I left you with a cliff-hanger. What can software do to help? I talked a great deal about APIs at the outset, the core thesis for this course, and then in some detail money, the history of money. What is it? What's the connection between money and sovereignty and the monopoly on the use of force. What is the money in the US? Where is the money? Now let's bring it all together. Let me share the screen, and off we go. What, if anything, can software do to help? Well, let's start by talking about one of my favorite problems in computer science. Though I mentioned at the outset that I'm a computer scientist, or especially a theoretical computer scientists, and computational complexity is one of my favorite topics from the university. It's really one of the first things I fell in love with. We're going to talk about a very specific, famous problem in theoretical computer science that is at the heart of Bitcoin, and it's block-chain protocol. Let's talk about the foundations of Bitcoin, and in particular, the Byzantine Generals Problem, one of my favorite problems in theoretical computer science. The early 80s were an important time for me, and for so many others. In that time, I went from being a computer engineer, and architect, to a theoretician. I encountered theoretical computer science for the first time in the early 80s, fell in love with it, never looked back. In the seminal 1982 paper, Leslie Lamport, proposed a problem, and solution to the problem he called, the Byzantine Generals Problem. First, imagine that there are several divisions of the Byzantine army, and they're camped outside an enemy city. Each division is commanded by its own general. The generals can communicate with one another only by messenger. After observing the enemy, the generals must decide upon a common plan of action, attack, or retreat. Some of the generals, however, may be traitors, trying to prevent the loyal generals from reaching agreement. Here's the Byzantine Generals Problem, or in the tradition of theoretical CS, the BGP. A commanding general, must send an order to his n minus 1 lieutenant generals, such that first, all loyal lieutenants obey the same order, either attack, or retreat. Second, if the commanding general is loyal, then every loyal lieutenant obeys the order that the commanding general sends. In this general, and difficult case, Lamport showed in his 1982 paper, that there is a solution to the BGP, if there are n treacherous generals, and 3n plus 1 total generals. He has a quote in his paper that proved passionate, "Achieving reliability in the face of arbitrary malfunctioning is a difficult problem, and it's solution seems to be inherently expensive. The only way to reduce the cost, is to make assumptions about the type of failure that may occur. " As we roll forward, a few decades to the present, that statement proved passionate. Think of Bitcoin, and its underlying block-chain, and block chain protocol as a solution to a particular variant of the BGP, where the loyal generals are honest nodes, and the attack, or retreat order becomes, do we all agree that these transactions are valid? Or do we not agree that these transactions are valid? The Bitcoin protocol, and you can read it in the white paper, which is in our reading materials, ensures that the honest nodes all agree on the validity of all the transactions in the block chain, as long as, and you all will have heard this, as long as the honest nodes control greater than 50 percent of the computing power in the network. The Bitcoin block chain, is a beautiful piece of theoretical computer science continuing in a fine tradition that dates back to the early 80s, and it has a profound application in the real world, hence all the talk, and all the fuss about Bitcoin, and Cryptocurrencies in general. First distribute the databases, and distribute the ledgers, or DLTs, and particular kind of distributed database, are legendarily, and notoriously difficult to administer. Second is Byzantine fault tolerance over engineering for this use case. Do we really need to be resilient in the face of just under 50 percent of their nodes being malicious, or having been taken over by malware? Third, is it simply too expensive, in time, energy, and, or space, and do we therefore really want to solve different variants of the Byzantine Generals Problem, to achieve different kinds of agreement on what's valid, and what's not valid in the ledger? Where, for instance, we rely upon circles of trust. Let me take you through Bitcoin in three slides. Of course, we could go on forever, but I'd like to capture the essence of Bitcoin and the block-chain protocol. First, everybody who is a participant in the Bitcoin network has a Bitcoin address. Anyone who wanted to send us money can send to that address. Now, bitcoin build on a fascinating body of w hat's called a private-key cryptography, sometimes also called trapdoor cryptography. It relies on a fundamental property, which is everybody can know the public key. But corresponding to each public key, there is a unique private key. The function that map from private key to public key and public key to private key have a one-way or trapdoor property. Which is it's easy to compute the public key if you've got the private key. But if you don't know the private key, it is effectively impossible given the public key to guess the matching private key. You basically just have to try all the numbers. If you make these numbers big enough, that we'll be prohibitively expensive. The classic initial algorithm that use public-key cryptography is called RSA. You probably heard of it. Rivest-Shamir-Adleman cryptography and it relied on the fact that if I take two numbers and multiply them, well, anybody can do that. But if all I tell you is the product of those two primes, and I don't tell you the two prime, the prime factorization I just gave you the product well it's very very difficult to factor the number, especially if the number is really really big. You basically have to guess all of the numbers up to the square root of the public-key and see if they divide in evenly and that how you get the private key. That will take you way too long, if you make the numbers big enough. That's a core concept in Bitcoin, there's public keys and private keys. Here's another core concept. Bitcoins exists in a cognitive or in a subjective reality as the side effect of unspent transaction. There was an original injection of Bitcoin, and there's other Bitcoin created through mining, and there are transactions, and whatever is not sent in the transaction remains, and that's your Bitcoin balance. If you hope from Bitcoin and you'd like to spend it, you sign a message with your private key which again nobody else knows, and so only you can create that signed message and others using your public key can easily verify that you signed it, but it's very hard for people to spoof your signature. In fact, computationally infeasible or intractable. In a single Bitcoin transaction, a sender moves Bitcoin from one or more inputs, those are the prior transactions, to one or more outputs, and those are the new transactions. Now, here's what is happening on every node or client of the Bitcoin network. They're running an algorithm and it's called the SHA-256 cryptographic hash. It was originally designed by the National Security Agency of the United States, the NSA. Here's what the hash, and you can look on the left and take an example. It can take an arbitrary sequence of bits, which could be, for instance, a J-peg picture or image of a cat, and then you run it through this SHA-256 cryptographic hash, and it takes all the bits together and it comes up with a single number they're printed it out in 32 bytes in hexadecimal or base 16. Here's a very interesting property of the hash. It's really easy to compute. Here's another interesting property. If I change just one bit in that image of the cat, out of all those millions of bits, it'll map once you run it through the SHA-256 into a completely, totally wildly randomly different number. You change this one bit and the hash is completely different. That is an incredibly important property. I'll get to that in just a second. Slide 2. Bitcoin is what's called a proof of work, network or a cryptocurrency, your digital asset. Here's what that means. Here's what all those Bitcoin miners are out there doing. They gather up a bunch of transactions that a bunch of spenders have signed with their private key and they group those transactions, which is just a sequence of debts, like an image of a cat. They group those transactions into a block, the first word in block chain. Then the miner randomly guesses a 32-bit number and that number is called the Nonce. Meaning it's just used very briefly. It's just the flicker. It's guessing a number and it takes that nonce and it attaches it to the beginning of this candidate block, and then it adds to the end of the block, the hash of the previous block, the SHA-256 hash of the previous block, that has already been agreed by all the miners. You guess a nonce, you put it at the front of your candidate block. At the end of your candidate block, you put the hash of the previous block that was agreed to be a valid block in the block chain. Then the miner honest candidate block run the SHA-256 hash. There's a number that the whole Bitcoin network knows, and it's called the target difficulty, and that changes over time. You've made this candidate block with the nonce at the beginning, the hash of the previous agreed block. At the end, you've created a hash and you just observe, is it less than the target difficulty? The target difficulty is a great big number and you can see it there 4,776,367,535,688.64 that's what it was on 17th February. If they won't [inaudible] , my hash happens to be left there a number and have a lot of zeros in it. Then I've proven this was the proof of work that I've created a block. I've done a lot of hard work on it and everyone else who runs the protocol can easily check that this is a good block because anybody can easily take the block and run SHA-256 on it. That easy. But remember, if you change that nonce even by a little bit, the hash becomes a completely different number for this new good block that I've just proved to work. References the previous block in the chain and remember, it's got the hash of the previous block embedded in it and that's the term block chain. The block chain that's linked least that the computer scientists would call it. It is one of many data structures that one could have chosen. Others choose different data structures, we'll get to that in a moment. Now here are some fascinating numbers on bitcoin as of the 17th of February, summer efficiency limitation. Right now as of the 17th of February 2020, on average, to successfully mine a block, a minor has to guess a nonce and it has to guess 60 sextillion nonces on average before it comes up with the candidate block. Remember the nonce plus the candidate block plus the block hash of the previously good block. It's going to have to guess a nonce 60 sextillion times before the hash on that candidate block is left then the target difficulty. It's going to keep turning out nonces and exahashes. Well, I got it. Again, you can only do that by luck because the hash is irreversible. You changed a bit by just one and very hard to guess, and you cannot go backwards from the hash to what it originally generated the hash. Let's put that another way. The entire Bitcoin network right now in 17 February 2020 is computing a 120 exahashes per second. Exahash is a quintillion, or it's a 120 followed by 18 zeros. There was a lot of hashes. All this computation takes electricity and the electricity consumption of Bitcoin network as of the 17 February, and this is an estimate is seven gigawatt. To put that in perspective, that's about 21 basis points on the world's entire supply of electricity. With about as much as the entire country of Switzerland is consuming or the country of New Zealand. Bitcoin is extensive. It might be over-engineered for most use cases, as I mentioned, you really need that much calculation because you're assuming that much potential hostility or assuming that up to a half of the nonce could have been suborned or hostile and take over the Bitcoin network in that way, employ to guard against it, you're going to be guessing an awful lot of nonces and computing an awful lot of hashes. Also to mention distributed database, notoriously difficult to administer. Now we'll have to get into the details here you can read the paper, but the Bitcoin network is designed for this to be hard and for the difficulty of the problem to increase over time. If you put all that together, the theoretical maximum of the Bitcoin network is 27 transactions per second. Actually it only processes around four transactions per second. Now there's a lot of work going on like lightning and so on. Ingenious attempts to get around this through side chains and various other things you all heard of. This is fundamental limitation of the Bitcoin protocol. Twenty seven transactions per second is the theoretical limit. It's really only at four and put that in perspective, MasterCard can process 65,000 transactions per second. Now MasterCard, is able to do that because it's centralized. MasterCard, it is lashed care. It's got a single point of failure which is MasterCard. But it is way more efficient, which is why MasterCard can get so many orders of magnitude more transactional throughput. Let's talk about another fascinating digital asset, Libra, which you all have heard of beautiful name, amazing project in so many ways. Facebook is asked from its very best engineers to work on the project and I've looked at the check-ins on GitHub software. It's beautiful. It is the digital currency, but it has a permissioned block-chain. There is a thought that it could move to a permissionless blockchain in five years. It would not be proof-of-work, which we've just demonstrated as really expensive. It's proof-of-stake. That's the big umbrella term for a bunch of mechanisms that select the value creator of the next block according to a variety of mechanisms, typically at some random process, combined with the creator's wealth and wealth duration, how long that the creator had that wealth. We've got some biases built into it. The intensive proof-of-stake is to balance security with efficient computation that consumes a lot less electricity. One instaciation, one reality of Libra, it's an open source project that's written in the rust programming language, with excellent engineers working on the code-base. A part of the project that's close to my heart, but we're waiting to hear more details about it, Libra is proposing Move a new language, which they've invented for smart contracts and transactions of various kinds. It's carrying equivalent is of the full power of what computable combined with atomic transaction, so either the whole transaction happens or none of the transaction happens. We're waiting to hear more about what move actually is, but it's programmability is to my mind, a critical feature of whatever does become a new form of money. Libra also as you all know, propose the basket structure of sterling, yen, euro, US dollar. US dollar is 50 percent of the basket. Many advised Facebook that the so-called stable-coin, which is backed by a basket of currencies, would in many jurisdictions including the US, be deemed as security and, or a derivative. We'll get to that in a later lecture, and would accordingly just be dead on arrival. Indeed Libra in it's initially proposed form was dead on arrival. I happened to be in Paris at the time talking to some Goldman clients when the Libra announcement was out and I was doing an interview with Lucy [inaudible] and the journalist couldn't help herself. She asked me what I thought about Libra. I'm super careful about these things. But I said, '' [inaudible] , it's not going to happen.'' She asked me, if I would like to curvy out that, and I said, ''No, you can print exactly that. It's not going to happen.'' I'll get into why. I've just extolled the virtues of Libra, it's design, it's beauty, the strength of the architecture, I agree that the basket of currencies with a fatal flaw, but that's something that can be remedied, but given all those accolades, what's wrong and how was I as certain that it wouldn't go, when I'm rarely, ever certain about anything. We'll get to that. Let's imagine we take away the basket of currencies and we just back Libra, buy USD. That might, not certainty, but might, as the regulator get comfortable, avoid the problem of Libra being not money, but rather a security or derivative. But then you've got to ask the question, where is blue that dollar collateral super-important? We've talked about all the different forms in which dollars can exist, is it in bank accounts? Is it in cash? Is it in coins? Out of the bank vault? Is it Federal Reserve Deposits? These are really important questions. Then let's say, I do have some Libra it's backed by some collateral. That's wonderful. Then we'll want to know, we've learned a lot about this during financial crisis and other crises, how do I protect my interest in the collateral? Now, to my mind, Libra is the currency board. We're going to issue some Libra and then we're going to back it one-to-one with the US dollar. The sad history of currency board and currency pegs in which we go through it, there are many of them, the sad history is that they work just great right up until the moment that they don't. Here's a picture of what happened in Argentina, 2001. Before 2001, I used to go there all the time for business and we go to an ATM and ask for a $1,000, didn't matter. They could give you [inaudible] if you wanted them. Dollars if you wanted them. It was one for one for a very long time. Then the currency board didn't quite do what it said it was going to do exactly, and the entire thing collapsed in a catastrophic way with devastating consequences for Argentina. In some way, it's still hasn't recovered. If you go back to Libra, you might ask, ''Well, what's the problem? Why was partners dropping out?'' There are concerns about sovereignty. There's the 'Big tech' publicity backlash. As in with all the questions about Facebook, now they're launching a currency. It's something that we almost never see. Unanimous global opposition from every corner, including the executive and legislative branches of the US government and both houses and both parties, plus the central bank, plus all the central banks, you don't often see everybody rise up unanimously, instantaneously like that. Without even coordinating their action, and we'll never know why, but here's my thesis, which is, go back to what we said earlier in the course. You can't talk about money, without talking about sovereignty, legal tender, extinguishment of data, and the sovereigns monopoly on the use of force within its boundaries, and indeed, the US extending portions of its sovereignty to anyone who transacts in dollars, the whole dollar chain. When you're at a global reserve, currency, and international trade is mostly priced than your current currency, and you take the view that anyone transacting in your currency is subject to some portions of US sovereignty. You've got something very powerful, and when someone shows up, and says, "I've got 2 billion users, more than any of you countries have citizens. Let me create the currency for you". That is not something that anyone is going to take lightly. In conclusion, I see all of these experiments in cryptocurrencies, and digital assets as fascinating piece of work. Of course, there are some components of fraud, and chicanery. There often is bad and a lot of new technologies, but much of it at least, is interesting, and a lot of it is absolutely brilliant, this all fascinating. I see Libra in particular, has a beautiful prototype of what a money could look like, but it's missing on the whole question of sovereignty, and I think after having been a student of John hogs, I'm not seeing the sovereigns ready to bow out in unison anytime soon. Money that's at odds with the sovereign is not likely to be one that works in my view. Let's talk about the "Desiderata"; what one would want to see in a digital US dollar. Now, when I was preparing this lecture, this is something that fascinates me, something I'm working on thinking hopefully I'd like to inspire you to think about it, and work on it, and generate ideas and prototypes. A width, but it was all rather abstract, I was also participating in the early launch of a non-profit foundation called the digital dollar project, and then COVID-19 happened, and there's a stimulus bill, and embedded in the stimulus bill, I've to go read the text. Very interesting language about directing the federal reserve to create a digital dollar at a wallet for those digital dollars. As you can see from this list of features, we'd like to see any a digital dollar, that's not something that one can be able to create in short order, but potentially building on a lot of what we have; bitcoin, some of the other cryptocurrencies such as the theorem, some of the highly experimental, and fascinating ones, there's a long list I'm happy to share with you, and also importantly, Libra. There is potentially the possibility of creating an open source project, that the Fed could just choose to use as an implementation of digital US dollars. Here are some of the features. It needs to be digital native, and it needs to be programmable, as Libra is. When something becomes programmable, it becomes a qualitatively different thing, and you can do strange, and wonderful things that you could not do with it, when it was merely passive. It needs to have APIs everywhere. There's going to be incredible complexity in this digital dollar, and it is important to hide that complexity, so that under the hood one can constantly change, and improve the implementation. Make it really easy to use robust, secure, reliable, high at time , and hiding everything complicated that has to be produced under the hood to deliver, produce those APIs. It has the balanced data privacy. Thing that's wonderful about the bearer bond that we call Federal Reserve notes, is that they are private. It isn't recorded who's holding onto that particular piece of cash, but you have to balance that data privacy, and anonymity with Anti Money-Laundering, and know your client controls. It need to be nearly instantaneous with some threshold, and some probability distribution. It absolutely in any reality that I can see must remain under the control of the bed, I suggested it also preserves the role of the regulated banking system, and money creation, we could debate that. It enable end to end settlement in financial market infrastructures, therefore payments, which we'll get to. It preserves, enhances the dollar status as the global reserve currency, which has consequences for economic policy, as well as diplomacy. Mike, in an increasingly multi-polar world, it must be resilient, it must be resistant to hacking, including the wallet it needs by partisan political will to move the idea forward. It needs the agreement of the government in the stimulus bill, perhaps we're seeing the beginning of that. Generally, it has been tough to pass, given politicization, of monetary policy, political gridlock, and perhaps this is an opportunity. I'll stop there, I can't wait for our first in-class discussion. Thank you for listening.
