To most of the world, Joseph Lubin is a leading thinker in the ever-expanding realm of digital currencies. To me, he was the counterparty in my first Bitcoin exchange and a man with a knack for saying the biggest things in the most level and unassuming of tones.
It was winter of 2014 when he beckoned me to a Bitcoin conference in Miami to tell me about a new project, named Ethereum, that he and a group of like-minded Canadians had begun working on just a few months earlier. When I caught up with him, he didn’t hold back on the scope of his vision: “We will replace insurance companies. We will replace Wall Street,” he told me.
Then the list kept growing. Online movie distribution houses like Netflix and Hulu. Gaming platforms like Xbox and Sega Genesis. Messaging services like Twitter. Add to that retirement plans, currency exchanges, voting, intellectual-property managers, and trust-fund disbursers. According to Lubin, everything—really everything—we do on the Internet or via any kind of digital channel is about to undergo a radical change.
The idea he described to me is one that has since gotten a lot of attention from digital-currency enthusiasts. It is the theory that the same technology that secures transactions on the Bitcoin network—and thereby renders them transparent, nearly instantaneous, censorship-resistant, and free of the need to trust anybody—can be used to process other, more complex financial negotiations and to securely store any kind of digital information on the Internet.
Over the past year, this theory has been playing out in a very splintered, disorganized fashion. Among the applications that already exist are a distributed domain-name registry, a digital notary that requires no third-party verification, and services that manage financial contracts through decentralized escrow accounts. Some of these experiments are taking place on the Bitcoin network. Other projects, like Ethereum, have started as entirely new networks or are now piggybacking on some of the so-called altcoins—clones and the near kin of Bitcoin. Many of the ventures are now backed by substantial investments. This January, for instance, Spark Capital and the Israeli venture-capital firm Aleph funded such a Bitcoin 2.0 startup called Colu, with US $2.5 million.
At meet-ups and more formal gatherings, there is a palpable feeling that the possibilities are endless and that money is only the first, and perhaps the most boring, application enabled by Bitcoin technology.
As diverse as these projects are, they all seek to reverse one toxic trend, which is that we lack “true agency” on the Internet. That is to say, all of the data we create online and all of the operations we execute are handled for us by centralized servers, most of which sit in massive data centers operated by corporations and government institutions. We depend on these servers for everything. They store our e-mail for us. They send our e-mail for us. They verify our identities for websites and smartphone apps. They track our shopping carts and process our payments.
Our data may nominally belong to us, but in order to access it or manipulate it, we require chaperones to shuttle us from digital room to digital room: We don’t own our data; we just visit it from time to time.
Nick Szabo—whose theories on digital contracts and smart property have earned him so much respect among digital-currency devotees that he is routinely accused of having created Bitcoin—sums up the problem in a blog post:
Practically all of these machines have architectures that were designed to be controlled by a single person or a hierarchy of people who know and trust each other.... they can read, alter, delete, or block any data on that computer at will.… With current web services we are fully trusting, in other words we are fully vulnerable to, the computer, or more specifically the people who have access to that computer, both insiders and hackers, to faithfully execute our orders, secure our payments, and so on. If somebody on the other end wants to ignore or falsify what you’ve instructed the web server to do, no strong security is stopping them, only fallible and expensive human institutions, which often stop at national borders.
For a long time, it has felt like this is just the way it has to be. If our digital world can be reduced to a bunch of records that we update and move from place to place, then, of course, protecting those records from corruption is of vital importance. The traditional solution, in both the physical and digital worlds, is to restrict access to a group of people whom you trust. In most cases, we trust Internet services because we assume that they possess the same priorities as we do or that we have the ability to hold them accountable for their transgressions.
More and more, it seems, the priorities of these institutions do not align with those of the people they serve. Remember when Facebook toggled the digital levers in its social network to run massive psychology experiments on its users?
When confronted with an intractable problem, we’ve settled for the least egregious option by placing responsibility for our digital data in as few hands as possible. Because, really, the only thing sillier than trusting some central authority with our most precious digital records would be trusting a bunch of strangers with them.
And yet, this is precisely what Bitcoin achieves: a public database that everyone can see, anyone can add to, and no one can destroy.
Why trust Bitcoin, or more specifically, why trust the technology that makes Bitcoin possible? In short, because it assumes everybody’s a crook, yet it still gets them to follow the rules. To understand how, you need to unpack what Bitcoin really is.
When people talk about the Bitcoin technology, they’re really referring to two things. The first is a universal database that records transactions and grows linearly in chunks called blocks, forming the “blockchain.” The second thing is a network of peers, called miners, which are the computers (and the people who own them) that actually add the blocks to the blockchain.
Let’s look first at the blockchain itself. If you own bitcoins, that means there is a record on the blockchain that contains a numerical value (the “coins”) and one half of a digital signature. A digital signature is a kind of cryptographic puzzle that only you can solve, because only you hold the corresponding half. This is your “private key,” and if you have a Bitcoin wallet, then that’s what’s in it.
When you want to spend your bitcoins, you make a request to have a new record added to the blockchain. The new record refers to the bitcoins you want to spend—meaning that it points to the previous transaction in which you acquired those coins; it proves you own them—because your half-signature solves the cryptographic puzzle, and it adds a new digital signature to the bitcoins, which can be completed only by the bitcoins’ new owner. When that owner wants to spend them, he repeats the process.
So the blockchain is nothing more than a long string of transactions, each of which refers to an earlier record in the chain. But Bitcoin users do not directly make the updates to the blockchain. In order to transfer coins to someone else, you have to create a request and broadcast it over the Bitcoin peer-to-peer network. After that, it’s in the hands of the miners. They scoop up the requests and do a few checks to make sure that the signature is correct and that there are enough bitcoins to make the transaction; then they bundle the new records into a block and add it to the end of the blockchain.
All miners work independently on their own version of the blockchain. When they finish a new block, they broadcast it to the rest of their peers, who check it, accept it, add it to the end of the chain, and pick up their work from this new starting point.
The arrangement will work only if the miners agree on what the most recent version of the blockchain should look like. In other words, they all have to agree on a consensus version of it. But given the fact that they’re all strangers, they really have no reason to trust one another’s work. What’s to stop a miner from fiddling with earlier entries on the blockchain and undoing payments?
The strategy that Satoshi Nakamoto (Bitcoin’s pseudonymous architect) devised for establishing consensus in his system is widely considered to be a breakthrough in distributed computing.
“There have been consensus algorithms running since the eighties, where you come to consensus, providing a log of events on multiple machines, with all the machines participating in that network,” says Paul Snow, the founder of Factom, a service that condenses data and transfers it onto the Bitcoin blockchain. However, he says, these systems were successful only when the participants shared a common allegiance.
Bitcoin replaces that allegiance with mathematical confidence. Given the cryptographic proof required to commit a transaction, we can already be confident that only people who own bitcoins can spend them. But a bitcoin miner can also be confident that the other miners are not changing entries on the blockchain, because in Bitcoin there is no going backward.
That’s because the process of adding a new block to the blockchain is very difficult. Anyone who participates is required to devote large quantities of computing power—and therefore, electricity—toward running the new data through a set of calculations called hash functions. Only once this work is completed can the block be appended to the chain in a way that satisfies other miners on the network.
“You’re building a giant wall,” explains Peter Kirby, the president of Factom. “And every time you want to agree to something, you put a thousand bricks on top of it. And you agree to something else and put another thousand bricks on top of it. And that makes it very, very, very difficult for someone to change a brick way down at the bottom of the wall.”
Don’t believe him? Let’s try to attack the system.
Say there’s a record in the Bitcoin blockchain that I want to change, and let’s say it’s contained in the 100th block of the chain. Meanwhile, the whole community of miners is already trying to solve block 110. In order to get my change accepted by the network, I would have to serve up my own alternate version of the complete blockchain. I would have to revert back to block 100, tamper with the entry I cared about, and perform the necessary calculations on it. Because all subsequent hashes are dependent on the data that I changed, I would also have to repeat the work on every following block, through to block 110.
And I’d have to do all of this before any of the world’s other miners finished block 110. The rest of the miners will start to work on my alternative chain only if I can give them one that is longer than the chain they’ve already been working on. But I am only a single miner with a fraction of the computing power wielded by the network as a whole, so I can never catch up. In fact, in order to reliably pull off this bit of trickery, I would have to control more than half the entire computing power that’s being committed to the Bitcoin network at any given time.
And it’s quite a network. Constantly trying to one-up each other, miners invest in machines packed with application-specific integrated circuits, or ASICs, specially designed to perform Bitcoin’s hash work. The hash rate of all the computers hooked into the Bitcoin network doubled between August 2014 and March 2015,and the numbers continue to climb. Some of these mining rigs are enormous beasts consuming 500 kilowatts and requiring cooling with newly engineered fluids.
A Nakamoto blockchain, then, becomes more secure as more people participate in the network. But why would they? In the case of Bitcoin, it’s because they are paid to do it. Every time a block gets solved, a virgin transaction is created with a handful of newly minted bitcoins signed over to the first miner who completed the work.
In old security models, you tried to lock out all of the greedy, dishonest people. Bitcoin, on the other hand, welcomes everyone, fully expecting them to act in their own self-interest, and then it uses their greed to secure the network.
“This is, I think, the main contribution,” says Ittay Eyal, a computer scientist at Cornell who studies Bitcoin along with other decentralized networks. “Bitcoin causes an attacker to be better off by playing along than by attacking it. The incentive system leads a lot of people to contribute resources toward the welfare of the system.”
When a Nakamoto blockchain is used to store a record of value, we know what we get. It’s called Bitcoin. And when Nakamoto first put Bitcoin online in 2009, the blockchain was nothing more than a string of transactions. But it didn’t take long for people to realize that a transaction could also function as a vehicle for incorporating nonfinancial data into the blockchain.
Last year, after much debate in the community, the developers who steward the Bitcoin protocol (which is open source) added a new feature that allows users to tack 40 bytes of metadata onto every transaction.
The Bitcoin blockchain is now littered with all kinds of nonfinancial messages. Valentine’s Day greetings, prayers and eulogies, excerpts from the WikiLeaks Cablegate files, a hash of the complete text of a recently published book about Bitcoin, and of course, the original white paper that describes Bitcoin. All of these live in the blockchain, embedded into transactions.
Once metadata gets incorporated into a Nakamoto blockchain, it enjoys all the benefits of the peer-to-peer network that curates it. The entries are accessible to anyone on earth who has a computer and an Internet connection. In order to destroy them, you would have to access every computer on the network (and someday, perhaps, even a constellation of satellites). They are impossible to change, and thus impossible to censor. And they carry with them both a time stamp and cryptographic proof of who created them.
So what can you do with a Nakamoto blockchain? The most simple applications, the ones we are likely to see in the near future, will make use of them as basic storage systems that take advantage of the unique properties of the network.
People who are interested in transparency and access are looking at the blockchain as a possible place to organize government records and to include the public in the legislative process, by giving people a forum for publishing, debating, and voting on new proposals.
Because the blockchain gives each entry a rough time stamp, it can also be used as a decentralized notary. Imagine, for example, taking a picture of a dent in your rental car and loading it into a Bitcoin transaction. By looking at what block the transaction went into, you could later prove that the dent existed before you left the parking lot.
Because Bitcoin transactions are secured by strong cryptography, the blockchain can also replace our standard user name–and–password strategy for identity verification. In such a system, a Bitcoin address could be tagged with a user name, while the private key would stand in as a password. Anyone could then ask you to prove your identity by using your private key to solve the same cryptographic puzzle that you would normally solve when making a Bitcoin transaction.
Nakamoto blockchains also solve the problem of censorship. Once inserted into the chain, metadata cannot be removed. Developers have used this crucial feature to build a new censorship-resistant version of Twitter (called Twister), and a decentralized domain-name registry (Namecoin).
“Everything that we own, everything that we do, is governed by these big piles of records,” says Factom’s Kirby. “A bank is just a big stack of records. An insurance company is just a big stack of records. An economy is basically just a big stack of records. And if you can take this concept of…a giant global accounting ledger and say, ‘Now we can organize all the records in the world this way,’ well, it turns out that’s really exciting.”
So far, these are all examples of ways that a Nakamoto blockchain could be used to change how we store data on the Internet. But storage is the very tip of the iceberg. After all, Bitcoin is not just a transaction ledger. It also brings with it a global army of miners who together function as a distributed virtual machine.
Today, their role in the network is very straightforward. After a miner collects a bundle of transaction requests, it runs each through a validation program. The operation is simple—just about as simple as you can get. It confirms that you are who you say you are and that you’ve got enough bitcoins to make your transaction. And then your transaction is either accepted or rejected.
What if, in your request, you could ask the miners to do more than this? What if you could say, for example, “Do not validate this transaction until I’m dead.” Or “When you do validate this transaction, adjust the amount that I’m sending based on the current price of Tesla Motors stock.”
In the first example, we have the beginnings of a will that disburses money to your heirs autonomously, without the need for a lawyer. In the second example, we’ve started to build a decentralized stock market.
Both examples are egregiously oversimplified and create many more problems to solve, but they serve to demonstrate a point, which is that the computations miners perform could evolve to be much more exotic than they are today. This is the fundamental idea behind the term “smart contracts,” in which miners take a role in enforcing the terms of a financial agreement. Blow the idea out as far as it can go and you can imagine fully autonomous corporations that link financial transactions to smart devices with contracts negotiated on the blockchain.
Right now, Bitcoin has limits on how fancy these contracts can get. It uses a minimalist programming language that restricts the kinds of operations that miners can run. But the developers are constantly debating whether to add new functionality to the protocol.
Some added complexity will be necessary if Bitcoin is to evolve beyond being a static ledger. In recognition of this, the developers added a new feature in 2012 called a multisignature transaction. It lets users divide ownership of a Bitcoin address among many people by assigning it multiple private keys. Since then, many companies have emerged that are specifically offering escrow services based on multisignature transactions.
However, changes to Bitcoin’s open-source protocol inevitably take time. In order to ensure that everyone in the Bitcoin network is playing by the same rules, it’s necessary to craft updates in a way that satisfies all parties, a process that can be grinding, to say the least. Some say this puts a limit on Bitcoin’s ability to evolve. “There are now five major constituencies in the consensus mechanism: developers, miners, merchants, users, and service providers (Web wallets). Consensus actually requires all five in order to achieve major protocol changes,” says Andreas Antonopoulos, author of the user’s guide, Mastering Bitcoin. “We may be nearing the end of the era in which radical alterations were possible. The window for major changes is narrowing,”
Recently, programmers quite high up in the Bitcoin chain of command have devised a possible solution. Adam Back, the cryptographer who invented the hash-based proof-of-work function that is central to Bitcoin’s security, has long been encouraging the adoption of parallel blockchains, called sidechains. These would function as little cubicles of innovation in the Bitcoin ecosystem. The idea is that you could freeze your coins on the main Bitcoin blockchain in a way that would make them unspendable and then transfer their value to another parallel blockchain that communicates with the main chain, recognizes the exchange, but operates by its own set of rules. The process would also be reversible. With sidechains, developers would be free to construct exotic transactions platforms. And bitcoin owners would be free to play in these new, experimental spaces without completely leaving the Bitcoin ecosystem.
This month, Blockstream, a company that Back cofounded with 10 other Bitcoin heavyweights, released an open-source implementation of the sidechain concept called Sidechain Elements.
Ethereum isn’t waiting for the Bitcoin blockchain to catch up to its ambitions. It is a project, built off an entirely new blockchain, that seeks to turn the mining network into a fully operating distributed computer. Rather than giving miners a few new commands to execute while validating transactions, Ethereum enables miners to run any piece of software they want. The sky is the limit, which means that miners could run software that has nothing to do with verifying the transactions themselves. On the date this article was published, Ethereum existed only as a limited-access test version, and there have been many postponements of a formal launch. But, theoretically, when Ethereum does go live, you will be able to use it as a platform to build and interact with any kind of application, replacing the Internet’s patchwork of servers with a single shared virtual machine. The ultimate vision is almost delusional in its grandeur: “We’re building a new kind of Internet,” says Lubin.
“For Ethereum, because every node has a computationally complete virtual machine, a developer can basically load up a transaction with computer code...and inject that transaction into the network,” he says. “The system then recognizes it and installs that code...on every node on the network. In a second or a few seconds, your application is deployed instantly across the whole world.”
Interacting with applications would then just be a matter of sending ethers (the equivalent of bitcoins in Ethereum) to the network and requesting access to the software on the blockchain.
Funding for the Ethereum project has been fantastically successful. The Ethereum Foundation, which is a nonprofit organization registered in Switzerland, chose to raise funds by selling ethers in an open sale. Unlike Bitcoin, the Ethereum Network was designed to create a bunch of ether coins before the network was opened to the public, in a process called a “premine.” For 42 days last summer, the foundation sold a fraction of its reserves, exclusively in exchange for bitcoins. The sale brought in 31,529 bitcoins (worth over US $18 million at the time, but worth less than half that amount now). This quasi-crowdfunding experiment succeeded not only in raising the money to go forward but also had the benefit of equipping software developers outside the core Ethereum team with the ethers they need in order to build applications on the blockchain.
During the last couple of months, developers have been showing off the early versions of their projects at Ethereum meet-ups around the world. At a session this March in New York City, one developer, Connor Keenan, demonstrated an application that performs all the essential functions of a Web content forum like Reddit. Code for the program is now written into a software object called a contract on a test version of the Ethereum blockchain. In order to use the program, you would create and broadcast a new transaction into the network (spending minuscule amounts of ether to the ether address of that contract. The Ethereum miners would then run local copies of that program on their mining computers, enabling you to add posts and comments, and so forth. Another presenter unveiled a rudimentary video game.
You could similarly imagine programs that accepted transactions to stream movies, negotiate complex financial agreements, or set up a kind of decentralized corporation.
Take a car rental agency, for example. Instead of going to a kiosk and talking to a human being who swipes your credit card and gives you your keys, you would send a transaction through Ethereum, which would establish a contract between you and the rental agency. That payment would also be the code that activated a smart card (or an iPhone application or whatever is standing in as a key in the future) to start your car. Other software in the blockchain would monitor the number of miles you drove and would figure that into your payment, and the revenue would then automatically be disbursed to the owners of the company. Those in the Bitcoin camp respond that this kind of model is unnecessary and perhaps even a recipe for disaster. “I’m pretty pessimistic about the more complex ideas—distributed autonomous corporations that operate independently and somehow magically manage to keep themselves secure,” says Gavin Andresen, one of the developers who works on the core Bitcoin protocol. “Maybe eventually, when we have self-driving cars and robot inspectors, then you can start getting to, ‘All right, maybe we can have a completely independent company that’s ruled by code and there are no people involved.’ Maybe then we need supercomplicated contracts on the blockchain. But I do think it’ll be a long time before we’re there.”
If we are to get there at all, argues Lubin, it probably won’t be through Bitcoin. “It is a narrow protocol. It does one thing, and it does that very well,” he says. “You probably could build everything that you could build on Ethereum [with Bitcoin]. And it would probably take you 10 to 100 times longer to develop it. In Ethereum it all happens at the application level. It turns everything on the application level into software that millions of people know how to write, as opposed to complicated fiddling with cryptographic primitives.”
It’s quite incredible that, only six years after Bitcoin was created, there are those within the community who are ready to call it narrow. Developers in this space may quibble about what the future looks like and where the next generation of Bitcoin applications will emerge, but there’s one thing they all agree on: The future will not be centralized. In this regard, at least, Bitcoiners have achieved a happy, human consensus.