He is also Chief Scientist at Chainlink Labs. He was the Chief Scientist of RSA, Director of RSA Laboratories, and a Distinguished Engineer at EMC (now Dell EMC), where he worked until 2013. He received his Ph.D. in computer science from U.C. Berkeley in 1996. His recent areas of interest include blockchains, cryptocurrency, and smart contracts, as well as applied cryptography, cloud security, user authentication, and privacy.

Photo Credit: Tobias Scholl

Critics of blockchain often say that it is nothing more than a database, but today’s guest, Ari Juels, has a different opinion. His technical expertise (he is a Professor of Computer Science at Cornell Tech), combined with his ability to understand both sides of a divisive topic like this one, make for a very insightful conversation about Bitcoin, NFTs, and smart contracts. We talk about the reasons for the valid skepticism that surrounds blockchain technology, the various reasons that Ari believes that it is a powerful, useful tool, despite its downfalls, pyramid schemes, decentralized exchanges and more!

Key Points From This Episode:

• The significance of the Bitcoin innovation to Ari’s field of study. (0:03:40)

• What piqued Ari’s initial interest in digital currency. (0:04:46)

• Ari explains the difference between permission and permissionless blockchains. (0:06:27)

• Comparing a permission blockchain with a distributed-append-only database with authorized contributors. (0:08:34)

• A number of reasons why permissionless blockchains have been so widely embraced (despite Ari’s initial prediction to the contrary). (0:12:24)

• Fraud in the cryptocurrency space; Ari shares his thoughts. (0:14:28)

• The benefits of the cultural phenomenon of NFTs. (0:19:25)

• Examples of NFT-related issues that still need to be addressed. (0:26:04)

• How smart contracts can be used by criminals to their advantage. (0:30:09)

• Why smart contracts are well suited for compliance. (0:32:02)

• An example of a smart contract pyramid scheme. (0:35:48)

• Some of the pros and cons of the inflexibility of smart contracts. (0:41:09)

• What flash loans are and what they can be used for. (0:46:11)

• Understanding the value of oracle systems. (0:50:04)

• How the Candid system that Ari’s group developed helps to mitigate the problem of lost Bitcoin keys. (0:57:04)

• Ari explains the advantages and disadvantages of a decentralized exchange. (01:01:19)

• How the blockchain has improved code writing. (01:07:57)

• The importance of balancing privacy and accountability in DeFi systems. (01:09:38)

• Ari’s thoughts about the future potential of blockchain technology. (01:14:03)

• The biggest concerns that Ari has about the blockchain space. (01:15:24)

• Why skepticism about blockchain technology is valid. (01:17:31)

• The facet of the blockchain space that Ari is most excited about. (01:19:51)

Read the Transcript:

Ben Felix: This is a limited series of the Rational Reminder Podcast, a weekly reality check on sensible investing and financial decision making focused on cryptocurrencies. We’re hosted by me Benjamin Felix and Cameron Passmore, portfolio managers of PWL Capital.

Cameron Passmore: This is Episode 17 of this series. This week, we had a great, really interesting conversation with Professor Ari Juels. He’s a computer scientist, very well spoken, very balanced, very realistic take on this whole space. He's a professor of computer science at Cornell Tech in New York City. He's been there since 2014. I really appreciated his approach. He's a realist. He wasn't over the top. But he did give some very encouraging views on many facets of this whole space.

Ben Felix: Yeah, I won't use language as enthusiastic I did when we introduced our episode with Quinn DuPont, because people told me I was too enthusiastic. But I found Ari to be just as insightful. There are perspectives on crypto and blockchain that we got from Ari, that I think are valid, useful, and that we haven't gotten from many of the critics that we've spoken with. So, this is coming out after we had Chris DeRose, during our episode Chris DeRose, Chris said, if you think crypto is completely useless, you're probably wrong. If you think it's going to change the world, you're probably wrong. And I think that that's largely the kind of perspective that we got from Ari. But he's coming from a place of deep technical expertise as a computer scientist who's actively doing research on cryptocurrencies and blockchains. And their potential interactions with the real world, including solving a lot of the problems that critics tend to be quick to point out. I thought was a great conversation. Like you said, Cameron, Ari is extremely well spoken and balanced. And on my meter of skepticism about crypto and blockchain technologies, Ari’s chipped away, pushed me a little bit toward – I'm not saying that I'm embracing the technology. But he did make a lot of valid points that at least make you think that there could be something there, underneath all of the fraud and scams, which we did also talk about.

Cameron Passmore: But that's what his perspective was so interesting. He said, what this might solve is possibly not even knowable today.

Ben Felix: We kind of know this, right? The Bitcoin innovation did allow something that was not previously possible. Whether that's good or not has always been the question, but it objectively allowed something to happen that was not previously possible. Whether there's something there or not, of course, that's still an unknown and Ari’s clear about that. He acknowledged that skeptics may have a point, that there could be nothing here. He thinks there is and that's what he's researching. It's also worth mentioning that Ari is involved with a firm called Chainlink. I don't remember his role there. But he's got some skin in the game in blockchain companies. I think it's just important to point that stuff out when we remember to do so.

Cameron Passmore: Excellent. Anything else to add, Ben?

Ben Felix: No, I don't think so. I thought this is a really good conversation.

Cameron Passmore: All right, Let's go, here's our conversation with Ari Juels.

Ari Juels, welcome to the Rational Reminder Podcast.

Thank you. Pleasure to be here.

All right, Ari, to kick it off. How significant was the Bitcoin innovation to your field of study?

Well, quite significant. I mean, Satoshi was the mother of us all, or the father, or the birthing team, I guess we don't know exactly. But there was a notion of digital currency, often called E-cash back in the 1980s, and 1990s. In fact, when I started getting involved in applied cryptography, I was studying that form of digital currency. But it never took off. It seemed that there was some magic ingredient missing, until this incredible thing just sort of dropped from the sky. It involves components that had previously existed but had never been assembled in quite that way before. So, we still owe a real debt of gratitude to whoever delivered this thing and then disappeared and created the mythology around it. I certainly wouldn't be studying blockchain technology were it not for Bitcoin.

What had you interested in E-cash, pre-Bitcoin and maybe now, too?

Well, initially, I was interested in digital currency because I found applied cryptography itself so intriguing, and this was a particularly attractive area of application. Cryptography itself, I found fascinating because the building blocks were mathematics, mathematically hard problems. So, it was a field that incorporated mathematics in a very direct and practical way, more than in any other area of computer science I was familiar with, at the time. A colleague circulated a manuscript by Statin Brands back in 1993, 1994, and that's what got me hooked on cryptography to begin with.

As I said, many of the components of Bitcoin existed before Bitcoin. For instance, the first proof of work-based cryptocurrency I'm familiar with, proof of work in some sense, obviously, not in the Bitcoin sense was probably MicroMint, which was devised by a couple of very prominent cryptographers, Ron Rivest, and Adi Shamir back in 1995, 1996. So, there was a lot going on, as I said, the idea of digital currency, for various reasons really didn't take off until the advent of Bitcoin. And, of course, until several years after, Bitcoin was first invented and brought to the world.

As Bitcoin is built on a permissionless blockchain, how do you describe the difference between permission and permissionless blockchains?

Yeah, well, there isn't really a sharp dividing line. But roughly speaking, I guess you can say a permission blockchain is one in which an authority can determine participation based on subjective criteria, if you will. So, your quintessential permission blockchain would be one run by, say a handful of big financial institutions. They decide that they're going to maintain the blockchain, no one else is invited to participate, and this gives them the power to determine how the blockchain operates, what its rules are, they can censor transactions collectively if they choose to, even change blocks, retroactively.

A permissionless blockchain, by contrast, in principle allows anyone to participate. There are a lot of provisos, for instance, to become a bitcoin miner, in a way that's going to be profitable, you have to have pretty deep pockets, you need considerable capital, you need to buy mining equipment, you need access to cheap electricity. To participate in Ethereum, as of yesterday, you need to have some Ether. In principle, the validators, current set of validators can choose not to allow new participants to obtain the Ether they want.

So, one could say that Ethereum is permissioned. That's why I said the dividing line is not sharp. But effectively Ethereum is permissionless, Bitcoin is permissionless, in the sense that participation is open to the community.

That point you just raised is really interesting, because I kind of understood it that if you had capital, you could do either proof of work or proof of stake mining, but if the existing miners don't want to sell their Ether, then you can't –

In principle. I mean, this is very unlikely to happen in practice. It would require a collusion among all the validators. But people do raise this point about Ethereum and assert, again, in this theoretical sense, that is permission. It's really not in any practical sense.

So, what makes permission blockchains different from a distributed-append only database with authorized contributors?

Well, in some sense, nothing. But I think your question here really hinges on the keyword authorized. Database, at least, as the term is typically used, is controlled by a single entity. And that entity can decide what the state of the database is, and can decide whether it remains append only. A permissioned blockchain, by contrast is, or a permissionless one, is controlled by a set of entities, and some quorum of those entities is needed to permit contribution. So, the critical distinction is the distribution of control and robustness results from this type of construction. No one entity can censor transactions on a blockchain, permissioned or permissionless, or subvert the blockchain. Only a, as I said, a quorum and the exact fraction depends on how the blockchain is constructed on its underlying consensus algorithm but it is the distribution of control that's so critical, it is the key components in blockchains.

That's a nice way to describe it. And like you said, not none of the individual parts are new, like the database isn't new, but having consensus among even authorized participants to make changes to the database, that's kind of the innovation. Is that correct?

Yes, and the fact that this requirement is enforced in a technically strong way. You could have a single entity run a database that in principle requires permission from a set of other entities to make changes, but you have no guarantee that that form of authorization is going to be enforced. That single entity can unilaterally change the rules. In a blockchain, you have this firm technical foundation, dictating who gets to participate and how the block operates.

Okay. That clears a lot up because we've heard from critics of blockchain and crypto, that, “Well, it's just a database. There's nothing interesting here.” But the way you explained it makes a lot of sense.

It may sound like a technically trivial thing, but people have been studying consensus algorithms for decades. And just when you think they've finally cracked the problem, in the sense of coming up with the ultimate consensus protocol, like at one point, hot stuff consensus protocol that's optimal in a number of respects, seemed to be the [inaudible 0:11:00], there are additional advances. So, in fact, it's a technically very deep problem. There's a lot to be studied here, and we're not just talking about a mere database, although databases themselves, of course, are complex in various ways too.

Now in terms of usefulness, do you see more potential for permissioned or permissionless blockchains?

Early on, in my own study of blockchains, I was convinced that permission blockchains were eventually going to predominate. They're better understood, technically. They've been studied for a longer period of time than permissionless blockchains. They're more performance. And for most people, they seemed to be good enough, for most purposes. Most people are willing to trust single entities. When trust is distributed among a collection of entities and what results is all the more trustworthy. In fact, my group designed privacy preserving cryptocurrency called Solidus, that was meant to operate in a coalition of cooperating banks, essentially a permission system. Because I believed, because I said that this was the way things were going to go.

Well, I was clearly wrong. Why I was wrong? I don't know exactly. I think there are a couple of reasons that permissionless blockchains may, at least for the time being, have come to be so widely embraced. I mean, you can take the cynical view that they allow for evasion of government control for bad things. Bitcoin is used in ransomware, and so on and so forth. But most cryptocurrency transactions are benign. So, I don't think that's really the story. I think the reason may be that if you have a permission blockchain, it's constituted just to simplify things in one of two ways. Either is run by a collection of well-established entities, say big banks, and then it's not clear that you've really gained anything. The whole point of the blockchain exercise is to create a new financial infrastructure. If a bunch of big banks launch a blockchain, well, what's new, right? In terms of the trust model, and so on, and so forth.

Alternatively, you could have a collection of new entities spring up and administer one of these things, but then who's going to trust them unless their firm technical guarantees that this thing is going to operate as advertised? With permissionless blockchains, you kind of get the best of both worlds. You get the ability to create new financial infrastructure, you get the ability to create it in a way that provides strong technical assurances to users, despite the fact that you may not actually know who's running this thing and that's kind of remarkable.

Our objective is to stick mostly on the technical stuff. But I do want to ask a question about what you were just saying there. From an innovation perspective, I agree that that has been the outcome where new entities have sprung up, and they're able to provide financial services they couldn't provide before. And we are going to talk about fraud and stuff later. Do you see that as an issue? Because these are new entities that are able to operate outside of regulations. We've seen a lot of fraud. Is that good? Is that to be expected?

It's certainly not good. It may be inevitable in the course of technology revolutions. Think back to the dot com era, people were selling pet food in companies for billion-dollar valuations. Now, that wasn't a fraudulent venture, but there were plenty that were borderline. Now, there was stronger regulatory oversight, so less fraud than we've seen in cryptocurrency land. But bubbles and fraud, as I said, may just be the inevitable ineluctable counterpart of technological advances. I think we can do a lot more. I think, having sane, well thought out regulation is key and hard to achieve and will benefit lots of people if it's done right, and that would be a good thing.

But indeed, we have had a certain degree of fraud. That fraud can happen paradoxically, in some cases, because of the transparency, because of the sound technical guarantees of the systems we're talking about, blockchain systems and smart contracts, because people are deluded by these guarantees and transparency does not mean lack of fraud. Transparency does not mean that you're dealing with an honest broker, unless you actually check what's going on under the hood, and most people are not equipped to do that. As you said, we can talk about fraud and particular instances of it later. I think as people learn more about the technology, and as the industry matures, we're seeing fewer abuses and new ways of ensuring against them proactively.

Yeah, I don't know why, but you saying that makes me think back that it's not just the dot com, but there are many technological periods in the past where there has been massive fraud and massive asset price bubbles and all that kind of stuff. And I knew that, but somehow crypto seemed worse.

Yeah. I mean, Silicon Valley wouldn't exist if it weren't for banking fraud, one can argue, right? Like printing their own money, falsifying their assets on deposit, their reserves when bank regulators came to visit. California of the 1840s and 1850s was called the wild west for a reason. But that period gave birth to a variety of innovations, of transcontinental railway, and ultimately, one can argue, led to Silicon Valley itself and being born there. So yeah, it does seem to be unfortunately, as I said, an inevitable counterpart, and I'm a computer scientist, not an economist or sociologist. I have no idea why that is, just an observation, a prognostication, or lost in stone.

You mentioned smart contracts. I want to keep going on that. When you started studying – I know the answer to the question, and I love it, which is why I'm asking the question. When you started formally studying smart contracts, what did you view as their killer app?

Well, I first started studying smart contracts when a colleague of mine brought them to my attention, she taught me about Ethereum, and so on and so forth. And we spent an afternoon trying to figure out what they were good for. Unfortunately, the kind of killer app we came up with was literally a killer app, namely crime, and we realized they're ideal for crime. For example, you could create a smart contract that would automatically reward somebody for say defacing the website or mounting a denial of service attack. You could do this anonymously or quasi anonymously and with impunity. And as the solicitor of a crime and as a criminal, you'd have a guarantee of payment if you committed the crime that was being solicited. So, they seemed quite good for that purpose.

Thankfully, after further acquaintance with the technology, I've seen ample scope for more benign applications, some pretty exciting positive applications. But when I first thought an app about that was what my colleague and I came up with. And we published a paper on this topic, which I hope was a timely warning to the community about potential abuses. Thankfully, all the abuses we documented have been avoided thus far, and some of them are pretty far fetched.

So, what are some of the smart noncriminal beneficial uses of smart contracts?

One I'm particularly intrigued by of late is NFTs. And when you hear the term NFT, what does the term mean to you? If we play this free association game here, I say NFT, what's your response?

Hard not to think, apes.

Exactly. Apes selling for preposterous sums of money. $100,000 for the JPEG of an ape. That's true, but there's a lot more to them than that. I think they are a cultural phenomenon here to stay, and that in many ways, they will be culturally beneficial and beneficial to the artistic community, and to the community of buyers, aficionados, collectors and so on and so forth. I said that for a couple of reasons. One is that because they're managed in smart contracts, it's possible to post policies on the way that they're distributed and subsequently sold. For example, today, it's very common for artists to receive ongoing royalties as NFTs are sold and resold. In the US, at least, that's extremely uncommon. Historically, stories of artists who were, in some cases, quite famous and died in poverty, abound. Rembrandt is just one example.

So, it becomes possible to design mechanisms that reward creators in ways that I think are beneficial to creators and beneficial to users. So that's one reason. Another is that NFTs avoid some of the – I call it technical problems of traditional art markets. For example, provenance is often murky, when pieces of art have been around for a while. You don't know who's owned them. You don't know, in some cases, if they have been stolen, if they were forged, so on and so forth. Those problems, I won't say disappear entirely, but largely disappear when we're talking about NFTs because a record of the NFTs creation and subsequent ownership is recorded permanently on a blockchain. Yet another reason is that we are all becoming digital denizens, and the younger generation in particular, doesn't want to own physical stuff. They see it often as an encumbrance, and I think older generations are additionally recognizing the drawbacks to rampant physical materialism for the environment, and for our psyches.

As we increasingly become digital denizens what form our belonging is going to take, if we ultimately migrate to this thing called the metaverse, whatever it is, what form our belonging is going to take? NFTs are a natural way to embody them, because of the properties I've described, the fact that there's a clear record of their ownership. Additionally, the fact that they can't be taken away from you, unilaterally, because they live on a blockchain. So, because the trust model that blockchains embody.

Those are a few of the reasons that I'm really intrigued by NFTs. Now, there are lots of problems with the NFT community. Bubbles, projects of dubious integrity, and so on and so forth. I think that there are social and technical ways to address these problems and as the industry matures and self-regulates, I think that those problems will be addressed in ways that will increasingly benefit and offer safe circumstances for consumers. So, that's one application of smart contracts. DeFi is also of interest to me, and that's something that I've studied, but NFT is something that I and my group have been focusing on quite a bit recently.

I'm probably not a representative sample because I don't collect real art or NFTs. How important – I couldn't care less about owning an NFT, which is why I'm asking this question, how important do you think the migration of life into the metaverse is to the importance of NFTs?

If you don't have a collector's instinct, I guess it's hard to appreciate NFTs as they exist today. Some people have an inclination to collect things, physical things, digital things, and NFTs are really interesting as collectibles for a variety of reasons. I don't think that we need to live in the metaverse for NFTs to be important. They're not just potentially useful as collectibles. They can be used in other ways, ways that hybridize them, in fact. For example, they can represent tickets to event. They can also, at the same time be collectibles. They can have associated media that are visually interesting, or auditorily interesting. So, there's potential for them to be used and appreciated and distributed in quite a variety of ways. This is part of the reason that a number of popular consumer brands are starting to issue NFTs. Sneaker companies, Coca Cola, and so on and so forth.

What about digital art? Can digital art be stolen and converted to an NFT and is there some way to protect against that?

Here, we get back to the question of provenance. Anyone can create an NFT, anyone can rip off the piece of digital art and turn it into an NFT. The question is, how are you going to sell this thing? If you don't have a well-established identity and reputation, nobody's going to want to buy your NFT. Or if it's recognized that your NFT has been stolen, nobody's going to want to buy it and there will be no market for it. So, the transparency around provenance is particularly useful here. There are plenty of stories about people selling fake versions even of the Mona Lisa to unwitting buyers. That becomes very hard in NFT land where da Vinci has an account, a Twitter account, that's linked to an account on a blockchain, and you can see that when a piece of art has been created, the Mona Lisa, or whatever it's modern equivalent is, that it was created by him, and you know what you're buying.

Interesting. So, different platforms offer a level of protection as well, just the transparency of that?

Exactly. Yes. Now, today, there are problems around this question of provenance. The creator of an NFT is identified by an account and unless you know to link that account to a real-world identity, unless you know how to do this in a trustworthy way, you may think you're buying from a particular artist and not actually be buying from a particular artist. Additionally, artists accounts or addresses can be compromised, this has happened, where an address is compromised and fake works of art are issued, not just in the name, but under the identity of an artist who was targeted in this way. So, provenance is not ironclad, but blockchains, as I said, address the issue of provenance in a way that's not possible in the traditional art world, and in principle can help us avoid many of the pitfalls of traditional physical representation of works of art.

The other criticism, I guess, I've seen of NFTs is that, and I'm not a computer scientist, but my understanding is that they are connected to a URL ultimately, and then the image that is connected to that URL is what you actually own, but the image still has to live somewhere, and that may not be on the blockchain. Is there a way to address that?

That is a problem. Archival permanence. It's a problem with traditional works of art too. The most famous example, I guess, being Damien Hirst's shark in formaldehyde, which had to be completely reconstructed, as I understand it. Physical works of art are subject to decay. Digital works of art are subject to [inaudible 00:27:41]. And this problem in the case of NFTs hasn't been well addressed yet. There are projects working on addressing it. Filecoin is an example. My group is in fact doing research in an attempt to devise better long-lived forms of storage for NFTs and other digital files. This is an important research area, an area where the industry needs to make some strides, but indeed, you draw attention to a real problem today.

Okay, interesting. I want to keep going on art, but maybe also on other physical assets. So, I've seen a company that's doing fractional ownership of real artwork on the blockchain. But then, I think that this question probably also extends to other things like property titles. Is there a technical way to address enforcement in the real world of records on the blockchain? And if not, what value are we getting from the blockchain in those cases?

Yeah, this is a difficult question to answer. One, in most of these cases, needs appropriate legal structures, legal agreements, to ensure that representation on the blockchain is respected in the real world. So, there's a hybridization of the existing legal system with these blockchain systems. And that's really the only way to tokenize physical objects, be they apartments or physical works of art. What's the advantage of doing this on a blockchain? Again, transparency. This property we've alluded to before, and ease in transferring ownership. You don't actually have to physically convey the work of art. You don't have to, assuming you've created the right kind of legal structure, you don't need to do all of the paperwork involved in changing the ownership of a piece of real estate. But again, these benefits are predicated on valid interface with the existing legal system.

Interesting. I want to come back to the relationship between smart contracts and crime. We got into NFTs there which was very interesting, as it pertains to NFTs. But on crime, what makes, like when you said that this was the killer app that you initially identified, what makes smart contracts uniquely suited for criminal activity?

I don't know that they're uniquely suited, but they have some benefits for the would be criminal, if you will. One is the fact that they operate autonomously. You can launch a smart contract and then walk away from it. You don't need to maintain a web server, for instance, exposing yourself to potential discovery by law enforcement. Once this thing has been created, assuming that the address that's created it can't be linked to a real-world identity, there's no risk of it being taken down. That's one benefit, if you will, of smart contracts for crime. Another is the anonymity, and it's not real anonymity. It’s pseudonymity, to be precise, offered by blockchain systems that you don't need to reveal your real-world identity to create one of these things. And finally, there's the trust model embodied in smart contracts, and everyone in commerce has the challenge of not knowing whether or not to trust a counterparty, and that's particularly true in the business of crime, if you will. So, having a smart contract to intermediate between the entity or individuals soliciting a crime and criminal that's perpetrating, it is beneficial in that business, if you will.

So, in principle, smart contracts are good for these things. In practice, thankfully, for most crimes, including the ones in the paper I described earlier, one that my colleagues and I published some years back, thankfully, those crimes are basically impossible to perpetrate on blockchains as they exist today.

So, if we take the other side of that question, what makes smart contracts, I guess, well suited to be used for compliance?

Again, I come back to this property of transparency, in a couple of senses. Transparency in terms of the way that users interact with a financial service represented in a smart contract. You know, for instance, exactly what fees you're going to get charged, you know exactly what the terms of engagement are. And transparency, also, in terms of the transactions that have been performed with respect to this financial service. You can see how others are interacting with it. So, this is great for whatever type of oversight you want, or insight into the way that a financial service is operating.

Another nice thing about smart contracts, this doesn't relate directly to transparency or oversight, is their ability to be composed. People often refer to decentralized finance, DeFi contracts as Legos. You can put them together. You can compose them. You can, in a single transaction, interact with multiple smart contracts, move money from one contract to another, leverage the services of one smart contract to obtain additional benefits with respect to another. This is another nice feature of smart contracts that really doesn't have an analogue in the traditional financial world.

Now, on composability, the smart contracts are programs. So, I guess that – for example, if Google decided to build financial services, they could build composable financial contracts, but they would all be intermediated by Google. In the case of blockchain smart contracts, that can be done without an intermediary. So, it's really the intermediary that's the – the lack of an intermediary. Am I making sense?

Well, I would say rather than – the question of the significance of an intermediary depends upon the platform in which the smart contracts run. Google could launch smart contracts on its own platform, and then you need to trust Google not only to have written the contracts well, and to represent their functionality correctly to users, but to run the underlying platform correctly. If Google decided to launch smart contracts in Ethereum, they would be doing so on exactly the same footing as anyone else. A smart contract, a permissionless blockchain is egalitarian in that sense. Additionally, it would be possible to compose Google's smart contracts with somebody else's.

Yeah, that is interesting.

So, there's one entrant into this DeFi community.

I also want to ask about fees. You mentioned fees being known – my understanding, and again, I'm not an expert here, my understanding is that on Ethereum and the bitcoin blockchain fees are not known necessarily. Like they'll respond to activity. So, would you know fees?

Yes. So, the short transaction fee you pay, the gas fee can be highly variable. But you can determine what fee you're willing to pay. And if you're not willing to pay the fees that are currently prevailing for fast transaction processing, then you can wait to have your transaction processed. One of the things that essentially all blockchain communities have been working toward is lower fees. That includes Ethereum, that includes other blockchains as well.

Are smart contracts well suited for pyramid schemes?

Yeah, let's return to the question of crime. Yes, absolutely. In fact, my group has studied one particular pyramid scheme called Forsage. Transparency here is particularly nice in that pyramid schemes have been around for centuries, possibly millennia. But we didn't get to see their inner workings until a pyramid scheme was launched on a blockchain. A scheme called Forsage, at one point, it was basically the number three contract in Ethereum by gas usage, so immensely popular smart contract called Forsage, was a pyramid scheme. It was a classic pyramid scheme, because every transaction in the contract is publicly visible. It's one we could study. We could actually observe the dynamics of the community.

Wow. So cool.

Yeah, this was really intriguing. So first of all, it became – it's possible to show unequivocally that it's a pyramid scheme, because you can see exactly how the money flows. You can interpret the rules. They were intentionally obfuscated in the design of contracts, so some reverse engineering is required. But you can ferret out the rules. And we could also gather statistics, like what fraction of people made money in this pyramid scheme, as advertised as a scheme that would enrich everyone, what fraction of users actually made money? It turns out that 88% of users lost money, not surprisingly. We're able to compile lots of other interesting statistics. Law enforcement got wise to Forsage, and the SEC, I think it is, is now prosecuting both those who created the contract and those who were promoting it.

That code was available for users to review, I'm assuming. But it took a ton of computer scientists to actually understand it.

As I said, transparency, in some sense, cuts both ways. If you're able to take advantage of it, that's great, you can understand how a system works. If you aren't, it can be deceptive, and in fact, Forsage was advertised as advertisers claimed that it couldn't possibly be a scam, because smart contracts are 100% trustworthy and the scheme was 100% transparent. It was transparent in the sense that anyone who could read and reverse engineer the code, would know exactly what's going on. But how many people have read it and reverse engineered the code? One. The research engineer who is working on the Forsage project, with my group. I don't know if anyone else actually has an understanding of how the contract works apart from its creators. And as I said, they designed it in a way intentionally to obfuscate its mechanics. They didn't want people, of course, to realize it was a pyramid scheme.

Unreal. So, it got huge. What allowed it to grow to the size it did?

Pretty aggressive marketing, and I think clever marketing, in the sense, as I said, that they capitalized on the beneficial features of smart contracts through misrepresentation to market the pyramid scheme. And people who don't understand smart contracts were bamboozled. They were told, “Smart contracts are 100% trustworthy”. As I said, “They do exactly what they're programmed to do, so this can't be a scam.” As I said, if you don't know how smart contracts work, like the vast majority of us, this sounds completely plausible.

So, other than that example, how big a problem are pyramid schemes in general, in DeFi?

That's, by far, the largest pyramid scheme I've come across. I don't think they're actually a huge number of them. So, I don't think it's a major systemic problem. But certain communities have been particularly badly affected. For instance, Forsage, for some reason, became very popular in the Philippines, and among Filipinos. The Philippine SEC actually issued a warning about it, so I don't know why it became popular in that particular community, unless it just happened to be particularly heavily promoted within it. But within the community of smart contract users at large, I don't think pyramid schemes have this kind of been a widespread problem. But they do exemplify some of the dangers of misrepresentation of the power of blockchain technology.

I guess Forsage would be different from, because we've had all these other insolvencies, like Celsius being a big one, but that was a centralized operation, whereas Forsage was purely a smart contract.

Yeah, when Forsage was 100% on-chain. It was a contract, whose mechanics, as I said, were, in principle, completely visible to the world, and which functioned completely on-chain. Yeah, Celsius was a different matter. All these insolvencies are the result of off chain behaviour.

I want to come back to the relationship between smart contracts or the concept of smart contracts and the legal system. How do smart contracts deal with, I guess, theory that all contracts are incomplete?

So, in some sense, they help address the problem of incompleteness, I guess, and that the terms of the contract are fully dictated by the code on chain. In some sense, they fail to benefit from incompleteness, which can actually be helpful. Attorneys regard the fact that contracts often have a little bit of ambiguity or wiggle room as a good thing, because unforeseen circumstances can arise, and it's important that there be some accommodation for them. But in smart contracts there’s no accommodation. If something goes wrong, you're potentially up the creek, because the code in the smart contract can't change unless there is some provision made in its original design to change the code or unless a community moves to a new smart contract. So, their inflexibility is both a strength and a liability, I would say.

Interesting. We talked to Hilary Allen, who does financial regulation research from a legal perspective and she talked about the impacts on fragility of the financial system from the inflexibility of smart contracts. Just an interesting point.

Yeah, at this point, I don't think that they're so deeply integrated into the financial system that inflexibility is going to have systemic repercussions. But it’s something one needs to think about in using them. And it is possible, I mean, there are programs that can be crafted in any way you like. So, it is possible to build in flexibility from the get go, you just have to be aware of the fact that you can't change their code after the fact, again, unless there's some provision made at the time that they're written.

Often, for instance, they will include pointers to libraries. Pointers can be changed if the libraries change. So, their software, like any other in this sense, you can implement them in a way that is completely rigid, or you can implement them in a way that does afford a certain degree of flexibility. You can, for instance, build a kind of emergency mechanism that allows the contract to be deactivated by a committee in the case that something goes wrong. This is not uncommon. That's a form of flexibility that relies on human institutions and couples them with a smart contract.

Yeah, that’s interesting. Hilary Allen, when we spoke with her, she agreed that it's not systemic at this point, because DeFi is still not integrated with the existing financial system. When you were talking just now, you made me think of something else, which is related to that conversation with Hilary Allen. She also talked about complexity and financial fragility, and that just made me think of – what we’re talking about with Forsage where anybody can see the code, but it's so complex that it took a computer scientist to reverse engineer it, to actually know what was happening inside the contract.

That's true. But conversely, because smart contracts are code and because we can reason about code mathematically, in principle, we can understand and measure the risks in DeFi systems with greater insight than we can in traditional financial systems. There are fewer unknowns and there are better, more relevant mathematical tools. So, for instance, my group has been looking at ways to prove that a smart contract under particular circumstances can be taken advantage of, or the users of smart contract can be taken advantage of, only to a certain extent, and we can prove bounds on the degree of, I’ll call it malfeasance, simplifies it.

Proof results on the degree of malfeasance. You can't do that with traditional financial instruments, because they're not programs, because their workings are not mathematically well defined and they're not executing as programs within a computing engine, the way smart contracts are.

Oh, that's really interesting.

So, there's a lot of power in DeFi in that sense.

Yeah, that's cool. It's like you can model the financial system, but it'll only ever be a model. But if you model DeFi, the model is the actual system.

Yeah, you can, in principle, have a perfect model. Now, it turns out that you run into the limits of computability very quickly. But it's possible to build tools that provide, I think, an unparalleled degree of insight into the workings of DeFi systems and research in these area is still embryonic. As I said, this is an area, for instance, that my group is exploring. But this, I think, is really interesting and powerful and appealing, and there are lots of other interesting things you can do with smart contracts.

Another example, I don't know if you're familiar with it, is flash loans. For listeners who are not familiar with them, they are the equivalent of you're walking to a bank and saying, “I want to borrow $10 million. I don't want to tell you who I am and I don't want to give you any collateral. Could you give me $10 million, but just for a day?” So, of course, in the real world, this would be ludicrous. In a blockchain system, you can do this for an instant of time. You can borrow, I mean, literally tens of millions of dollars with no collateral. The catch is that you need to repay the loan, essentially, instantaneously.

It's because of these properties I mentioned, because of the peculiarities of the execution environment, if you will, that you can realize this type of financial instrument that as far as I'm aware, has no analogue in the traditional financial world.

I listened to one of your talks and you talked – somebody asked you what kind of financial innovations we're going to see, and you said something like, “We don't know yet. There won't be analogues in the existing financial system to the stuff that we may see from DeFi.”

Yeah. Cameron. Sorry, you were going to ask something?

I’m just curious why someone, like, what's the purpose of a flash loan?

Well, there are two uses for flash loans. One is to attack systems, unfortunately. You can attack – you basically can borrow the capital required to exploit a vulnerability in the smart contract. Some people see this as a good thing. It's a way to test the system. I won’t pass judgment. But it's also useful for arbitrage. If you see that token A is selling for a penny less in contract B than contract A, take out a huge flash loan, right? Buy the token in contract B, you sell it in contract A, if you make a mint, and you don't have to have any capital on hand to do this.

So, in a way, it democratizes arbitrage. It allows those without deep pockets to observe opportunities to make money as a result of discrepancies in prices, and so on and so forth, and they're used for that purpose as well.

What happens if that trade fails? Like arbitrage is, of course, theoretically risk free, but in practice, arbitrage trades are often risky. So, what happens in that instance if it fails?

This is the beauty of flash loans. It's essentially a risk-free operation. The way a flash loan operates is – remember I mentioned in the course of a single transaction, you can interact with multiple smart contracts. The way that a flash loan operates is that you borrow money from one contract, use it for whatever you're going to use it, and then you have to pay it back in the same transaction. If you don't pay it back, the transaction reverts. It's as though the transaction never happened. It's as though you never took out the loan. You can essentially rewind time, and therefore the lender is guaranteed repayment. It doesn't matter how risky the arbitrage opportunity the borrower is trying to exploit. The lender is never going to be out any money.

Yeah, that's weird to think about.

It is. And again, where would you find this in the traditional financial world? This again, is taking advantage of the fact that this is a strictly computing based financial infrastructure and some other properties like the sequential execution of transactions, if they're executing in parallel, then it would be much trickier to do something like this. But to your earlier point, yes, there will be, I think, opportunities to create financial instruments that we would not have dreamed of, and this is, I think, a very good example.

I want to move on to something you've done a lot of, or you and your group have done a lot of really interesting work on, which is oracles. Can you describe what an oracle is in the context of blockchain?

Yeah, I think there are a few different ways to define it. The common definition or the most widely embraced definition is systems that relay data from the real world, which may be a web server, traditional web server, conventional web servers, to a smart contract, generally in the form of today, of price data. But in principle, oracles can relay essentially any kind of data from an off-chain system to a smart contract. So, they connect smart contracts, and therefore blockchains, to external systems and to the real world.

I'm guessing they're pretty important to the future of blockchain?

That's certainly my view and that's why I started doing research on them, pretty much from the get go, as I began to explore blockchain systems. If you want to write interesting smart contracts, interesting in my view, smart contracts that use real world data in some way, then you have to have an oracle system. I mean, there's a fair amount you can do without oracle systems. But if there's something really interesting, you do want an oracle system, and oracle systems are pretty firmly entrenched in the DeFi landscape today as a result.

Okay. So, you mentioned prices. How do oracles know what the truth is, if they're trying to relay price information from like the stock market to a blockchain?

The way that truth is generally established is by having a committee of servers, nodes, source data about whatever price it is, say that Eth USD price, source data, ideally, from a variety of sources, and then combine the data that they see in a way that's going to be robust to outliers, manipulation, and so on, and so forth. For example, collection of nodes, if they're gathering data from a single source, will assemble the price quotes they've seen, and then take the median, and they put that on-chain. Median has the nice property that even if there's noise and corruption in a few values, minority of values, you still get something reasonable.

Can oracles used to verify the identity of people?

They can, actually, and this is an area that my group has been working on, so called decentralized identity or DID. There are a couple of ways to realize identity documents on blockchains. One is to have issuers, authorities that can vouch for people's identities, create identity documents on chain, on behalf of users. And this would work well, for instance, if the Department of Motor Vehicles or the state department decides to issue driver's licenses or passports on chain, that's great. Now, setting aside the privacy issues for the moment. The challenge here is that it's very unlikely that the DMV or the State Department are going to get into this business anytime soon. So, we end up with a kind of bootstrapping problem, where it would be very useful to have decentralized identity for a variety of purposes for regulatory compliance, to be able to take out loans and so on and so forth. But we're unlikely to see issuers until the applications are there and it’s hard to get these applications off the ground. So, you have issuers to do this.

My group developed a system called Candid, that allows an oracle system to relay data on-chain from existing web servers, and that data can include identity data, and this can be done in a privacy preserving way. So, this is to say, for example, if you want to create an identity document saying, “I have a valid US passport,” maybe you don't want to reveal anything else. What you can do with this Candid system is log into the State Department website, prove to an oracle system, the nodes participating in an oracle system, that you indeed have a valid US passport, and then they can create a credential that says, “We saw that this person actually has a valid US passport. Here's a credential attesting to that fact.” And as long as you trust that the oracle system has performed this operation correctly, and because it includes a multiplicity of nodes, you can have a high degree of trust in it.

If you trust this, then the credential that has been created is trustworthy. And this can be used for a variety of purposes. It can also be used, believe it or not, in NFT marketplaces, it's quite useful. My group recently did a little demo where we used this system to enforce essentially, one, we didn't do exactly this, something analogous to an NFT sale, where you allow an individual, one individual to buy only one NFT. So, one NFT per person policy, we were able to enforce this way. If you don't have a decentralized identity system, then preventing bots or people from snapping up NFTs and cornering a market is difficult, as it turns out.

Okay, that's pretty interesting for ticket scalping and stuff like that.

Exactly. So, NFT scalping is a rampant problem. And if you have a decentralized identity system, however it's realized, it becomes possible to address problems of this kind.

Yeah, very interesting. I guess, if they became multiple issuers of digital identity, they would have to somehow coordinate with each other. Otherwise, you could have a digital identity from two different issuers.

That would actually be okay. If a smart contract, for instance, that accepts digital identities from users for a given purpose, say taking out a loan, can decide from which issuers it's willing to accept those digital identities. So, the issuers themselves are not really required to do any coordination. It's the relying party that gets to decide or can decide which credentials it is going to respect. So, the system can be decentralized in that sense as well.

Now, one of the things that jumps into my head when we start talking about identity on the blockchain, and being able to do financial transactions and purchase things and stuff like that, people in crypto have been pretty bad about losing their keys. And if it's like, not your keys, not your crypto, okay. But not your keys, not your identity, that's kind of scary.

It is. Yeah, this has been a huge problem. So according to one estimate, something like 4 million Bitcoin, so we're talking like, I don't know $80 billion in Bitcoin have gone up in smoke, because people lost their keys. Nobody knows how to manage keys well, at least consumers don’t. Businesses, thankfully, are learning how to do this well. It's a very hard thing for consumers. And indeed, if your identity is linked to a key that's prone to loss, that's not a good thing. So, we need to build systems that are more resilient to key loss and more user friendly. The system I referred to, this Candid system actually, is an example of a way that we can build better such systems. What it allows you to do is to escrow your key with a committee. You escrow it with a committee in a sense that no individual committee member knows your key. They have to only collectively do they know it and in fact, they never need to reassemble it.

You escrow your key in this privacy preserving way with the committee, and if you lose your key, you can then go to the committee and prove your ability to log into a collection of websites that you have pre-designated. You can use existing ways of authenticating yourself to recover your key. And in this way, key recovery becomes as easy as password recovery. You're using exactly the same mechanisms. So, I think it's possible to build systems in which people's keys are managed somewhat more sanely. Systems in which users still get to control their keys directly.

Another possible model is the – today, the popular model of cryptocurrency ownership in which you don't actually hold your cryptocurrency directly. You don’t current custody it yourself, you custody with an exchange, and the exchange has the keys. You could do that. But to some extent, defeats the purpose of building these decentralized systems. Not completely, but in part, it undermines it. It would be better to have users custody their own keys. If we have ways of enabling key recovery, that, as I said, are user friendly and robust, then it becomes easier for users to custody their own credentials, to manage their own credentials directly.

That's on a go-forward basis. I assume there's no chance of ever getting back those 4 million lost Bitcoin, right?

As far as we know, those are gone forever, right? Sometimes people manage to recover their keys. But indeed, if people can't recover the keys for the addresses that held those Bitcoins, they are indeed gone forever. When it comes to an identity document, you can always have it reissued. So, even if your key disappears forever, it's like losing your passport, right? You go back to the State Department saying, “Please issue me another one.” If it's stolen, you need to have the original cancelled. So, you need mechanisms for that. But that's an easier problem than recovering Bitcoin. And Bitcoin by design doesn't allow you to recover coins that have been lost as a result of lost keys.

I was going to ask, does it become less decentralized, if you can get a new key issued or if you lose your key, you can recover it? But if it's all done by a decentralized committee, then it's not a centralized entity. It's kind of like the beginning of our conversation, we talked about a database versus a permissioned blockchain.

Right, exactly. So, as I said, you can escrow your key with the committee in such a way that even if the committee isn't completely trustworthy, the committee consists of say, I don't know, 13 nodes and four of them are corrupt or corrupted. Even under those circumstances, you can have confidence that your key is not going to be leaked or abused in some way. That's the beauty of decentralized systems.

I want to move on to another – you've done a lot of interesting work in a lot of interesting areas. I want to move on to decentralized exchanges, which is an area you've done a bunch of papers on. What are the advantages of a decentralized exchange over a traditional order book exchange?

Well, I think the advantages of a decentralized exchange are the advantages of smart contracts over traditional infrastructure. There's the transparency. In some cases, they're more cost effective. There's the composability, with other smart contracts. So, there are a lot of good things to be said about decentralized exchanges.

We've heard lots of bold claims about fairness and transparency in decentralized finance, but in practice, how fair and transparent are these decentralized exchanges?

They're certainly transparent. They're fair in the sense that everyone, in principle, plays by the same rules interacting with the exchange. There are some problems with the infrastructure, and one of those problems my group has explored at great length. That's the problem of it's called minor extractable value or maximal extractable value. New coinage, same acronym, MEV. And this problem arises from the fact that, from the feature of transparency in DeFi systems. When you submit a transaction to a blockchain, it goes through what's called a Mempool. This is a public collection of transactions waiting to be processed, and there it's visible to everyone. That means that it's visible to everyone before it gets processed, and it's visible to arbitrageurs, who want to take advantage of advanced knowledge of a transaction.

So, as you know, if you're about to place a big trade and somebody learns that you're going to place a big trade, that somebody can take advantage of the knowledge to make money and that money comes out of your pocket. Unfortunately, DeFi systems are highly vulnerable to this phenomenon, and it's regularly taken advantage of by bots. In fact, the exploitation of MEV has essentially become institutionalized. This is one of the drawbacks of exchanges. Exchanges have implemented various ways to try to limit the impact of MEV, like allowing users to specify the amount of slippage they're willing to tolerate, and so on and so forth. But this is a systemic problem. It's one that there are various ideas about how to address. There are some who believe that MEV is inevitable and the best thing we can do is make MEV exploitation transparent. There are others who think that we should be more aggressively minimizing MEV, using technical mechanisms. I would count myself in the latter camp. This is an ongoing problem and a topic of much debate in the DeFi, and larger blockchain community.

What did the market do? Or how did the market respond when you first published about front running on Dexas?

Well, we first published a blog post with the intention of warning people that this was a possibility before it was actually happening very much. The effect, unfortunately, this effort backfired. This is a lesson in the challenges of, I guess, interventionist science. This effort backfired and then a few weeks later, bots sprang up and MEV exploitation quickly became entrenched. So unfortunately, the warning didn't pan out. The community wasn't able to capitalize on it, I guess, in time. But as I said, this is a topic of ongoing debate and research, the question of how to minimize MEV, to what extent we can minimize MEV? What the difference between good MEV and bad MEV is? There are some forms of arbitrage that are beneficial and that they convey information, as in traditional markets. Obviously, we don't want to eliminate those forms of MEV. So, there's quite a bit of research to be done here.

Are the decentralized exchanges really more fair than a centralized exchange?

Well, I will say they're more transparent. We don't actually know what's taking place in centralized exchanges, because they lack transparency. So, we have to trust that they are not engaging in nefarious behaviour. And I presume that most of them are not, but we don't have any form of – we don't have the strong technical assurance of integrity that decentralized exchanges have.

So, the MEV might just be the, I guess, that's what you said, has been institutionalized. It might be the price you pay for the total transparency of a decentralized exchange.

That's possible. I don't think it's inevitable that users have to pay this tax. So, for instance, one of my students, PhD students, has been designing a form of what we call fair ordering protocol. This is a protocol in which again, a committee of nodes, decentralized functionality, accept incoming transactions and order them, roughly speaking, according to the time that they're received. Time of receipt ends up being complicated when you're talking about a committee. But essentially, operating in what I like to call the deli model, take a ticket and that determines when to get service. If this can be implemented as a front end to the systems, I think it offers some hope of restoring fairness, even in the case where transactions are publicly visible. The other thing you can do is encrypt transactions, and then order them before they get decrypted by a committee. This is an approach called secure causal ordering, which actually dates back to the 1990s. My colleagues, Mike Reiter, and Ken Burman devised this approach well before the advent of cryptocurrencies.

Both those approaches have pros and cons. You can actually combine them as well. So, I think there are technical mechanisms that hold up the hope of minimizing MEV at the source, and leveling the playing field and consequence.

We talked to somebody recently who told us the story of the DAO, with the DAO hack, Ethereum and all that stuff, it's a fascinating story. More generally, how confident should we be in the correctness of the code underlying all these systems?

Yeah, that's a really tricky question. It is very hard to write correct code. But I will say that the advent of blockchain systems and smart contracts has led to the development of a whole host of better techniques. It's been an impetus for the development of better formal verification systems, as they're called. Systems that mathematically prove the correctness of smart contracts with respect to a specification. Of course, you need to get the specification right since it turtles all the way down. But approaches like this are leading to increasingly resilient systems. So, you'll never be 100% certain, and flaws abound. But I think the community is getting better and better at securing smart contracts and DeFi systems more generally.

That's interesting. It's created an incentive to write better code. We had somebody else tell us that, and this is a controversial view, for sure, but they told us that they actually like ransomware, because it makes people, it forces people to write better software.

Yeah, that is an interesting perspective. And as I mentioned, there are some who regard use of flash loans to attack smart contracts as a good thing, because it encourages people to harden systems and reveals vulnerabilities. That's an interesting point of view. And I think it may even be a defensible one, to some extent.

Even though you said you're not an economist, I have an economics question for you. So, would the transparency of blockchains be problematic if they became the general ledger for all economic activity?

Yes, absolutely. And the question of privacy has come up in in all kinds of places, but in particular with regard to CBBC, Central Bank Digital Currency. As you probably know, there are many treasury departments now exploring the possibility of making fiat currency, conventional currency, available in digital form. China for instances, is already piloting such a system. Bank of England is exploring. The US is slowly exploring. The Fed is slowly exploring this possibility.

Clearly, you don't want a fully transparent ledger for all cash transactions across the world economy or a national economy. There have been significant advances in the development of privacy preserving cryptocurrencies and smart contracts. Zcash was an early pioneer in this regard. Now, of course, privacy is a double-edged sword, and fully private transactions with no accountability is likely to fuel crime. Someone has to strike an appropriate balance. But there are a number of cryptographic and hardware technologies under development that will allow various ways of striking a balance between privacy and transparency. For instance, allowing for private transactions in the system, while being able to prove that the system is solvent, has sufficient deposits, or allowing privacy preserving transactions with the ability of a committee to revoke anonymity or reverse a transaction, or otherwise take steps to prevent abuse of the system. It's true of privacy preserving systems everywhere, that it's necessary to strike a balance. This isn't a feature peculiar to DeFi.

We had Bruce Schneier. We talked to him a while ago, and he made that point and he used harassment on encrypted chat platforms as an example of that. Yes, you get encrypted conversations, which is nice for privacy, but it also facilitates harassment.

Yeah, exactly. I mean, these things are always a double-edged sword. So, privacy is incredibly important, right? It’s, I would argue, a fundamental human right. But we need to be aware of the limitations of privacy and achieving societal good and need to be able to balance privacy and accountability. And this is something that people are thinking about increasingly in the design of DeFi systems.

You mentioned the Fed looking at cryptocurrencies. There's a paper from the Federal Reserve Bank of Boston and MIT, looking at CBDC design. As I understand, they did not use blockchain in their design. How important is blockchain to the concept of CBDC?

It only makes sense to use a blockchain when you don't have a trusted third party available. In the case of CBDC, you need to trust the Fed or the integrity of the US dollar. So, you have a trusted third party. And therefore, the only reason for the Fed to use a blockchain like system would be for robustness, not for the distribution of control of the platform. So, there are good reasons to use blockchain like technologies, consensus platforms, essentially, for security to maintain the integrity of the platform, but not to instantiate the kind of trust model that you have in a permissionless or even a permissioned blockchain. So, that design choice does make sense.

Okay. I want to take a bit of a step back, and this question is going to be somewhat repetitive. But I think that's probably good because this is a complex topic. You've told us about a lot of very interesting technical solutions to problems that exist in the world of blockchain. But if we take a step back, how do you make the case for why we need blockchain?

Yeah, that's a very good question. I addressed that question, I think to some extent when talking about NFTs and their intersection with art markets, and NFTs have been embraced not just by serious artists, but by major auction houses, and so on, and so forth. So, they're already penetrating the traditional art world and their various benefits, I think, are apparent participants in that world.

It's an embryonic technology. We're still discovering the multiplicity of uses it can have. For example, one of my PhD students was working for some time on a platform, smart contract platform, whose goal was to ingest satellite data and offer rewards to people for good stewardship of natural resources. That turned out to be very hard to achieve, not so much for technical reasons as it was for sociological economic reasons, right? It wasn't clear who should be paid, what payments should be contingent on, and so on and so forth. We struggled to find good partners for that project. But I still believe that applications of that kind are realizable, and will be realized sometime in the not too distant future. I feel pretty sanguine about that. I think there are a whole host of applications we have yet to dream of, just as there are going to be a whole slew of DeFi instruments that people have not yet dreamed of.

So, what about the current state of blockchain, what might worry you?

Great question, what worries me? I think the communities focus on technology, before thinking through the societal implications in depth, concerns me a bit. I think that blockchain technology is often developed in an unduly technology driven way. So, that's one of the things that concerns me. I think that's in part because of a lack of diversity, I mean this in a number of different senses in the blockchain community. That's something that I hope will improve. I think a failure to think holistically in an appropriate degree about the design of blockchain systems concerns me. There are people touting the use of blockchain systems. DAO for instance as replacements for successors to existing governance structures. We need to bring legal experts and sociologists and a whole crew of experts from a diverse range of fields into the conversation about how to design these things. And that's happening to some extent, but not to the extent that I would like to see it happen. So, I'd like to see much more vigorous interdisciplinary work and a broadening of the community in a number of senses.

You've made me think of a question. We've interviewed, I think, 20 people for this crypto series where we're just trying to figure this out for ourselves, and our podcast audience is benefiting from that, hopefully. But we've talked to people from many of the disciplines that you just mentioned. I mean, economists, computer scientists, sociologists, people from the legal profession, cryptographers, and this may be our own selection bias, there's a reasonably good chance of that, but most of the people we've talked to have been highly skeptical of blockchain technology of crypto and all that stuff in general. Do you have a sense for why there is so much passionate skepticism? Because it's not like people are just like, “Oh, yeah, this isn't that interesting.” It's like, yeah, it's more intense than that. Do you have a sense for why?

Well, I think there's good reason for skepticism. From the outside, what does one see? Ransomware, scams, bubbles, and so on and so forth. So, the outsider's view is, I think, going to be coloured by a different form of selection bias. This is what one reads about in the press. Insiders see the technology and its promise, and I think also see, as I said that the technology is embryonic. We're still discovering applications. The community is still figuring out how to self regulate. So, I think it's a little too early to pronounce definitively on the promise of the technology. And if these skeptics are outsiders, which is to say have not themselves worked on the development of blockchain systems, then I can certainly understand how they came to embrace that point of view. I think the skepticism is healthy. We don't know exactly how this technology is going to develop. I certainly don't have 100% confidence that blockchains are going to eat the world or that it's a good thing if they do. But I can see various pockets of real technological promise and that's what keeps me interested in them.

I think one of the reasons that a lot of the skeptics are so passionate is that there are externalities, like people losing money to scams and environmental consequences. You mentioned the Ethereum merge earlier. Does that solve any of that? Not the fraud part, but does that solve the environmental concerns?

In large part, yes. It reduces the amount of energy consumption quite drastically. And this is something that Vitalik Buterin has been meaning to do, the Ethereum Foundation has been meaning to do for some years. They've been quite conscious of this problem. So indeed, it does address at least that one negative externality, and they deserve kudos for pulling off what was a real technical tour de force in migrating from proof of work to proof of stake, that really deserves applause.

All right, our last question for you, Ari. Cameron asked what you're worried about. What about this area of research are you most excited about?

Well, as I mentioned, NFTs these days are exciting to me, in part because they are a naturally interdisciplinary topic. There's something that I can talk to my colleagues in the business school about. I've written an NFT – co-authored an NFT primer with a colleague of mine who studies entrepreneurship in creative industries and she's really intrigued by NFTs in the way that they're reshaping art markets.

I can talk to my colleagues in the law school. One colleague, James Grimmelmann, for instance, has been studying copyrights issues around NFTs, and has co-authored really, excellent blog post explaining some of the challenges there. My students and colleagues and I are holding an NFT gallery opening in a few weeks at Cornell Tech, where we commissioned a large, essentially projection surface from a glassblower. We're going to display some NFTs representing our technical research and we'll have a series of talks on many different facets of NFTs, business facets. My colleague Mukti Khaire, mentioned earlier, studies entrepreneurship and creative markets. We're talking about art markets and my colleague in law school will be speaking.

They're easy for ordinary people to grasp after a brief explanation of what they are and why they're interesting. Maybe that you need the collector’s instinct, as we discussed earlier, at least for the time being, to really appreciate them at this stage. But as I said, the fact that they're so interdisciplinary and that they're about so much more than just JPEGs of apes has got me excited about them. DeFi, also to me, is quite exciting. As I said, the flash loans, I think are the quintessential example of the opportunities for creativity, both technical and in terms of the development of new financial instruments afforded by DeFi and smart contracts.

Very interesting. Well, Ari, this has been great, and it's been great to talk to you because you're clearly passionate about this as a concept, you speak to it very well, and a lot of voices that are pro crypto, I find to be overwhelmingly ideologically driven, as opposed to coming from a true position of technical expertise. So, hearing your views from that perspective, and not the perspective of, “Bitcoin is the new gold,” was very useful.

Thank you, kind of you to say that. It's been a pleasure speaking with you today.

Yeah. Great to meet you, Ari. Thank you.

Thank you.

Is there an error in the transcript? Let us know! Email us at info@rationalreminder.ca.

Be sure to add the episode number for reference.

Participate in our Community Discussion about this Episode:

https://community.rationalreminder.ca/t/understanding-crypto-17-ari-juels-the-technical-case-for-blockchain/19322

Links From Today’s Episode:

Rational Reminder on iTunes — https://itunes.apple.com/ca/podcast/the-rational-reminder-podcast/id1426530582.

Rational Reminder Website — https://rationalreminder.ca/ 

Shop Merch — https://shop.rationalreminder.ca/

Join the Community — https://community.rationalreminder.ca/

Follow us on Twitter — https://twitter.com/RationalRemind

Follow us on Instagram — @rationalreminder

Benjamin on Twitter — https://twitter.com/benjaminwfelix

Cameron on Twitter — https://twitter.com/CameronPassmore

Ari Juels on Twitter — https://twitter.com/AriJuels

Ari Juels — https://www.arijuels.com/

The Ring of Gyges: Using Smart Contracts for Crime — http://www.arijuels.com/wp-content/uploads/2013/09/Gyges.pdf

NFTs for Art and Collectables: Primer and Outlook — https://www.arijuels.com/wp-content/uploads/2022/04/NFTs__Primer_and_Outlook.pdf

‘Huge mess of theft and fraud:’ artists sound alarm as NFT crime proliferates — https://www.theguardian.com/global/2022/jan/29/huge-mess-of-theft-artists-sound-alarm-theft-nfts-proliferates

Incomplete Contracts and Control — https://www.nobelprize.org/uploads/2018/06/hart-lecture.pdf

Chainlink 2.0: Next Steps in the Evolution of Decentralized Oracle Networks — https://research.chain.link/whitepaper-v2.pdf?_ga=2.99068702.124468793.1661870135-1990502175.1661870135

Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges — https://arxiv.org/pdf/1904.05234.pdf

Themis: Fast, Strong Order-Fairness in Byzantine Consensus — https://eprint.iacr.org/2021/1465.pdf

Cleaning Up Cryptocurrency: The Energy Impacts of Blockchains — https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Juels_OI_2022.01.20.pdf

The Seven Grand Challenges — https://www.initc3.org/projects.html