you are forced to do. So in a coin like Monero, you’re more or less forced to use the private transaction, and they heart for all the time. So you are forced into whatever features that they give you a with Bitcoin, it’s much more soft fork based, so you get to decide if you want to utilize that feature or not. All of the previous features will still be there. If you decide to use a private transaction, there has to be some sort of wall. This is why I think, you know, side chains are that nice wall where it’s like all the private transaction stay over there and you can come in and out, but the rules behind coming in and out are such that the 21 million limit stay sacred. I think that’s the right way to do it.
Jimmy Song: Um, but you know what I mean. These are, these are some questions that come up. It May, like also, like there’s all varying levels of privacy. Um, uh, you know, like a lot of it is you still have an address on the chain. It’s just like hidden better or it’s a, it’s harder to track who’s got what and so on and that, that, that can be very effective. So, um, you know, it isn’t necessarily about hiding the amounts, uh, as long as the amount stay in the clear, you can have some levels of privacy, you know, like as far as what the conditions to unlock these coins are and so on. That could potentially be very useful. I’m just guessing you would never want something that has the level of privacy Monero because even if the 21 million coins all sacred, you would never be able to prove it.
Jimmy Song: Yeah, I mean you’d be able to prove it given certain math assumptions. It’s just that those math assumptions, there’s no guarantee that they’re true, just because we know that computing power is getting better and there’s always innovation and there’s now like this giant bug bounty on that stuff, right? Like if you can exploit it and you could exploit it. Or there might be mistakes and so on. So generally with anything security related, you want to keep things as simple as possible to reduce the attack surface. If you have like 19 entrances into your house, that’s going to be a lot harder to guard than if you have one. And that’s, that’s kind of the attitude that you have to have is okay, there’s one entrance always into Bitcoin. You can go to this other place which has 18 other entrances to it, but you know, there’s a major trade off there.
Jimmy Song: The main use case for Bitcoin is as a store of value and if that’s the case, then you want security, you want just that one door in and out. That makes it a lot safer rather than having lots and lots of exploitable doors.
Peter McCormack: Do you think therefore with the main chain, it would be ideal to get to a point where there’s hardly ever any updates made?
Jimmy Song: There’s updates made, but they’re always backwards compatible and I think that’s the right way to innovate is backwards compatible changes. That way if the new stuff is exploitable, you still have the old stuff to fall back on and you don’t have to go to the new stuff, you can stay on the old stuff as long as you feel good. The security properties of one and the other are determined by the market and not by some central authority.
Jimmy Song: I think that’s the right way to do it because, you know, the old stuff might not be safe, right? It’s possible that ECDSA gets broken, in which case we should probably move to something else. We should probably move to Schnorr. That’s a large part of figuring out the costs and benefits of something like this is you do need to move just in case something happens and be ready for all kinds of attacks, but you know, like completely ossifying everything, probably not a good idea, but ossifying a decent portion that we know too, that we know works and hasn’t been exploited or, that’s probably a good idea.
Peter McCormack: Going back to the bugs, it sounds like you think the whole thing was kind of overblown, the bug sounds scary, but once you examine it, you realized the game theory was that it was not really worth it for a miner to exploit because the costs were too high, and they’re most likely get found out. Were there any scenarios that did with it, like I think you talked about the potential maybe for a state level actor who wanted to potentially disrupt the network. What is the most extreme scenario that you saw potentially that could have played out?
Jimmy Song: Well, you would have needed a state level actor with a tremendous amount of hashing power, that wanted to just disrupt Bitcoin for Bitcoin sake, without seeming like a state level actor that’s trying to disrupt Bitcoin for Bitcoin sake. As soon as you are found out as a state level actor that’s just trying to disrupt Bitcoin for Bitcoin sake, then at that point you were found out and then everyone else on the network is against you. That’s just what’s going to happen. As soon as you know you’re being attacked that you’re. You’re going to do certain things.
Jimmy Song: Most likely every node on the network would have disconnected that block from the state level actor and it would have been like thwarted very easily. So you have to have some sort of plausible scenario that you’re not actually at a state level actor, that you’re somebody that’s just trying to exploit it for their own gain but make it seem like that, but while being a state level actor, I don’t think most governments are that coordinated or clever enough to be able to pull off something like that. Just knowing how centralized entities work, so that that wasn’t a scenario that I necessarily thought it was very highly probable or even likely even given a very competent state level actor. I don’t know if they could have pulled it off like high level, like super smart people that are very well coordinated and don’t have a lot of bureaucratic overhead, I still don’t think it would’ve been very easy to pull off.
Peter McCormack: That doesn’t sound like a government, a well-coordinated, highly skilled.
Jimmy Song: Yeah, despite all of the movies with like James Bond and all that stuff, government people tend to be work very, very slow. They need like umpteen approvals for everything. They don’t know how to necessarily pull off operations, especially fast moving things like this where you need to react very quickly. It’s one thing if you’re creating like a Stuxnet virus and trying to crash Iranian nuclear centrifuges or whatever, it’s, it’s a whole other thing when you have to constantly react to something and that’s what the Bitcoin network kind of forces you to do. It’s a real time thing, you have to be nimble and move. This kind of warfare isn’t something that anyone knows much about. Let’s just say I’m not that scared that these guys have that figured out.
Peter McCormack: So, does it sound like there was really any scenario in the end when you kind of went into the detail on it that actually concerned you? There’s the game theory that didn’t exist for it to happen. Let me just ask you one question though. Just hypothetically, say something had happened, there was a number of transactions or a fake transactions that had got through or double spends. I think you mentioned in your article, there’s the potential for a rollback. Has this happened? So like in my history of Bitcoin, which is a lot shorter than yours, I don’t know of any rollback that has happened. Has there been any recent example of a rollback?
Jimmy Song: There have been in Bitcoin’s history? I think there was a rebuild basically with a level of DB versus Berkeley DB bug that happen. I think it was back in like 0.7 or something like that and was like a six block roll back. That’s called a block reorganization. Those do happen once in a while, usually they’re like a block, not like seven blocks, that could potentially be pretty disruptive. But again, like if you’re a state level actor and you really want to disrupt Bitcoin, that’s the way you would do it. You don’t need any exploit like this. You would just go and get a shit ton of mining power and then mine a lot of blocks in private and then release them all at once. That would cause havoc all over the place. That’s a lot easier than say, exploiting this particular bug.
Jimmy Song: One question I have about rollbacks, just trying to understand something I don’t understand, is that if there is a rollback, what happens to all the transactions that happened after the time of the rollback? Say there was a bug and then afterwards, Jimmy, I sent you 50 Bitcoin and then there was a rollback.
Jimmy Song: So, the UTXO goes back from being spent to be a UTXO again. So essentially, when you roll it back, those transactions act like they never happened basically. On the other chain, if that transaction gets included again, then it gets included again. This is where, you have the opportunity to spend the 50 Bitcoin back to yourself, in which case, you know, one person believes they received the 50 Bitcoin or they lost 50 Bitcoin worth of goods and services versus the other person that actually has it. Those are the scenarios that a lot of devs worry about, but again, that’s like sort of on a disruption level that’s very hard to plan out exactly. I mean, unless you have somebody that’s like a real sucker and says, okay, well I’ll take the 100 Bitcoin with one confirmation that, that would be really stupid. If you’re transferring 100 Bitcoin worth of stuff, you’re going to wait for, five, six, seven transactions or blocks. Hey, not to say that that can’t get rolled back, it’s just really, really costly. Although if there’s like an obvious blog at that point, that’s sort of like a community consensus, a social consensus that we’ll roll it back anyway.
Jimmy Song: But it’s quite an interesting scenario for what could be at one point a trillion-dollar network or a 10 trillion-dollar network, that these are scenarios that can be faced. It’s not like a bank database, right? It is an immutable ledger. So I guess that’s maybe why people got a little bit upset. Has anything been learned from this and if there are any changes to your approach in terms of Dev or code reviews that have been discussed should be discussed that you think needs to change now?
Jimmy Song: Yeah, I mean I think more eyes need to be on it. When this bug entered, it was like two years ago. So it’s been a while and processes have changed and upgraded and better developers have gone on and there are more eyes looking at things and stuff like that. I just want to go back to your previous point about people being upset about these kinds of scenarios. This is why proof of work needs to be expensive. If it’s cheap, then you can roll back stuff really easily. That’s the whole point. Uh, you, you want it to be very difficult to change history, and the only way to make it difficult to change history is to make the process of writing the current history very, very expensive. That’s the only way you can force that to be expensive. That’s more or less what Bitcoin does.
Jimmy Song: Regarding a lot of the stuff, people have views about what processes we should add and so on. I think it works pretty well. This was a confluence of some weird scenarios that ended up causing this particular bug, and now that we know about it, it’s going to make a Bitcoin Core stronger and allow more people, more eyes on anything that touches consensus code, and better labelling and so on, more testing and things like that. But this is how Bitcoin grows this how Bitcoin gets better.
Peter McCormack: Does Bitcoin have any form of bug bounty program.
Jimmy Song: People have talked about compensating developers and bug finders and stuff like that. And certainly other coins have that. But that’s a little too centralized I think for my taste. Like that also has like weird incentives where, you know, developers create different bugs just so they can collect on the bounty and stuff. So, I’d be a little bit sceptical of any sort of thing like that.
Peter McCormack: So, I often get into discussion, I don’t know why even bother, but with the Ripplecoin/Xrp fans on twitter and they always talk about, especially recently now that XRP is more decentralized than Bitcoin, which obviously it isn’t. The common thing that comes out is that because there are a number mining pools with Bitcoin, it is centralized in China. So can we just kind of talk about this a little bit and the game theory around mining and mining pools because you’ve talked about this before, right? You have centralization around Bitmain, but really the game theory is in there because they could destroy their own business. You have centralization around mining pools, but can mining pools really execute any kind of attack or should they, why would they? Can you just talk to me a little bit about this side of things?
Jimmy Song: Well, so first of all, you shouldn’t engage with any of the XRP people. I’m almost positive like 99% of them are sock puppets because they all have like 30 followers and they show up anytime Tiffany Hayden, like puts like XRPArmy or something like that. Like that’s her signal to some script out there that basically like harasses anybody that’s like, it’s, it’s insane. Like the mining centralization argument, I thoroughly debunked, I think in an article earlier about what are the actual ways that are miner can actually exploit the network. With plenty of hashing power, vast majority of them doesn’t make any sense, like maybe there’s a possibility that you can short Bitcoin somewhere and then get a majority of mining power and then be able to a cash out of that short. But again, that’s extremely difficult, it requires a tremendous amount of money, tremendous amount of mining power.
Jimmy Song: You could try doing it but again, like it’s so risky for you to do because you might not succeed. If you try to short Bitcoin and then and you fail and Bitcoin shoots up in price. Now you’re out even more money. It’s the sort of scenario that doesn’t make any sense for any miner to do. And really, I think the best analogy I heard was imagine your business and you decide, okay, we’re going to hire some security guys, right? And you go, okay, well, great, the first one is good an you’re seeing some good benefits, so you hire some more and you know your business is more secure and there’s more transactions happening in your business. And the security guards band together and they go, you know, what, this place is too far from where we live, we’re going to go and move the office somewhere else. And then they show up to work the next day at this other place and find out that the rest of the office isn’t there. Well that’s kind of what miners are like right there. The security guards of the network, right? They are hired by the rest of us to provide security for the Bitcoin network. If they move on and do something else, we’ll get new security guards. They don’t hire us, we hire them, we have some that really know how to a manufacturer ASICS and a get a lot of hashing power at an advantage over other people. That means that they’re better security guards than others.
Jimmy Song: It’s kind of immaterial. This is always an argument that’s given by people that don’t really have the technical knowledge and it’s a talking point from Tiffany Hayden and David Schwartz, I’m sure. And again, just completely ignore them because they are completely irrelevant to this entire conversation. I have been caught sadly as well trying to defend myself against these trolls, but it’s a complete waste of time. So yeah, I would suggest that would not happen anymore.
Peter McCormack: But at the same time, do mining pools have any ability to exploit anything?
Jimmy Song: They can sort of censor transactions because they get to create the blocks. But Matt Corralo’s BetterHash protocol would decouple that as well. So each individual, person that’s mining that’s mining gets to decide what the block looks like instead of the mining pool. There’s some ability there, but again, as long as the actual equipment is distributed and all indications seem to be that, like they’re all over different places and lots of different owners.
Jimmy Song: Like one of the first things that people do when they get into Bitcoin is, oh, maybe I should get a miner, see if I can print my own money. It turns out to be not as efficient as anybody thinks, that’s the reality. There’s a lot of mining equipment out there and not all of it is Bitmain, in fact, very little of it according to their IPO perspective. So yeah, I wouldn’t worry at all about what they’re saying.
Peter McCormack: So, it seems like there’s a consistent theme here, like any attempt to disrupt the Bitcoin network or any adversarial attack seem to only ever be something that would be short term and very expensive to do. And likely very risky to execute.
Jimmy Song: Yeah. That, that tends to be the case. And the reason for that is because the network is incentivizing everyone to basically play well with each other. If you play well with each other, there’s a lot of profit in it for you. If you don’t, then you know, there can be quite a lot of a pain for you. And you know, ostracization is just one of the many things. It’s a well-designed system from an incentive standpoint and it might just be the fact that, we’ve been around for a while and that that’s sort of helped solidify a lot of the incentive structures already
Peter McCormack: Did you consider the segwit2x as an attack on Bitcoin.
Jimmy Song: Yeah, I thought it was a governance takeover attack. It was an attempt to centralize the direction of Bitcoin. And thankfully that didn’t go through.
Peter McCormack: Therefore, hard forks which have miner support and potentially node support. Are they a risk now?
Jimmy Song: It’s like the security guards going on guarding some other building, like who cares? You hire new security guards and the security guards decided to like ambush the building or something like that for whatever value. It’s not going to work, right? I mean they could try, but there are all sorts of mitigations against that and as long as you are master of your own node, you will have your own Bitcoins. Now, granted, there are price considerations and things like that, if it starts to tank, who knows what happens, but that’s more a social psychology thing than a technical attack. There are always mitigations against particular types of attacks and as soon as it’s known, there are lots of clever things that people can do to mitigate even the worst forms of attacks.
Peter McCormack: Are there any particular areas that you give you slightly more concern, that you think need a little bit more attention?
Jimmy Song: At this point, um, it’s the lack of developers, but that’s something that I’m trying to rectify by training them.
Peter McCormack: Yeah. You’ve got your program?
Jimmy Song: Yeah, I’ve been a trainer. I’ve trained over 400 in the last year so that is hopefully helping at least a little bit in the ecosystem.
Peter McCormack: Are you training them to Code Bitcoin? Are you training them in? Is it C or C+? Again, I’m not a technical person.
Jimmy Song: It’s a python class, but basically, it’s a two day, very intense class, you just have to come in with a knowledge of python and by the end you leave with a very good idea of what the protocol is and how to make your own transaction and so on.
Peter McCormack: So lightening network. Have you looked at that at all? Do you see any potential attacks in this area? Have you looked at the game theory of that?
Jimmy Song: Yeah, I mean, it’s still kind of an unknown security model. It’s fairly new and it’s going to take some time to harden and it hasn’t happened yet. So, until it does, I don’t think it’s that easy to figure out. There’s a lot of speculation about it and most of that speculation is utter bunk, but that’s kind of what happens when you have people that are politically opposed to it and not technically.
Peter McCormack: Do you mean like the centralization and nodes?
Jimmy Song: Yeah, I mean this, this is FUD that they’ve been saying for a very long time and I mean, you look at the network topology and it’s anything but centralized. It’s kind of ridiculous actually.
Peter McCormack: Okay. I’ve actually purchased one of the Casa nodes, have you seen them?
Jimmy Song: Yeah, I was thinking I should probably purchase one, but I didn’t get it on time. Maybe I can go beg Jameson. I’m not sure. We’ll see. Yeah, maybe. Um, okay.
Peter McCormack: So just a last couple of things I’m going to touch with you on. How do non-technical people, people like myself, how do we help support Bitcoin? Like should we run a node? How do we run a node?
Jimmy Song: I think, uh, the best thing you can do is hold Bitcoin because from an economic standpoint, that’s, that’s very, very important that people that actually believe in Bitcoin, actually, hold it, that’s what gives it scarcity, that’s what gives it value and not all of these traders or whatever, they’re just playing on top of it. The other thing is to participate in the social community, you know, as much as you’re able understand the technical stuff, like your sense of right and wrong as a community actually matters quite a bit. That’s sort of an emergent property from community.
Jimmy Song: Write articles, tell people about it and let others know if they’re interested, that sort of thing. Those are much more important than, you know, going and buying coffee at Starbucks with your Bitcoin Cash or whatever it is that Roger is doing these days.
Peter McCormack: What if somebody wants to say set up a node, what would you recommend? Um, yeah,
Jimmy Song: I mean, there are ways to do that fairly easily. I’ve been meaning to put together some sort of video to, you know, get people to do that maybe on several machines. ah, I haven’t gotten around to it. There’s a way to do it on a raspberry Pi that’s kind of cool and maybe at some point I’ll create an image for a raspberry Pi that you can just plug in and hook up to the network, and Bam, there it is. It’s, it’s all working as a full node or something like that I think would be pretty fun, but I just haven’t had time to do any of that. But there are tutorials out there. It’s just a matter of how much time are you willing to invest? Everyone wants everything right now and really easily, how much you want something or how much you are supporting something is not defined by how much desire you have towards that thing. It’s the defined by how much you’re willing to suffer and you might have to suffer a little bit. Like learning stuff that you don’t know anything about and going through tutorials that are very confusing to you and buying hardware you don’t really understand if you’re getting a good deal or not. Everyone has problems, the kinds of problems that you deal with, show you where your values are and if you value Bitcoin then there are certain that you can do and all of these things are possible.
Jimmy Song: I’d like to make it easier for people. So the bar is lowered a little bit, the barrier to entry is lowered a little bit, what can I say? Right? Like if you go in as deep as you want and that’s all you do. Willing. Hi Jim, this has been great.
Peter McCormack: Just to finish off, what are you coming up? You going into more cruises?
Jimmy Song: Yeah, I’ll be at hacker’s congress in Prague, I travel there starting on Wednesday. I think I arrive on Thursday and the conference starts on Friday and it’s Friday, Saturday, Sunday. It’s going to be great conference it is going to be a lot of fun. I’m also hosting a carnivorous dinner there, so it’s going to be in Prague, it’s going to be on Sunday and we’re going to do Brazilian barbecue. It is going to be fantastic. I encourage whoever is around to come and hang out and have the best parts of a conference without the stupid talks or booths or sponsors or panels or boring stuff.
Peter McCormack: Are you going to be in London?
Jimmy Song: It looks like next February there’s going to be a conference held by one of my former students, so I’ll be speaking at that. I think that’s like February seventh and eighth. More details will be coming forth and in the next few months. But.
Peter McCormack: And how do people find out about you and your course?
Jimmy Song: Programmingblockchain.com. Um, yeah, that’s, that’s where it is.
Peter McCormack: I’ll put that in the show notes. And then lastly, what are your three favourite altcoins? No, I’m just kidding. How do you want people to stay in touch with you?
Jimmy Song: Twitter is fine, obviously there’s other ways to contact me. You just have to do a little searching.
Peter McCormack: Right. Cool. I appreciate your time, Jimmy. You take care, man.
Jimmy Song: All right. Thanks.