At the end of October, the BCH Boys held a video Question and Answer session with Steve Shadders and Daniel Connolly from the Bitcoin SV Development Team. They also produced a transcript of the session. This transcript is included below.
BEGIN TRANSCRIPT:
Connor: 02:19.68,0:02:45.10
Alright so thank You Daniel and Steve for joining us. We’re joined by Steve Shadders and Daniel Connolly from nChain and also the lead developers of the Satoshi’s Vision client. So Daniel and Steve do you guys just want to introduce yourselves before we kind of get started here – who are you guys and how did you get started?
Steve: 0,0:02:38.83,0:03:30.61
So I’m Steve Shadders and at nChain I am the director of solutions in engineering and specifically for Bitcoin SV I am the technical director of the project which means that I’m a bit less hands-on than Daniel but I handle a lot of the liaison with the miners – that’s the conditional project.
Daniel:
Hi I’m Daniel I’m the lead developer for Bitcoin SV. As the team’s grown that means that I do less actual coding myself but more organizing the team and organizing what we’re working on.
Connor 03:23.07,0:04:15.98
Great so we took some questions – we asked on Reddit to have people come and post their questions. We tried to take as many of those as we could and eliminate some of the duplicates, so we’re gonna kind of go through each question one by one. We added some questions of our own in and we’ll try and get through most of these if we can. So I think we just wanted to start out and ask, you know, Bitcoin Cash is a little bit over a year old now. Bitcoin itself is ten years old but in the past a little over a year now what has the process been like for you guys working with the multiple development teams and, you know, why is it important that the Satoshi’s vision client exists today?
Steve: 0:04:17.66,0:06:03.46
I mean yes well we’ve been in touch with the developer teams for quite some time – I think a bi-weekly meeting of Bitcoin Cash developers across all implementations started around November last year. I myself joined those in January or February of this year and Daniel a few months later. So we communicate with all of those teams and I think, you know, it’s not been without its challenges. It’s well known that there’s a lot of disagreements around it, but some what I do look forward to in the near future is a day when the consensus issues themselves are all rather settled, and if we get to that point then there’s not going to be much reason for the different developer teams to disagree on stuff. They might disagree on non-consensus related stuff but that’s not the end of the world because, you know, Bitcoin Unlimited is free to go and implement whatever they want in the back end of a Bitcoin Unlimited and Bitcoin SV is free to do whatever they want in the backend, and if they interoperate on a non-consensus level great. If they don’t not such a big problem there will obviously be bridges between the two, so, yeah I think going forward the complications of having so many personalities with wildly different ideas are going to get less and less.
Cory: 0:06:00.59,0:06:19.59
I guess moving forward now another question about the testnet – a lot of people on Reddit have been asking what the testing process for Bitcoin SV has been like, and if you guys plan on releasing any of those results from the testing?
Daniel: 0:06:19.59,0:07:55.55
Sure yeah so our release will be concentrated on the stability, right, with the first release of Bitcoin SV and that involved doing a large amount of additional testing particularly not so much at the unit test level but at the more system test so setting up test networks, performing tests, and making sure that the software behaved as we expected, right. Confirming the changes we made, making sure that there aren’t any other side effects. Because of, you know, it was quite a rush to release the first version so we’ve got our test results documented, but not in a way that we can really release them. We’re thinking about doing that but we’re not there yet.
Steve: 0:07:50.25,0:09:50.87
Just to tidy that up – we’ve spent a lot of our time developing really robust test processes and the reporting is something that we can read on our internal systems easily, but we need to tidy that up to give it out for public release. The priority for us was making sure that the software was safe to use. We’ve established a test framework that involves a progression of code changes through multiple test environments – I think it’s five different test environments before it gets the QA stamp of approval – and as for the question about the testnet, yeah, we’ve got four of them. We’ve got Testnet One and Testnet Two. A slightly different numbering scheme to the testnet three that everyone’s probably used to – that’s just how we reference them internally. They’re [1 and 2] both forks of Testnet Three. [Testnet] One we used for activation testing, so we would test things before and after activation – that one’s set to reset every couple of days. The other one [Testnet Two] was set to post activation so that we can test all of the consensus changes. The third one was a performance test network which I think most people have probably have heard us refer to before as Gigablock Testnet. I get my tongue tied every time I try to say that word so I’ve started calling it the Performance test network and I think we’re planning on having two of those: one that we can just do our own stuff with and experiment without having to worry about external unknown factors going on and having other people joining it and doing stuff that we don’t know about that affects our ability to baseline performance tests, but the other one (which I think might still be a work in progress so Daniel might be able to answer that one) is one of them where basically everyone will be able to join and they can try and mess stuff up as bad as they want.
Daniel: 0:09:45.02,0:10:20.93
Yeah, so we so we recently shared the details of Testnet One and Two with the with the other BCH developer groups. The Gigablock test network we’ve shared up with one group so far but yeah we’re building it as Steve pointed out to be publicly accessible.
Connor: 0:10:18.88,0:10:44.00
I think that was my next question I saw that you posted on Twitter about the revived Gigablock testnet initiative and so it looked like blocks bigger than 32 megabytes were being mined and propagated there, but maybe the block explorers themselves were coming down – what does that revived Gigablock test initiative look like?
Daniel: 0:10:41.62,0:11:58.34
That’s what did the Gigablock test network is. So the Gigablock test network was first set up by Bitcoin Unlimited with nChain’s help and they did some great work on that, and we wanted to revive it. So we wanted to bring it back and do some large-scale testing on it. It’s a flexible network – at one point we had we had eight different large nodes spread across the globe, sort of mirroring the old one. Right now we scaled back because we’re not using it at the moment so they’ll notice I think three. We have produced some large blocks there and it’s helped us a lot in our research and into the scaling capabilities of Bitcoin SV, so it’s guided the work that the team’s been doing for the last month or two on the improvements that we need for scalability.
Steve: 0:11:56.48,0:13:34.25
I think that’s actually a good point to kind of frame where our priorities have been in kind of two separate stages. I think, as Daniel mentioned before, because of the time constraints we kept the change set for the October 15 release as minimal as possible – it was just the consensus changes. We didn’t do any work on performance at all and we put all our focus and energy into establishing the QA process and making sure that that change was safe and that was a good process for us to go through. It highlighted what we were missing in our team – we got our recruiters very busy recruiting of a Test Manager and more QA people. The second stage after that is performance related work which, as Daniel mentioned, the results of our performance testing fed into what tasks we were gonna start working on for the performance related stuff. Now that work is still in progress – some of the items that we identified the code is done and that’s going through the QA process but it’s not quite there yet. That’s basically the two-stage process that we’ve been through so far. We have a roadmap that goes further into the future that outlines more stuff, but primarily it’s been QA first, performance second. The performance enhancements are close and on the horizon but some of that work should be ongoing for quite some time.
Daniel: 0:13:37.49,0:14:35.14
Some of the changes we need for the performance are really quite large and really get down into the base level view of the software. There’s kind of two groups of them mainly. One that are internal to the software – to Bitcoin SV itself – improving the way it works inside. And then there’s other ones that interface it with the outside world. One of those in particular we’re working closely with another group to make a compatible change – it’s not consensus changing or anything like that – but having the same interface on multiple different implementations will be very helpful right, so we’re working closely with them to make improvements for scalability.
Connor: 0:14:32.60,0:15:26.45
Obviously for Bitcoin SV one of the main things that you guys wanted to do that that some of the other developer groups weren’t willing to do right now is to increase the maximum default block size to 128 megabytes. I kind of wanted to pick your brains a little bit about – a lot of the objection to either removing the box size entirely or increasing it on a larger scale is this idea of like the infinite block attack right and that kind of came through in a lot of the questions. What are your thoughts on the “infinite block attack” and is it is it something that that really exists, is it something that miners themselves should be more proactive on preventing, or I guess what are your thoughts on that attack that everyone says will happen if you uncap the block size?
Steve: 0:15:23.45,0:18:28.56
I’m often quoted on Twitter and Reddit – I’ve said before the infinite block attack is bullshit. Now, that’s a statement that I suppose is easy to take out of context, but I think the 128 MB limit is something where there’s probably two schools of thought about. There are some people who think that you shouldn’t increase the limit to 128 MB until the software can handle it, and there are others who think that it’s fine to do it now so that the limit is increased when the software can handle it and you don’t run into the limit when this when the software improves and can handle it. Obviously we’re from the latter school of thought. As I said before we’ve got a bunch of performance increases, performance enhancements, in the pipeline. If we wait till May to increase the block size limit to 128 MB then those performance enhancements will go in, but we won’t be able to actually demonstrate it on mainnet. As for the infinitive block attack itself, I mean there are a number of mitigations that you can put in place. I mean firstly, you know, going down to a bit of the tech detail – when you send a block message or send any peer to peer message there’s a header which has the size of the message. If someone says they’re sending you a 30MB message and you’re receiving it and it gets to 33MB then obviously you know something’s wrong so you can drop the connection. If someone sends you a message that’s 129 MB and you know the block size limit is 128 you know it’s kind of pointless to download that message. So I mean these are just some of the mitigations that you can put in place. When I say the attack is bullshit, I mean I mean it is bullshit from the sense that it’s really quite trivial to prevent it from happening. I think there is a bit of a school of thought in the Bitcoin world that if it’s not in the software right now then it kind of doesn’t exist. I disagree with that, because there are small changes that can be made to work around problems like this. One other aspect of the infinite block attack, and let’s not call it the infinite block attack, let’s just call it the large block attack – it takes a lot of time to validate that we gotten around by having parallel pipelines for blocks to come in, so you’ve got a block that’s coming in it’s got a unknown stuck on it for two hours or whatever downloading and validating it. At some point another block is going to get mined b someone else and as long as those two blocks aren’t stuck in a serial pipeline then you know the problem kind of goes away.
Cory: 0:18:26.55,0:18:48.27
Are there any concerns with the propagation of those larger blocks? Because there’s a lot of questions around you know what the practical size of scaling right now Bitcoin SV could do and the concerns around propagating those blocks across the whole network.
Steve 0:18:45.84,0:21:37.73
Yes, there have been concerns raised about it. I think what people forget is that compact blocks and xThin exist, so if a 32MB block is not send 32MB of data in most cases, almost all cases. The concern here that I think I do find legitimate is the Great Firewall of China. Very early on in Bitcoin SV we started talking with miners on the other side of the firewall and that was one of their primary concerns. We had anecdotal reports of people who were having trouble getting a stable connection any faster than 200 kilobits per second and even with compact blocks you still need to get the transactions across the firewall. So we’ve done a lot of research into that – we tested our own links across the firewall, rather CoinGeeks links across the firewall as they’ve given us access to some of their servers so that we can play around, and we were able to get sustained rates of 50 to 90 megabits per second which pushes that problem quite a long way down the road into the future. I don’t know the maths off the top of my head, but the size of the blocks that can sustain is pretty large. So we’re looking at a couple of options – it may well be the chattiness of the peer-to-peer protocol causes some of these issues with the Great Firewall, so we have someone building a bridge concept/tool where you basically just have one kind of TX vacuum on either side of the firewall that collects them all up and sends them off every one or two seconds as a single big chunk to eliminate some of that chattiness. The other is we’re looking at building a multiplexer that will sit and send stuff up to the peer-to-peer network on one side and send it over splitters, to send it over multiple links, reassemble it on the other side so we can sort of transition the great Firewall without too much trouble, but I mean getting back to the core of your question – yes there is a theoretical limit to block size propagation time and that’s kind of where Moore’s Law comes in. Putting faster links and you kick that can further down the road and you just keep on putting in faster links. I don’t think 128 main blocks are going to be an issue though with the speed of the internet that we have nowadays.
Connor: 0:21:34.99,0:22:17.84
One of the other changes that you guys are introducing is increasing the max script size so I think right now it’s going from 201 to 500 [opcodes]. So I guess a few of the questions we got was I guess #1 like why not uncap it entirely – I think you guys said you ran into some concerns while testing that – and then #2 also specifically we had a question about how certain are you that there are no remaining n squared bugs or vulnerabilities left in script execution?
Steve: 0:22:15.50,0:25:36.79
It’s interesting the decision – we were initially planning on removing that cap altogether and the next cap that comes into play after that (next effective cap is a 10,000 byte limit on the size of the script). We took a more conservative route and decided to wind that back to 500 – it’s interesting that we got some criticism for that when the primary criticism I think that was leveled against us was it’s dangerous to increase that limit to unlimited. We did that because we’re being conservative. We did some research into these log n squared bugs, sorry – attacks, that people have referred to. We identified a few of them and we had a hard think about it and thought – look if we can find this many in a short time we can fix them all (the whack-a-mole approach) but it does suggest that there may well be more unknown ones. So we thought about putting, you know, taking the whack-a-mole approach, but that doesn’t really give us any certainty. We will fix all of those individually but a more global approach is to make sure that if anyone does discover one of these scripts it doesn’t bring the node to a screaming halt, so the problem here is because the Bitcoin node is essentially single-threaded, if you get one of these scripts that locks up the script engine for a long time everything that’s behind it in the queue has to stop and wait. So what we wanted to do, and this is something we’ve got an engineer actively working on right now, is once that script validation goad path is properly paralyzed (parts of it already are), then we’ll basically assign a few threads for well-known transaction templates, and a few threads for any any type of script. So if you get a few scripts that are nasty and lock up a thread for a while that’s not going to stop the node from working because you’ve got these other kind of lanes of the highway that are exclusively reserved for well-known script templates and they’ll just keep on passing through. Once you’ve got that in place, and I think we’re in a much better position to get rid of that limit entirely because the worst that’s going to happen is your non-standard script pipelines get clogged up but everything else will keep keep ticking along – there are other mitigations for this as well I mean I know you could always put a time limit on script execution if they wanted to, and that would be something that would be up to individual miners. Bitcoin SV’s job I think is to provide the tools for the miners and the miners can then choose, you know, how to make use of them – if they want to set time limits on script execution then that’s a choice for them.
Daniel: 0:25:34.82,0:26:15.85
Yeah, I’d like to point out that a node here, when it receives a transaction through the peer to peer network, it doesn’t have to accept that transaction, you can reject it. If it looks suspicious to the node it can just say you know we’re not going to deal with that, or if it takes more than five minutes to execute, or more than a minute even, it can just abort and discard that transaction, right. The only time we can’t do that is when it’s in a block already, but then it could decide to reject the block as well. It’s all possibilities there could be in the software.
Steve: 0:26:13.08,0:26:20.64
Yeah, and if it’s in a block already it means someone else was able to validate it so…
Cory: 0,0:26:21.21,0:26:43.60
There’s a lot of discussions about the re-enabled opcodes coming – OP_MUL, OP_INVERT, OP_LSHIFT, and OP_RSHIFT up invert op l shift and op r shift you maybe explain the significance of those op codes being re-enabled?
Steve: 0:26:42.01,0:28:17.01
Well I mean one of one of the most significant things is other than two, which are minor variants of DUP and MUL, they represent almost the complete set of original op codes. I think that’s not necessarily a technical issue, but it’s an important milestone. MUL is one that’s that I’ve heard some interesting comments about. People ask me why are you putting OP_MUL back in if you’re planning on changing them to big number operations instead of the 32-bit limit that they’re currently imposed upon. The simple answer to that question is that we currently have all of the other arithmetic operations except for OP_MUL. We’ve got add divide, subtract, modulo – it’s odd to have a script system that’s got all the mathematical primitives except for multiplication. The other answer to that question is that they’re useful – we’ve talked about a Rabin signature solution that basically replicates the function of DATASIGVERIFY. That’s just one example of a use case for this – most cryptographic primitive operations require mathematical operations and bit shifts are useful for a whole ton of things. So it’s really just about completing that work and completing the script engine, or rather not completing it, but putting it back the way that it was it was meant to be.
Connor 0:28:20.42,0:29:22.62
Big Num vs 32 Bit. I’ve seen Daniel – I think I saw you answer this on Reddit a little while ago, but the new op codes using logical shifts and Satoshi’s version use arithmetic shifts – the general question that I think a lot of people keep bringing up is, maybe in a rhetorical way but they say why not restore it back to the way Satoshi had it exactly – what are the benefits of changing it now to operate a little bit differently?
Daniel: 0:29:18.75,0:31:12.15
Yeah there’s two parts there – the big number one and the L shift being a logical shift instead of arithmetic. so when we re-enabled these opcodes we’ve looked at them carefully and have adjusted them slightly as we did in the past with OP_SPLIT. So the new LSHIFT and RSHIFT are bitwise operators. They can be used to implement arithmetic based shifts – I think I’ve posted a short script that did that, but we can’t do it the other way around, right. You couldn’t use an arithmetic shift operator to implement a bitwise one. It’s because of the ordering of the bytes in the arithmetic values, so the values that represent numbers. The little endian which means they’re swapped around to what many other systems – what I’ve considered normal – or big-endian. And if you start shifting that properly as a number then then shifting sequence in the bytes is a bit strange, so it couldn’t go the other way around – you couldn’t implement bitwise shift with arithmetic, so we chose to make them bitwise operators – that’s what we proposed.
Steve: 0:31:10.57,0:31:51.51
That was essentially a decision that was actually made in May, or rather a consequence of decisions that were made in May. So in May we reintroduced OP_AND, OP_OR, and OP_XOR, and that was also another decision to replace three different string operators with OP_SPLIT was also made. So that was not a decision that we’ve made unilaterally, it was a decision that was made collectively with all of the BCH developers – well not all of them were actually in all of the meetings, but they were all invited.
Daniel: 0:31:48.24,0:32:23.13
Another example of that is that we originally proposed OP_2DIV and OP_2MUL was it, I think, and this is a single operator that multiplies the value by two, right, but it was pointed out that that can very easily be achieved by just doing multiply by two instead of having a separate operator for it, so we scrapped those, we took them back out, because we wanted to keep the number of operators minimum yeah.
Steve: 0:32:17.59,0:33:47.20
There was an appetite around for keeping the operators minimal. I mean the decision about the idea to replace OP_SUBSTR, OP_LEFT, OP_RIGHT with OP_SPLIT operator actually came from Gavin Andresen. He made a brief appearance in the Telegram workgroups while we were working out what to do with May opcodes and obviously Gavin’s word kind of carries a lot of weight and we listen to him. But because we had chosen to implement the May opcodes (the bitwise opcodes) and treat the data as big-endian data streams (well, sorry big-endian not really applicable just plain data strings) it would have been completely inconsistent to implement LSHIFT and RSHIFT as integer operators because then you would have had a set of bitwise operators that operated on two different kinds of data, which would have just been nonsensical and very difficult for anyone to work with, so yeah. I mean it’s a bit like P2SH – it wasn’t a part of the original Satoshi protocol that once some things are done they’re done and you know if you want to want to make forward progress you’ve got to work within that that framework that exists.
Daniel: 0:33:45.85,0:34:48.97
When we get to the big number ones then it gets really complicated, you know, number implementations because then you can’t change the behavior of the existing opcodes, and I don’t mean OP_MUL, I mean the other ones that have been there for a while. You can’t suddenly make them big number ones without seriously looking at what scripts there might be out there and the impact of that change on those existing scripts, right. The other the other point is you don’t know what scripts are out there because of P2SH – there could be scripts that you don’t know the content of and you don’t know what effect changing the behavior of these operators would mean. The big number thing is tricky, so another option might be, yeah, I don’t know what the options for though it needs some serious thought.
Steve: 0:34:43.27,0:35:24.23
That’s something we’ve reached out to the other implementation teams about – actually really would like their input on the best ways to go about restoring big number operations. It has to be done extremely carefully and I don’t know if we’ll get there by May next year, or when, but we’re certainly willing to put a lot of resources into it and we’re more than happy to work with BU or XT or whoever wants to work with us on getting that done and getting it done safely.
Connor: 0:35:19.30,0:35:57.49
Kind of along this similar vein, you know, Bitcoin Core introduced this concept of standard scripts, right – standard and non-standard scripts. I had pretty interesting conversation with Clemens Ley about use cases for “non-standard scripts” as they’re called. I know at least one developer on Bitcoin ABC is very hesitant, or kind of pushed back on him about doing that and so what are your thoughts about non-standard scripts and the entirety of like an IsStandard check?
Steve: 0:35:58.31,0:37:35.73
I’d actually like to repurpose the concept. I think I mentioned before multi-threaded script validation and having some dedicated well-known script templates – when you say the word well-known script template there’s already a check in Bitcoin that kind of tells you if it’s well-known or not and that’s IsStandard. I’m generally in favor of getting rid of the notion of standard transactions, but it’s actually a decision for miners, and it’s really more of a behavioral change than it is a technical change. There’s a whole bunch of configuration options that miners can set that affect what they do what they consider to be standard and not standard, but the reality is not too many miners are using those configuration options. So I mean standard transactions as a concept is meaningful to an arbitrary degree I suppose, but yeah I would like to make it easier for people to get non-standard scripts into Bitcoin so that they can experiment, and from discussions of I’ve had with CoinGeek they’re quite keen on making their miners accept, you know, at least initially a wider variety of transactions eventually.
Daniel: 0:37:32.85,0:38:07.95
So I think IsStandard will remain important within the implementation itself for efficiency purposes, right – you want to streamline base use case of cash payments through them and prioritizing. That’s where it will remain important but on the interfaces from the node to the rest of the network, yeah I could easily see it being removed.
Cory: 0,0:38:06.24,0:38:35.46
Connor mentioned that there’s some people that disagree with Bitcoin SV and what they’re doing – a lot of questions around, you know, why November? Why implement these changes in November – they think that maybe the six-month delay might not cause a split. Well, first off what do you think about the ideas of a potential split and I guess what is the urgency for November?
Steve: 0:38:33.30,0:40:42.42
Well in November there’s going to be a divergence of consensus rules regardless of whether we implement these new op codes or not. Bitcoin ABC released their spec for the November Hard fork change I think on August 16th or 17th something like that and their client as well and it included CTOR and it included DSV. Now for the miners that commissioned the SV project, CTOR and DSV are controversial changes and once they’re in they’re in. They can’t be reversed – I mean CTOR maybe you could reverse it at a later date, but DSV once someone’s put a P2SH transaction into the project or even a non P2SH transaction in the blockchain using that opcode it’s irreversible. So it’s interesting that some people refer to the Bitcoin SV project as causing a split – we’re not proposing to do anything that anyone disagrees with – there might be some contention about changing the opcode limit but what we’re doing, I mean Bitcoin ABC already published their spec for May and it is our spec for the new opcodes, so in terms of urgency – should we wait? Well the fact is that we can’t – come November you know it’s bit like Segwit – once Segwit was in, yes you arguably could get it out by spending everyone’s anyone can spend transactions but in reality it’s never going to be that easy and it’s going to cause a lot of economic disruption, so yeah that’s it. We’re putting out changes in because it’s not gonna make a difference either way in terms of whether there’s going to be a divergence of consensus rules – there’s going to be a divergence whether whatever our changes are. Our changes are not controversial at all.
Daniel: 0:40:39.79,0:41:03.08
If we didn’t include these changes in the November upgrade we’d be pushing ahead with a no-change, right, but the November upgrade is there so we should use it while we can. Adding these non-controversial changes to it.
Connor: 0:41:01.55,0:41:35.61
Can you talk about DATASIGVERIFY? What are your concerns with it? The general concept that’s been kind of floated around because of Ryan Charles is the idea that it’s a subsidy, right – that it takes a whole megabyte and kind of crunches that down and the computation time stays the same but maybe the cost is lesser – do you kind of share his view on that or what are your concerns with it?
Daniel: 0:41:34.01,0:43:38.41
Can I say one or two things about this – there’s different ways to look at that, right. I’m an engineer – my specialization is software, so the economics of it I hear different opinions. I trust some more than others but I am NOT an economist. I kind of agree with the ones with my limited expertise on that it’s a subsidy it looks very much like it to me, but yeah that’s not my area. What I can talk about is the software – so adding DSV adds really quite a lot of complexity to the code right, and it’s a big change to add that. And what are we going to do – every time someone comes up with an idea we’re going to add a new opcode? How many opcodes are we going to add? I saw reports that Jihan was talking about hundreds of opcodes or something like that and it’s like how big is this client going to become – how big is this node – is it going to have to handle every kind of weird opcode that that’s out there? The software is just going to get unmanageable and DSV – that was my main consideration at the beginning was the, you know, if you can implement it in script you should do it, because that way it keeps the node software simple, it keeps it stable, and you know it’s easier to test that it works properly and correctly. It’s almost like adding (?) code from a microprocessor you know why would you do that if you can if you can implement it already in the script that is there.
Steve: 0:43:36.16,0:46:09.71
It’s actually an interesting inconsistency because when we were talking about adding the opcodes in May, the philosophy that seemed to drive the decisions that we were able to form a consensus around was to simplify and keep the opcodes as minimal as possible (ie where you could replicate a function by using a couple of primitive opcodes in combination, that was preferable to adding a new opcode that replaced) OP_SUBSTR is an interesting example – it’s a combination of SPLIT, and SWAP and DROP opcodes to achieve it. So at really primitive script level we’ve got this philosophy of let’s keep it minimal and at this sort of (?) philosophy it’s all let’s just add a new opcode for every primitive function and Daniel’s right – it’s a question of opening the floodgates. Where does it end? If we’re just going to go down this road, it almost opens up the argument why have a scripting language at all? Why not just add a hard code all of these functions in one at a time? You know, pay to public key hash is a well-known construct (?) and not bother executing a script at all but once we’ve done that we take away with all of the flexibility for people to innovate, so it’s a philosophical difference, I think, but I think it’s one where the position of keeping it simple does make sense. All of the primitives are there to do what people need to do. The things that people don’t feel like they can’t do are because of the limits that exist. If we had no opcode limit at all, if you could make a gigabyte transaction so a gigabyte script, then you can do any kind of crypto that you wanted even with 32-bit integer operations, Once you get rid of the 32-bit limit of course, a lot of those a lot of those scripts come up a lot smaller, so a Rabin signature script shrinks from 100MB to a couple hundred bytes.
Daniel: 0:46:06.77,0:47:36.65
I lost a good six months of my life diving into script, right. Once you start getting into the language and what it can do, it is really pretty impressive how much you can achieve within script. Bitcoin was designed, was released originally, with script. I mean it didn’t have to be – it could just be instead of having a transaction with script you could have accounts and you could say trust, you know, so many BTC from this public key to this one – but that’s not the way it was done. It was done using script, and script provides so many capabilities if you start exploring it properly. If you start really digging into what it can do, yeah, it’s really amazing what you can do with script. I’m really looking forward to seeing some some very interesting applications from that. I mean it was Awemany his zero-conf script was really interesting, right. I mean it relies on DSV which is a problem (and some other things that I don’t like about it), but him diving in and using script to solve this problem was really cool, it was really good to see that.
Steve: 0:47:32.78,0:48:16.44
I asked a question to a couple of people in our research team that have been working on the Rabin signature stuff this morning actually and I wasn’t sure where they are up to with this, but they’re actually working on a proof of concept (which I believe is pretty close to done) which is a Rabin signature script – it will use smaller signatures so that it can fit within the current limits, but it will be, you know, effectively the same algorithm (as DSV) so I can’t give you an exact date on when that will happen, but it looks like we’ll have a Rabin signature in the blockchain soon (a mini-Rabin signature).
Cory: 0:48:13.61,0:48:57.63
Based on your responses I think I kinda already know the answer to this question, but there’s a lot of questions about ending experimentation on Bitcoin. I was gonna kind of turn that into – with the plan that Bitcoin SV is on do you guys see like a potential one final release, you know that there’s gonna be no new opcodes ever released (like maybe five years down the road we just solidify the base protocol and move forward with that) or are you guys more on the idea of being open-ended with appropriate testing that we can introduce new opcodes under appropriate testing.
Steve: 0:48:55.80,0:49:47.43
I think you’ve got a factor in what I said before about the philosophical differences. I think new functionality can be introduced just fine. Having said that – yes there is a place for new opcodes but it’s probably a limited place and in my opinion the cryptographic primitive functions for example CHECKSIG uses ECDSA with a specific elliptic curve, hash 256 uses SHA256 – at some point in the future those are going to no longer be as secure as we would like them to be and we’ll replace them with different hash functions, verification functions, at some point, but I think that’s a long way down the track.
Daniel: 0:49:42.47,0:50:30.3
I’d like to see more data too. I’d like to see evidence that these things are needed, and the way I could imagine that happening is that, you know, that with the full scripting language some solution is implemented and we discover that this is really useful, and over a period of, like, you know measured in years not days, we find a lot of transactions are using this feature, then maybe, you know, maybe we should look at introducing an opcode to optimize it, but optimizing before we even know if it’s going to be useful, yeah, that’s the wrong approach.
Steve: 0:50:28.19,0:51:45.29
I think that optimization is actually going to become an economic decision for the miners. From the miner’s point of view is if it’ll make more sense for them to be able to optimize a particular process – does it reduce costs for them such that they can offer a better service to everyone else? Yeah, so ultimately these decisions are going to be miner’s main decisions, not developer decisions. Developers of course can offer their input – I wouldn’t expect every miner to be an expert on script, but as we’re already seeing miners are actually starting to employ their own developers. I’m not just talking about us – there are other miners in China that I know have got some really bright people on their staff that question and challenge all of the changes – study them and produce their own reports. We’ve been lucky with actually being able to talk to some of those people and have some really fascinating technical discussions with them.
Connor: 0:51:39.47,0:52:18.70
So many questions I want to ask you – I want to get your thoughts on Selfish Mining, right. So the Chief Scientist of nChain has been pretty vocal that selfish mining is not real – Steve I know that you, I think at one time were running a simulation on selfish mining. What are your thoughts on selfish mining itself – is it an attack vector, is it made up, is it real?
Steve: 0:52:13.74,0:56:00.20
It’s a nuanced issue. So, yeah, I did actually run a simulation – in fact I started switching it off just a couple of weeks ago and handed all that data over to somebody to start analyzing. I’m glad I got to switch it off because it’s costing me a fortune in VPS’s. So it was a hundred nodes on a wedge test network – well, a slightly modified wedge test, and they were all actually you know real nodes mining – and I didn’t finish analyzing the data from the full-scale test, but I did a small test late last year with just ten miners mainly because I just wanted to prove that it all worked before I started spending lots of money on 100 nodes. The results I got showed that you could gain a short-term advantage with selfish mining – nowhere near what was predicted by Emin’s paper. There could be any number of reasons for that – I did my absolute best to bias that test in favor of the selfish miner. Anywhere where it was, you know, there was a point where it could be biased, I tried to try to make that bias in favor of the selfish miner. It’ll need the expertise of somebody a little more statistically aware than I am to filter out all of that noise and see if you need to repeat any of those tests, but what became really apparent to me, and I spent a lot of time working on this because I had to factor in all of those biases – it’s so easy to stop somebody from selfish mining because it’s so easy to detect. If you need to hold blocks back for a period of time that could range from minutes to 30 minutes to an hour, there’s obvious signs there. You’re not going to have transactions that appeared on the network in the last 10 minutes or 20 minutes. if you think someone’s selfish mining you can start seeding transactions out yourself so you know exactly when they came out. The timestamp in the block is going to be off. Most miners use reasonably accurate time stamps at the moment. The Bitcoin protocol has always allowed about a two-hour window with time stamps, but the time stamps people tend to be using these days are relatively accurate, so once you’re aware that selfish mining happens it’s really easy to start orphaning the blocks of the selfish miner. You can detect what blocks they are and you can start manually invalidating if you want to. I find it inconceivable that if 30% of the network is trying to attack the other 70% that the 70% aren’t going to respond – they’re going to respond very quickly, and it takes quite some time for any advantage to be gained by the selfish miner. so they’re taking a massive risk that people just aren’t going to notice or not going to respond by trying to do anything about this, by trying to trying to pull this off. So for me the reality is it’s probably never going to happen and if it does someone’s going to end up with a bloody nose as a thank you for trying.
Cory: 0:55:58.07,0:56:35.06
A lot of people are comparing this upcoming November fork to the Ethereum and Ethereum Classic hard fork and some of the confusion that can happen, especially on the exchanges running different node softwares. I just wanted to get your thoughts on what you recommend for exchanges to do during this time where some of the clients might be incompatible and I guess where do you see November ending – where are we going to be in December?
Steve: 0:56:33.83,0:58:19.03
I mean I can’t predict what’s going to happen November 15th, and I don’t think anybody can. In the past the exchanges have had, during events like this, I mean there are hard fork that have been planned on certain alt coins – zcash for example has them quite regularly and exchanges routinely suspend deposits and withdrawals during this during these events – in some places they suspend trading as well. I would assume that most exchanges will probably do that until the muddy waters clear, In terms of recommendations what I would recommend to exchanges is that they have both nodes ready. Most of them probably have an ABC node, some of them have SV nodes. I recommend that they have one of each. I also recommend they have a BU and an XT node sitting there. That’s not really a hard fork related thing or a November 15th related thing, that is just general best practice for any business that’s relying on a blockchain have multiple implementations running so that they can switch quickly. You know as to as to what what the outcome will be, I mean that’s for anyone to guess. As long as exchanges are prepared and they are able to switch from one implementation so the to the other then I think they’ll be okay.
Connor: 0:58:17.56,0:58:40.72
I think we’re getting pretty close to the end – you guys have actually done great job answering all the other questions scattered throughout here. I did want to ask quickly about parallelization – you talked about it a little bit but have you guys done testing with not just using a single core but parallelizing the software, and what are your thoughts on that moving forward into the future?
Daniel: 0:58:44.34,1:01:10.90
So we’ve done testing in a sense of measuring the performance of the client and research into where we can achieve the most improvements. We’ve also looked at other code – so I know Bitcoin Unlimited has made some improvements recently that are really impressive. I haven’t actually tested the Bitcoin Unlimited release, the new one, I’d love to get around to that. We’re using a fork of the ABC code, of course, and there’s some really big problems with parallelization in that code. These problems stem from Core which, you know, with 1 MB blocks who cares, right? But with the kind of volume that we’re trying to get through they’re really important. The C++ developers are busy with it, but it’s a lot of work to eliminate some of these problems. There’s a main lock that’s held by large parts of the code that is causing, you know, even though there may be multiple threads doing various bits they’re all getting stuck on a single lock which is forcing them all to be effectively single threaded. There are some areas where parallelization is working, but in this main flow of transactions with the system there’s a lot of work to be done there with this central lock, and that’s what we’re working on right now. We’ve been working on it for a while, but it’s it was not ready for the release – it was not, you know, that kind of work needs an awful lot of testing, an awful lot of review, which was nowhere near ready for the release and we hope to have it ready for the next release.
Steve: 1:01:09.28,1:03:12.80
The next release won’t be another hard fork, of course. There’ll be point releases in between where we can add performance enhancements. I think it’s worth adding we’re taking quite a methodical approach to this. We’ve got a couple of parallel streams of work going on where we have a couple of devs mapping out the life cycle of a transaction from acceptance by the peer to peer interface through acceptance of the memory pool through mining in a block etcetera and then validated in the block. We’re mapping all of that out so we can see exactly what each kind of stage touches so that we can kind of break it all up, and we’re doing that work as a preliminary exercise with another dev in parallel working on some sort of minor code changes that will improve things in the short term. Once we have that well mapped out and walls of the nChain office are going to be covered in these gigantic diagrams, because they’re complicated ones, then we’ll be in a really good position to look at all of the data structures and say “okay this one’s touched by this part of the code path, then this part of the code path, etc”. So it’s safe to separate these out and use a different lock for them that’s not safe for this part etc. The whole parallelization question is an interesting one because it doesn’t just apply to the code it applies to our developer process as well. We’re working out how to parallelize development so that it doesn’t get stuck behind a single developer in a pipeline, and I think in a fairly short space of time we’ve done pretty good at that.
Steve: 1:03:18.93,1:04:29.82
That actually does lead into another point that what we don’t have in Bitcoin SV is any shortage of resources. We’ve got quite a lot of developers working on this project. They’re extremely experienced developers and I’ve been really impressed with what they’ve been able to pull off in a short space of time, but as and when we kind of unlock these additional parallel development paths that can be taken we’ve got no shortage of people that we can add into the mix. The pace of our progress is probably going to grow exponentially. There’s always a bit of a betting in period while we sort out our nternal processes in our QA etc before things really start to kind of accelerate and we’re starting to see that internally with the team now – the pace of progresses is really picking up.
Daniel: 1:04:23.13,1:06:07.98
So there’s different types of changes here I mean we’ve got a road map for Bitcoin SV of where we want to go. We’ve got pressures to make some quick wins in regard to capacity, and so some of the things will need a lot of work to rewrite large parts of the code or at least to reorganize, and that that stuff takes a long time. Then you’ve got the short gains things we need as well to quickly improve the capacity of the network, and getting those those two needs to cooperate and work well together without one of them making a short-term win in increasing capacity that goes the wrong direction for the long-term gain that we want. Get all of these changes lined along the same path and making some quick improvements while at the same time having a large-scale longer term changes that will really enhance the capacity of Bitcoin – my gosh this is a challenge since what we’re working on we do we need to keep the long term in mind, but we also need to make some some short-term improvements and that’s challenging.
Connor: 1:06:02.61,1:06:33.30
We’ll wrap it up here shortly – thank you for your time. I would be remiss not to ask you as many interesting questions that I can, so I did want to touch on – Bitcoin ABC is actually pursuing a malleability fix. What are your thoughts on transaction malleability itself, and do you think that a fix is needed?
Steve: 1:06:29.13,1:06:39.20
I’ve not heard anyone complaining about it
Daniel: 1:06:33.30,1:06:42.27
I don’t see a need for it.
Steve: 1:06:39.20,1:08:12.06
A malleability fix relies on changing the way the transaction ID is calculated, and essentially that means excluding signatures from them, and I think that’s a wide reaching change. It would need to be studied very carefully, and it’s kind of ironic because most of the pushback that we’ve ever gotten for any of the changes that we wanted to implement was “what’s the use case?” and I mean with something fundamental like a scripting language that doesn’t have a multiply operation it’s almost a no-brainer, but I don’t see anybody presenting a case and saying we need… I don’t see any businesses coming and saying we need malleability fix for this, and we’re willing to tolerate disruption to the network and wallets having to update, etc in order to get that. So, you know, if a business comes and says we’ve got this compelling use case and it’s going to transform the face of Bitcoin and it’s believable, you know, more believable saving the Lightning Network, then then maybe you should get on the agenda and be discussed, but I’m not seeing that.
Daniel: 1:08:08.91,1:08:34.59
So there are a couple of small changes in the ABC plan for me that seem to be aimed at malleability. I’ve encouraged anyone to take a look at them – I haven’t finished analyzing them myself yet, but yeah I don’t see a need for fixing malleability really.
Steve: 1:08:30.12,1:08:39.24
At the very least it’s not a priority.
Daniel: 1:08:37.50,1:08:42.81
You can do payment channels without fixing malleability.
Steve: 1:08:39.24,1:10:11.17
There’s much more important things that we need to be focusing our time and attention on – primarily scaling. Supporting the payment processing ecosystem with additional APIs into the nodes so that they can query things and improves their 0-conf experience and measure 0-conf risk and that sort of thing. Yeah it just doesn’t seem to be a priority to me. Our core priorities, well one keeping Bitcoin SV code secure in terms of, you know, quality of code, etc of making sure no vulnerabilities creep in. Our other two core priorities are scaling and improving the instant transaction experience for users. I think when we have those two things in place we can stand in front of the world and say “hello here’s this blockchain that has taken a radically different approach to all the other several thousand blockchains in the world when it comes to scaling – we’re not afraid of big machines, we’re not afraid of data centers, and by the way this is a block that’s this size and it processed a whole bunch of transactions that happened ten minutes ago, and the people have been out of the shop drinking their coffee for ten minutes” – then I think the world will take notice.
Cory: 1:10:13.23,1:10:25.46
How far do you think we are from that – where this adoption is gonna grow at a significantly high rate and you know we’re gonna need to scale?
Steve: 1:10:24.03,1:11:57.13
I think I talked at the very beginning of this session about the interaction between different developer groups and how I think once the protocol, you know, the consensus protocol itself starts to settle down, and I think it’s quite close to that, we reach a place where that happens, then a lot of the time and energy that gets wasted on sort of the non-productive confrontational interactions will get focused on these things – the scaling stuff for example. BU have already done some great work on that and I pray they continue. So depending on the outcome of what happens in November, you know, if we get to a position where people are no longer focusing on all of these consensus changes that need to happen – or “need to happen” in quotes then I think the attention of developers will get you know laser focused on scaling and zero conf and I think the pace of adoption would pick up. I can’t give you an exact date but I’m really excited to see where we’re at in the in the middle of next year – I think definitely from the Bitcoin SV side I know we’re going to have made huge amounts of progress between now and June next year.
Cory: 1:11:52.36,1:11:59.29
I can’t wait
Connor: 1:11:57.13,1:12:41.02
Wonderful. I guess before we kind of wrap this up, the last question I did want to address – Anyone who was like “oh they didn’t ask my question” – I think a lot of people confuse you guys with miners. A lot of these questions are assuming you personally are going to 51% attack things and things like that, so no to answer your question these two are not the miners. I think a lot of people do not understand that whatsoever. With that said we were accused that this was going to be a softball interview and so now we kind of were forced to ask this question here because one user is particularly obsessed with your Chief Scientist at nChain
Steve: 1:12:37.00,1:12:42.79
So let me guess – Contrarian__
Connor: 1:12:41.02,1:13:03.10
Yes – I think his name might be Greg, but I’m not sure about that. The question is that because your client claims to implement Satoshi’s vision, do you personally think that Craig Wright is or was the main part of Satoshi?
Steve: 1:12:59.47,1:14:01.69
For that I have a blanket policy of ignoring Contrarian__ because I generally try to be a little more diplomatic, but I mean he is clearly an idiot in search of a village. On the question of do I believe Craig Wright is Satoshi – it doesn’t matter to me whether he is or not. I’ve thought hard about this and if I was offered a cryptographic proof I think I would probably say no, because you know it just fundamentally changes something and it really just doesn’t matter. Craig is an interesting character – I actually enjoy working with him. I find him prickly sometimes, you know, we have our disagreements and some of them get a bit loud and then we have a have a hug afterwards and it’s all good but in general he’s somebody that I enjoy working with. That’s all it really matters yeah.
Daniel: 1:13:59.21,1:14:20.12
I’d agree with that. I mean when I came to join nChain I had to have a think about it. You know what it comes down to is it doesn’t matter if he is or not, really. I enjoy working with him and it’s a great place to work.
Connor: 1:14:17.80,1:14:33.25
Wonderful. Well, thank you guys very much for taking the time to do this. I think a lot of people will learn a lot – I know I did, so we yeah we greatly appreciate your time so thank you guys.
Steve: 1:14:30.25,1:14:33.25
Pleasure
