Consume content

These two words embody many things that are wrong in technologybusiness and our society. Both words are forbidden in my company.

Do I still need to elaborate?

Abstract concepts such as “user” / “consumes” / “content” used routinely strip the things we love doing from all humanity and sense. When I listen how Apple engineers explain how you can put your content in a glassy rounded boxI sigh and remember how Steve Jobs was talking about concrete things that matter: people readingartists drawingmusicians composing. Things made sense and products were made with concrete purpose.

When we use such newspeak at workwe focus on the form and forget about the meaning. We stop communcating with clients and start living in our own world of platonic ideas. Results of such work do not make the life better. At bestthey produce temporary excitement and fading attention.

Be preciseseek meaningbe human.

I am into UI designsoftware architectureinformation security and crypto-anarchy.

On crypto industry

Blockchain is social game based on math tricks to escape 5000-year-old symmetry of force. Crypto assets are harder to steal than to protect. Bitcoin is better than gold in all respects. It is a 500-meter solid cast iron plateon which our entire civilisation can stand. For everyday finances people need a flexible super-structure and that’s why I am building TON. Blockchains give ultimate freedom to all of usthat’s why 99% of projects are scambut 1% make the revolution. Do your own research.

Select Public Talks

ZkVM talk at Zcon1 conference (SplitCroatia2019)

All cryptography is bad (RigaLatvia2019)

ZkVM Talk (Russian) (IzhevskRussia2021)

TON Scalability Masterclass (PragueCzech Republic2022)

Wallet W5 Standard Intro at TON Gateway (DubaiUAE2022)

Writings

Inventions in cryptography and Bitcoin.

Select articles on Bitcoin and cryptoanarchy.

Work

Building Tonkeeper: powerful wallet app for TON (2021-today).

Author of ZkVM: blockchain with confidential smart contracts (2019-2020).

Author of Gitboxa 5-star version control app for OS X.

Author of CoreBitcoina Bitcoin toolkit for Objective-C and Swift (2013-2015).

Author of BTCRubya Bitcoin toolkit for Ruby (2014-2015).

Designer and developer of Mycelium iOS wallet (2014).

Co-designer and developer of FunGolf GPScurrently TAG Heuer Golfthe best assistant app for golfers (2012-2014).

Initial designer and developer of VK video service (2007–2008).

Contacts

Email: [email protected]

Linked In: @oleganza

Twitter: @oleganza

Telegram channel: @oleganza_channel

Github: @oleganza

Location

LondonUK.

Sometimes you need to summon 3+ people in a group chat for a discussion. I’ve been using Telegram since it’s launch in 2013 and since then I have accumulated over 600 group chats. Most of those were added while working on Tonkeeper in the past 2.5 years. When people use group chats incorrectlywe all suffer from the consequences.

Here’s how to use group chats:

1. Make everyone an admin. This will allow others invite more peoplechange picture and settings later without bothering you.

2. While making everyone an admindo not check “remain anonymous”. The person won’t be able to untick it themselves ¯\_(ツ)_/¯.

3. Immediately turn off “history hidden from new members”. This will bite you when more people are coming in and miss out on important bits of information. In my practice keeping history secret was useful in grand total of three group chats in the past 2 years.

This advice works for 99% of family- and work-related chats. Of courseif you are starting a large communityor discuss something extra-sensistiveyou’d pay extra attention to the settings and tune them to your situation.

PS. I wish Telegram added a quick toggle for that behavior somewhere on the chat setup screen.

Building apps on a blockchain is very much like the top-tier racing sportF1. And it’s not about speedperformance or running in circles.

You seeF1 is a technical sport between some of the best engineers on the planetand the smartest one wins the trophies. In F1like in real lifethere is a stack of technical regulations saying what you can and cannot do. If you break the regulations — you are disqualified. If you meet the regulations — try hard to reach the fourththirdor maybe even a second place.

But in order to win your job is to find the gap — the one where the regulations mean one thingbut actually say a different one. That’s where the true geniuses figure out extra power and downforce to be added to otherwise excellent engineering expected from everyone in the paddock.

Blockchains and Fintech are somewhat like this. You don’t want to break the regulationsbut you also don’t want to make a complicit product — blockchain part adds more overhead and instability to whatever traditional piece of software you are doing. Blockchain products are used in the middle area: where people need to break away from corrupt status quo imposed by old orderachieve personal freedom and take personal responsibility. All while using it wisely and not get disqualified.

In F1 only the top of the top need to find the gap. In blockchain everyone has to play this game to stay afloat. Airdrops instead of ICOs. NFTs instead of securities. Self-custody apps instead of banks. Zero-knowledge protocols over cloud computing.

You don’t disrupt the world head-on. You work around the obstacles by building a better way.

Insightful quotes from an article by Marcel Weiher on Mojoa new language designed by Chris Lattner (the author of LLVM and Swift).

To those who don’t know: Mojo is a fun new language that extends Python with features usually reserved for “systems programming”: static type systemalgebraic types and memory ownership. The language is so funthe file extension is the fire emojiliterally: filename.🔥.

So here is the quote:

The scripted component pattern itself is a (common) solution to the problemfirst identified in the 70s that programming-in-the-large is not the same as programming-in-the-smallthat module implementation languages are not necessarily suitable as module interconnection languages.
...
The reason [Swift’s and ObjC’s made a] mistake is that it turns out that the connection language is actually the more general onethe component language is a specialisation of the connection language.
With this realisationMojo’s approach of making the connection language the base language make sense.

Bitcoin is dead againeconomies are in recessionwars are everywhere. It’s once again the time to build decentralized systems!

Preface

For the past 8 years I’ve been extensively studying cryptographyBitcoinpolitics of crypto-anarchy and cypherpunk culture. The very first day when I discovered Bitcoin I understood that the world is irreversibly moving towards decentralized finance based on asymmetric security offered by powerful cryptographic protocols.

As a product designerI decided to help bridge the UI/UX culture with the most hardcore cipherpunk culture. I built the first iOS library for Bitcoin that at some point powered half of the wallets on AppStore. My Bitcoin FAQ was recurring in the Bitcoin Magazine. I’ve written a number of popular articles on crypto-anarchy and Bitcoin.

I began studying cryptography by designing my own blind signature scheme aimed at improving security of crypto-wallets while not compromising ergonomics and privacy. Together with amazing Cathie Yun and Henry de Valence I’ve built zero-knowledge library Bulletproofs. Then on top of it — a novel blockchain format for confidential smart contracts ZkVM based on our prior work on TxVM with Dan Robinson and others at Chain.

TON born and reborn

While I was busy with ZkVMfolks at Telegram invented yet another blockchainTON (then — “Telegram Open Network”). They tried to do an ICObut were threatened by SEC and abandoned the project.

But TON did not die. The coins were dumped into mining contracts on the testnet (sidenote: ohthe irony — people mining coins on the proof-of-stake blockchain)from where the early community of developers and investors continued tinkering with the thing. This was somewhat similar to Bitcoin where we all had to decipher Bitcoin all by ourselves after its founder left the project without leaving much guidance.

In 2021 TON testnet was renamed into mainnetits coins got listed on a couple of exchanges and the activity around the network began to grow. That’s when I learned (to my surprise) that TON is no longer an abandonware and began work on Tonkeeper.

It’s all about scaling

TON is an attempt to resolve two conflicting requirements: provide a flexible development environment on the blockchain to allow any sort of apps to be programmedwhile making sure they also become horizontally scalable.

Bitcoin and Ethereum make two opposing choices here. Bitcoin (and LN) work fine at scalebut focus on virtually one use-case — securing your savings. Ethereum offers a simple yet powerful development environmentbut it does not scale for the intended use-cases.

The idea of TON is to solve both of these issues and roll out decentralized markets at a massive scale.

TON is weird

Any engineer worth their salt would recognize that there must be some tradeoff if you attempt to solve both problems. The tradeoff that TON makes is employing one of the weirdest execution models in the entire computer industry. TON’s model has elements of Smalltalk’s OOPErlang’s distributed processeshostility of web services and unforgiveness of smart contract and consensus systems.

In the name of scalabilityTON makes many hard decisions.

For instanceyour smart contract has to pay rent for its storage. When it runs out of money — it is frozenand when it runs out of money moreits entire state is completely forgotten. This is somewhat dangerous because the contract may later be reset and all its external messages could be replayed.

Another example: contracts cannot read each other’s state. Of coursewe can only send one-way messagesbut we can do some good-old client-server request-response exchangeright? Not really. Those requests and responses are taking many secondsyou cannot afford any locks or mutexes (due to denial-of-service exploits)and yours or someone else’s state may change in-between these communications. Your only option is to carefully design mostly unidirectional graphs of transactions where you “telldon’t ask” as Smalltalk programmers taught us.

One more shocking idea: in TON there are no allocations and no arrays. Your only array is the blockchain itself. The reason again is the goal of infinite scalability. The network shards the blockchainyou place your data all over the place so it’s not creating a bottlneck anywhere. If you have a multi-user contractyou should store per-user data in some sort of tokens — independent smart-contracts held by individual users. The endgame is to have O(1)-ish complexity of all the pieceswhich is goodbut sometimes feels like you are designing a real-time aviation software (which is also good).

Crossing the chasm

I think TON is an exciting technology. All its shortcomings are not rooted in the architecturebut in the lack of tooling and infrastructure. It is too low-level: it is a platform for building a platform for decentralized apps. Or maybe for a platform for a platform for a platform. The exciting bit is that we are starting to discover missing concepts and abstractions and can improve the design of the apps and programming languages.

This summer I kickstarted work on a new language for TON: Tact language. It is aimed at bringing order into highly asynchronous nature of smart contracts and make it easy to write secure multi-contract apps.

Later in this year I’ve attended a couple of TON-themed meetups in Prague and Dubaiwhere together with fellow developers we brainstormed a conceptual framework for TON contracts.

This is an exciting start of a long journey.

Apple has published a brochure Building a Trusted Ecosystem for Millions of Apps where they argue that the App Store is an important middleman that delivers safety to billions of people and that if people are allowed to load apps from random sourcesbad things™ would happen.

I respect many people at Apple who work real hard to push for better design and better technology. I also respect Apple as a commercial enterprise that knows how to make money that funds all that design and technology with scale and consistency.

Howeverwe should call propaganda for what it is. The App Store is not the important middleman that provides safety for the users. It is the design of the gadget itself that protects the owner and their data from malicious or malfunctioning code. Of coursethere are spots of imperfectionbut the App Store provides only a superficial and incomplete substitute for a solid technical solution within the design of the hardware and the software.

The principle

I’ll get to the boring commentary of the points made by the brochure belowbut before I’d like to remind you all of a principle formulated in 2010 by Ivan Krstić who still works on core security at Apple: “security driven by user intent”. At WWDC 2010Apple announced sandbox technology being brought from iPhone to the Mac. Ivan made an insightful presentation that explained the philosophy behind this:

• computers contain data of our entire lives,
• apps can be written by anyone and deployed over the internet,
• apps should not have access to all of user data by default,
• access to data should be driven by user intent so that the user always knows who has access to that data.

The most impressive example of applying this principle was “Open File” dialog in OS X Lion. Before sandboxingthe app would have access to the entire disk. When you want to open a filethe app would use a system framework within its address space to draw an “Open File” dialog to let user select a specific file. Within a sandboxthe app has only its own containerized folder (just like on every iPhone)plus a list of permissions granted to it by the kernel. The “Open File” dialog is no longer rendered by the appbut instead the system draws its own Finder window over the rectangle placeholder left by the app. What user sees is the same familiar experiencebut what happens behind the scenes is exactly what matches user’s intent: system-like dialog sees all files because the system has access to all these filesbut only the selected one is granted to the app. Same works for drag-and-drop: when a file is dropped to the appsystem grants access to that exact file.

The same principle works on the iPhone: when an app wants to select a file or a pictureit is the system dialog that appears and only the selected items are granted to the app. Same goes for the contacts in the address book. And since WWDC 2021there is even a location button that helps avoiding clunky Allow/Deny dialogs that annoy people and are not directly tied to intent and specific action. I’m eager to see this implemented for the camera and micso we can just press on/off buttons instead of being prompted whether we allow an app to spy on us indefinitely.

Ephemeral MAC addressesprivate relayone-time email addresses are all the technologiesnot policiesthat improve your security by minimizing leakage of private information.

As you have already noticedthis works for all appsno matter who developed and signed them: AppleApp Store or independent developers. It is the job of the operating system and hardware to keep your data safe and make sure apps do not interfere which each other. App Store is a nice service where you can find and easily buy/install applicationscompared to the wild webbut it is not and never be an effective guardian: only the operating system can do that job24/7 without any human supervision.

Boring commentary

We built the App Store to give developers from around the globe a place to build innovative apps that can reach a growing and thriving global community of over a billion users.

That is true: ease of use of App Store is what helps users spend money on appswhich is a great incentive for developers to build more and better.

Given the sheer scale of the App Store platformensuring iPhone security and safety was of critical importance to us from the start. Security researchers agree that iPhone is the safestmost secure mobile devicewhich allows our users to trust their devices with their most sensitive data.

That is also true: if everyone is keeping everything in their computers and installing millions of applications on themit is quite important to make computers secure at the core.

We built industry-leading security protections into the deviceand we created the App Storea trusted place where users can safely discover and download apps. On the App Storeapps come from known developers who have agreed to follow our guidelinesand are securely distributed to users free from interference from third parties. We review every single app and each app update to evaluate whether they meet our high standards. This processwhich we are constantly working to improveis designed to protect our users by keeping malwarecybercriminalsand scammers out of the App Store.

Notice how device security is placed on par with App Store policies. At their scale App Store is at best a “last resort” measure on top of the actual security provided by the device itself. There are and always will be people circumventing human-operated policies. HeckFacebook app is still shippingas far as I know.

Apps designed for children must follow strict guidelines around data collection and security designed to keep children safeand must be tightly integrated with iOS parental control features.

This paragraph fails to convince me why all adults must have crippled devices because that way kids are safer. Parents can turn on “kids mode” for their kids and not turn it on for themselves.

Apple reviews all apps and updates on the App Store to intercept those that could harm users. This includes apps that contain inappropriate content. [...]

Inappropriate content is another mind trick from a category “think of the children”. Inappropriate content has nothing to do with the security of your data and the number one application that contains all the inappropriate content in the world is a web browser that ships front and center with every computer.

A study found that devices that run on Android had 15 times more infections from malicious software than iPhonewith a key reason being that Android apps “can be downloaded from just about anywhere,” while everyday iPhone users can only download apps from one source: the App Store.

Nosorry. Android is not a single architectureit’s a piece of software that gets installed on random array of hardware. Most of shipping Android phones are generally cheap and less secure than iPhones.

That principle guides the high privacy standards we build into our products: we collect only the personal data strictly necessary to deliver a product or servicewe put the user in control by asking them for permission before apps can access sensitive dataand we provide clear indications when apps access certain sensitive features like the microphonecameraand the user’s location.

The access to data is managed by the system through (mostly) clever use of the principle “security driven by user intent” that I described above. It is actually a security hole to rely on some people with policies to manage data that’s flowing right in front of you on a computer that you have to trust anyway.

Todayit is extremely rare for any user to encounter malware on iPhone.

Yesbut not because of the App Store. See above.

Because of the large size of the iPhone user base and the sensitive data stored on their phones – photoslocation datahealth and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform.

We have to compare this risk with the risks present on the web: if a bad app could ask you to give it access to some photosthe same could be done by a website.

On a Mac there is an optional notarization service that lets users have confidence that the app is from a developer known to Apple. So ifsaythey permit the photo editing application access to the entire photo library and then later it is discovered that the app goes rogueApple would be able to hold the developer by the balls in the legal realm. But that does not mean the developer cannot distribute the app directly to their users without anyone at App Store vetting it upfront.

A sideloaded game bypasses parental controls.

The entire page 5 is telling a story how hardware is not capable (actuallyit is) of enforcing parental controls. The hardest part is filtering the web trafficand that’s certainly not the App Store’s job. Alsoif App Store was optionalthere is no problem in having a switch on a phone “only allow apps from 6+ category on the App Store” and a passcode.

Apple defending App Store on the grounds of kids’ safety sounds very patronizing: there is only one adult in the whole Apple universeand all of you are children incapable of thinking for yourselves.

At the parkthe copy-cat filter app John had sideloaded threatens to delete all of his photos unless he pays up.

I think Apple should work on a native Bitcoin wallet built into the Keychainso John has a more convenient way to pay up a ransom. Currentlyif your phone lets an app to encrypt/delete all its datait is very annoying to register on Bitcoin exchangefile paperworkset up a walletread the whitepaper and learn how to back up your private keys. A decent built-in solution for ransomware would be most welcome in this dangerous world. After allwe are all used to pay ransom for PCR tests to move aroundand that’s marginally more convenient than ransomware.

John unknowingly downloads a pirated app from a third-party app store.

There is this thing called TLS and Certificate Transparency on the web designed for specifically this scenario. It is a federated (not centralized) systemand pretty much free of charge with little censorship risks (except in Kazakhstan).

A sideloaded app violates John’s privacy.

What the app actually does that cannot be controlled by the hardware is always going to be learned the hard way: after enough damage is done. One way to prevent and limit the damage is to have developers known. And this is achieved by having notarization and TLS-like trust chainsnot via a centralized distribution channelthat cannot learn about the app’s malicious behaviour during a 2-day review.

In addition to the protections provided by App Reviewwe design our devices’ hardware and software to provide a last line of defense in case a harmful app is downloaded on the device.

The best defense relies on a combination of all layers – robust App Review to help prevent the installation of malicious appsand robust platform protections to limit the damage malicious apps can inflict.

That is quite a statement. In the end of the brochure Apple claims that it is the App Store that’s doing all the heavyliftingand the security architecture is simply the last line of defense. I don’t remember when any of the infosec people I know would be praising Apple’s distribution system: it was always the top-notch technical solutions that provide robusteasy to understand security model: from the CPU architectureto Secure Enclaveto filesystem encryptioncontainerization and sandboxfine-grained permissions system up to intent-driven UI security.

The end result is that security experts agree iPhone is the safestmost secure mobile device. Apple’s many layers of security provide users with an unparalleled level of protection from malicious softwaregiving users peace of mind.

This closing paragraph is entirely truebut Apple is dishonestly making you think it’s their policing that keeps you safenot the clever engineering and design.

TL;DR: make complex UIs driven by a domain-specific command-line languagewhich itself has interactive controls built into the flow of the commands.

Am I a crazy linuxperson who prefers to sit in front of a terminal all day? Nope.

Some fifteen years ago I was lucky to witness Autocad’s interface that’s pretty much all GUIbut that was having this little terminal with its own command language where you could draw things with precision. “Move 1 cm leftdraw 2 cm forward”. You type some commands with precise numbers in a comfortably large textfieldand you see the results immediately. Mistyped something? Undo and tweak the command. You get the same WYSIWYG feedbackbut without tinkering with mouse over millions of tiny textfieldsdropdownspanels and palettes.

Some seventeen years ago I was lucky to learn Wolfram Mathematica. That was quite different: a primarily text-based interfacebut supercharged to be interactivestructuredwith rich formatting and interactivity. This is how a command-line within a GUI should feel like.

I used Photoshop years before that day and then years after. And I still wish that maybe someday someone would make a graphics editor like Autocad was doing for agesbut making it even more interactive and responsiveakin to Mathematica’s notebook language.

When to use command line?

Command line may be intimidating for some simpleisolated and possibly rarely performed tasks. But when amount of compound complexity shoots through the roofthe right click menus and millions of tiny windows and modal dialogue panels just don’t scale.

When you need to do Xthen Ythen Z and customize each action with 5 parameters out of 55and then try the same with various tweaks here and thereyou really want a streamlined interface. And only a text-like flow is going to deliver that.

Pros of a command-line driven UI:

1. Precision: just type “thickness 0.33” and it’ll be 0.33 in an instance. In Photoshop today you have to either quickly drag a slider somewherewhich is not precisebut quick. Or hunt for a teeny-tiny textboxthen click itthen enter numbers. Awful!
2. Composition: if you need to express “same brush thickness as half the margin between these two things” you can do just thatinstead of manually calculating and typing two-three numbers in various spots several times overas you try different combinations. Just re-run the same command with one number tweaked each time.
3. Collaboration: you can copy-paste actions and edit them like a regular source codewithout wasting time navigating through windows and buttons or pressing quite invisible hotkeys after some video tutorial.
4. Editable history: if your whole document is driven by the command lineyou can simply store the whole document as a giant list of commands. So you can go back and rewrite/refactor it to your liking. Things can get much more powerfulfor free: you don’t have to do advanced tinkering with the commands unless you really want to.

There areof coursesome problemsbut we can use computers to solve computer problems:

Discoverability: how do i learn the syntax of all the commands?

Firstif you have a language aimed at composabilityyour command set would probably be a fraction of the number of menus and windows that you already have. E. g. you won’t be having three different ways to apply color adjustmentif you have a line that describes the adjustmentand another line that attaches it to a group of layers.

Secondno one prevents you from finding command in-place as you type and showing placeholder bubbles and documentationor even interactive controlsin-place. Have you ever typed formulas in Excel? Same thingand you can make it arbitrarily smartwith fuzzy text matching and contextual interactive UI elementslike they do in programming IDEs such as IntelliJ IDEA or Xcode.

Thirdyou can still have good-old menus and dialogues to fill in the commands. But have you noticed the Mac’s “search commands” field in every Help menu? That’s a tiny command line that lets you find a command by typing words. Take a hint!

Programming is hardI’m a visual person!

It is absolutely possible to make this sort of interface progressively accessible. Draw things with your mouse or click some commonly used toolbar buttons: the UI will fill in the generated commands. You can ignore themor you can go and tweak the numbers.

Example: draw a rectangle on a screen. The UI will show the rectangle and the command “rect x:1y:2w:301h:499”. Wanna round numbers? Just click them and editright from keyboard. Wanna two of those? Copy-pasteadd 100 to the y-coordinate. And see the result instantly. Easy and natural! Once you try it (provided feedback is instant and autocomplete is smart)you will never go back.

Do I have to type all bezier curve parameters like a robot?

Of course not! Imagine an object “curve from 0 to 1”. It is the same thing that we use for color adjustment or a shadow profile. Just let it be a type. And then you can render it within the command linelike a floating 2D object that you can interact with. And if you really have toswitch it into all-text mode with all nasty curve parameters shown as-is.

How do we move forward?

1. Think of your process as a domain-specific programwith nouns (objects) and verbs (actions).
2. Make a file format out of that language.
3. Drive the UI by the language.
4. Make super-charged autocomplete. See the leading IDEs for example.
5. Embed UI into the language. Color picker for a colorsliders for numerical values2D controls for 2D objects etc.
6. Programming text editors is no funespecially if the text has custom floating interactive controls all over it. So we really have to create a reusable toolkit for working with text-intermixed-with-controls. That’s a pain well worth capitalizing onand/or amortizing across many products.
7. Make a great product for graphics/video/animation/3D/rocket science that boosts productivity 20x.
8. Profit.

Symmetrical power is defined by the risk being proportional to the potential gain. This automatically translates into “the bigger guy wins”.

Example 1: security of the physical goldwhich is easily confiscated by the state and is now largely held by central banks.

Example 2: second amendment in US. Militia formed by armed citizens is going to lose against same-sized army professionally organized by the state.

Asymmetrical power is defined by the risk being significantly lower than the potential gain.

Example 3: state-organized army. The generals and politicians bear virtually zero riskwhile reaping all the gains.

Example 4: Bitcoin. It is significantly cheaper for individuals to protect their bitcoins against large-scale confiscationthan to perform such attack.

It is easy to see that asymmetrical munitions will always win over symmetrical munitions.

There is an interesting difference between the armies and Bitcointhough. Armies are asymmetrically powerful in the hands of their leaders at the large socialized expense: maintaining loyalty of the citizens who have to pay ever-growing taxes. Costs of running Bitcoin are measurable and adjusted by the marketwithout the use of coercionvoluntarily supported by the expanding entirety of the Bitcoin users (who pay for the inflation and fees).

Success of the army means expansion of the empire and further concentration of the power in the hands of the state. Success of Bitcoin means that wealth spreads further instead of being confiscated and concentrateddiminishing relative coercive power of every individual.

We can now formulate the crypto-anarchy conjecture:

1. The traditional political process is application of symmetric power and will not scale down empires.
2. Second amendment and militia are also symmetrically powerful and will not protect people from empires.
3. Empire’s asymmetrical power towards its population expands until it destroys the economy it feeds on.
4. Bitcoin being asymmetrically secure is better than any other known tool in protecting individual’s wealth.
5. Dynamic of the (4) vs (3) means that Bitcoin may cause the state run out of money before the economy is destroyed.

This is a declaration of a new era.

Cryptography was almost exclusively a military technology for centuries. When in 1990s millions of personal computers connected to the internetcryptography graduated from a munition to an industrial tool to secure credit card payments over a globalopen and hostile environment.

For the next 20 years cryptographic research and engineering was very vibrantbut culminating in a loud confirmation by Edward Snowden that the resulting products were not good enough. SSLPGP and other protocols turned out to be insecuretheir implementations were buggy and hard maintainall cryptographic primitives are broken and/or easy to misuse (MD5RC4RSA). High-level protocols were full of design and engineering mistakes and full of misunderstandings. The whole discipline had a culture of abstinence-only cryptography andas a resultpoor engineering standards mixed with academic hubris and sabotage by the governments. 20 years of real-world cryptography produced a few useful artifacts and a lot of mess.

Thenthree things started to happen:

Firstpersonal computers and the internet reached very deep into lives of almost everyone. Individuals now store their entire life in affordable pocket computersbusinesses run all their operations over the internetgovernments routinely participate in cyberwars. The importance of securing information shifted from “good to have” to “actively desirable”. Applethe most valuable corporation on Earthis selling billions of computers with _security_ and _privacy_ as a one of their main selling points.

SecondBitcoin and blockchains happened. Things envisioned by Nick SzaboHal FinneyWei DaiTim May and other cypherpunks back in 1990s finally started to materialize. The internet discovered a whole new continent: with “wild west” anarchy“gold rushes”and massive real and fictional opportunities. On that continent the excellence in cryptography is no longer simply desirablebut becomes vitally important: the unauthorized access to data now equates to the immediate loss of unbounded amount of highly liquid assets.

Finallya new generation of software engineers has grown upwho have an enormous enthusiasm to fix mistakes of the past and bring cryptographic engineering to a new level: with clean designsexcellent documentationrecord-breaking performancesafety and usabilityandmost importantlystrong ethics.

Today we have robust cryptographic building blocks that are not only safer and fasterbut also designed to be composable and extensible to build on top of them with confidence: such as KeccakAES-SIV and Ristretto.

We have better programming languages (RustGoSwift) where engineering can be done with claritysafety and ease. Pure Rust libraries such as Miscreant and Dalek set a new bar for all cryptography engineers.

For the first time everthe ambitious ideas of zero-knowledge proofs that were stuck in academic papers for many years are finally implemented for the blockchain applications: ZcashConfidential TransactionsMonero and Bulletproofs.

We are living in a renaissance era of cryptography: we have fantastic toolsamazing people and strong demand for high-quality cryptographic products with direct financial incentives. We are now at a lift-off point: we have a strong foundation to build upon with confidence. Now is the best time ever to learn and work with cryptography. Expect truly transformative technologies come out of this mix in the coming years.

Bill Gates on Reddit AMA:

The main feature of crypto currencies is their anonymity. I don’t think this is a good thing. The Governments ability to find money laundering and tax evasion and terrorist funding is a good thing. Right now crypto currencies are used for buying fentanyl and other drugs so it is a rare technology that has caused deaths in a fairly direct way. I think the speculative wave around ICOs and crypto currencies is super risky for those who go long.

Lets nitpick line by line.

The main feature of crypto currencies is their anonymity.

Wrong. Bitcoin is pretty hard to use anonymously while virtually no one uses altcoins designed to be more anonymous. Anonymity is a featurebut not the main one. The main feature is sovereignty.

I don’t think this is a good thing.

Wrong. The anonymity (and sovereignty) that Bitcoin gives to each individual holder is very goodbecause it’s virtually the only tool that protects the individual against all-powerful police states all around the world.

The Governments ability to find money laundering and tax evasion and terrorist funding is a good thing.

Wrong. The governments’ ability to do things rests on large-scale extortion. Governments themselves run giant money scamsextract nominal fees from banks that launder moneyfund terrorists around the world and finance unimaginable range of guns and other sadistic devices such as prisonspublic schools and DMVs.

Right now crypto currencies are used for buying fentanyl and other drugs so it is a rare technology that has caused deaths in a fairly direct way.

Non sequitur. USD cash is used for buying all sorts of drugs too. AlsoUSD is involved in financing the largest military-industrial complex in the entire world for the last several decadesthat has caused deaths in a fairly direct way at a scale which makes the entire cryptocurrency activity a joke. Even more direct is government messing with substances to actually hurt people.

At the same timethe correct monetary policy of Bitcoin (restricted supply and immutable rules) and a resulting 7x/yr average appreciation over the past 9 years is a huge motivating factor for saving both money and health so one can enjoy a rich and fulfilling life in the long run. People who realize it not only try to stay away from illegal transactionsbut also avoid the harming legal ones (e. g. quit smoking).

I think the speculative wave around ICOs and crypto currencies is super risky for those who go long.

Wrong. It is actuallymore risky to get involved in the speculative wave of ICOs and try to time the marketnot for those who go long on Bitcoin.

Blockchain is a data structure for proving that certain events happened in a specific order.

Blockchain consists of a chain of timestamped blocks of events. Events are often called transactions.

Why timestamps? To not only order events relativelybut also pin them to the real time as it’s way more useful and in some cases necessary to make plain ordering work (e.g in Bitcoin to readjust difficulty).

Why chains? To cryptographically link past events to the current eventspreserving their order under the latest timestamp.

Why blocks? Because it is relatively expensive to timestamp an eventso almost every blockchain protocol groups multiple events in a single block that gets timestamped.

Why timestamps are expensive? It takes time to reach an agreement in a distributed system. The more distributed and less well-connected the system isthe longer it takes.

What blockchain is not

Blockchain is not a “shared” or any other kind of databaseblockchain is only a proof. Blockchain is typically used as a mechanism to update one’s database. The illusion of a shared database is created by multiple computers updating their databases using the same blockchainand arriving to the same contents. Usually only a specific slice of such databases is replicated (for instancein Bitcoin it is the set of all unspent coins)while the rest of the data is more user-specific or even private (account namestransaction annotations etc).

Blockchain is not a product in itself. Blockchain is a cryptographic proof and as such works only within specific assumptions. For instanceBitcoin proves that a certain amount has changed hands under assumption that it is prohibitively expensive to double-spend (or reverse) that transfer and that the network is well-connected in order to detect such attempts early. Likewisecommercial/federated blockchain network assumes that the operators protect their infrastructure well from abuse and do not fork the chain. Blockchain is only a component in a larger integrated system.

Blockchain is not a transport mechanism. Transport mechanisms are necessary for delivery and replication of blockchains. Blockchain is not where “money flows”it’s a place where money already moved and we have a proof of it.

Blockchain is not a “distributed system” in a traditional sense. Most distributed systems distribute load. Blockchains distribute vulnerability. For exampleBittorrent network and distributed/sharded databases distribute traffic and processing costs so that any single node does not have to service all requests. In a blockchain network nodes replicate and verify the same information in order to minimize vulnerability to any single node or entity.

On blockchain scalability

Traditional distributed systems are designed to scale the computational throughputblockchains are designed to scale social interactions. Bitcoin nodes re-verify all same data and miners burn unforgivable amounts of electricitybut in return people in random jurisdictions can transact directly without numerous intermediaries and associated trust issues. As a resultthe measurable costs in terms of money and time are significantly lowered and immeasurable _business opportunities_ are unlocked when more transactions become cost-effective at all.

Modern programming languages allow building sophisticated modular systemswhere everything is in the right place and feels good. Enthusiastic engineers invent more and more powerful abstractions so we can build our software with ease and confidence.

Howeverthere is a caveat. Power of abstractions is often considered by one factor only: the formal onethat qualifies how much things are “normalized” and “decomplected”. I would argue that there are a few otherno less important factors. For instancemental overhead and convenience. When formalism is pushed to the limitthe usability of the framework usually goes to nil.

The key to success isas usual80/20. If you keep your formalism at 80% towards Absolute Perfectionyou have a chance of keeping the whopping 80% of usability and other nice properties. Think of this as Perl in reverse: Perl pushes convenience well over 80%making programs hard to analyze formally. Watch for all factorsbut stay humbleso radical improvements in one direction do not destroy all the others.

99% of ideas around Bitcoin existed long before 2008. There was a proof-of-work moneythere was a bit gold idea and there was paper on distributed property titles. Not to mention all the necessary cryptography that existed for decades.

The missing link was a simple idea: instead of tracking individual proof-of-work coins of bit gold inside some distributed property title registrylets turn the problem inside out and put the registry inside a single coin. This waythe registry will track fractions of that coinand the coin will be made perpetually scarce and identifiable due to never-ending amount of proof-of-work piling up on top of it.

Since it’s going to be just one coin of bit goldit’s only fair to call it bitcoin.

Bitcoin is like physical cash: it is not reversible and you are responsible for handling it. If you lose your walletyou lose your money. You can give bitcoins to someone to hold them for youbut it will be like with any bank: you have to trust them that they won’t run away with your money.

Bitcoin is unlike physical cash: you can store as much as you want and it will not take any space. You can send it over the wire to anyone. It is impossible to counterfeit. You can’t give it in one second: to actually guarantee that transaction has happenedyou have to wait 10-15 minutes for the cryptographic proof to be produced by the network.

Bitcoin is like gold: it cannot be produced at willthere is a limited amount of it and this amount is scattered in spacetime continuum (mostly time). To get some bitcoins someone should give them to youor you should *mine* them. Like goldBitcoin is shiny: it attracts people with its beautiful engineeringbuilt-in contract programming languagewise incentivesand libertarian promise of freedom from coercion.

Bitcoin is unlike gold: supply of Bitcoin is completely fixed via scheduled mining (only so much bitcoins are created per hour). You have a guarantee that no one will suddenly find a mountain of bitgold or mine it on asteroids. Unlike goldBitcoin difficulty is adjusted to the mining efforts to keep the schedule fixed. You may dig up all the gold in one daybut it will never be possible with Bitcoin no matter how fast computers will ever become. Growing mining efforts can only bend schedule slightly (network adjusts difficulty to producing 6 blocks per hourbut if network constantly grows it may produce 7-8 blocks per hour).

Bitcoin is like a bank: there are computersdatabases and transactions. Databases store the entire history of all incoming and outgoing payments: who send how much to whom. Everything is digital. There are no vaults with gold or personal deposit boxesonly bookkeeping in a single “ledger”.

Bitcoin is unlike a bank: everyone can verify that their database contains the same ledger data as everyone else’s. There is no manager in charge of updating the ledger and making sure it is not tampered with. Any person may have as many accounts as they like and all accounts are anonymous (unless one reveals his identity himself). Ledger does not store namesonly balances and account numbers. There is no possibility of a “fractional reserve” when bank loans out more money than it actually has. In factthere are no debts on bitcoin ledger: either you have money on your address and it is fully yoursor you don’t and you can’t use it at all. AlsoBitcoin allows to lock money with “contracts”: cryptographic puzzles designed to spread the decision making between several people or across time.

Bitcoin is like Monopoly money: coins are abstract tokens that are not claims to any value. People value them because they choose to play the game. In factthe same is true for gold or any other money.

Bitcoin is unlike Monopoly money: there is a limited supply of tokens and no one can counterfeit them. This makes them a good candidate for a universally recognized collectible like gold or silver coins.

Bitcoin is like a battery: if you have excess energy that would otherwise be wastedyou could turn it into mining. The resulting bitcoins can travel in any other place of the planet with a speed of light. If you build a giant hydro dam that cannot be fully utilized for several yearsmining provides an immediate income that partly offsets development costs. Some people believe Bitcoin could help accelerate transition to renewable energy sources this way.

Bitcoin is unlike a battery: Bitcoin does not give energy backit only sucks it in. Alsoit is not profitable to deploy machinery in various places in the world and switch it on and offas cost of electricity fluctuates: it would be a fun arbitragebut mining equipment depreciates too quickly to let it stay idle.

Bitcoin is like Git: in Git (a distributed version control system) all your changes are organized in a chain protected by cryptographic hashes. If you trust the latest hashyou can get all the previous information (or any part of it) from any source and still verify that it is what you expect. Similarlyin Bitcoinall transactions are organized in a chain (*the blockchain*) and once validatedno matter where they are storedyou can always trust any piece of blockchain by checking a chain of hashes that link to a hash you already trust. This naturally enables distributed storage and easy integrity checks.

Bitcoin is unlike Git in a way that everyone strives to work on a single branch. In Git everyone may have several branches and fork and merge them all day long. In Bitcoin one cannot “merge” forks. The blockchain is a actually a tree of transaction historiesbut there is always one biggest branch (which has the value) and some accidental mini-branches (no more than one-two blocks long) that have no value at all. In Git content matters more than branchesin Bitcoin consensus matters more than content.

Bitcoin is like Bittorrent: the network is fully decentralizedthere is no single “mint” or “bank”. The blockchain is like a single file on bittorrent: cryptographically authenticated and shared across many computers. Every participantincluding miners are acting on equal grounds. If one part of the network becomes disruptedtransactions can flow through other parts. Even if the entire network goes downinformation about transactions is still stored on many thousands of independent computers and no one’s money is lost. When people connect with each other againthey can continue sending transactions like nothing happened. Both Bitcoin and Bittorrent can survive a nuclear war because information does not become radioactive and can be safely replicated.

Bitcoin is unlike Bittorrent: instead of many independent “files”there is one file that always grows: the blockchain. Alsothe most important participants: miners are actually getting rewarded for their work with real money.

Bitcoin is like freedom of speech: every transaction is a short public message that can be pronounced no matter where or how. If some miners hear itthey will add it in the blockchain and that message will be forever in the history. Everyone will see it and no one will be able to erase it.

Bitcoin is unlike freedom of speech: saying something comes with a cost. Transaction moves coins that you must have to start with. So not every moron is allowed to shoutbut only those who had a merit to acquire some coins in the first place. Alsominers may reject transaction if it’s spammy or does not contain enough fees. So no one provides anyone with freedom as “in beer”but everyone tries to cooperate on a voluntary basis.

Bitcoin is like a social contract: it is a pure cultural phenomenon. It works as money as long as people treat it as such and have guts to hold it and respect its rules. Technology is needed only insomuch to provide necessary plumbing for that contract.

Bitcoin is unlike a social contract: it is not the kind of a contract that they teach at schools. It’s not flexibleand it’s not imposed by any ruler. It’s a set of rules that everyone chooses to play bytherefore adding weight to the existing consensus.

Bitcoin is like magic internet money: it simply is.

Bitcoin compared to traditional financial assets is the same as Tesla compared to gasoline cars. Both Bitcoin and Tesla are sustainablerequire less maintenance and eliminate bullshit on a planetary scale.

Recently Elon Musk showed a new truck and a new roadster. Both are the same thing: a batterycouple of motors and a few wheels. Both are very fastefficient and both not only beat the shit out of every competitor in their categoriesbut also reshape the whole industry by removing a lot of unnecessary parts and making old problems irrelevant.

Takefor examplea Tesla Semi:

1. There is no transmissionno cylindersno oilno radiatorsno shaft.
2. Nothing explodes near your crotch 3000 times per minute. Insteadyour car is powered by a sustainable solar energy: during the day charging stations accumulate the sunlight non-stop and during the night fill the car’s battery.
3. There are brakesbut you never have to change them because you’d brake via motors most of the timeand guess what — they will return energy back to the battery.
4. Four small motors are directly connected to four wheels. Not only the motors are the same as the motors in sedans (gaining from economy of scale)but they also provide independent torque to each wheelgiving better traction and better safety.
5. A convoy of three trucks beats the rail: it’s not just more cost-efficient per kilometerbut you can deliver your load directly from door to doorwithout extra stations and re-loading your cargo from a train to a truck. You can now imagine how the entire problem of moving goods by land is going to be solved in a much more efficient manner.

Tesla Roadster is the same storybut applied to supercars. It beats all performance recordsbut because there is less moving partsthere is more space in the trunkyou can seat 2 more passengers and you can make 1000 km on a single charge. Ohand it costs 5 to 10 times cheaper than all supercars that it outperforms. In other wordsyour non-toy everyday car can be a supercar. Even their SUV outperforms a Lamborghini.

How does it apply to Bitcoin? Bitcoin is also like a highly efficient battery with very little moving parts.

1. Bitcoin is a very efficient battery: your stored value is impossible to siphon away via inflation and very hard to confiscate directly.
2. Bitcoin is a very cheap battery: your stored value does not need maintenance or annual fees. It just sits where you put it and does not occupy any space.
3. Since everyone can save moneythere will be no need for consumer credits with their invasive personal records that leak all the time.
4. The need for specialized insurance will be reduced to very low-probability issues. When you have more savingsyou can afford higher deductible for your car insurance and pay less monthlywhich helps saving money even better.
5. Personal computers enable such a high level of securitythere is no need to punish merchants with costs of fraud: payments can be settled much faster and without the need for payers to provide tons of personal information that is eventually leaked too.
6. As money appreciates rather than depreciatespeople will be more careful at spending it: the demand shifts towards higher-qualitylonger-living products. You knowlike Teslas.
7. There will be less VC bullshit like “99% startups failso we’ll spread funds thin among 1000 startups”. The money will not grow on trees anymore. Most startups will start with their own savings and will provide actual value to actual consumersbecause people are not going to part with their bitcoins that easily. Instead of trying to satisfy 3 rich investment “partners” (who just want to resell their stock to the bigger fool) and share your business with themyou will have 100% of your own business and will have to satisfy thousands of diverse customers who do not have any hidden agenda.
8. People will work less and smarter: everyone wants to earn sound moneybut having real savingseveryone can afford more time for personal growth and family. Like working 30 hours a week instead of 60. And with less stress and a higher self esteem. People can make families at a younger agewith less health issues. Kids will grow with more active parents that allocate more attention to them.
9. FinallyBitcoin works without kings and politicians: as a resultnothing will explode near yours or anyone’s crotchjust like in a Tesla. Who would spend money that can only be earnednot stolen or inflatedon purely destructive activity? Governments won’t be able to maintain huge armies and be at constant war all over the world: they’d have to start knocking on everyone’s door for extra cash.

Just like Tesla changes the paradigm of transportationBitcoin changes the paradigm of finance and security: many existing problems and solutions simply become irrelevant.

You can only buy Bitcoin once in your life. You are going to make your homework and buy some coins with the intent to hold them for at least several years. They will (probably) eventually increase in valueso buying more some time after would not make a difference to your balance.

Unlike popular ponzi schemessuch as social securitypension funds and modern stock marketthere are no dividends: you cannot earn more bitcoin by holding bitcoin. You can only sellin which case you can get something useful backbut you would have to give your bitcoins to other people. The amount of bitcoins you have will only decrease.

People who understand that are rushing to buy as much as possible to have a better starting position. Because when you go from zero bitcoins to some bitcoinsthat’s all you are going to ever have. This also explains all the insane level of attacks on Bitcoin in 2017: big money comes in and has only one chance to buy as much as possiblehence all the drama attempting to slow down the price while Coinbase signs up one million accounts per month.

There are three caveatsthough.

First: most people would learn about bitcoin when its price has just increased rapidly and has a large amount of short-term speculation in it. They will buy at $1000 in 2013 only to witness the price sliding down to $250 in 2015.

Second: you have a lot of personal responsibility with Bitcoin. You can lose it in million different ways if you are not careful — hackers can steal it from youyour wallet provider can defraud youyou can “invest” in some “crypto currency” etc.

Third: an attempt to create a new kind of money is not a matter of technologybut a purely cultural phenomenon. Any money has value because many people are simply willing to hold it in their pockets. Technology is only there to provide plumbing for the shared hallucinationbut does not actually induce it. If you do not believe in that cultural shift or do not support itby all means you should not buy Bitcoin.

All the money ever does is “sits”. It never “moves”. Switching ownership is instantso “sitting” takes 100% of money’s activity. If your money burns a hole in your pocketit is not because “money must move”it is because you have shitty money. A better money does not burn the pocket and sits calmly without losing its value waiting for a good opportunity to be spent on a worthy thing in the future. Money is the insurance against uncertainty.

Most people do not understand that because they hardly have any money: instead they have wagesfees and debt — they only see a shadow of money moving from their paycheck directly into their rent and groceries. And for the most partit is because paper money loses its value all the time and does not permit savings.

If you do not belive mehere is a quote from Murray Rothbard published in 1963“What Has Government Done to Our Money?”:

Economists err if they believe something is wrong when money is not in constantactive “circulation.” Money is only useful for exchange valuetruebut it is not only useful at the actual moment of exchange. This truth has been often overlooked. Money is just as useful when lying “idle” in somebody’s cash balanceeven in a miser’s “hoard.” (At what point does a man’s cash balance become a faintly disreputable “hoard,” or the prudent man a miser? It is impossible to fix any definite criterion: generallythe charge of “hoarding” means that A is keeping more cash than B thinks is appropriate for A.) For that money is being held now in wait for possible future exchange — it supplies to its ownerright nowthe usefulness of permitting exchanges at any time — present or future — the owner might desire.

It should be remembered that all gold must be owned by someoneand therefore that all gold must be held in people’s cash balances. If there are 3,000 tons of gold in the societyall 3,000 tons must be owned and heldat any one timein the cash balances of individual people. The total sum of cash balances is always identical with the total supply of money in the society. Thusironicallyif it were not for the uncertainty of the real worldthere could be no monetary system at all! In a certain worldno one would be willing to hold cashso the demand for money in society would fall infinitelyprices would skyrocket without endand any monetary system would break down. Instead of the existence of cash balances being an annoying and troublesome factorinterfering with monetary exchangeit is absolutely necessary to any monetary economy.

It is misleadingfurthermoreto say that money “circulates.” Like all metaphors taken from the physical sciencesit connotes some sort of mechanical processindependent of human willwhich moves at a certain speed of flowor “velocity.” Actuallymoney does not “circulate”; it isfrom timeto timetransferred from one person’s cash balance to another’s. The existence of moneyonce againdepends upon people’s willingness to hold cash balances.

Computer science and applied cryptography in particularhas a hierarchy of building blockswhere higher-order blocks are composed of lower-order blocks.

Roughlythe hierarchy looks like this:

1. Charge and current in electric circuits
2. Bits
3. Bytes & words
4. Data structures
5. Permutations: block ciphershash functions
6. Self-authenticated data structures (e. g. hash-trees)
7. Symmetric encryption and authentication
8. Public key cryptography: digital signaturesshared secretsasymmetric encryption.
9. Certificates and chains of trust (e. g. X.509PGP web of trust)
10. Timestamped append-only logs (e. g. Certificate Transparency)

Blockchain protocols are made of these building blocks in order to offer a new kind of a building block: the digital asset.

Digital assets simplify and expand some schemes that struggle with lower-level primitives such as digital signatures and certificates.

In money: digital assets are bearer instruments that can be exchanged between parties that do not trust each otherwhile signatures only facilitate point-to-point exchange between trusting parties.

In supply chains: digital assets represent certificates of acceptance enabling end-to-end security for each participant in the supply chainautomating provenance and improving security of payments. E. g. a payment can be locked by condition that a particular set of certificates are producedinstead of deferring it to a third party escrowincreasing the surface of vulnerability.

In consumer payments: digital assets are used to represent not only payment instruments (cashrewardsloyalty points)but also receipts and sometimes products themselves (tickets and prepaid cards).

In things: digital assets represent access tokens to devices running tamper-resistant computers that can be efficiently delegatedused as a collateralbought and sold. E. g. lockboxesvending machines and cars.

What about smart contracts? Aren’t those the next higher-order primitive? Not quite. Smart contracts use formal language to describe context-specific policyso their impact depends on that context. Smart contracts inside a public key infrastructure (e. g. certificates) enable more sophisticated signing rulesbut only within limitations and assumptions of such infrastructure. Smart contracts that control digital assets take advantage of their bearer instrument nature secured by entire blockchain network that acts as very slow and very secure computer. Smart contracts are importantbut play a supportive role in systems built on top of digital assets.

Whenever you wonder how could a blockchain protocol help with a given problemreframe the question in terms of digital assets. If there is something that can be defined as a digitally transferrable thing and benefit from automation and improved security of such transfersthen you have a reason to consider blockchain as part of your design. If notthen blockchain is probably not what you need: it would be either irrelevant (e. g. health records on blockchain) or grossly inefficient (e. g. arbitrary computation environment).

Originally published on March 282017