The following content is
provided under a Creative Commons license. Your support will help
MIT OpenCourseWare continue to offer high-quality
educational resources for free. To make a donation or to
view additional materials from hundreds of MIT courses,
visit MIT OpenCourseWare at ocw.mit.edu. GARY GENSLER: Thank you
again for all being here. We're going to talk a little
bit about the challenges of blockchain technology. I'm apologizing in advance. I'm supposed to be, like, across
campus for a 4 o'clock meeting. So I won't have much
time right at the end to do the little wrap
with students coming up. I will note also that if
you want to come see me I'm open to it. Next week's a great week,
by the way, because I'm here all four or five days. But I don't have
set office hours. Just email me. Copy Dylan, who's the
new course administrator. There was a swap out from Ryan. Or copy Talida or
Sabrina or something. But just shoot me an
email, and then I'll set something up with you if
you want to follow up either on your projects, or it's
a question about anything around blockchain. I also want to thank-- we
don't usually have people here with jackets on. But we have six
or eight veterans who have served our country, and
I thank you for your service. [APPLAUSE] They're here to observe us. I don't know whether we'll
scare them away or not. But thank you for joining us. So today's topics are
going to be around-- of course, we're going to
go through the readings a little bit. We don't have Larry Lessig, and
it's a little bit more relaxed. So I might be doing some cold
calling if that's all right. I'm going to go
back a little bit to the technical features
in a quick wrap-- in two slides or three slides. But I just want to do
that as the setup again. And, of course, because you all
love hash functions so much, it's just a way to
bring it back to some of the technical features
to set up, really, what are some of the issues. We have-- I think it's
lecture 11 and 12, where it's just what I call
act two as the economics. But I want to set up a little
bit about the economics. You saw that in the reading-- the 21st Geneva report
that Simon Johnson and Neha Narula and Mike Casey
and Jonah and I wrote. So now you all-- I only assigned his
seven pages out of it. So I hope that you
read the seven pages. But some of the
costs and trade-offs, the challenges of blockchain
technology that are very real. I'll give you my own
perspective on where I think this will sort out
over the next 3 to 10 years. So I'll do some predictions. Vitalik Buterin has also
talked about a trilemma, and I want to chat about that. And that was one of the
readings, if I recall. He's such a leader
in this community that when he writes and
says something like this, it was relevant, I think,
that everybody's understand what Vitalik Buterin's
kind of "trilemma" is, even though that some
people think he's mistaken. Some possible
solutions to this-- we have, who's
attending today, Madars who is actually one of
the developers on some of the solutions around
zero-knowledge proofs. And he might get called on. He works over at the
Digital Currency Initiative. I hope you're ready. And why I think governance is
the most challenging piece. So with that, the readings-- I have a list of everybody
that hasn't spoken yet. [LAUGHTER] So the goal is to speak. That's what class
participation is. I'm going to be
lighthearted about it. I-- it's not that long ago
I was a student, really. I remember all this, you know. You want to get your
name off this list. I just want to say
kind of encouraging. So should I do it alphabetical
from the list as to who wants to tell me? No. No. You look like you're
ducking your head. What's your name? [LAUGHTER] AUDIENCE: Wendy GARY GENSLER: What's that? AUDIENCE: Wendy. Wendy. GARY GENSLER: Wendy. Wendy. What did you take from the seven
pages of the Geneva report? Did you read-- did
you do the readings? So what did you take from the
great work of Simon Johnson-- and I helped him out, you know? AUDIENCE: [INAUDIBLE] GARY GENSLER: Anything about
the business challenges of blockchain from the readings. AUDIENCE: It takes a long
time to do the [INAUDIBLE].. GARY GENSLER: So one
challenge is time-- latency. It takes a long time to do. Wendy raises. Yes. If you could say
your first name? AUDIENCE: Catalina. GARY GENSLER: Catalina. It really helps Sabrina out-- get you off the list. So it's self-motivation
to say your name. So Catalina. AUDIENCE: There is also a
problem with performance and scalability. GARY GENSLER: Right. So it's sort of related. They're not alone-- but
performance, scalability, the time it takes
to do a transaction. Other challenges? Yes? AUDIENCE: There are issues GARY GENSLER: First name? AUDIENCE: Samir. There are issues
with micro payments and how they're [INAUDIBLE]
inconsistently confirmed. GARY GENSLER: So how
to do micro payments. You want to tease that out? Why is there a problem
with micro payments? AUDIENCE: I can't remember
the exact details, but it was around just the
fact that-- because they're so small, they were just
essentially inconsistently [INAUDIBLE]. GARY GENSLER: All right. So how to do micro payments. And the small micro payments-- partly because
they're so small-- may be relative to the fees
and the cost of the network. Alexis? AUDIENCE: Yeah, I just wanted
to add, like on this point because basically
the minors will try to add to the
blockchain first the transaction with
the highest fees. So a small transaction
could take [INAUDIBLE].. GARY GENSLER: So there's
economic incentives that are involved here. We're now moving
a little bit away from all that stuff--
the broccoli that I said that we were all going to be
eating about hash functions and so forth. Akira. AUDIENCE: Yeah. Other challenges-- the
privacy and security. [INAUDIBLE] those concerns
identity of [INAUDIBLE].. And [INAUDIBLE] concern privacy
protection of customers. GARY GENSLER: OK. So Akira just raised
a bunch of points about privacy and security--
about the individuals and the regulators. Does anybody want to tease
that out a little bit more? AUDIENCE: Well, the bank
has more of an incentive to keep things on
the privacy side, whereas regulators
obviously will have pried into the details. GARY GENSLER: OK. So you have that
natural public policy tension that doesn't only
exist around blockchain. Jihee? AUDIENCE: I could hear
anything back here. So if people can
speak up a little bit. GARY GENSLER: OK. Do you want to say it again? AUDIENCE: So inherently,
the regulators want to look into the
details of the transaction, whereas banks have a high
incentive to keep [INAUDIBLE] privacy side. GARY GENSLER: So
on the one side, there's a commercial interest
to keep things private. On the other side, the official
sector might want to peer in. And then interestingly, on
top of it-- layered on it-- the official sector also wants
privacy for everybody other than the official sector. So like in Europe,
there's a new requirement that wasn't in the readings. Don't worry. But is anybody familiar with
the directive-- the privacy directive called GDPR? I don't remember your name. I'm sorry. AUDIENCE: Erin. GARY GENSLER: Erin. You want to tell the
class a little bit about GDPR, or if you-- AUDIENCE: I'm not certain there. I just know that it's
a big deal right now with going after [INAUDIBLE] GARY GENSLER: Stephanie. AUDIENCE: Yeah. So my understanding is
that, especially when it comes to advertising
to consumers, they have-- consumers in the EU have to
really check certain boxes to agree to be advertised
to as opposed to just automatically getting that. GARY GENSLER: Right. So Joe Quinn? AUDIENCE: It's a private deal. You have also the right to
opt out of being tracked-- everything you do. GARY GENSLER: Michael? This is Michael? AUDIENCE: I was going to
say we worked on this-- company I worked
on at the summer. We had to put purging
mechanisms into our databases. GARY GENSLER: All right. So it's a remarkable new law. Europe is, in a sense-- if you wish to say-- either more
privacy protection, or ahead of the US. You know, and each
jurisdiction has their own cultural
and political norms. But Europe as a whole has
moved further, in a sense. You have a right
to be forgotten. You have a right to access
the information as well. And so how to be
forgotten in the context of an immutable blockchain is an
interesting just technical set of issues. Yes? AUDIENCE: There was a
question I was going to ask-- Kyle is my name. GARY GENSLER: What's
your first name? AUDIENCE: Kyle. GARY GENSLER: Kyle. OK. AUDIENCE: I worked for
a company this summer that processes transactions. And it was our understanding--
speaking with lawyers in Europe-- that under GDPR, you're allowed
to request your transactions because the transactions
count as personal information. You're allowed to
request your transactions to be erased from
the ledger, which obviously opens the door to all
kinds of fraudulent behaviors. I'm just curious
to know if you've heard of any sort of
resolution to that. GARY GENSLER: I haven't. I was speaking at a
conference earlier today here at MIT with a
bunch of member companies to the Computer
Science and AI lab. And one of the
participants said they thought they had a technical
set of solutions to it. So we're going to talk
more about the privacy issues and GDPR in the public
policy session next week. So I'll try-- Kyle, remind me. And I will try to get
more up to speed on that. Kelly. AUDIENCE: I found the-- specifically in
the GDPR chapter, there was something
mentioned about what makes blockchain
uniquely qualified to solve a lot of
these solutions. And I found that it had
coincided with what Professor Lessig said last class about-- there are significant trade
offs that often come down to the cost of trust. But it still begs the question--
with so many technical challenges, why is
it still such a-- something that's
so sought after? So I'm hoping that we can
clear that up a little. GARY GENSLER: We'll
give it a shot. Other thoughts or questions
from the readings? AUDIENCE: I [INAUDIBLE]
third year with you about the layer 2. GARY GENSLER: About the layer 2. Yes. AUDIENCE: The layer 2. Yeah. And [INAUDIBLE]
that is that it's OK about having a second layer
to provide the efficiency and the high performance. But it's writing it off line. Yeah? So we are starting to trust
in a second layer that runs off line and then goes
and put inside the blockchain. How feasible-- how can we trust? GARY GENSLER: So the question
is about possible solutions to address performance
and scalability. And I have a few slides on that. But in essence, if the
principal protocol-- the Bitcoin protocol, or
the Ethereum protocol, or maybe tomorrow it'll be
EOS or some other protocol-- has some performance
issues, could some activity be moved to another channel? That channel could
be called a layer 2 in the Lightning network, which
there was a reading about. That could be with a little bit
different technology cord side chains or sharding, which I
think was an optional-- yeah. I did that optionally. I didn't force you. So there's a number of
alternative channels. And though the technologies
are, to technologists, importantly different-- sharding, and side chains, and
layer 2-- for this purpose, for a moment, let me blur
over the differences. The question that
Leandro asks is, well, is that meaning
that we have to trust? I would contend we
already have to trust the protocol that the Bitcoin
core developers have written. It's open GitHub. It's open code. But very few people
are actually going to investigate it
enough to be assured there's not a bug or an error. But I agree with
you that the core-- the Bitcoin core or
the Ethereum core has been living
in-- if I could call it-- the technological
and commercial swamp. It's been attacked by so
many viruses and bugs, you have some
reason to trust it. But you should
never be 100% sure. The side chains are less tested. But I do agree with you. You have some trust, unless
I misunderstand the question. I thought it was a trust
in the underlying code. AUDIENCE: My main
point is working with secondary that's offline. You are not really transacting
in the block chain. Yeah. It's off chain. Yeah. [INAUDIBLE] GARY GENSLER: So the question
is, if you're off chain, should you be more worried? I was addressing just a
narrow part about the code. You're saying, should you be
worried because it doesn't have the same validation models? So can I hold that question
until we get to the slides? Because I think you
do actually have some pretty good
validation, but I think you're right that
it's a valid question-- is the validation in these
off chains still work? There was a question back here. AUDIENCE: I was
just sort of going to respond to the issue
of sort of trusting these offline mechanisms. It's not in the same
vein, but 90% of-- according to this--
daily trading volumes occurs in
these crypto exchanges. So that's also sort of
happening off the chain. So I think that in this
community of people who are currently
participating, there is no reason that
we're not going to trust third-party vendors. GARY GENSLER: So you're
raising the point-- and it's a sort of an irony
of the whole ecosystem-- that the majority-- and, in some
cryptocurrencies, over 90%-- of the actual daily
transactions are happening in very centralized ways-- on exchanges, particularly
the centralized crypto exchanges, where-- I can't remember. But it was about half
of you have owned Bitcoin at some point in time. But can I ask how many
of you have actually operated a full node? So there's the two technologists
at the middle table, and Hugo, who is also, if
I remember right, an engineering PhD student? OK. So we have our 3 PhD students
who have operate full nodes. Honors to you all. But for most of you-- and it was
half the class have owned some Bitcoin-- you've trusted some
other authority to hold your private keys. I'm not saying you're
wrong or right, but it's an interesting
and important point about this ecosystem. So let me, unless
there's other points, just go through some of how
I thought about these things and laid it out. And I-- of course,
the study questions we've been talking about. So I'll come back. But we will talk a little
bit about hard forks. And we-- I didn't hear anybody
talk about interoperability. So we'll come back
to that as well. We've talked more about
performance and privacy issues. Just back to the
technical features-- it's just repetition. Sorry. But I do think it's worthwhile. There is, of course, the
cryptography and timestamp logs-- so the bedrock of this
technology that we did three or four lectures ago. You will find that in
permissioned systems. You will find it in
permissionless systems. That is a bedrock. You will find in Ethereum
Bitcoin and 1,600 others. There will be some
shifts around-- the hash functions might
be a little different. But that's kind of a
bedrock of this technology. The Network Consensus is not
necessarily always the same, as we talked about. Sometimes, it's proof of work. Sometimes, it's proof of stake. Or in the permissioned systems,
the consensus is really, are you amongst the club? And then there's kind of
some form of a club deal. If you're the Australian
Stock Exchange, the only member of the club is
the Australian Stock Exchange. But in other
permissioned systems, it's 20 banks or 15 banks that
are sharing that some delegated randomized authority
to say, what's the next amendment to the-- And the transactions
code and ledgers shifts largely dependent upon
whether it's a transaction ledger or an account ledger. So transaction ledgers
have to have some way to record transactions. Account ledgers have
to have some way to record the change
in accounts, which Ether calls state transitions. But either you have to
record a transaction, or you have to record a change
in the state or a change in the account. An account would
say, yeah, it would be like the income statement
versus the balance sheet. But you kind of
need to record that. And basically, all of
these technologies, as I understand it, have some
way to keep those ledgers, though there's
multiple ways to do it. And as we talked
about last week, some have one Merkle tree, and
some have four or five Merkle trees. And so forth. But it's embedded
in this, and they could have different scripting. Questions? Just-- that's like
the thumbnail just to remind you about
the technology. It's the T in MIT. AUDIENCE: Just a quick
[INAUDIBLE] question on ledgers. So for a transaction versus
account in an account-based ledger, does it say-- like, if you spend
$5, does it say who you're spending that $5 to? Or does it just say, your
account went down $5, and somebody's else went
up $5, but it doesn't matter where it came from? GARY GENSLER: So
I'm going to take, as I understand
Ether and Madars. You'll bail me out. But you put a state transition-- instead of a transaction input,
it's a state transition input. And that state transition input
does have one account going down, another account going up. AUDIENCE: So if you
investigate that, you can see where it came from. GARY GENSLER: You can see both
sides of it, as I understand. And there is a receipt ledger. There's actually a
receipt Merkle tree that then keeps this
state transition happened. Did I did I roughly
get that right, Madars? AUDIENCE: [INAUDIBLE] GARY GENSLER: Oh, wow. All right. Madars actually does
this for a living. I mean, he's the one of the
founding people of Zcash and a bunch of other
wonderful things. I'm not going to go through
each of the details, but there was about
15 or 20 details in these slides about the
differences between Bitcoin and Ether. And I just use it to remind--
because it's saying, OK, why did the professor--
why did the-- why did Gary put it up there? This professor Lessig--
that was nice for Larry. But for me, you don't need-- But in essence,
the big difference is account-based versus
transaction-based. The kind of big difference is
Ether does seem to go faster, but it doesn't have
a lot of throughput. They still both
use proof of work. Even though Ether
says they're going to move to proof of state,
they're not there yet. When they get there,
we'll all know together. The economics are a bit
different, of course, as well. But all of these details
are part of the reason why there's problems. And so you read in the
Geneva report a little bit about a professor-- an economist from the 1930s. Does anybody want to
take a crack at it? Or should I just do my slides? Here we go. AUDIENCE: It was [INAUDIBLE] GARY GENSLER: Yes. AUDIENCE: He had the fact
that everything you should be analyzed on the cost-benefit
analysis so that if one wants to use the blockchain
decentralized network, you should take into account
all the benefits in terms of various costs of trust-- enhancing security,
but also the cost of switching to a
decentralized system. GARY GENSLER: Coase
is an economist from the 1930s who
wrote extensively about the cost and empirically
about the corporation. Kelly? AUDIENCE: Yeah. Basically trying to
understand why transactions would aggregate into a firm. Why move all your
activity into one? GARY GENSLER: Right. So in a much earlier time-- way pre-Bitcoin,
but a different-- why does economic activity
cluster into a firm, rather than-- if it was truly
market-based, I might just be selling my services. In essence, he was
asking the question, why don't we have a fully
gig economy in the 1930s, where everybody's free labor,
and even capital and labor meets individually, and
we collect up together? That was kind of the body of
his question that he was-- so centralization
versus decentralization 80 years ago studied
by a great economist. So just thinking about
it here a little bit, I think that when you
go from decentralization to centralization, you tend-- on the centralized
side, you get capture. You get economic
rents, and you do have a single point of failure. In some sense, the
resiliency of the system, whether it's in finance, where
you worry about systemic risk-- one clearinghouse, one
central bank, one government. If it's knocked out, it's
so relevant to the economy at large. It brings it down. Or if it's one database-- you have a single point,
in essence, of failure. Economic rents is an ability
to collect excess profits. I assure you everybody
in this class wants to collect economic rents. We start out as venture
capitalists and entrepreneurs, but we have a motivation and
an incentive to be monopolists. But we don't want to do
it illegal, of course. I mean, we just want to get
there by dominating the market. I'm sorry. Was there a question here? You're just-- you're shaking
your head, and I didn't know. But on the other side,
there's the benefits. The y-scale is not
written on here. The y-scale is how however
you want to think of it, but I think of it
as kind of costs. So the y-scale-- up the
y-scale is greater costs. Decentralization--
the big costs that come there is coordination. You have a lot of
collective action issues. If the 100 or so
people in this room were trying to do
something together, you would have to figure out
how to do it collectively in coordination. And that's true of
every blockchain that you can think about. Governance relates
to coordination and collective action issues. And then security
and scalability-- these two lines are not
in any of the readings, but they try to capture what-- and depending upon the
slope of the two lines, you might say that
a market might tend towards more centralization. In theory, if I
change the slope, it would be further to
the decentralized side. Right? If the cost of decentralization
is a lower slope, and the cost of
centralization is higher, we will tend more
towards decentralization. So it's just a
way to visualize-- here are the costs
of centralization, which are basically capture
rents and single point of failure, not
that there aren't other costs of centralization. Here are the costs
of decentralization. I think in each one
of the applications, when you're thinking of
use cases, it's worthy-- this is kind of a core thing. Will this application
lend itself to a low slope decentralization
curve and a high slope centralization curve? Are there a lot
of economic rents? Are there real problems
with single points of failure or capture? And if it's a low slope
decentralization curve, meaning there's not much cost to
the governance of coordination and scalability
issues, then you're going to be more towards
decentralization. This isn't any reading or book. It's just a shot at
trying to visualize it. Sean? Any question? AUDIENCE: [INAUDIBLE]
One question I have-- it's slightly
irrelevant from this area-- is that why are all the privacy
coins are off the hard fork? What-- a lot of them are off
the hard fork for the Bitcoin as a [INAUDIBLE]. GARY GENSLER: So
Sean's question is why are the privacy coins forked-- not all of them,
but many of them are forked off Bitcoin or
one of the major coins. Madars, you want
to say-- did you-- you have one privacy coin. AUDIENCE: So Bitcoin has a very
robust and well-established code base. So there is a lot of
high-quality code. GARY GENSLER:
Could you speak up? AUDIENCE: Bitcoin has a
lot of high-quality code so you can build up on it. So it's natural to add privacy
on top of Bitcoin in your fork rather than write
it from scratch. GARY GENSLER: What
Madars is answering is there's something
that's freely available-- the Bitcoin Core code. It's actually under
a copyright license here at MIT, which
makes it free. That was Satoshi
Nakamoto's decision. It wasn't that-- well, maybe
Nakamoto does work here. [LAUGHTER] It's a clue. But it's been
developed, and it's knocked around, as I call
it, in the proverbial swamp-- I mean, with all these
attack viruses and so forth. And so Madars is saying,
build off of that and basically get
that code for free. And then fork. Is that-- So the challenges--
we talked about it-- of performance, scalability,
efficiency, privacy, security. What there was
less talk about was interoperability, governance
and collective action. And I'm going to dig
into those two more because it feels like
that's worthwhile. I also believe that
the first bucket-- performance and privacy bucket-- are more susceptible to fixes. Though that might take three or
five or even eight or 10 years to happen, I think they're more
susceptible to the bright men and women that are
in these fields addressing themselves
to the computer science and cryptography of the
space, whereas governance and collective action
might be solvable. But I think it's sort of
inherent in the human element and the commercial
arrangements that governance and collective action are the
harder of these four buckets. That's just one
person's read of it. But we'll go through
some of the reasons as well why I kind
of get to that view. There's also commercial
use case challenges. We're not going to dig
into that much here. That's mostly the second
half of the semester. But I just wanted to
mention that's a real thing that a lot of folks are
saying, well, would-- I have to make sure
that this is the best commercial application,
and so forth. And can I make money, I
mean, ultimately on it? And then we are,
next week, going to talk about the public
policy issues and challenges. And they all kind of
intersect in a way, as well. So Vitalik Buterin-- I think there was a Medium
post I had you all read. Bo, do you want to
tell us a little bit about what you think? Is Vitalik not only a
brilliant computer scientist, but does he get the
economics of this right? Or you think he's off? You can be on-- there's
no right answer. I know people that feel
both ends of the spectrum about his trilemma. So I'm setting you up that-- AUDIENCE: Geneva
[INAUDIBLE] it first. It seems like it makes sense. But his-- he's basically
saying choose two. You can't have all three. GARY GENSLER: Right. There's an old saying about--
how many of you have ever hired a contractor to fix
something in your kitchen or renovate something? I mean, I have. I'm a little older, right? You know the old saw that
it's good, quick, cheap, but you can't get all three? You can only get
two out of three. That's sort of the
contractor dilemma. But what do you think? Do you think he's right? Or do you think you could maybe,
over time, get all three-- good, cheap, quick, scalable,
decentralized, and secure? AUDIENCE: My very
unsophisticated knowledge of the technicalities
behind this-- I think he's right. GARY GENSLER: You
think he's right. Who wants to take
the other side just to have some fun
and some debate? Sure. Yeah. Go out at it, Leonardo. AUDIENCE: So-- GARY GENSLER: There. You got it. We got the name. [LAUGHTER] AUDIENCE: I think
one of the texts we're talking about--
the time that systems have had to develop. So the image, for example,
Visa has had 60 years to develop a system that works. Some of those currencies have
three, four, five, ten years. So they will, I think,
even put a number. His personal opinion
of [INAUDIBLE] was that less than 5% that
will not overcome the hurdle. I don't know if that
is right or wrong, but I think the fact
that it's so recent-- I think the jury's still out. GARY GENSLER: All right. So Leonardo's point
is it's recent. This is a new technology. Yes, maybe Vitalik is
right that only 5%-- maybe only 1% will succeed. But to say that no one will deal
with these three points in this simultaneous satisfactory
way-- and ultimately, it has to be satisfactory
in a commercial way-- taking the risk and trade offs. So Leonardo takes
the other side. Anybody want to
say why Leonardo-- Hugo, were you-- which
side are you taking? Leonardo's side,
or Vitalik's side? AUDIENCE: Somewhere
in the middle. GARY GENSLER: OK. AUDIENCE: So I think that
there is a trade off. But I agree that it might
take time to improve all three simultaneously. I mean, one thing that happened
just this last week in Bitcoin was there was a
vulnerability discovered. And as somebody who doesn't
know how to check the code base, really-- I'm not a computer
science person, so I've never checked for
bugs or anything like that. I don't know how to do that. I kind of just take the
software as it stands and download it and install it. And when they say
I need to update my software because
there's a bug, I'll update the software
because there's a bug. And that kind of feels like
more of a centralized system, but you're getting
that security. But then the decentralization
comes from the fact that the network is still
spread out over so many nodes. So there are trade
offs that I think you can kind of build on one
and then climb another cliff and kind of build on each,
but not the same time. GARY GENSLER: So Hugo is
somewhere in the middle. I'm probably an optimist
enough on the human condition and that the technologists
will solve more than Vitalik. So I'm not saying I'm all
the way where Leonardo-- wherever yeah-- there would be. But I'm probably closer to
Leonardo than to Vitalik. But that's just
my point of view. I also find it interesting,
if it's all right if I say-- Hugo's an engineering
doctoral student here. And yet, he's not
checking the code. Not any-- right? Because-- right. AUDIENCE: [INAUDIBLE] GARY GENSLER: So
there's a trust issue that-- in the marketplace,
the trust of the code. We all also trust
Facebook and Dropbox and, broadly speaking,
the internet as well. Priya? AUDIENCE: I was going
to say that there are several examples
throughout the evolution of human interaction where these
three things have been sorted. So it might not be that
any-- in some systems, at any one time, all these three
nodes are working, right? Like for our current
payment systems, there are moments
of vulnerability. Yes, but then you catch
it sooner or later. So I feel like it's maybe not-- it's about having it all perfect
right now versus, will you get to a point where all
three are mostly in place and working. GARY GENSLER: And I think-- I like how Priya said
working enough, right? It doesn't have to be
scalable to the place where it's millions of
transactions a second. But maybe it needs to be faster
than seven or 10 transactions a second, or Ethereum 20
transactions a second. We had-- I should also remind
everybody Tuesday nights we have dinner. Simon Johnson treats
every Tuesday night. It's not required to come,
but it's 5:30 to 7:00 that we have an outside speaker
around the blockchain space, and you're welcome to come. Michelle is here, who-- Michelle Fiorenza. AUDIENCE: [INAUDIBLE]
mailing list. So please-- I'll put my
name on the board later. GARY GENSLER: So Michelle will
put her name on the board-- anybody that wants to come. But this past week, we
had somebody speaking about the scalability issues. And when his company
did a $25 million initial coin offering,
the day of the offering, which only had 40,000
to 50,000 purchasers-- so 40,000 or 50,000
purchasers on that day-- that means a smart contract
had to be triggered numerous times that day. Took over a third of the entire
Ethereum network on that day. And it's sluggish. And just to close and settle
on its initial coin offering, it was saying, jeez. That's not the
scalability we want. So we know that's
where we are today. Visa runs around 20,000 to
30,000 transactions a second. DTCC, which settles all the
stock and equity trades here in the US, has to be available
to transact at least 100,000 a second. Most seconds, it's
5,000, or 10,000. Or some seconds, it's 30,000. But the Securities and
Exchange Commission says, no. You have to be rated for four
times your average, roughly. So this gives you a sense
of the scalability issues, just in the current environment. If one layer is the Internet
of Things on top of it-- there's somewhere that I've
heard different estimates of 8 to 10 billion devices
currently connected to the internet. And that's likely to grow as
more refrigerators, and street lights, and traffic
lights are tied into the internet in the
next five or 10 years to 50 to 100 billion devices
tied to the internet. If they start communicating
to each other, will it be a blockchain
for Internet of Things? Can't do it at these
types of scaling numbers. Or can you do it in
some alternative method? Proof of work is also has a
bunch of energy consumption. We didn't have that
a lot in the writing. We chose not to put a bunch
of that in the Geneva report. One estimate is that it's 200
million kilowatt hours per day. That's equivalent to about 7
million US homes, on average, just to give you a rough
digicomonist estimate. That's 1/3 of 1% of all the
world's electricity just scale it if you-- now you can have a nice dinner
party conversation point. It's the electricity of
the country of Austria. Is anybody Austrian? No. I just was-- you know. So that's one set of trade
offs of proof of work as well. But it also costs a lot of
money to run the banking system. So I think that when somebody
says, well, it's terrible. It's challenging, all
this electric costs. Yes, we always want
to lower costs. But the US financial system
is 7.5% percent of our economy and costs $1.5 trillion. So the payment system around
the globe costs a 0.5% to 1% of the global economy,
which is more than 1/3 of 1% of the world
electricity costs. So I'm just putting it in-- it's back to those
questions of which costs of trust, which costs-- I'm neither a maximalist or
a minimalist, as you recall. So what are some of
the alternatives? We're not going to dig
into each of these-- side chains, sharding, layer
2, payment channels. Anybody want to take a crack? They're not all identical. It's-- Madars and I had a
conversation earlier today and said I couldn't even get
my head around because I get confused. But does anybody want
to give the basic-- we were talking about it
earlier-- the basic tenet because you had a reading
about the Lightning network as to what's the economic thing
and technical thing that's being attempted in all four
of these types of thing? James, was that a hand up? You're going to give it a shot? Give it a shot. AUDIENCE: Most of these
are on the chain-- sorry. Most of these are off the
chain, but some is on the chain. And the idea is you transact
off the chain that balances are traded, and the net of the
results goes onto the chain. So you try and speed
up by processing off the chain, where
you have thousands and millions of transactions. And it's only the
net amount that goes in the chain
that is [INAUDIBLE] GARY GENSLER: So James
has summarized it as, it's like saying,
there's this chain-- this channel, if you wish,
that the water is running in, or the digital
money is running in, that only has a certain speed. It can only take a certain
amount of performance. Why not take a lot of
activity and put it in a side channel,
which is called a payment channel, actually--
but a side chain, or a payment channel, or a layer
2, all with slightly different technical features. And maybe do millions
of things off here, and only put some here. It is not new to
blockchain and Bitcoin. We already have that in the
world of finance for decades, in some way or another,
where some activity can't go to a central settlement system. And recalling ledgers--
the central bank, whether it's the US central
bank or any central bank, could have been set up that
all of our deposit accounts were directly with
the central bank. And in a sense, the side
chains in finance right now are 9,000 commercial banks. 9000 commercial banks are
dealing with our money flows and then sort of net
settling to the central banks ledger in what's called
digital reserves. And in fact, even
the banking system-- the 9,000 banks in the US-- have their side chains-- Visa, MasterCard, First Data,
all the money processing. So there's already a layering. I look at layer
2 and side chains as kind of taking a
similar economic approach and technical approach
that's already been around, but in a new way. I grabbed a chart from 2015. The details don't
matter, but this was-- I did it because it
was three years old. This was one
person's truth coin. One person's view is
what side chains-- basically what James says. Lots of activity over
here, and only a few things go over to the main chain. The visual is what I
wanted to get across. It was just that it's kind of-- think of it as loads
of activity over here, and then we only settle at
some times to the main chain. Another visualization
of a different is the Lightning network. Again, a lot of activity,
then settle to the main chain. Questions? AUDIENCE: Zack. There seems to be
a good trade off. A lot of people are
proponents of making the block size bigger. A lot of people say
the side chains. I have trouble understanding the
trade offs between those two. So why not just a bigger block? What's the problem there? GARY GENSLER: So there's
a series of trade offs of economics and technology. The more you put inside the--
let's call it the main chain-- the blue boxes at
the bottom, to speak. The more you're putting in
there, you weighed it down. There's more
processing, of course, and more storage, and so forth. But also, there's some--
there's too much latency. In Bitcoin, it's
every 10 minutes, and you're not really
sure until 3, 4, 5, some would say 6 blocks
to an hour go by. So economically, if you want
high frequency, low latency-- short time periods--
you might say, I can't get that
on the main chain because the main chain
wants to have low latency. Every 10 minutes
is low latency now. Low latency to be more
secure to keep the mining cost and the proof of work up. So there's some economic
and technological both crosscurrents with that. Unrelated to what I just
said, but overlapping, there's also a bunch of miner
and mining pool operator economics as to whether
they want big blocks, or small blocks. And part of the
split last year was-- it was sort of more motivated
around local politics rather than global politics. As the former Speaker of the
House, Tip O'Neill, said, all politics is local. I think some of the
debates last year was about local economics
and the economics of miners But I don't know-- Madars do you-- Madars was probably
in the middle of some of those debates. But would you have
a different view? There was a big debate last
year as to whether the Bitcoin block should go bigger
or stay the size. It was not the
only reason, but it was part of the reason we have
now Bitcoin Cash and Bitcoin because Bitcoin Cash has a
bigger block size and a shorter 2.5 minute processing time. AUDIENCE: There's something
that can be said about-- GARY GENSLER: Speak up. AUDIENCE: --mining
centralization. The bigger blocks you
have, only the miners that can handle
the enormous blocks will be able to
stay in business. And less decentralization
means less security. So there is incentive, both from
decentralization and security, to keep the blocks
smaller, not bigger. GARY GENSLER: So
what Madars is saying is there's also a
bit of economics around centralization. The bigger the blocks, the
fewer miners can handle it. The fewer miners, the more
centralization, and thus, less secure, and
maybe even economic rents because every
centralized system can collect economic rents. Yes. Alin. AUDIENCE: Another problem is
that if you have bigger blocks, they take longer to
propagate to the network. And in sort of unintuitive
ways, if that happens, you get more accidental
forks to the blockchain. And people hate
accidental forks, especially minus accidental
forks because they lose coins when their blocks aren't-- GARY GENSLER: So Aleen is
saying a technical feature is bigger blocks are more
likely to take time to propagate through the network. And thus, you might
end up inadvertently having more chains that are
discredited, in a sense, because there was work being
done until the first one gets propagated. AUDIENCE: My question
is about keeping track of the transactions. GARY GENSLER: That's right. So Leandro-- did I-- no? AUDIENCE: Yeah, yeah. That's right. GARY GENSLER: Leandro-- OK-- was asking, how do we
validate the Lightning network? And how do we assure
that that is-- though-- though-- AUDIENCE: Yeah because we're
working with net [INAUDIBLE] in the chain, how do we really
keep record of everything that's-- GARY GENSLER: OK. So the side chains
are not recorded gross on the main chain. They're, in essence,
recorded net. And in Lightning network-- I said I wasn't going to
get into the differences, but here I go. The Lightning network is
more a bilateral network. It can take on the
feeling of multilateral because I could have a
transaction with James. James could have a
transaction with Kelly. And it feels like
it's three of us, but it's bilateral James
and Gary, bilateral James and Kelly, as I understand it. And so those individual
transactions, while they're recorded-- keep me going here-- recorded in the
Lightning network, they're not on the main chain. We ultimately, then, net
settle to the main chain. And we actually, in a
sense, pre-fund or pre-- it's a form loosely of
escrowing at the beginning. So James and I might be
messing with each other, but we're bilateral. And so we have another
approach to the trust. In addition to
the computer code, James and I might have
other reasons to trust. Joe Quinn. AUDIENCE: Sorry. What keeps me out
of double spending-- once on the Lightning
network, and another one on the blockchain main
network at the same time? GARY GENSLER: Because there's-- I want to be careful because
I'm using the terms loosely. There's a form of prefunding. It's not that you actually
fund onto the main chain, but there's a little
bit of partitioning. Does that-- Madars? All right. I keep looking at Madars because
he's actually coded this. So that's what protects you,
in essence, that James and I-- if I'm saying, well I'll
send you a one bitcoin. And tomorrow, if the sun
does come up tomorrow, you'll send me half, we're
partitioning that one Bitcoin or his half Bitcoin until
we then close out that-- it's written into
the scripting code. And it's written almost
like a smart contract-- but it's not called
smart contracts-- to sort of partition,
or you might loosely think of it as escrowing,
even though technically it might be different. But stop by, and we can-- and if not, some
of our colleagues at the digital
currency initiative like Taj Draga, who programmed
the Lightning network. I mean, that's an MIT
collaboration with others. And we don't promote it
just because it's MIT. It's like one of the leading
ways to do performance. It happens to be MIT. So let me talk about other ways
to do performance and move on. We already talked about
alternative consensus protocols. You've seen this slide,
I'm just bringing it back because it is a way to
deal with scalability. It's a really critical,
important ways. Proof of work is one of the
issues about scalability. And generally-- I'm summarizing. I'm simplifying, in a sense. But generally, all
the alternatives have some way to
randomize or delegate the node that will
do the next block. It kind of all comes back-- how do you add another block? And Stuart Haber
in the 1990s, when he started with all
this blockchain stuff and put it in the New York
Times, had a central authority. And he set up that
company Surety. And he put it in
the New York Times. And what Nakamoto consensus
is, is he said, well, no. We're not going to have Haber
and a central authority. It's going to be decentralized. So these other consensus
protocols generally have some randomized approach
to delegate the selection of the next block. It's not always that way. But they may also
have a mechanism to do a second thing-- a second touch. Silvio Micali's algorand--
he's a professor over in the Computer Science
and AI Lab and a Turing Award winner. He's got a company that
has an interesting thing. It's like a jury selection. It's like picking somebody
for the jury that's picking this short group of 12
nodes that might do something. And every block has
that selection process. But then there's
another broader group that then can check
the work of the jury. So often, there's kind
of a second automated way, because trust isn't
there, ensuring that there's a quick second check. Did they decide guilty
or innocent correctly, so to speak. Again, I apologize if I'm a
little oversimplifying Silvio's brilliant work. So it could be proof of
stake, proof of activity, proof of burn, as we talked
about, proof of capacity. And as I mentioned last week,
there's not large-scale uses, but DASH and NEO
both have some form of this going on right now. And Ethereum has a big project. I'm confusing
their two projects. There's Plasma and
there's Casper. Casper is their project
to get to prove of stake, but they're not there. Privacy and security. So I'm trying to
remember who raised the contradictory tensions. The contradictory tensions
is law enforcement and regulators want
more transparency. Even though the
FBI did, you know, sort of figure out some
Russians were using Bitcoin to mess in our elections, they
want some more transparency in financial institutions. Users and even some regulators
want less transparency. So it's not-- it kind
of goes both ways. But these, I think, are
also truly solvable. Well, for consumers, there's
DASH and Monero and Zcash. And there's even mechanisms
called mixing and tumbling, which I truthfully can't
tell you the difference. But I can tell you regulators
talk about mixers and tumblers and privacy coins. When I go to some
regulatory conferences-- because they sometimes
invite me as a former-- that middle slide-- the
privacy coins and the mixers and tumblers-- the finance ministries and the
law enforcement stuff, that's where they kind of get worried. Madars, you want to
come up here and tell us anything about Zcash? Or you want to do
it from there, as to what inspired
you to do a privacy coin that a bunch of law
enforcement folks don't like? [LAUGHTER] Oh, I don't mean-- I mean, but, you know. AUDIENCE: Obviously. GARY GENSLER: And it's legal. I mean, it's a coin. It's real. AUDIENCE: So just
like cash can be used for illicit
purposes, also systems that provide strong
privacy like Torque can be used for
illicit purposes. So it's said privacy
is a human right, and we shouldn't be giving up
our financial independence just because I want to buy a coffee. I don't want to reveal
all my other transactions. Well, I think that
there are mechanisms how law enforcement can against
our regulatory objectives, but privacy I think
is fundamental right, so we should fight for it. GARY GENSLER: And
so when did you start working on the project? AUDIENCE: I think
it was 2014 when we started writing the paper. GARY GENSLER: So you
started with a paper. AUDIENCE: [INAUDIBLE]
like prototype, codebase, we put it open source. And then there
were the companies that got formed to
launch the project. GARY GENSLER: And
I think Zcash now is somewhere around a
billion dollar market cap. AUDIENCE: It fluctuates wildly. GARY GENSLER: Fluctuates. So that's why you're here. It went down? No, no. You don't need to answer that. Sorry. Privacy. But in essence, what
Madars is saying that he came to this-- what
were you doing in 2014? AUDIENCE: I was a grad
student here at MIT. I was mostly working in
zero knowledge groups. GARY GENSLER: On zero
knowledge groups. AUDIENCE: It seemed to be
like a natural application, like Bitcoin plus
[INAUDIBLE] techniques. Maybe there's something there. GARY GENSLER: So here, a
talented graduate student at MIT with the
collaboration of others said here's this cryptographic
mechanism called zero knowledge proofs, which we'll chat
about in 30 seconds. And here's something
called Bitcoin. Why don't we bring
them together, and we can promote in his own
words some human rights? Just as you buy a
cup of coffee and you don't have to say
who you are, you could use this new Bitcoin
enhanced zero knowledge proof, Zcash. AUDIENCE: I have a
question regarding how do you define illicit
activity in a way [INAUDIBLE].. Living in a country that
has capital control, and if I use, for instance,
Monero or Zcash as a way to get the money out, does
that count in these activities, or [INAUDIBLE]? GARY GENSLER: So
fortunately, I don't have to define illicit activity. But generally,
societies come together through their
reasonable mechanisms, whether they're democratic
societies or not, but they come together through
their legislative branches and their executive
branches and their courts and define some things
that are not allowed. But generally speaking, when I'm
using the term in this class. I'm thinking about
four or five buckets. Most societies do not want
to shrink their tax base. So they want economic activity
be inside the tax envelope, rather than outside
the tax envelope. And that's usually the
words that finance ministers call that is a tax base, how
much is outside versus inside. Secondly, most law
enforcement and most societies do not want to have the
money rails, the banking, and other ways you can
move value to facilitate otherwise illegal activity. So it's using
money to facilitate otherwise illegal activity. So the otherwise illegal
activity might be drug running. The otherwise illegal
activity might be terrorism. It might be child
slavery literally. So it's whatever the
otherwise illegal activity is to use money,
and that's generally called money laundering
or other things. So you're absolutely right. Another thing is that
for some countries, less than a majority,
but some countries have capital controls. They're trying to maintain the
value of their Fiat currency relative to other
Fiat currencies. And in an effort to
maintain some either fixed or relationship,
they have capital controls, and thus, in those
countries, they might say illicit activity also
is running around the capital controls. But it's each
country, each society. And Sean, you raise a good
point as to what does it mean. I mean it not to show any value. I'm saying there's a
series of these things that each society comes together
and says usually around the tax base, usually around trying
to not use money to facilitate otherwise bad stuff
and in some countries, the capital controls. I saw a hand here. Daniel, no. Was there-- and
we're going to do more about illicit
activity next week about guarding against
illicit activity. Hope the correction
got filmed, too. So there's another
set of security issues around private keys. And to most of us
that have passwords, you know if you
lose your password, they're usually in essence
a back door that somehow the platform, whether it's
Facebook or even at Bank of America, if you lose your
password, There's a back door, and they can say, there
is a way to validate with enough
probability weighting that I'm Gary Gensler, and
they'll give me a new password. I mean, in some circumstances,
it's a high bar, and there's some
biometrics involved. But in most cases,
it's a pretty low bar, and they'll give
you another password if you can, like me, remember
the answer to my high school girlfriend was or something. These questions, like
I remember it's Irene, but then I've just given it up. I've just given it up. That's terrible. I have to change it. But custodial private
keys is a very real thing, and you've read
about the hacking, and we'll read
more about it when we get to crypto exchanges. It's a very dominant issue,
not just for individuals, but for institutional actors. How does a hedge
fund or more likely how does BlackRock or
Fidelity, as an asset manager, secure custody in
a way that works? And it's an asymmetric risk. It's a tricky risk. For most of finance, they
don't have custody any longer of the securities. When I started on Wall Street,
they were still the cage. C-A-G-E. It was a physical cage
where the remnants of paper stock certificates
were still in the cage. I didn't start so long ago
that it was before DTCC. Things were getting
electric, you know, digital. But there was still a physical
cage for some physical paper certificates. If you lost the
paper certificate, you could still go to the
government or the company that issued it and back door and
get a new paper certificate. It took time. It was hard. It was to authenticate it. But in this circumstance if
you lose the private key, there's not the back door
issuer to get the next one. So it's a very
interesting issue, not just a technological issue
and a cybersecurity issue, but it's a whole set
of financial custody issues, an asymmetric
risk if you're a Goldman Sachs or Fidelity,
and you lost a key, or it got hacked, and it
was billions of dollars. So it's just interesting-- I don't think it's
unique to blockchain, but it's rather specific
to blockchain and finance and how it overlaps. So some of the solutions-- and
I do think there are solutions here-- are some of the things
that Madars and Neha Narula, who runs the
Digital Currency Initiative, are working on. And they're working on using two
cryptographic primitives we're not going to deeply go into. We did hash functions, and
we did digital signatures. Those are algorithms,
or they're called cryptographic primitives. Well, there's dozens of
cryptographic primitives, math algorithms. Well, the other two that
are used a lot in this field are zero knowledge proofs
and less often probably as Peterson commitments. And I put up there my words. I got Madars to help
me write this one. But my words is zero
knowledge proves let someone prove a statement
is true without revealing the details of exactly why
that statement is true. You might say, wait a minute,
you can prove something's true. It's sort of like if
you walk into a bar and they need to know
you're 21 to get a drink, let's make this tangible. What do you need to
prove that you're 21? You need to prove that you were
born before 1997, September 27. But you don't need
a lot more details. And so there's some computer
scientists here at MIT that actually did the
foundational work on zero knowledge proofs
20 to 30 years ago, Silvio Micali and
others, for which I think was part of why
they won the Turing Award, amongst other work. So zero knowledge proofs
are very interesting cryptographic mathematical
puzzle solving that Madars used for Zcash. Neha and Madars is using for
something called ZK Ledger, which was an optional reading. My gut tells me there are
ways that we can go forward that regulators and
the official sector can get their
transparency they want and the financial
sector at the same time can get the privacy they want,
that the two can actually coexist through the modern
methods of technology. Alexi, is that a hand
up or just a waving-- no, all right. You want to add anything
Madars since you're the co-author of this the ZK
Ledger paper that was optional. AUDIENCE: [INAUDIBLE] an
influential [INAUDIBLE] called zero coin protocol
developed at Johns Hopkins. GARY GENSLER: So Johns Hopkins
developed a middle coin-- AUDIENCE: Middle protocol
called Zero Coin. GARY GENSLER: Zero Coin. AUDIENCE: Using
Pedersen commitments and Zcash didn't use
Pedersen commitments. There's a lot of very
interesting history behind. GARY GENSLER: And
Pedersen commitments are yet another cryptographic
primitive or algorithm, which interestingly, they're
similar to hash functions, where you take a bunch of data,
and you squish it together in a sense. You compress it and
get a commitment. But you can actually
add and subtract them. It's an interesting
thing where you can commit to data like
a hash, but you can also add and subtract commitments. So it has some
interesting features. If you're deeply interested, I
will probably line up Sabrina to help you, or Madars might
help because I'm at the edge. But what I'm saying from a
business side is my hunch-- and this is that-- we're at
the we're at the cutting edge here at MIT of some
of the folks try to figure out how to do privacy
and security at the same time. Questions on that? Because we're going to
get to the tougher things. Interoperability. Linking Blockchain applications
to legacy databases or linking them to each other. So you might want to link
Blockchain application-- if you're thinking about
a payments protocol, how does that payments
protocol and Blockchain world link to the fiat. Because ultimately, if you're
doing, let's say, remittances, and you want to move
money from here to Mexico, somebody wants
Mexican peso, they might be starting
in US dollars, how do you operate basically
with three different systems in that case? Your ingenious,
innovative start-up, but the US dollar fiats system
and the Mexican peso system. So that's a form
of interoperability and the challenge around it,
or Blockchain to Blockchain if we've got 1,600
of them, or even interoperability
of the main chain and some of these layer
two and side chains. That's an easier
interoperability because it's kind
of coded right in. But it's always-- and
this is not a new thing. Banking has had
interoperability all the time. Take my example of
the US to Mexico. To move US dollars and
convert it to Mexican peso is in two entirely
different banking systems and two entirely
different ledger systems. So we have to have this question
of interoperability even pre Blockchain. But it's just bringing it
to this new technology. It raises costs of
trust in coordinating the transfer assets
and information across chains, in essence, or as
we talk about, across ledgers. So it's an issue that
it's been around. We just got to sort of
see how we solve it here. One solution. It doesn't mean it's
the right solution, it's the only solution,
but one solution is to do through some
decentralized mechanisms including side chains, or one
of the favorites of the director of the Media Lab,
Joey Ito, thanks maybe if we have layer 2, we
should also have layer 0. Underneath all of these
coins, underneath Ethereum and Bitcoin, maybe
there's a layer that we can
technologically create. Nobody's done this yet,
but Joey's a visionary. Joey had the first
internet service provider in Japan at the
age of 23 when he got $1,500 of computer equipment
and put it in his bathroom. And that's how he started. Yes. Yes, his bathroom. It was the only
real estate he had. So which way does this go? You hadn't heard
that about Joey? So it's a way to
start a company. And I think far more
work needs to be done. So it may be solvable. I'm not sure. And then consensus required
for software updates. It's a tough one. Open source software updates,
which are not backward compatible. Like, can I update
the software, but then you can't use it for
the 500,000 blocks that are already out there
in Bitcoin, or in some-- or the millions of
blocks in the ether. So the problem often happens
that the older versions won't validate all the new blocks. And if they won't validate
all the new blocks, I'm simplifying again-- think of like Excel and you get
that update on Excel or Word for Windows, and you
can't open your old files. I mean, it's a
rough lay definition of what this issue is. And so it leads to
something called hard forks. And this little visual
on the right hand side is basically what happens
is you can't validate all the old blocks,
because the new software is kind of going beyond it. A hard fork would happen is if
you took two megabyte blocks, if you made the
block size bigger. The old software would not take
that if I've got this right. That would be a hard fork. And so that's an issue,
and it's happened. The Ethereum network
has Ethereum Classic and has Ethereum
because of a hard fork that was encouraged
by Vitalik Buterin, and the Bitcoin network
has one from last year, where it was this debate
about block sizes. So most software for
decades has dealt with how do we update software,
but they can push it to us. And we get it, and we hit
a button and we get it, and after a while,
we get annoyed and we don't update
if you're like me. But the consensus-- remember,
this was a graph that we had. The consensus always
supports the longest chain. If the consensus is to
adopt this new technology, and only 80% or
90% adopt it, it's a question of whether
the other 10% or 15% will keep maintaining
the shorter chain. And in Bitcoin Cash, they have. And so in essence, now
you have two currencies. If, for some reason,
it atrophied, and they stopped maintaining
it, then the value, in a sense, in a commercial setting
might go to zero. Was there a question? So broadly speaking, I
think the toughest issue is about collective
action and governance. How do you get a
whole group of people to be moving in a
similar direction? Blockchain applications
derive part of their value from participation of multiple
parties on the network as well, that multiple
people are involved. It's remarkable in hindsight
that Satoshi Nakamoto, whomever he or she was, got
this many people. There's nearly 100 people in
this room studying this 10 years later. But somehow he solved a
collective action issue because it was just
software code back in 2009. But it's still the example, how
does Silvio Micali with a very clever Blockchain adaptation
and Algorand, how does he get people to start using it? And until he starts to
get people to use it, where's the value? Or if you have an application
that's to be file sharing or for medical records, there is
a medical records project here at MIT, but how do you start
to get people to use it? And these are solved every
day in the internet space, but Blockchain has a
little bit greater wrinkle. So there's a chicken
and egg issue. Priya. AUDIENCE: This is like heresy
in this room, but is it because it isn't a real thing? Versus like a medical records,
it's really a real thing. Because I wonder
about that a lot. Does it proliferate because
there's essentially not much effort, real cost to it-- GARY GENSLER: Priya's question
is is there some perception-- can I use that word? There's some perception
it's not a real thing, so it might not propagate,
and there might not be as much consumer adoption. That may well be one of
the commercial challenges. Eilon, did you have [INAUDIBLE]? AUDIENCE: Yeah, I think
the adoption of Bitcoin was because people
were interested in the innovative solution. And then Ethereum and
with Algorand leaving in a few months, it will
happen in other blockchains, are basically pouring
money into the ecosystem, giving money to developers
to develop solutions, because they are betting on
the success of that network. GARY GENSLER: Right. But for every one
of you as you're thinking about your
final projects, this collective action
issue has multiple features. One, to me, is the governance
of the Blockchain software updates, which we said is a
little bit about hard forks and so forth and how
do you have consensus and how centralized to the
governance stay, which we'll come back to when we talk about
the Securities and Exchange Commission and whether
it's a token that's regulated as a security. So there's that
part of governance. But then there's the
collective action issue that if you have a payments
or medical records or trade finance, how do you
get folks to adopt. And in the banking
sector, the banks are the big sort of
elephants in the room, the big dominant incumbents,
how do you get them to adopt, or are you somehow
competing away their profits and not having them adopt, which
is more a commercial business issue about collective action. So the financial sector,
as we've talked about, favors permissioned blockchains
that don't have as many-- they have some
collective action issues, but they don't have as many
collective action issues. They have far fewer scalability
and performance issues, because they say, I'm
not using proof of work. It might be 15, 20, or
even 75 or 100 nodes, but they think that way,
they can secure their privacy and security. Now, Madars and Neha's paper on
ZK Ledger might be a solution. And some of those banks
might start using that. But I'm talking about 2018. I'm not talking
about 2020 or 2025. Right now, they're favoring
permissioned closed loop systems, rather than
permission-less open loop systems. So next week, we're going to
be moving to public policy. Oh my god. You're going to get to read my
testimony, all 28 pages of it. Yeah, look, I get it. But I was asked to testify
in the House Agriculture Committee in July. It's a venue I'd been at
a whole bunch of times. It was fun to be back
in front of them, Chairman Conaway from Texas and
Collin Peterson from Minnesota. But yes, you'll get to read my-- I knew that there was
no legislation that was going to happen this year. I want to just give
you the feedback. But Republicans
run the committee. They get to invite as
many witnesses they want, and then they let the
minority invite one, sometimes two witnesses. So I got the call to
testify, because I'm like the old sea dog, and
they're bringing me in or something. But it was fun. But I was preparing
for this class anyway. So I kind of wrote the
testimony for you all. Congress thought
it was for them. And it was. It was. But that's the main thing. Mark Carney, who runs
the Bank of England, wrote this really
beautifully written piece that he gave in the spring,
about a little bit the history currency and so forth. But Mark also runs the
Financial Stability Board, which has the finance ministers
and central bank governors and securities regulators
from 20 countries. So it's the G20's
finance heavies. I used to go to that,
not as a finance heavy, but I used to go because they
wanted me inside the tent, rather than outside
the tent, because we were doing derivatives
reform here in the US. And some of the foreign
finance ministers had a different point of view. And when it got to the place
when finance ministers-- and it was an interesting group,
the Russian finance minister in the UK and the South African
and four others wrote a joint letter to Secretary
Geithner pointing out some-- shall we say observations
on what we were doing. They had differences. I got invited, so I used to go. I got to know Mark very well. But it's a good paper. And you'll get a sense really-- I would say, Mark
is neither a Bitcoin maximalist or
minimalist, but he does say don't use the
word cryptocurrency. Use the term crypto asset. So it's kind of an
interesting piece. And then I don't know
how many of you are Sloan Fellows that are here. I recognize some of
the Sloan Fellows. I think about 20% or 25% of
the class are Sloan Fellows. You're going to get to see
Joe Stiglitz in New York in a few weeks, and I think-- yeah, this is the
CNBC piece where Joe, who's a Nobel laureate
at Columbia University, has a stark and distinct
point of view about Bitcoin. I've had two or three lively
conversations with Joe about this. Later in the semester, you'll
read Paul Krugman and Nouriel Roubini, and there's a little
video of Bill Gates talking about Bitcoin. I want you all to be aware
of the Bitcoin minimalist and understand what
they're saying. And I would put Joe
on a 1 to 10 scale, at maybe 1 and 1/2 or maybe 2. Paul, you'll read Paul
Krugman's piece a little later. He's kind of down there, too. I can't just-- they can't
modulate between them. But I think it's
really important to understand what some really
great minds are thinking about this from
that side as well. So that's what the three
things are for next week. And the conclusion, I think that
it does provide the networking, but it comes with costs. As we said, there are
a bunch of trade-offs. I think the scalability,
the efficiency, the privacy they want are solvable. I can't prove it. But I think in a
matter of years-- and it might be
three or 10 years-- it won't be three to
10 months, though. I think a lot of that is
susceptible to the bright minds of MIT and elsewhere
as computer scientists. I think the challenges
that are tougher, it really relates to governance. I think governance
and collective action and back to those two
graphs, there really are places that are better to
centralize than decentralize. And we're going to
be exploring that for the rest of this
semester together. So thank you. Thank you for the veterans
who sat through all that. [APPLAUSE]
