This interview is an extended version of a piece featured in Quartz’s new book The Objects that Power the Global Economy. You may not have seen these objects before, but they’ve already changed the way you live. Each chapter examines an object that is driving radical change in the global economy. This is from the chapter on Satoshi’s paper, which explores the decentralization of power.
In January, I interviewed ethereum’s inventor, Vitalik Buterin, when ether was trading at $10 and before “initial coin offerings” were a thing. Two months after we spoke, ether began a historic run-up to nearly $400; while ICOs have raised well over $1 billion this year using crypto-tokens built on the ethereum blockchain—an amount that even Buterin surely couldn’t have foreseen.
Buterin discusses funding the internet with tokens, ethereum’s planned switch to a new type of consensus algorithm, and what he does during an emergency like 2016’s DAO hack, which saw tens of millions stolen in hours, with millions clawed back within days by ethereum developers.
The following is edited for clarity.
Quartz: What do you think of this notion of “fat protocols,” that blockchains for the first time allow developers working on them to capture value?
Buterin: A lot of different base-layer protocols that we rely on in the internet, in peer-to-peer networks, in various kinds of communications, these protocols have provided huge amounts of value. But there has always been this public goods problem in trying to actually fund the ongoing development and maintenance of these protocols.
One of the worst examples of this was the Heartbleed bug back in 2014, when basically a huge number of websites ended up getting hacked. When they dug down as to why it happened, it was because there was a bug in one of the OpenSSL libraries, a library that’s used by huge numbers of people. When they tried to figure out what’s wrong, they realized that there is basically no funding going into OpenSSL whatsoever, and it was basically three volunteers.
In that particular case, they ended up getting their act together and coming up with a funding strategy. In general, you know that when you have public goods, public goods are going to be in very many cases underfunded.
So the interesting thing with a lot of these blockchain protocols is that for the first time you have a way to create protocols and have protocols that actually manage to fund themselves in some way. If this kind of approach takes off, potentially, it could end up drastically increasing the quality of bottom-level protocols that we use to interact with each other in various ways. So ethereum is obviously one example of that, we had the ether sale, and we got about $8 to $9 million by, I guess, basically selling off a huge block of ether. If you look at lots of cryptocurrencies, lots of layer-two kind of projects on top of ethereum, a lot of them tend to use a similar model.
What are the benefits of this token-based funding mechanism?
I think it has a lot of potential benefits; it obviously has natural limits as well. One of the challenges, for example, is because people have realized that protocols that have tokens in them can be fairly easily funded in this way, there are a lot of people trying to make protocols for whatever application they are trying to build. They are trying to design them in such a way that they worm a token in there somewhere and pre-mine the token so they can sell it on the market. In my opinion, this is not very nice because protocols get a whole bunch of unnecessary complexity around them because they have to be designed around this extra token that’s really not necessary.
So there’s going to be some protocols that could be made with a token but it ends up making them clunkier to use. There are also situations where tokens make no sense whatsoever, if you look at peer-to-peer messaging protocols for example. It’s not going to solve the whole problem, but it’s definitely an interesting addition to the way internet infrastructure is funded.
Do you think cryptocurrency developers are distributed enough globally?
It’s complicated. China is definitely very active in the bitcoin space, but one of the issues is that it’s active in terms of bitcoin mining; it’s active in terms of bitcoin exchanges and bitcoin trading; but much less active in terms of core technology development, the bitcoin base and second-layer protocols, and so forth. That kind of bottom-level protocol research is still something that Asian countries in general are a bit behind in.
I mean, there are examples to the contrary, but in general, the places where the ideas are developed and the places where a lot of the base code is written is still either in the US or parts of Europe like Germany and Poland. Hopefully, we’ll see that change over the next few years, but we’ll see.
Can you describe how the ethereum developer world responds to an urgent situation like the DAO hack?
There’s definitely an emergency response component to this. If something happens, then yes, people need to get on the internet and get together to solve the problem really quickly. It also gets more interesting because our developers are scattered all over the world—some people are asleep, some people are in their morning, some are in their evening, some are in the US, some are in China—and you just have to get as many people as you can to come up with a solution.
Can you walk me through what happens?
In general, when some kind of technical incident happens, the first thing we try and do is, as soon as someone detects that something might be wrong, they try and send a message out on a channel, and then other people try to confirm it. Then we try to deduce whether or not it actually is a very serious issue.
If it starts to look like it is, then in parallel we try to reach out to everyone [who uses it]. If some key individuals are not online on Skype we try to give them phone calls. Sometimes it even goes as far as giving peoples’ girlfriends phone calls—or the other way around.
Where is this all taking place? On Skype?
I know bitcoin loves using IRC [internet relay chat], but ethereum doesn’t really use IRC much. We are generally between Skype and Gitter. That is a cultural difference, I guess. There are bitcoin people that came more from the 1990s cypherpunk scene that likes IRC, whereas people like myself just find it inconvenient.
What’s the most intense stretch of time you’ve been on emergency mode?
I personally have done 10-hour all-nighters before. There have been other situations where developers ended up working for days straight (like the DOS [denial of service] attack) because they started finding attacks that really hit fundamental issues with how the client was designed, so we had to rewrite a bunch of things.
Communication with users seems to be a key part of all this, to prevent a panic. How do you keep on top of this?
Yeah, communication is definitely crucial. The important thing is, we let people know what’s going on, and we generally try to make blog posts, post on Twitter, post on Reddit, make sure we keep people updated, make sure people understand what’s going on, make sure people see we are working together, and trying to fix things.“Hard forks are more like negotiating treaties.”
How is the response by an open-source blockchain community different from other online services?
I’m sure there are plenty of online services that end up getting into similar issues. If you just imagine when something like Ashley Madison got hacked, I’m sure they had people sitting there in war rooms trying desperately to figure out what’s going on, figure out if there’s any way to mitigate the situation, and how to spin it to the media, and other ways to reduce the damage and so forth. And I’m sure that happens inside you know, Gmail, inside lots of other services.
I think the main difference between those situations and what we have to deal with is that first of all we’re globally distributed. Sometimes we all manage to sit inside a physical war room, but sometimes it’s more virtual across Gitter and Skype and we’re in 10 different locations.
It does have some elements of how countries might react to the various mini crises that end up emerging between them because of a misunderstanding. You have to get on the phone and quickly talk to each other to first of all make sure that they are happy with the situation and make sure that they are able to work together.
If the ethereum blockchain is a country, what is your role?
That’s a difficult question. I’d say early on, I am definitely one of the key people involved in investigating the situation and trying to figure out what the actual issue is. Personally, I also do end up [being in the] the position that I don’t necessarily have full control over what gets released. That’s just a matter of the developers coordinating between themselves, and if I try to insert myself too much I’ll only slow things down. In crisis situations I think I just tend to be one of the people working to fix things.
If we start talking about more long-term strategic things—so if you look at planned hard forks, for example, things like Homestead, or things like Spurious Dragon two months ago [November 2016], or Metropolis that we’re planning on doing in a couple of months 1 those situations are more pre-planned and they involve more medium-term and slower paced kind of coordination.
Look, if you think of responding to emergency events as being like [a radar] detected some flashing red dot and [we’re] trying to figure out if it’s a missile or a birthday balloon, then hard forks are more like negotiating treaties, right? That’s the difference; different kinds of objectives and different kinds of constraints, and it’s also something that’s fairly unique to the ethereum space, I’d say, because there are other projects that have done hard forks, but they tend to have one single, very well coordinated, very small development team. And in bitcoin you know, they just don’t do hard forks, period. They do soft forks, and the soft forks themselves tend to be developed by one single development team.
How would you describe ethereum’s governance model?
It definitely does not have any of the what I would call the “inaction bias” that bitcoin has. In ethereum, if a clear majority of people are happy in one direction, at least at this point, it tends to happen. It’s a system in flux that’s supposed to change a lot. It’s not a dictatorship; I basically have no power, for example, over Parity, the company or the clients. If I try to push a change through and they don’t like it, they could quite easily refuse to implement it and the situation would get quite chaotic. And because I know that, I’m not going to try to propose changes that I know lots of people would disagree with.
It is kind of technocratic in some ways, because right now there is a small group of people that really deeply understand all the different ethereum technical considerations—a lot of decisions do tend to get made by a small group. But in the longer term that is definitely something we are looking to democratize. The first step isn’t so much democratizing decisions as much as possible, it’s even more about democratizing the technical understanding, the ability to see what the trade-offs are, and understand why one approach may be good and why another approach might be good and how the different trade-offs fit with people’s different values.
So that’s something I’m trying to very actively push forward on, it’s also something that Vlad [Zamfir] is trying to push forward on. We do want to see a large number of people who can provide meaningful input on protocol changes. And in the longer term, the community should be able to move forward without any of the original founders if it really needs to. But obviously it’s going to take time to get there.
“Community” can be a nebulous word. Who is the ethereum community?
The most important group of people is probably the users. It’s people that use ethereum, that build applications on ethereum, that use applications built on ethereum, that benefit in some way. It is hard to define and quantify what a user is, and that definitely is a challenge, but ultimately, at the end of the day, that is the most important constituency.“The bitcoin core developers are coercively forcing a fundamental change in protocol economics on the entire community.”
What if it turns out that all the users are currency speculators, and they want the protocol skewed to benefit them—would that still be a valid expression of what the ethereum community wants?
In the case of bitcoin, people have different views on this. There’s one faction that says the thing that bitcoin should try to do is maintain all its existing properties, and if you could optimize in ways that are purely unobjectionable and agreed by everyone to be good then, sure. You have to keep the 21 million [bitcoins] limit, you gotta keep the block size limit, you gotta keep decentralization; all this stuff [bitcoin] has right now. The philosophy is about trying to guarantee that all of these properties that people expect to have don’t end up changing.
The first camp is actually making this kind of bait-and-switch with their logic because ultimately people don’t care as much if the block limit is 1 megabyte or 4 megabytes or 400 kilobytes, or 20 megabytes—they care about the fact that if they send a transaction it can fairly easily get a confirmation without much hassle. By not increasing the block limit the [bitcoin core] developers are actually coercively forcing a fundamental change in protocol economics on the entire community.
They should really keep pushing the block size up so that it’s slightly above what the transaction load is anyway. And the second group makes this argument. The first group makes their own argument that says “no, no, no, decentralization is really important and the higher blocksize is bad for decentralization and we gotta continue from there.”
In the case of ethereum, if somehow 80% of ethereum’s users just ended up being cryptocurrency speculators, would we then have a social responsibility to start optimizing for that constituency, because that would end up being our constituency? That’s an interesting philosophical question.
I guess in practice if the community went that way, I do expect a lot of people would just kind of leave and go to another project because at least in ethereum, cryptocurrency speculation isn’t the sort of thing that really excites people. Obviously, we have a cryptocurrency and obviously the price goes up and goes down. But whereas in bitcoin the protocol exists to maintain the currency, in ethereum, the viewpoint is much more that the currency exists to maintain the protocol. And look, realistically, I would say the kind of properties in ethereum that people are interested in are basically its utility as a platform for running decentralized applications.“I’m becoming more and more concerned about just how secure mining actually is.”
Was the DAO hack a visceral lesson in emergency response?
Actually, in general I’m quite happy that we ended up having such a major wake-up call at a time when we were still relatively small and when ethereum was well coordinated enough—we managed to recover 90% of the funds in the hard fork. If that had happened in 2017, it could have easily been $400 million gone and it could have easily been way too hard to hard-fork it back.
What are the existential threats for ethereum that you see on the horizon?
I think for the protocol to really achieve its true potential, first of all, figuring out security and figuring out scalability are both important. We’re looking heavily at proof of stake right now and I think in the long term it’s going to be crucial for security, because as time goes on, I’m becoming more and more concerned about just how secure mining actually is.
What is the concern with mining?
There are a few concerns: so one of them is that in the case of bitcoin, 70% of the hash power is in China. If the People’s Bank of China at some point decided that it wanted to shut bitcoin down, it could basically make a big operation where, in one night, it does a bunch of nighttime raids and forces all these mining farms to participate in a big, huge, 51% attack and do this over and over again, to the point where basically bitcoin has to hard-fork to another kind of proof of work. When it does that, it will only take one to 10 million dollars to attack bitcoin again, and at that point, basically, it’s stuck. You could easily kill the protocol.
If you look outside of bitcoin, in the context of ethereum, there is always the possibility that there is going to be some other cryptocurrencies with higher mining rewards that attract all the miners. Then, if there are more miners outside of ethereum than inside of ethereum, there’s the risk they will all coordinate and do a 51% attack against ethereum at the same time. There are risks that the various kinds of incentives between miners of various cryptocurrencies [cause them to] attack each other in various ways—there are all sorts of possibilities.
How does proof of stake get around those issues?
Let’s suppose that, instead of the People’s Bank of China, we’ll say some major US bank decides it’s going to be evil and it’s going to try and destroy ethereum. So it basically says, “OK, it looks like there’s 8 million ether sitting in the proof of stake validator pool, the bank is going to buy up 9 million ether, and it’s going to deposit it, and it’s going to attack the consensus algorithm.”
What you could do from there is, if there is a failure, you would know who is responsible, so you could do a hard fork, and in that hard fork, you could delete the attacker’s 9 million ether. From there they could do this once, 51% attack ethereum once, but at the cost of basically destroying $90 million of their own money.
Now, the ethereum community would basically be a bunch of chaos on the forums for a day, but we’re going to be able to coordinate, we’re going to be able to recover, we’re going to be able to push out, [and] agree fairly quickly on a patch, tell everyone about the patch, and ethereum’s going to keep on going. And this game’s going to keep on going several times and at some point, either we give up trying to keep on making these hard forks or they give up on wasting $90 million over and over again.
Chances are, it’s very clear that the effort the community makes on one of these emergency hard-forks is much less than $90 million, so the bank is just going to end up giving up first. So it’s leveraging this sort of natural cryptographic asymmetry. So I really don’t think, with a properly designed proof of stake algorithm, 51% attacks are going to be that viable a strategy of attacking the protocol.
How high up the to-do list for you is proof of stake?
I definitely say it’s in the top three. The other two would be one: scalability, and the other one is privacy; zero-knowledge proofs being a major one. The fourth one would be the general protocol, economic incentive compatibility.
Ethereum moving to proof of stake would mark a major shift for cryptocurrencies in general.
I’d say so. Proof of stake definitely does operate on completely different economic laws from what proof of work operates on. And some people disagree, but in my opinion, those economic laws are much more favorable to cryptocurrency protocols. I think once it happens it’ll definitely put the space on a more substantial and more robust footing.
How would proof of stake change cryptoeconomics?
It becomes impossible to just attack a chain over and over again unless you’re willing to burn $90 million every two days. The second thing is that if you have multiple chains, the two chains can’t attack each other because they’re operating on separate cryptocurrencies. I think it would make the cruyptocurrency space more peaceful rather than one where cryptocurrency protocols feel like they have to be at each other’s throats.
What happens to the mining economy?
Oh, the mining economy will definitely be deluged fairly heavily. The thing is, they have known for quite a while that proof of stake is going to happen and we have been extremely open about it. We’ve been public about the plan. Basically the miners all realize that mining cryptocurrency is something that is a fairly finite thing and they know that once ethereum goes to proof of stake they’ll have to find something else to do.
Now there are at least a few other things that miners can do. For example, one of the things I’m hoping for is that some of these decentralized applications on ethereum are going to do fairly well, and there are going to be forms of second-layer mining that you can do on ethereum. This would include participating in decentralized computation networks, participating in various decentralized mesh networks, cloud storage systems, and that might end up turning into a secondary source of revenue for miners.
What decentralized apps do you find interesting?
There are a few categories that are flourishing already. Some of them are various financial applications, financial contracts, derivatives, things like Maker. Games are another one. In the non-financial space, identity verification is getting to be a big one. With prediction markets, Augur and Gnosis are going to be fairly successful. Also in the not-quite financial space there’s an interesting thing called Akasha. It’s an ethereum-based forum that uses ether-based cryptocurrency mechanisms to manage things like upvote and downvote and spam prevention.
In the short term, in terms of games, there’s a fairly large base of interesting things that you can do. You can do things like play chess for money on the blockchain and you can have it be enforceable so that the winner of the game gets some payment. You can have a smart contract actually enforce the rules of the game.
Potentially, you can push this whole concept much further. You can even imagine an entire MMO [massively multiplayer game] where the whole thing is done, maybe it’s decentralized, maybe semi-centralized, but you have this kind of cryptographic audit trail of all the different moves all the players make and how all these moves interact with each other. You can imagine the game being played using this combination of blockchain and various off-chain mechanisms where you know that it’s provably fair and everyone’s getting rewarded in real-time exactly the way that they should be. That’s in the longer term, that’s something that might be fairly interesting.
In the identity space, there’s a lot of potential there too. Imagine signing in with Facebook except without Facebook. That’s basically the pitch here. One of the bigger challenges there is we need to come up with a decentralized user account solution. So how do people manage accounts on these systems without running the risk of people losing their accounts by losing their private keys? And at the same time make sure that it’s non-centralized and still convenient enough for people to use? That’s a very interesting problem.
Do you ever wish you were anonymous, like Satoshi Nakamoto?
I just think, honestly, that would just be too hard. And I’m the sort of person where if I had to hide all my life from people I would just get way too lonely too quickly.
Check out Quartz’s new book The Objects that Power the Global Economy.