[Music] [Music] [Music] hello and welcome to the final lecture of the series on Bitcoin and cryptocurrencies a title that perhaps appropriately enough the future of Bitcoin and you’ll see that I had a question mark there and I put a question mark there for two reasons one is that I’m not claiming to have any special insight into what the future of Bitcoin is going to be I’m not going to make any predictions you can think of this as possibilities for the future of Bitcoin perhaps but another more important reason that I wanted to have a question mark there is that a lot of these ideas for where Bitcoin is going to go and where cryptocurrency technologies are gonna go and where blockchain technologies are gonna go has come from entrepreneurs and developers and hobbyists etc and that’s great now one of the consequences is it’s had is that this conversation has tended to be a little bit breathless at times of how blockchain technologies are going to revolutionize the world and it’s great to see that kind of enthusiasm but as an academic researcher one of my roles is to consider all of these proposals and to categorize them analyze their pluses and minuses and necessarily almost take a little bit of a skeptical view and so on so I’ll be doing that in this lecture as well and that’s the other reason I had that question mark in there so we’re going to be taking a look at these technologies but also sort of analyzing them critically okay so when we say the future of Bitcoin that could be interpreted in a few different ways one is thinking about how the Bitcoin system itself is going to change are there going to be a major Forks and we’ve seen hard Forks and soft works before we’ve seen what that would look like potentially one could think about whether that’s going to happen and what new features would go in if that were to happen one could talk about efficiency and scalability improvements and so on so modifications to the Bitcoin system itself that’s not quite at the sort of thing that I’m interested in in this lecture in particular what I mean when I say the future of Bitcoin is a set of ways in which blockchain technology can be used it’s been proposed to decentralize a variety of things stocks bonds even property whatever that means we’ll see so in other words people have looked at Bitcoin and went hmm we managed to decentralize currency actually worked let’s decentralize everything so it’s this notion of decentralizing everything that we’re gonna drill pretty deep into we’re gonna look at the technology and we’re also going to try to understand if that’s a good idea for society is it a good idea economically etc okay so what do I mean by this more specifically let’s look at blockchain as a vehicle for a decentralization and I’m going to have a motivating example that I’m going to use to begin talking about this but also come back to again and again in this lecture it’s going to be our running example and this is something that’s called smart property smart property is something that’s been proposed been around as an idea even before Bitcoin but now it’s taken on a much more concrete form so let’s look at what smart property is and how that would work and how that would be integrated with the Bitcoin blockchain so here’s the idea let’s look at it through the example of a car and car ownership and selling a car and so on so the first key idea is that the car is controlled by a cryptographic key you have a digital key that opens your car but further there is some crypto that’s built into it how does that crypto work the car has a public key that’s hard-coded into it and your key is going to have the corresponding a private key corresponding to this public key and therefore perhaps when you approach the car your key is going to automatically send a signed message to the car using for example Bluetooth and the car having the right public key is able to recognize the authorized signature and since only your specific key has the right private key embedded into it nobody else will be able to fake that signature and so you’ll be able to approach and enter the car so this is a foundational idea of smart property that we’re going to take it to the next step but this is where it starts and this I have to say if you are going to make a digital car key this is probably a really good way to do it this is much better than a solution for example where the car has a secret number encoded into it and your key also has a secret number and your key simply sends that secret number to the car which verifies if it gots the right secret number this is of course really unsecure because it’s subject to play attacks and so on but instead a asymmetric cryptography based solution is a good way for authorizing the owner to enter the car so let’s assume that we have a card that works in this fashion what can we do with this in particular what does it mean to integrate this with the blockchain let me show you so the next step in this design is that instead of having this public key hard-coded what this car is going to do is it’s going to dynamically update its public key based on what’s going on in the blockchain so what does that mean when the car rolls out rolls out of the factory it might have a particular transaction in the blockchain hard-coded into it with the understanding that whoever owns the private key corresponding to the output address of that transaction basically controls the car so in other words the public key that the car uses to authorize the right owner corresponds to the public key that’s the output address of this Bitcoin transaction so you don’t have to have some specific types of crypto to make it work the signature scheme that the the car is using should be the same as the signature scheme that Bitcoin uses and so on but those are technical details that we can assume can be easily worked out right and the car you have to assume is running a Bitcoin node and is constantly listening to the blockchain and using that to update its key so how might that work so this is a block in the blockchain the next block rolls around nothing of particular interest happens and now we have one more block but here there is something interesting we have a transaction in the new block which consists of transferring this particular transaction to a new address and that new address let’s say happens to be the public key of Bob and so what will happen now is that the car will automatically update its public key upon noticing this transaction to be this new public key and whoever has the private key corresponding to this public key will now be able to send the appropriate authorites assigned a message to the in order to activate it and that’s going to be Bob now so Bob’s key now activates the car and in this universe there’s no distinction between ownership of the car and the technical ability to open the car or activate the car by sending the right signature so if we make that assumption this Bitcoin transaction actually constitutes a change in ownership of the car so that sounds pretty crazy but now we’re actually going to take it to the next level of technical sophistication what we’re going to do is you know it’s not enough to just have a way to transfer ownership of the car for this to be meaningful in the real world you have to have something that represents what a sale of the car might look like sale of the used car from Alice to Bob so what’s necessary they’re not merely transfer of ownership of the car but also transfer of payment from Bob to Alice right but here is the key technical problem even if we assume that Alice and Bob managed to get to the same physical place at the same time which in the car example is natural but of course we might want to use this technology for other things like selling something over the Internet but let’s not even get to that level of complexity even if Alice and Bob are in the same place over the same time these ownership transfers or transfers of payments are things that are happening purely in the blockchain right with no physical record on real paper or their actual signatures or anything like that but one of them has to go first if Alice transfers her car ownership to Bob Bob might claim that’s the end of the transaction and walk away without making the payment so how will Alice prove to somebody if she say wants to sue Bob that Bob didn’t hold up his end of the transaction that seems like a problem so we actually want to find a technological solution to this so to solve this problem of Alice and Bob being able to pay each other but with neither of them being able to quit the transaction once the other one has done their half of the transaction here’s the technical solution that we can use we’re going to create a single Bitcoin transaction that combines Bob’s payment to Alice with Alice’s ownership transfer to Bob and recall that this is a technique that we’ve used before you said before in coin join to create a single transaction that combines different parties funds together to get it out in a different order and we’re using the same technique here now this transaction has two inputs and two outputs the first input and the first output corresponds to what the car understands to be representations of ownership of the car but the second input and the second output correspond to the Bitcoin payment that Bob is making to Alice in exchange for the car now to be sure these inputs this input in this output will also correspond to actual Bitcoin value but it will be minuscule Bitcoin value probably a Satoshi probably something very little so it doesn’t really matter the only financial aspect of this transaction that matters is this input and this output that will correspond to the car payment so as we saw in coin joint you can create a transaction like this and both parties can separately put their signature on it so that’s exactly what Alice and Bob will do it no longer matters if they’re in the same physical place or not one of them will construct the transaction sign it send it to the other and the other party will not be able to change any of the parameters of the transaction without violating the first party signature and so the only option that the other party has is either to quit the transaction in which case no transfer has happened either a phoner ship or of payment or to put their own signature on the transaction and to broadcast it to the blockchain and once it gets confirmed of the blockchain when it has six transactions or whatever whatever number that the car is looking for in order to signal a transfer of ownership both of these will happen simultaneously the car will switch owners at least in two in the sense of who can control activation of the car as well as money will switch hands so we’ve accomplished something remarkable here and this has some far-reaching consequences and we’re gonna keep coming back to this example and understand this in better detail and talk about the different aspects of what we’ve seen but let’s start with something basic so this is a technological way of representing ownership and transferring ownership but what is the real-world analog exactly that placed and how does this constitute a form of decentralization now if you think about for a real car as things happen now what constitutes ownership it’s clearly the title document so we’ve gone from this world where the title document represents ownership and let’s be clear this is a centralized form of ownership what does that mean the title document only has meaning to the extent that the DMV recognises it and to really drive home that point when you sell a car it’s not enough to physically transfer this document to somebody else one of you has to actually go and register that with the DMV so there has to be a record of this in the centralized database that’s what it means for a car to change hands so it’s that inherently centralized system controlled by the state and so we’ve taken the state out of that whole equation and we’ve made it a purely technological process of what it means for a car to have a certain owner and furthermore we’ve done this pretty cool thing which is to inherently couple the transfer of ownership of the car and the transfer of the payment and all this is a completely decentralized process in that there is no intermediary anymore so we’ve achieved decentralization in the sense of disintermediation this is one of the types or levels of decentralization that we’re going to see in this lecture and there are going to be several more so this is the first of many examples that we’ll see in this lecture that allows us to use blockchain technologies to decentralize one of any number any variety of different types of real-world analogues and we’ll achieve different types of decentralization but two technical features that are going to be common to most or all of these examples are what are called representation and atomicity and we’re going to keep coming back to representation and atomicity what are these so representation is the question of how do you encode some sort of complex transaction from the real world into something that can be understood in the blockchain in the example that we saw the way that we did this is we took the idea of a public key that the car uses in order to look for the right signature to authorize the owner and we simply represented that public key as a Bitcoin address so we turn views this hack this equivalents to solve the problem of representation Adam Missa T is the other technical concept which is how do you couple at the different sides of a transaction so that’s they all have to happen together or none of them at all Adam isset e is an important security feature it’s not the only security feature we’re gonna see some others and this sort of thing can happen without atomicity but it’s a particularly important one and in general when we talk about a particular way to use blockchain technologies for decentralization it’s not really going to be viable unless it supports some form of atomicity all right so let’s put these questions here that we’re gonna use to frame the rest of the lecture one obvious thing we can ask is what else can we do centralize this way and we can ask can this be done using the Bitcoin blockchain itself or does it require an alternative blockchain and we can talk about what are those are there alternatives to add Amissah T that I alluded to in the previous line and finally something that interests me a lot is that is it actually a good idea to do commerce like this does it what problems does it solve compared to the real world does it introduce any new problems is it good for society is it going to be feasible in a business sense so these are all questions that I’d like to take up the first thing to look at though is what are the different routes to blockchain integration so a lot of different routes to blockchain integration have been proposed and in the Bitcoin community you’ll find people who are quite partial to one way or another so let’s look at four different avenues and let’s get a quick look at what some of the advantages and disadvantages of these routes are the first one sort of the obvious default one is to directly use the Bitcoin blockchain itself and this is the one that we saw in the smart property example as we walk through the steps the advantage of course is that it’s easy to deploy the blockchain is here it has all this minor power behind it so we know that it’s something that’s very secure the consensus process cannot be easily disrupted on the other hand even though we were able to use some hacks in this example to achieve representation and atomicity it’s not always the case there’s no fundamental reason to believe that if you have some arbitrary arbitrarily complex contract between different parties that it can be represented adequately on the blockchain and that you can execute it atomically so to get a better idea of what this might look like and what it would some of the challenges to Adam sed and representation are let’s look at a couple more examples in how you might try to decentralize them directly on the blockchain so the next one we’ll look at is the notion of crowdfunding a kickstarter style for example but without actually having a centralized intermediary like Kickstarter so in other words here’s what we want to happen we want a completely decentralized system where some entrepreneur can ask for donations or contributions but we should be technologically assured without the existence of an intermediary that’s that entrepreneur is only able to spend that money if they collect enough of it to reach a certain pre specified threshold so here’s how we can accomplish that technically just using Bitcoin what the entrepreneur will do is create a single transaction with an arbitrary number of inputs that can vary as the process continues in a single output for let’s say value of 1000 and they’ll send this around and try to collect contributions and so of course any Bitcoin transaction has the property that its spendable only if the sum of the inputs is greater than the sum of the outputs or the single output in this case and what will happen is that this transaction will gradually accrue signatures from people contributing different amounts of money and each of the parties will only sign her own input and the overall output and this is a uses some features of Bitcoin some little used features of Bitcoin in order to achieve a transaction where you can produce only this limited form of signature so the entrepreneur will go collecting these signatures but the Bitcoin transaction will only be spendable if the sum of the inputs eventually reaches greater than or equal to the output value that’s been pre specified so this is something that you can actually achieve today on Bitcoin but already we see that it starts to get into some little-known corners of Bitcoin it’s not the everyday type of Bitcoin transaction but now let’s look at another example which starts to get even more confusing and here’s what I’m talking about this is something called paying for a proof and let me explain it in this way let’s say that there’s an there’s a hash function H and Alice claims to know as some input X such that hashing X results in some constant C that’s known to everybody in other words she knows the hash preimage of some value and now Bob would like to pay alice in exchange for knowing this value of x that maybe this number X is the solution to some very valuable proof-of-work computation but it doesn’t need to be a hash function it doesn’t need to be an input to a hash function that Bob is paying Alice for it could be the solution to any pure function really and there’s some arbitrary function f Alice claims to know some input X such that f of X equals some known value and Bob would like to pay her for knowledge of this value but of course once again security is a problem this transaction happens over the internet we want to make sure that if Bob does pay Alice then Alice is necessarily forced to transfer knowledge of X to Bob and one way in which we can achieve that is we can atomically couple Bob’s payment with alice’s publication of exon of the blockchain so here she’s not secretly sending X specifically to Bob but instead she’s publishing it onto the blockchain but maybe that’s acceptable to Bob so this is also something that can be accomplished but it starts to get quite unwieldy with with regular Bitcoin all right so now let’s move to the second possible route which I’m going to call embedding and is also quite popular and what embedding is all about is it still uses the actual Bitcoin blockchain but instead it comes up with some sort of arbitrary maybe quite complex representation scheme for encoding different drilled world semantics into the Bitcoin blockchain so one example of this is colored coins which you saw in lecture 9 it’s colored coins are sort of similar to the representation of car ownership and transfer that we saw in the smart property example but it’s a little bit more elaborate in that in the car ownership example the car doesn’t need to scan the entire history of the blockchain it just comes hard coded with a particular transaction out of the factory and then it merely watches each block to see if that transaction gets transferred colored coins are a little bit more than that the color of a coin as it were is defined by its entire history and where its genesis comes from and so colored coins are a little bit more sophisticated to implement but at the same time it perhaps gives you a bit more in particular one interesting thing that it gives you is that everybody can agree upon what sort of transaction corresponds to transfer of a car ownership and there could be something else for ownership of some other type of objects and you can define as many of these colors as you want so everybody can look at the blockchain and know that a car sale has happened and how much was paid for it but of course they don’t necessarily know the participant identities this could be recorded as an advantage or a disadvantage and then there is also master coin which is also an example of embedding it turns out there are a variety of ways in which creative ways in which you can embed arbitrary data into the Bitcoin blockchain a Bitcoin has something called op return which is a type of script that allows 40 bytes of arbitrary data to be encoded you can also use fake transactions with non-existent addresses you can exploit multi signature etc etc so these are all possible ways in which you can encode data into the blockchain and thus embed your arbitrary transactions into the Bitcoin blockchain itself again and has some advantages and disadvantages more complex representations obviously but normally one might think that for getting more complex representations you’d have to use an altcoin an entirely separate chain altogether that allows those representations but instead what embedding allows you to do is combine the idea of getting complex representations with utilizing the security of the Bitcoin blockchain with all the mining hash power behind it on the other hand the scripting and add Amissah T are limited by that of Bitcoin itself but the scripting could get even more limited than just using Bitcoin because these new features that do you have defined these new representations might not interact well with bitcoins existing atomicity and scripting properties another thing to think about is that it results in unwanted transactions in the Bitcoin blockchain now unwanted is a contentious word this is a controversial property some people say that this is just fine but some people say that you’re using the Bitcoin blockchain for unintended purposes for purposes other than currency and so they try to discourage this kind of use I’m not necessarily taking a moral stance on this but just pointing out that these are the things that one wants to think about if you’re using embedding as a vehicle for a decentralization now let’s move to the third route which is something called side chains which you saw in lecture 10 I’ll just summarize it what you learned about in a single sentence these are a site at slide chain is a merge mind alternative chain so it still utilizes some are all of the mining power behind Bitcoin and the value of the Kiersey represented by the side chain is pegged in a one-to-one fashion because a proof of burden either chain allows you to redeem coins in the other chain and the typical use that it’s been proposed for is a Bitcoin testbed people want to try out different interesting modifications to and they want to do that without messing with the Bitcoin system itself but still have interoperability of currency between these two systems what perhaps we can use side chains with enhanced scripting properties let’s say in order to achieve some of these complex contracts and other things that no one wants to decentralize the advantage of course compared to embedding which is which it’s somewhat similar to is that you’re not polluting the blockchain but the downside is that in order to even support the notion of a side chain Bitcoin modifications are necessary so who knows if this is going to happen but if it does happen it could provide another interesting alternate route so now let’s get to the final route for a decentralization which is having a totally separate alternate chain and the best example of this is ethereum which is really intended from the ground up as a platform as a general framework for this kind of ledger based consensus which you can use for all kinds of things even creating your own currencies and what etherium does the key feature is that instead of bitcoins limited stack based a scripting language it provides a turing-complete script so this seems weird at first because it can lead to all kinds of problems on mining node is trying to execute a script and it could get stuck in an infinite loop for example so a theorem has a need a solution for this problem which is that minor computation will be paid for using an internal currency called gas by entities within aetherium in particular a theorem has this notion of a long-lived contract which is sort of a program with a minimal amount of state that lives within the ethereum blockchain it gets activated when a transaction is sent to it it executes for a little bit on the minor nodes and then it shuts down so contracts are these long-lived things that have their own accounts and their balances and so on and so they use that to pay for computation from miners now if you can achieve something like aetherium then it’s pretty much a dream situation for complex representations in atomicity you can take arbitrarily complex contracts and make sure you can represent them and execute them in an atomic manner but the concerns the challenges are more practical as something like this even possible in and since it’s an alternative chain will it ever have the sort of mining power necessary to make it really secure at least in relation to using Bitcoin and given that you’re allowing turing-complete scripts what sort of unexpected security problems does that open you up to so those are the things to think about when one is talking about a totally altcoin based solution like aetherium I should point out that aetherium mostly exists in an idea stage at this point so it remains to be seen to what extent it will be realized as a practical system but nevertheless at least as a thought experiment if there iam as fascinating in thinking about what sorts of powerful contracts can be decentralized using blockchain technologies coming back to smart property though let’s think about which of these approaches might be best well from a conceptual point of view any of these is powerful enough to accomplish what we wanted but when you start to get to more powerful contracts than there are going to be a lot of differences between the four approaches and the level of power and flexibility that they offer but another practical consideration also to keep in mind is that various things like SPV simplified payment verification proofs are going to be more or less feasible in some approaches compared to the others all right now let’s go back to the car sale example and ask what happens if there is a dispute about the sale of a car perhaps the seller sold a lemon car to the buyer and now they’re not happy with it and they want to reverse a transaction recall from one of the early lectures that we learned about escrow transactions particularly a two out of three escrow where in addition to the buyer and the seller there is a judge or a mediator who’s involved and how might an escrow payment looked like so the buyer is going to transfer bitcoins not directly to the seller but instead to a two out of three address which is controlled jointly by the buyer the seller and as a mediator or judge and the Toyota three account has a property that if any two of them agree then they can get the payment out of this intermediate holding address and get it back to either the seller if the transaction goes through smoothly or back to the buyer if there is a dispute and the transaction needs to be reversed but in no case to the mediators account they can’t steal the money so that seems like a pretty good technical solution that we can use to build some sort of dispute resolution mechanism on top of it but you might notice that this seems to lose a de Missa tee this is a two out of three escrow only for the payments but as we saw earlier what we ideally wanted was to couple the payments with the transfer of car ownership itself that also can be accomplished but it really starts to get a little bit unwieldy at that point nevertheless let’s look at this sort of escrow and dispute mediation and compare that to the traditional real world solution and see what that gives us so how would dispute mediation happen in the physical world with an actual dispute about a car sale it would probably go through the court system the court system is a again a centralized state controlled mediation process but what this gives you is the freedom to choose the mediator this is an entirely a private contract between these two parties and that they can choose that mediator to be whoever they want and this could be a good thing in some situations in particular you can argue that this notion of an intermediary for dispute resolution which is the court system has now been changed from a single entity that everybody must use mandatorily to a market a private market where different entities different intermediaries can compete based on the perceived fairness for example of their dispute mediation process as well as efficiency low costs etc etc there are of course a lot of challenges of this sort of situation immediately gives rise to huge conflicts of incentive between the mediator one of the participants they could be bribed for example so those are things to think about but one key disadvantage I’ll point to is that in the escrow process forget about even how the dispute mediation happens in the escrow process that you must use and Bitcoin to even enable a dispute mediation to take hold you have to tie up the funds for the period during which either of the parties is allowed to dispute the transaction and that’s a little bit of a problem it’s not a problem that you have in the traditional system and the reason for that is that in the court system if there is a dispute and one of the parties refuses to pay up you have law enforcement you can go after them you have their identity and that’s something that’s lacking in this system as well as in any of the alternative routes that we’ve looked at in order to achieve decentralization and we’ll return to this point again but the broader point I wanted to make here is that while earlier we saw an example of decentralization through disintermediation completely getting rid of an intermediary this is also a different form of of decentralization but it’s not disintermediation instead we’ve replaced a single mandatory intermediary with the freedom to choose your own intermediary and we’ve seen this before we’ve seen this in a different context in a previous lecture you saw the notion of decentralizing prediction markets and what we did in in that situation is also we allowed instead of a single party like in trade running everybody’s prediction market we said anybody can now start a market let’s really lower the barrier to entry if somebody wants to run a prediction market for in the next presidential election go for it and someone else wants to run a prediction market for the superbowl they’re free to do so in fact multiple people can run different prediction markets for the same event there’s nobody stopping them so you have this competitive market for intermediaries so that’s another sense of the word decentralization okay so let’s put what we’ve seen in spectrum on the one end in terms of the most centralized system as a single mandatory intermediary we also just looked at multiple competing intermediaries and there’s one more intermediate step which I’m calling a threshold of intermediaries we haven’t looked at that so far we’ll see that near the end but finally what we started out seeing what smart property is complete disintermediation no intermediary so I would but all of these on a spectrum it’s not completely distinct categories but it’s useful conceptually to sort of think of them that way now let’s think about another aspects of all of the protocols that we’ve seen so far which is security we started out by saying Adam isset II is a very important way to achieve security it’s not the only one we said there are going to be similar in ative x’ so what are they so here are some ways of improving security we’ve seen two of these the ones in the middle escrow with the dispute mediation as well as atomic exchange which completely automates the process but there are others and in fact the most obvious one perhaps is reputation where you don’t have any particular technological security enhancing mechanism but instead these intermediaries or whoever the parties that you’re interacting with build up reputations over the long term and so it they build some trust in that matter reputation is okay if in the absence of other security alternatives like atomic exchange but it has some problems first of all the entity has to build up this reputation over the long run right if whoever is the entity you’re interacting with is completely pseudonymous or anonymous then reputation doesn’t even apply and we see this problem even with real-world reputation systems for example restaurants or other businesses that obtain really bad reviews on Yelp might close and reopen may be in the same location maybe in a different location but simply rebranded right so that’s a problem in general with reputation systems also for the party to accrue positive or negative reputation there should be a way for establishing what they didn’t right or wrong that just goes beyond she said she said so looking at Yelp again it does work on a he-said she-said model which sort of works ok because there are real identities in Yelp and people sort of have to use their real names and of course a businesses operate under their real identities but here we’re talking about a universe in which everybody wants to be pseudonymous and so this sort of a model where it’s one person’s word against another might end up really becoming a non-starter there are also problems with escrow and disputed mediation we saw a couple in the way that escrow is done Bitcoin you have to actually tie up your funds and they become unusable during the time when either party has even the ability to challenge the transaction and of course dispute mediation leads to conflicts of interest and so forth we’ve seen atomic exchange whenever it is technically feasible then it’s probably a good idea and the last thing another thing that’s been proposed is trusted hardware it’s not always applicable but in some cases for example it’s applicable when the service that service that you want to pay for is something that’s entirely a software program and so what the developer can do is publish the code and execute it uninterested hardware module and so the people who are subscribing to that service or paying for that service can be assured that the code that they can look at and audit is the same code that’s executing and providing them the service but what is really common to all of these ways for improving security in terms of the blockchain based decentralization paradigm is that ultimately there is no real-world enforcement there are no physical identities there’s no law enforcement there’s no going after people and so that means two things one is there can be no debt if we want to do dispute mediation the lack of the ability for debt is the reason why you have to put in sort of a deposit and lock up those funds during the period when you want dispute mediation to be possible also there are no punitive measures for misbehavior so this really limits the sort of things you can do so these are important limitations to keep in mind okay one little thing that I want to point to is that in terms of the vocabulary of security some people use the word at trust minimization I don’t like this term at all I feel that there’s often a confusion between two things one is the fact that cryptography is often used in contexts where unfortunately there’s not much trust between entities and so the lack of trust is a starting point in cryptography is a solution this often becomes confused with oh now we have this hammer of cryptography let’s try to use this to move to a world where nobody has to trust anyone anymore and so trust minimization is not the goal lack of trust is not the model that we’re hoping to move to it is an instead our unfortunate starting point but you Trust is not really the right lens to look at it it’s not whether you trust the motives of some individual but whether they’re going to behave in the manner that they have specified and it could not be because not only because they’re untrusted but because they got hacked etc etc so let’s not really use the word trust and instead talk about security all right so let’s summarize a lot of what we’ve seen so far one of the things that we want to talk about in terms of decentralization as what is being decentralized we have looked at a couple of examples smart property pay for proof and so on but we’re gonna see a lot more so we haven’t really talked about the first bullet and said the three things that we’ve talked about in this section are what type of blockchain integration we saw for examples directly on blockchain embedding side-chains and a totally different alternative chain altogether we talked about levels of decentralization again we talked about for example points on a spectrum ranging from completely disintermediated to completely centralized and finally we talked about different ways of enhancing security so a key points that I want to make in this lecture and you’ll see through the next several slides is that asking these four questions gives you a powerful and generic decentralization template that can be used to understand and simply represent almost any of the proposal said you see in the Bitcoin community for blockchain based decentralization let’s go ahead and see some examples of this let’s go back to smart property once again so what is smart property it decentralizes the notion of property ownership and trading which are two related but somewhat distinct things and it decentralized us in the sense of disintermediation you don’t need an intermediary anymore like the state or the DMV and in the example that we saw it was achieved using the Bitcoin blockchain itself but you could achieve it using any of the other three methods and finally the key security principle that we used was a de Missa tee in tying together the payment with the transfer of the car ownership now let’s look at another example which is also something we alluded to a bit earlier in the lecture which is prediction markets so of course it D centralizes a centralized prediction market like in trade and it does so in the sense of competition it doesn’t get rid of the need for some entity to run a prediction market but instead it allows anybody to do that it lowers the barrier to entry and different people can run different prediction markets and it was done using an altcoin and again the security property was a de Missa tee in that the two parties to a trade of a share in a prediction market are coupled together using this atomic property that ties together the transfer of the share with the transfer of payment now let’s look at a quite different example this is something that’s called storage a proposed by Greg Maxwell who claims it should be proposed storage but I’m going to ignore that because it’s gonna be just confusing if I call it storage so what this is is it’s sort of an agent that lives in the cloud and what do I mean by agent what or at least what greg maxwell means by agent is that it has some level of independent decision-making ability it’s not full-fledged AI but it decides some things for itself it it what it’s going to do is it’s going to rent our cloud computing services and it’s going to use that to run itself but the service it provides to consumers is that you can pay this agent to store a file for a certain period of time say 24 hours and when you do that it’s going to receive payment in bitcoins store this file keep it for 24 hours and then delete it unless you keep making payments it also has some other very interesting aspects such as reproduction and can take a copy of the code spawn a new instance and try to make improvements to it pay somebody to write new improvements or modules and so on but we’ll ignore those aspects for now and just talk about this aspect of it so what is storage a and can we look at it through the lens of decentralization it turns out that a we can so storage a decentralizes the notion of file storage and retrieval which you can do today through a Dropbox for example it’s decentralized in the sense of competition you still need an intermediary very much which is this agent and the payment is done using Bitcoin and finally the security mechanism that you have is just reputation there is nothing in particular in the storage proposal that for example atomically couples your payment for storage with the actual act of retrieving the file so that’s storage a let’s look at more examples in fact we can even consider 0 coin for example which we saw in a previous lecture through this lens so 0 coin is a way to decentralize the notion of mixing instead of having a centralized mixing service where you put in your coins and just hope that you get it back it’s decentralized in the sense of disintermediation there is no mixing intermediary anymore the mixing is accomplished purely through cryptography you don’t need to trust anyone is enforced just by math and by consensus and it’s done using an altcoin it’s not quite compatible with Bitcoin unless there are unless there is a fork to Bitcoin and the security property is a de Missa T what is this meet the notion of burning a base coin and 0 coin and actually getting a 0 coin in exchange for it are atomically coupled through the same transaction and the same goes for later redeeming a 0 coin and that’s where the security comes from that’s why you don’t need to trust anybody and that is of course accomplished through zero knowledge proof so we’ve seen these this powerful template that incorporates these four factors and we’ve seen some examples of how systems that we’ve already looked at fall into this pattern of decentralization in the next part of this lecture we’re going to look at a variety of new examples of things that people have proposed can be decentralized using blockchain technology and we’re going to use this sort of template to analyze them so we’ve talked a lot about how to decentralize now I’m going to give you a taxonomy of the different things that we can be centralized at least we know technical solutions for how to do these things and this is where a lot of the excitement is around for using blockchain technologies so the first category is things that are purely digital and perhaps the most basic example of this is name mapping what do I mean by this name coin is a good example it’s a mapping between human readable names and addresses and so as long as you have something that’s purely digital it’s a simple matter to use consensus technologies so that different participants can enter new values into the system change values and so on or read values back and the blockchain can be used as a record of the current state of that mapping so the next two are storage and proof which we’ve seen earlier in this lecture storage a and the pay for proof idea that we saw earlier and these are sort of complements of each other one is paying for storage of course and the other is paying for computation you can also have random number generation what does this mean this is something you saw in a previous lecture using Bitcoin as a beacon so a beacon is something that ahead of time nobody should be able to predict but once the beacon value has been generated everybody should be convinced that the value was in fact generated truly randomly so again bitcoin is a good vehicle for doing that and lotteries at least if you’re talking about lotteries where the payment and payout is denominated in the currency of the blockchain itself then running a lottery reduces to a random number generation problem of picking one of two input addresses for of a transaction to use as its output address basically that’s what it translates to and so you have centralized Bitcoin lottery systems like Satoshi dice but certainly it’s fairly easy to imagine doing these in a decentralized manner as well let’s move on to the next category which is things that aren’t inherently digital but can be represented digitally this is a big category real world currencies of all kinds stocks bonds and other assets and so on and this is where perhaps a huge amount of the excitement is how to use blockchains for other things and so what does this mean let’s say let’s look at colored coins as one example of the specific mechanisms that you might use for a decentralization if a particular color were to represent a particular currency and other some other color were to represent a stock of a particular company etc etc then you have all these assets that you can transfer between participants and you can pay for and so on and so you have a trading of any of these assets and also you can have a de Missa tee between the trade of the asset and the transfer of payment that all sounds well and good but here’s the real problem what is the mechanism to ensure that what you’re calling one dollar in terms of colored coins is actually worth one dollar that could happen if some bank or some consortium of banks agrees that they will back using their deposits to their physical bank accounts the corresponding colored coin if there is some entity that promises that one to one pegging then you’re good similarly if there is a company that agrees to actually release stock in a digital form or agrees that they will treat that digital stock as equivalents to their physical or a real-world stock then you’re good but otherwise all that you’ve done is invented some new thing that you’re simply calling dollars for example but whose price is floating freely with respect to actual dollars so in other words you’ve just invented a new currency and inventing a new currency is not an accomplishment at this point in fact we have a surfeit of these things using blockchain technologies and so that’s the real challenge here it’s not so much representation but this economic problem of actually ensuring an equivalence to the real world analog of this and most of the proposed solutions for this don’t solve that harder problem except maybe one which will look at near the end let’s look at the third category which is a property ownership and a trade which is what we started by looking at we can decentralize that using smart property and atomic exchange and these two are ownership and trader related they’re not quite the same thing but you can’t completely separate the me there and hopefully the discussion at the beginning of the lecture has given you a good understanding of how to decentralize this now the fourth category is going to be more complex contracts trade can be thought of as a very simple contract you give me this object in exchange for a certain amount of money but you can have more complex contracts like crowdfunding which is also something we’ve seen but also a financial derivatives which is another big area of excitement so what are financial derivatives derivatives have an underlying asset and that the value of the derivative depends in some way on the price movements of the underlying asset the key thing about a derivitive you can think of it as sort of a conditional statement that depends upon the price of the underlying asset sometime in the future and so forth and using this kind of language you can express quite complex statements an example would be you can have a contract between two parties that says for this asset if the value goes beyond five dollars past a certain date then for every dollar that it rises above five dollars you owe me two dollars so that would be a way to hedge your belief that the value of this asset is not going to rise beyond five dollars so again you can do financial derivatives using some of these systems especially some of the more expressive altcoin based systems are a great vehicle for this now one nuance to note is that these conditional statements depend upon the price of the underlying asset and so whatever script or other mechanism that you have in your blockchain system that depends upon this price should have a secure way of knowing what this prices and this is called the data feed that you start a bit earlier we’re gonna see again later in this lecture but one possible way of getting around this need for a data feed is if the underlying asset itself is traded on the same blockchain using the asset decentralization idea that we saw a couple of slides earlier and so if that is happening then some sort of price discovery might be possible but again you have to worry about whether this price that you’re discovering through the blockchain itself is reliable or whether it could be hacked by somebody creating artificial transact and taking both sides of it for example so this is all not quite fully understood but there’s a lot of excitement around it a lot of proposals and it’s certainly possible that sometime into the future this is going to get much better worked out and we might have some sort of working system for for trading in these things so the next one is something that’s even more in the sort of vague idea or proposal stage but also there’s a lot of excitement which is decentralized markets so let’s talk about markets and auctions for a second let’s forget about decentralization let’s look at some real-world examples of things that act as markets and see exactly what features they provide in order to gain a better understanding of what it means to decentralize them in fact let’s look at four examples a used bike store is basically where you go and sell your bike and so you have a separate transaction with them selling your bike for money and then they have a separate transaction with somebody else or reselling that bike and you don’t directly interact with the person who eventually rise away with your bike so that’s one model another model is eBay which only matches participants and roads payments a PayPal as a payment processor they don’t match participants but another function they perform is that they do a limited level of dispute mediation and finally you have the Craigslist model where they’re not they’re not actually involved in the exchange at all in any way except for matching participants together so we’ve identified several different functions that these markets give participants and let’s see what we know so far about how to decentralize each of these functions and what to do about the rest of them so the most obvious one is payments and of course we have cryptocurrencies for doing those we have transfer of actual goods which we can use my property for and further we can leverage atomicity to couple the transfer of ownership of goods with the transfer of the payment and we know how to do a limited form of dispute mediation using this escrow process but what we’ve not seen so far at all is how to match participants who want to take difference of a trade and that’s what I want to tell you about now so now I’m going to show you a not fully fleshed out idea but hopefully enough to give you an intuition and idea for how to do this kind of decentralized matching let’s go back to the car example let’s say Alice wants to send a cell a car what she’s going to do is she’ll create a transaction a partial transaction not a fully complete one yet that contains the necessary information for a transfer of ownership as well as the sale price that she wants the minimum price that she’ll accept and broadcast it onto the network it’s not a complete transaction yet it won’t get onto the blockchain but it will get broadcast nevertheless now the counterparty someone who wants to buy the car is going to find the transaction determined that it meets their criteria for a car that they want to buy perhaps this transaction has encoded information that has a web page or just within the encoding itself all the things you need to know about the car that you want to buy so as I said it’s not a fully fleshed out idea so this counterparty completes the transaction they assign it and then they broadcast it once again onto the network at this point the transaction is complete it has all the information that it needs to get out to the blockchain and so the transaction is automatically complete of course this is a bit of a crude idea it’s hopefully enough for you to get the picture one wouldn’t necessarily want to do it this way for one it’s a very inefficient every partial transaction that represents somebody wanting to sell something needs to be broadcast to everybody in the network but other than that there’s not a whole lot of control in the matching process but it’s it’s something it’s a basic way to decentralize this idea of a buyer finding a seller there is a variant you can use which is that instead of partial transactions being simply broadcast on to the peer-to-peer network you can have partial transactions under your chosen representation but nevertheless are complete transactions in terms of the underlying encoding onto Bitcoin and so you can have these offers for the car for example be an actual complete Bitcoin transaction that gets on to the blockchain and so only when it gets into the blockchain will it get noticed by potential sellers and then they will continue to process that and take it to the next stage a variant of this is the auction where you create your transaction in such a way that the buyer cannot simply complete the transaction broadcasted on the net onto the network and finalize it instead what they’ll have to do is they’ll have to assign it and then return it back to the seller or the auction creator who will then further need to sign the transaction in order to be fully valid to then complete that transaction and this allows the seller to acquire different bids from different potential buyers and pick the one that she likes best another interesting variant of this is the double auction a double auction happens when you’re buying and selling stocks for example where it’s the offers are coming from both sides the offers and bids and so what you need is some party in the center that’s matching these offers and bits together so one way in which you can achieve that is you can actually have the minors to match these orders that are being broadcast onto the p2p network and you can allow the minors to keep the bid-ask spread which is the difference between the bid and the ask and one good property of doing it this way is that it avoids minor front-running what does that mean it means that when the minor finds a really good offer then they can ignore the bid that’s coming from some other participant of the network create their own bid and complete the transaction and get a better deal than they otherwise might have all right so now let’s move on to data feeds we looked at this a little bit earlier let’s look at it in a bit more detail you’ve also seen it in a previous lecture data feeds are a way for what we’ll call arbiters to assert real world facts into the Bitcoin blockchain and there are some very natural applications of this if you have a feed of price movements that allows you to implement derivatives if you have feeds representing outcomes of events that allows you to implement prediction markets and so on so data feeds are not necessarily interesting for their own sake but for the things that they can help you implement so allowing these arbiters do allow to assert these facts is already a step better than having a single designated entity that’s going to create all of these data feeds so this is a form of decentralization in the sense of competition between arbiters and this is what we saw in the example of decentralizing prediction markets there are also other means that one can use in order to improve security here you can use trusted hardware for example you can write a script that parses finance data for example from finance at google.com and uses that to create a data feed of stock movements and what you can do is you can put that on trusted Hardware so that anybody can verify that the script is actually doing what its claiming to do this still leaves other things that you have to take on trust for example that Google is not lying to you or somebody is not tapping the connection between the the script and Google you have to rely on HTTPS for security etc etc so those are not perfect solutions there are no perfect solutions here ultimately data feed require somebody to actually do the act of importing from the real world into the blockchain but here’s something interesting we can do with data feeds and we can have a threshold of different arbiters and that’s particularly useful because inherently there are big incentives to lie for these arbiters when the data feeds that they’re putting onto the blockchain affect the outcome of contracts for instance so what do I mean by a threshold if arbiters let’s look at a concrete example here is one way to implement a data feed a centralized version or a somewhat centralized version where you still have individual arbiters there’s competition between arbiters and so on how that might work is let’s say there is an event a with outcomes X Y & Z corresponding to maybe the presidential election or something like that then this event e corresponds to this transaction in the blockchain everybody agrees upon this representation and when an outcome happens this transaction will be transferred to one of three different addresses corresponding to X Y & Z and of course it’ll be signed to this transaction will be signed by the arbiter a and by looking at which public here which address the transaction was then transferred to you can figure out which outcome happen so this is one way of implementing a data feed how can we decentralize this data feed in terms of a threshold of arbiters let’s say that we want these arbiters to be able to declare an outcome only if two of three such designator designated arbiters agree that X is actually the outcome that happened and not Y or Z so how can we implement that recall that Bitcoin has a multi signature feature so what we would do is we would make sure that this transaction output is a two out of three Multi signature address that is controlled by these three different arbiters a B and C each of them has some one of their corresponding private keys and so if only only if two of them agree let’s say a and C then they will be able to create this transfer transaction so that’s a way of D centralizing this notion of a data feed and so now we can go back to the picture that we had earlier of the spectrum of levels of decentralization so now we’ve seen an example of what it means to have a threshold of intermediaries which is a distinct concept from having multiple competing intermediaries let’s now move on to another thing you can use watching technologies to decentralize this is something there’s been a huge amount of hype about called autonomous agents what are autonomous agents different people have proposed this and so in different conceptions there have been different set of features that have been proposed but here is a good set to focus on one is that these agents will be able to enter into contracts with other participants they will have data feeds from the real world as a way of having real world input into these contracts and these agents might perhaps have shareholders or some other manner in which humans can vote in order to change the rules by which the agent operates so that’s a key distinguishing factor for many of the ideas that we’ve seen before and some variants of this notion of an agent also has some idea of reproduction mutating the code and improving with time etc this is again a quite hypothetical concept there are a number of challenges to realizing this in practice one challenge is going to be is this agent something that needs to keep private state or is it something that will purely execute on a transient basis on the minor notes and if it does need to keep private State where is that going to come from and how can we decentralize that is that even meaningful to talk about decentralizing it another challenge is this funny problem of sort of a hostile takeover if there is this notion of voting to change the rules than is it possible that whatever constitutes shares of ownership of these agents somebody could buy it up acquire 51% of the shares and then vote to change the rules so that all of the agents of the asset for example will be transferred to this party who is doing the hostile takeover and as this a problem should there be defenses against this so there are a number of open questions here and we’ll make one point though people call these decentralized autonomous agents the decentralized vision or the version of this they also call it decentralized autonomous corporation this is not a technology that I like very much I feel that this vision of decentralized agents misses all of the important or salient features of a corporation which is all the legal backing that goes into it and so gives it a certain kind of rights and responsibilities in the real world whereas we’re in this parallel universe where everything has to be defined and enforced by technology so I don’t feel it makes a lot of sense to call it a corporation agent as this term that I prefer alright here’s the final category that I want to tell you about and this is quite interesting because at first sight it might look like there’s really no way of achieving decentralization here so what are we talking about exchanges what do I mean by exchanges it’s all well and good to represent some sort of colored coin for example as representing US dollars and then to trade that but ultimately if you want actual exchange between whatever you’re calling US dollars and real world US dollars you need something more and that can be illustrated using this problem Alice would like dollars in exchange for bitcoins and Carol would like the opposite it seems like they should be able to trade with each other but there is no real way of doing it over the Internet in a situation where they don’t trust each other because one of them has to send the other bitcoins and then hope that this person going to mail them cash or use paypal or whatever other way of transferring real money what do we do about this well maybe they have a mutual friend Bob then this simplifies things a lot what they can do is Alice can have a separate transaction with Bob and since Alice and Bob were friends Alice can send Bob bitcoins and trust Bob to send dollars over some other mechanism or even meet in person later and send dollars and then Bob can do a similar transaction with Carol so this intermediary has neatly solved the problem but this still seems to have a lot of limitations because they need to have this mutual friend with each other what if they’re on opposite sides of the world so here’s how we can solve that first of all we can make this a bit more efficient instead of calling this a transaction where Alice sends Bob bitcoins and Bob sends us dollars back to Alice what we can say is that Bob simply sends Alice some kind of digital token representing the fact that he now owes her some amount of money let’s say $100 and we know really well how to do this this is exactly the same as some sort of digital asset we know how to represent this in a variety of blockchain based technologies and similarly Bob can have this transaction with Carol so the only thing that would actually happen is bitcoins changing hands as well as this new relationship of debts being represented in the system so this gives us a starting point for scaling this up to an arbitrary scale even to the scale of the whole world let’s imagine a social network that represents the trust relationship between all pairs of friends and so what could happen here is there could be a complex chain of interactions through which a node here exchanges bitcoins with a node here in exchange for u.s. dollars or whatever currency and it would simply be represented in the system as a series of i/o use and what would make all this work is that end the system appears of friends must pre declare how much debt they’re willing to extend to each friend they have so Alice might be willing to trust Bob to over $100 and be confident that he will repay her that amount she might have a different relationship with Dave and other users and so and so on another neat feature of this whole system is that if there are a variety of these debts that are expressed in terms of the edges of this graph let’s say you have a triangle of users successively owing each other then you might be able to simply cancel out that debt within the system and so if you have a reasonable number of trust relationships and if you have a good amount of liquidity in the system you might be able to go a long time and keep doing a lot of these transactions and not accrue too much debt overall in the system because a lot of these debts are going to cancel out in the long run so that could make the system quite efficient in the long run so this is a simplified version of what Ripple desk ripple is what you might call an altcoin but it’s it’s a bit more than that it has its own consensus mechanism it’s not exactly based on proof of work but this notion of trust relationships and i/o use is something that’s central to ripple and what it allows you to do is disintermediate the notion of a currency exchange so in other words we have decentralized the currency exchange in the sense of disintermediation using an altcoin and the key property that we’ve used earlier we saw at Amissah tea and so forth we is none of that here we use something different we started with the limited amount of trust and we use the transitive property of trust to take that up to the level where it can scale to all of the participants in the world and in ripple as it currently exists at least as I understand it most of these participants are not individuals but instead banks and other institutions but you can certainly imagine the exact same kind of network working for individuals as well [Music] so far in this lecture we have learned about a fascinating set of technologies for using the blockchain for decentralizing as you’ve seen a whole spectrum of things and occasionally I’ve hinted at questions about one is this a good idea is it economically feasible how does it compare to the traditional centralized system that it’s replacing and so on but now let’s really get into that question and I’ve deliberately used the word decentralization and framed it in technical terms and avoided mentioning the political dimension but now let’s be very explicit about that so what we’re really talking about when we say decentralization and replacing these traditional systems is in a sentence we’re talking about technological purely or largely technological alternatives to a variety of human institutions legal and social and financial banks law enforcement a lot of these centralized service providers for various things the court system etc and so this set of ideas really takes Bitcoin back to its cypherpunk roots and this was the original dream of the cypherpunks and now given that we have the blockchain a lot of these have started to seem to be much closely with much more closely within reach so let’s talk about whether or not this is a good idea and as usual let’s go back to the car example and let’s ask the question what are really the problems with car ownership and trade and when I say problems I don’t mean problems like servicing your car or is your car environmentally friendly but problems inherent to the notion of ownership and trade that a Bitcoin based system could potentially improve or conceivably make worse right and so we can identify two concrete things one is security in the sense of theft and more generally we can express this as how to assert and enforce the ownership of the property and the other one is dispute about the sale terms did somebody sell you a lemon car or was there a genuine misunderstanding about what you were getting when you bought the car in terms of the condition of the car and as you might see both of these what they have in common is not what happens when everything goes right but what happens when something goes wrong and so the real questions that we want to ask are on these two dimensions how does the new smart property system are my property model that we’ve seen compared to what it seeks to replace let’s say I think about this in a bit more detail let’s talk about the theft problem first theft whether you’re talking about theft of cars or in the traditional banking system security in general has three components and those three components are called preventive detective and corrective preventive is when you stop something bad happening before it happens detective is when you realize that something bad has happened and corrective is when you take measures to reverse the bad thing that happened and maybe to also I have some punitive measures so a car alarm system is a good example of what would that be a detective measure a preventive system would be your car lock or your steering wheel lock or something like that and corrective control would be law enforcement and getting your car back and so on so in the real world security relies heavily on the latter two but only a little bit on the first type of control the reason your car is secure is only in small part because of its locking mechanism and largely because law enforcement exists and you can get your car back if it’s stolen and there of course there is punishment in terms of the law for stealing a car and this is what makes the whole system tick if you lived in a completely lawless environment the idea of parking your car overnight would simply be ridiculous because it would immediately get stolen so that’s the model that we started from and of course the real-world solution relies pretty heavily on law enforcement for a number of these things and we want to move to this a smart property based model where if you think about it most of the focus is going to be on preventive measures right because the notion of ownership becomes almost identical to the notion of who has the right private key to control the car assets Express in the blockchain so it becomes quite hard to imagine how any of these systems would work at least in the way that we describe things and this seems like a bit of a problem we’re taking this complex notion of security that relies on several different factors and putting most of the onus on preventive match it’s actually a bit worse than that because now we’ve also introduced the software security problem the problem of actually keeping your Bitcoin wallet or a Bitcoin key or the key that controls ownership of the car a secret and protect it so what we have is that is if we have to live with the fact that Bitcoin security is going to be an unsolved problem for the foreseeable future why in part because it’s partly a human problem software security is part of a human problem because writing bug-free code is something that we’ve endeavoured to get to for decades but made very little progress and it’s also partly a human problem because it relies on users being very careful about security and what this boils down to is introducing a new problem of software security to the traditional security problem of physical theft of the car and so if you rely on this excessively of course it can cause serious problems you might end up in a situation where a loss of your key that protects ownership of your car now results in your car turning into a brick of course there are solutions to that of course you can have fallback mechanisms but inevitably these fallback mechanisms seem to take us toward intermediaries toward decentralized systems and thereby chipping away at the putative benefits of this decentralized model that we moved to so let’s go to the other aspect which is what happens when there is a dispute about the sale of turps so as we saw earlier in the real world this is resolved through the court system and this is not only complex but also fundamentally a human problem not just partly a human problem but it’s fundamentally a human problem and the court system has evolved over a long time and its really good at this and I want to tell you a personal story and I found this out for myself in a very practical way one day many years ago when I went to paying a parking ticket and after I paid the ticket I noticed a sign that said Court is in progress keep your voice down and I was curious about that I asked the clerk what was going on and if I could go and sit in on the court session see if she seemed a bit amused by the request but she said sure it’s open to the public go on in so I went in and funnily enough the court was in session and was the case about a lemon card that had been sold and only the two parties who were litigating the case were in the room and of course the judge and I was sitting in the back nobody paid me any intention i sat there over the course of the next hour or so and it was just a fascinating learning experience and the judge went through the details of every single email that the two parties had sent to each other probed them for the meaning of what they had had in mind when they said something and how the other person interpreted it and so on and come to a very nuanced understanding and a ruling of whether or not that sale was legitimate and I realized at that moment that even legal contract terms as verbose as they might seem don’t even come close to capturing the complexity of what goes on in a real physical transaction between human beings and ultimately you need a very highly evolved dispute mediation process with real experts like a judge who are trained to look for these things and study these things to be able to render decisions that everybody is going to accept and and be satisfied with and so in this model we’re proposing that we’re going to do dispute mediation in very different ways and certainly this new model has certain advantages you can choose your own mediator and so on but you have to ask what are we giving up here and how big a problem is that going to be let me give you one more example of what I mean when I say that security and dispute mediation are human problems we looked at crowdfunding earlier and the security property that we wanted was that if a variety of people send money to the entrepreneur the entrepreneur might should not be able to cash in on that unless the sum total that it’s been contributed exceeds the pre specified output amount well that’s all well and good but if the entrepreneur does meet that amount then they can still take the money and run ultimately if you don’t trust them to deliver on their promise then the system doesn’t work and you cannot technologically enforce that they will actually provide the public good or whatever it is that they promise to give you and so that seems like a problem and so the technology only seems to be solving a small part of the problem here and not even the interesting part of the problem so let’s recap a little bit what we’ve seen so far in the smart property way of doing things it looks like the interesting problems are social problems things that are triggered when something goes wrong and technology doesn’t seem to solve that aspect of the problem it’s really good at taking what happens when everything is going according to plan and maybe making that more efficient in fact it seems to have made some of these hard problems even harder to solve by moving to an automated model where it’s quite hard to even layer on dispute mediation and under human processes that we might want to have in the picture and even worse it seems to have introduced new problems for example software security in addition to the physical security of your car now let me be very clear I deliberately picked this car security and car sale example as sort of an extreme way of illustrating why we really need these human institutions I’m not saying that anyone in the Bitcoin community is suggesting that we should sell our cars this way although the technical idea has certainly been discussed a lot and I also want to be clear that this model certainly does have some advantages let’s look at what some of those advantages are and in what kind of context it might apply so here are some possible benefits of smart property the first one is certainly efficiency and this might be particularly useful for small transactions if you’re selling for example your smartphone and your laptop or something like that not something as valuable as a car then if there is a dispute you’re very unlikely to actually litigate that and so if you have a purely technological enforcement mechanism that gives you something that’s a stronger sense of security then simply shipping goods to someone over the internet and hoping for payment back then that’s a little bit of a win you also get anonymity and privacy maybe it’s important for you to ship something to someone without actually knowing their identity and that’s not really possible to do in the centralized intermediated model because for any sort of mediation you need to have people’s identities and third this is something we discussed earlier the freedom to choose a mediator now i contrasted with the court system which is this very sophisticated and a very trusted process that we’ve all agreed upon and judges go through a very rigorous evaluation they have conflict of interest rules to abide by and so on so maybe that’s not the right comparison there are other contexts today in which for example PayPal acts as your mediator and they’re a private company and they have a near monopoly over certain types of payment processing and so you’re stuck with this mediator that’s a private company that’s not subject to public oversight or scrutiny but at the same time you’re forced to accept a result of that mediation maybe if we take that situation and introduce this notion of competition between mediators then maybe that’s a win so these are some possible benefits let’s now take a step back and let’s look at this idea of crypto in the state and what I mean is the traditional way of doing things through human institutions and this new technology mediated cryptographically enforced blockchain based way of doing things so one way in which people have explained at the emergence of the modern state really is that it’s a way to scale society past these small groups where everybody knows and trusts each other the curious thing about that is that it’s very similar to the benefits that are touted for the cryptographic way of doing things in that you can have these transactions over the Internet where you don’t necessarily trust the other person so the state and crypto really are delivering a very similar kind of benefit at the end of the day even though through very very different mechanisms now the thing to realize is that dismantling the state is not an option and a lot of the discussion around it frames the technological way of doing things and necessarily an opposition with the traditional way of doing things a good example of this is in our smart property discussion let’s say you redefine ownership to be cryptographic control of activating the car now what happens if you sell your car to someone under these new rules and that person now after having completed the sale and still holding on to the title because the buyer doesn’t care about these old-fashioned way of doing things now goes to the court and claims that their car has been stolen so unless you have some way of interoperating with the state you’ve not made any progress because in a democratically-elected society people want these human institutions that are not okay with dismantling them and moving to this new model regardless of what the benefits and disadvantages are and so what we should try to do is to try to make the to work together and that I want to leave you with as the final thought is where I think it’s a really big opportunity for these Bitcoin based decentralization solutions first of all we want to find compelling use cases for decentralization it’s simple to say that something will get decentralized simply because the technology exists but that’s not how it happens in practice you have to have a compelling economic case for it and in particular from a political perspective there are certain use cases that one might look for when a state regulation of some market is very particularly inefficient for example or when there is a state abuse of power in certain contexts or too much inefficiency a good example of something like this actually happening today is in various countries in Africa cell phone minutes acting as a replacement for currency and this happened because the state mediated system simply became too laborious to use for most people and so at this intermediate a decentralized system can really act as a hedge against abuses of power in this sort of context so we want to look for these compelling use cases for decentralization we want to see how these new automated cryptographic ways of doing things can integrate into existing systems instead of trying to replace them and finally we want to co-opt legal and regulatory practices and these traditional defenses that we have in society instead of saying we’re offering an alternative to those things and in fact if you look at the recent history of Bitcoin itself I would argue that the new friendliness of the Bitcoin community with regulators is partly a reason for the success for the commercial success that it’s enjoyed recently we’ve covered a lot of ground in this lecture series we started with the cryptographic building blocks and then some basic underlying concepts of cryptocurrencies and then built up the technical complexity all the way to the cutting edge and we also looked at how bitcoin is a platform for enabling a variety of other things and we looked at the community regulation politics ethical aspects and so on I for one am very optimistic about Bitcoin as a technology and I think I can say this for the other lecturers as well we’ve all spent a lot of our time studying and researching and teaching Bitcoin cryptocurrencies I feel that Bitcoin is going to be more and more powerful the more and more it gets integrated into society that’s what I’m hoping is going to happen in the next years and decades in the online accompanying notes to this lecture series we have a variety of information for you of where to find assignments how to get more involved in the community and development and research and so on and I hope you make use of these [Music] you