hi everyone this is charles hoskinson broadcasting live from warm sunny colorado always warm always sunny sometimes colorado i didn't have time yesterday but i have a little bit of time in my schedule today before i go home i wanted to talk a little bit about proof of work versus proof of stake and actually this video is made for jack dorsey so yesterday jack said yeah proof of work is better than proof of stake because proof of work is less centralized and more secure uh and you know this is a common thing that people that are indoctrinated in the school of uh bitcoin uh tend to say and it's a bizarre thing uh normally most people laymen don't have strong opinions on consensus protocols in computer science it's kind of like saying what is your favorite surgical procedure or method to stitch up a patient like if you're a surgeon you'll probably have a way of going about that and an opinion but if you're a layman you'd be like i have no idea you know i don't know i like cholecystectomies or something like that who knows and uh and so what's happened though is because everybody wants to be an expert everybody wants to talk about these things uh what we've had is this unfortunate conversation which is really difficult to actually converge to anything meaningful and the purpose of this video is to kind of talk a little bit about how to think about these things and if you're actually curious of doing the hard work of developing a good opinion i actually i'm going to give you guys some great resources specifically for that so let me go ahead and share my screen and there we go okay so the first thing to look at is this lovely paper from leslie lamport and actually this is one of the most famous papers in computer science times clocks in the ordering of events and distributed systems and leslie published this uh back in i think it was the 1970s and it has about uh 12 000 citations it's one of the most cited papers in the history of computer science uh and this this paper really outlines kind of a difficult problem and it discusses ways you go about thinking about it and solving it so ordinarily when you're just a single person and you're observing something so let's say that you're alice okay and we'll give her a nice little dress and you you see an event and we'll call that event a and then you see event b okay and this is occurring in a local setting alice can order these and say oh okay well event a happened first and then event b all right but the problem is when you start introducing more actors like right here is bob and he's witnessing it and from bob's perspective looking at it he saw event b first so that happened first and then he saw event a so that happened second so the question is who's right is it bob or is it alice it's a really interesting question and lamport actually discusses this amongst other concepts and he calls it kind of a partial ordering and there's all kinds of things that have come from here i and it's actually created a beautiful lovely field of computer science called distributed systems and uh for this work and other work lampport was awarded the nobel prize at computer science the turing award and he's a lovely guy i uh he recently came spoke at our internal seminar and we had a chance to talk about tla amongst other things i was trying to go to him into talking about clocks and paxos and he's like oh i don't do that anymore i do a tla now and if you're really curious you really want to learn all these principles first you kind of have to learn these types of things running on a single computer then you go to the next level up which is a collection of computers that are in different locations and i have two wonderful resources for you guys first a series of lectures out of mit it's mit 6.824 the distributed systems class and it covers introduction rpc and threads gfc and replication and go and threads and so forth all the way down and it actually eventually talks about bitcoin at the very end and then there's another series of lectures from martin klepman over at university of cambridge and uh these cover all kinds of cool topics as well and it's eight part lecture series so i'd recommend both of these very highly they're not for the layman uh you have to kind of have a pretty good programming background and understand computer science to be able to make the best out of it but the point is this is a this is a topic unto itself and it's something that's why i mentioned the surgery uh situation it's something you really have to have a lot of knowledge to start developing a strong opinion about certain things but in general when you talk about these types of problems the first thing that you do is you try to work on definitions and foundations and one of the things that our scientists did they wrote a lovely paper which actually has about 100 citations and this is the gkl paper it's its formal name is the bitcoin backbone protocol analysis and applications and this has been cited as much as pretty much any other crypto paper 1100 times a very famous paper it's by juan grey who's at texas a m and two eyewitch klums agalos our chief scientist and nicola larnatus who is running the university athens lab with others and basically what this paper does is it tries to create definitions and foundations so it creates some foundational functions you know this concept of a content validation predicate an input contribution function and so forth and it gives you a way of talking about uh a cryptocurrency protocol and so then you get properties out of it and two in particular the common prefix property and the chain quality property and what this is really nice is it's a theoretical foundation and you can prove all kinds of interesting and nice properties about this foundation but then once you have that what you can do is develop what's called a security model okay so what a security model does is it says all right i have some sort of adversary and he's evil so give him a little monocle and a top hat and a cane and the adversary basically is always trying to break things and what your security model basically tells you is when they're going to win and when they're going to lose okay so what attacks are you defend against and what attacks are you not defended against and that's always connected to the capabilities of the adversary okay so your capabilities for example do they have a classical computer do they have access to your computer can they ease drop on the communication medium and and collect messages or maybe they have a quantum computer okay so oftentimes you'll hear things like cryptocurrencies are not secure against quantum computers what they're basically saying is if your adversary has a quantum computer capability then the security model may not hold and the adversary may be able to win and this is what cryptographers think about when they're modeling and building protocols so there's plenty of protocols that allow you to sort out orders and decide when events have happened your transaction or my transaction and basically be the engine of a distributed system so in the case of cryptocurrencies you have to move from one block to another block and those protocols may be what are called byzantine fault tolerant or non-byzantine altars they might not be able to admit by teen actors in other words can you have an adversary in your system and can and it will the presence of that adversary break the system or not so here's an example of a non-byzantine fault term very simplistic protocol let's say you have a set of seven people and what you do is you say oh okay uh we're gonna pick from this set of seven people who gets to be in charge and make a block for our blockchain and what we're gonna do is have a random number generator and have each and every one of them run a random number generator and whichever one is the minimum that's going to be the winner for that round okay and actually intel did do this this is i think a proof of elapsed time or something like that for something called sawtooth now on normal computers this is actually not a secure algorithm because what i can do is i can just hijack my random number generator and let's say it returns something from zero to one i can just hijack my random number generator and say all right just always return zero which means i always win because everybody else will have a value equal to or greater than mine okay so that does not admit a byzantine actor sawtooth does because the random number generator actually runs on sgx so you can't modify the code now this is an example so there's a lot of nuances and elegance to how these protocols are developed but you always whenever you're developing a protocol even proof of work implicitly or explicitly you need some notion of a definition and a and you need to create some sort of security foundations it was unfortunate that satoshi did not do that it was a brilliant and inspired protocol based on hashcash proof of work but it took years for cryptographers to get around to retroactively building a foundational model to kind of understand what happened with nakamoto proof of work and actually it turns out that there's a lot of nice security properties of proof of work and let's talk about that so really when you think about a cryptocurrency protocol in a blockchain you have three things that happen first you have to pick someone to make a block okay that's step one then two you need to go ahead and make the block and distribute it make and push to the network and then three the network has to accept the work all right so all the energy consumption of bitcoin occurs here and the picking part to make a block so what happens is you have this proof of work that people do and they're they're basically buying like computational lottery tickets and if you get a magic number you hit a magic value that's below some target then you have a a valid block okay and this is a egalitarian meritocratic process and it's an extra an external resource so mining is not incumbent within bitcoin it's an external thing i have to have an external miner i have to have an asic to basically do this process competitively and i can either do it solo or i can do it with a private pool with just many asics together or i can do it with a distributed pool or actually contribute with some sort of work unit and so forth now proof of stake and proof of work are functionally identical on these two sides number two and number three is so pos does this proof of work does this you make and push blocks you do it the same way you could take a proof-of-stake algorithm and plop it on top of bitcoin's system and for the most part it's going to be that way with some implementation detail differences and then you're going to have validation rules ledger rules and acceptance rules for whether those blocks look good or not so the easiest way of thinking about this conceptually is kind of like a poker game somebody has to be the dealer who shuffles the deck and deals out the cards step two is the dealing of the cards step one is picking the dealer and step three is you picking up the deck and looking at it and looking at those cards and what that effectively does is you know you have five aces if you have a you know the information card a joker you'd say well hang on a second here this is not a valid hand and so the question is can you do a complete validation or a partial validation or a blind validation what level of validity can you have with the way the blocks are made so various consensus algorithms and ledger rules in the cryptocurrency space because there's many of them have different levels of things in the case of bitcoin it's a it attempts to be a completely trustless system so when you receive that block you can check the proof of work you can check the contents of the block and you'll have an entire collection of the history um you'll you're able to validate assuming honest majority that that block is uh is real and legitimate and not going to be rolled back so it's a very powerful deterministic system and that's actually quite rare uh to have with complete decentralization that's why bitcoin is still great but that first step that collection the magic value as i mentioned is where all of the energy consumption occurs 99.9999997 of all the energy occurs there and basically what proof of stake does is it says okay let's invent some sort of synthetic resource so mining capabilities asics are a resource that's the way to think about them and that for any given time period there's going to be some set of all asics so if you can unify you know union that whole set of asics and add them all together this right here is the the total pool of resource and when you think about a synthetic resource basically what you're doing is saying okay well if i have 25 percent let me zoom up here of the a6 on average i should be able to find those magic numbers 25 of the time so so if i have 25 on of this synthetic resource on average my expected value should be 25 of the time i get to be the dealer i get to be that person who gets to make the block and then i can go make the block and push it and of course if it's accepted i get paid for that profit okay so the question is the distribution of this synthetic resource is it fair and also is it secure okay so you need a security model against an adversary to even be able to have a meaningful discussion which is why this paper is so incredibly important because you can then have a very rigorous conversation about what security properties does proof of work provide and then if you're going to create a synthetic resource and build a different type of system what security properties does that system have and we wrote that paper so this paper or boris originally came out in 2017 but it was updated in 2019 to reflect all kinds of new cool interesting things that were gathered and this is built with that gkm model so basically what the paper does is it talks about the design challenges of a proof of stake and really they're saying okay how do i get that synthetic resource to work properly and how do i use that synthetic resource to correctly pick a collection of people to make those blocks and you of course have to model this and you have to create rigorous security proofs for these types of things and so you know you go down and you can actually take a look at the entire model and it talks about time and synchrony where have we seen that before well here we go 1978 lampport stuff you probably even cite lamport's paper wouldn't surprise me in this paper everybody does it's academia works and it talks about you know liveness properties and all those things honest chain growth existential chain quality and the common prefix from gkl and what it does is it over times builds up a big security model it kind of discusses that if you use this under the assumptions that are inside this paper that basically you'll have equivalent security to the proof of work security now the problem is we're using that term assumption it is the most dangerous term in all of computer science that ideal functionality those are the two uh and those assumptions basically it says that this evil adversary we have here uh can only be defeated under the model and the assumptions that we've made for defeating them and just because we have a peer-reviewed paper doesn't mean that if there's guaranteed security against all types of adversaries and all types of conditions for example the computers that are talking to each other there's different communication models so when you send a signal between the computers you can have them all occur in a synchronous time or they could occur in a partially synchronous time or they can be asynchronous and there's a very thin cool thing called the fisher-lynch patterson impossibility result that actually talks about some fundamental limitations if your system is asynchronous versus synchronous or partially synchronous or so forth about the level of security that you can have and it's just how messages are passed another thing is how many byzantine actors can you have in your system is it a third that's very common for sharded protocols and asynchronous systems is it a fourth is it fifty percent uh and it turns out actually bitcoin has a lot of really amazing properties with proof of work for example you have the ability to recover from attacks so let's say that there is a attack on the system over time an honest minority can if they stick around and uh keep mining and the attacker stops the minority chain can undo the majority chain and we can recover so you there's a a disaster recovery mechanism that is within proof of work proof of work mostly is partially synchronous or asynchronous depending upon who you ask this is a bug bear of a few people in space like andrew miller and that means that it can operate in very uncomfortable network conditions you don't know ahead of time who's going to find that magic value that's not necessarily the case in a lot of consensus algorithms a lot of consensus algorithms you know who the next person is going to be to make that block it's like knowing who the next dealer is going to be so you can go and coerce or attack that dealer and bitcoin is not predictable in addition to that bitcoin actually generates a pretty reasonable source of randomness it's not perfect and it's subject to grinding attacks um but uh you get you know a reasonable supply of that so you have a lot of great security properties in addition to a 50 so one-half byzantine resistance and so to replicate those for proof-of-stake is non-trivial you have to come up with creative new ways of getting sources of randomness to be able to make the selection of people fair you have to be able to recover from 51 attacks uh you have to be able to uh have a proper uh clock for the system and usually what people do is they inherit that clock from a system like ntp to synchronize things but there's actually ways to get around that and actually create clock from within the system we wrote a paper called chronos specifically for that so a lot of people ask why do we have so many auroboros papers and the reason we have so many our boar's papers is that a lot of those properties were not solved in this paper right here the original orborus paper if you actually go to eprint which is an iacr eprint which is the kind of the cryptography archive for uh for most academic work in the domain of cryptography and you go ahead and enter in agalos he's our chief scientist you'll see a lot of the papers that he's written recently he's an extremely verbose academic but actually let's enter the keyword aura boris there we go and you'll see how many different aura boris papers uh you know oroporus so proust and universally composable time model uh we got orborus chronos which is the the couple clock krypsinis is how to preserve privacy orbor's bft is a piggyback protocol to help with side chains and federated protocols genesis allows you to bootstrap from genesis that's another great security property of proof-of-work style systems you never have to have a checkpoint you can just redo the proof of work and check it all the way from the chain you're giving and you're able to have proper chain selection prows puts adaptive security and moves it to a semi-synchronous model and actually you're not done because there's other papers like for example ledger redux is one and ledger redux talks about recovery from 51 attacks oh consensus redux excuse me and uh also recovery from and and also uh fast finality and things like that so it says in this work we talk thorough treatment of self-healing properties uh proof of work and proof of stake and so forth so there's a lot to this and it's it's a very very complicated thing but you know the easiest way i think of thinking about this in general is like an engine and when you have an engine you know the engine has this concept of throughput okay this engine has this concept of your latency you know how long does it take to deliver the power how much power can you you deliver and you know kind of a capacity notion and proof of work is a type of engine it's the thing that runs the bitcoin blockchain and other blockchains like ethereum and basically it says okay you can get a certain amount of work done with every block over a certain amount of time so the distance between these blocks can be 10 minutes it can be 10 seconds okay so it can be some value time t it's your latency consideration and capacity is you know how much can i i put in those blocks you know and so proof of stake is just another type of engine and it has a throughput and a latency and a capacity concept you know and also there's all kinds of other things like if you have a synthetic resource you can have n synthetic resources so right now in cardano your synthetic resource is ada but you could include an arbitrary amount of other tokens and create some sort of waiting between them and perhaps one is more merit-based instead of just plutocratic with proof of work every resource that you put in requires physical hardware and so that means that that resource tends to monopolize itself and you tend to have a situation where you have a race to the to centralization you go from many machines to just a few a much smaller set because the smaller set has an economy of scale usually subsidized power and first access to asics or patented hardware that's not easy to replicate and get into market and that's why people often say there's only a small set of miners there's less than 10 major mining operations control more than 50 of bitcoin's resource with a synthetic resource you can move it instantly anywhere in the world and also you can have multiple synthetic resources okay and you can weight them accordingly so already that's a that's a much better property of the engine and because this is a gargantuan computational task it's very expensive these two things suffer as a consequence you first have to use a lot of energy a lot of cost and a lot of resources real life resources for that if this is cheap then you have overall more energy for your system more power other things to actually start accelerating these guys and you also can optimize latency and capacity and so forth so as a consequence proof of stake systems actually tend to be much faster and they also tend to be able and faster in terms of block time and they also tend to be able to have a much higher throughput higher tps now the other thing is because your selection algorithm the pickle of these people can be done ahead of time there's a lot of advantages theoretical and practical to knowing what your leader schedule is going to be and you can obfuscate that so that an outsider doesn't know but the individual does know so you end up getting much more efficient utilization of resources and a lot more optimization of resources and in practice this actually creates a proof of stake system usually a heterogeneous network the heterogeneous means that there are different actors there's specialization uh so we start as single cell organisms but evolution says hang on a second here differentiation of specialization actually allows you to have brains and eyes and other body parts so similarly you can start as a homogeneous network but when you start actually creating heterogeneity in an effective way you can develop different organs and that specialization allows you to optimize and create economy of scale that's why proof of stake tends to be better you know the other thing is that proof-of-stake from a security viewpoint is an endogenous system endogenous so instead of exogenous outside and dodges inside you have internal security when you look at a proof-of-work system the problem with proof-of-work and one of the security challenges is it doesn't like nearest neighbors what i mean by that is if you have two proof-of-work systems proof of work one and proof-of-work two and they use the same algorithm okay i'll write algo alpha if you have an external actor comes in who has enough hash power to perform a 51 attack what that actor's incentive is is to destroy one of the chains this is called a gold finger attack short sell make profit because the chain is unusable and confidence in the chain is lost and then switch the mining power over to the other chain assuming that the market price of these two chains is roughly equivalent okay so let's say uh you know this is z cash and this is etc so i think they use the same mining algorithm and i'd have to look it up but i believe they do so let's say you have enough to actually perform a 51 attack on one and for a time both their market caps are relatively comparable it makes sense to go 51 attack destroy the market value make some money and then after you've made the money just simply mine the other thing you get to reuse all the mining equipment and your identity is is usually anonymous in these types of things so nobody even knows you're the one who did it and you can kind of get away with that this is why proof of work tends to be maximalist and winner takes all proof of work only really works when you don't have nearest neighbors you you have one coin that's up here with tons of hash power and everything else is kind of down here and that's actually where bitcoin is at right now and that's why bitcoin works so well at the moment proof of stake doesn't care at all about that polka dot shares a very similar consensus algorithm to cardano and cardano polkadot are relatively comparable for the most part in price some days they're up and sometimes we're not up but that doesn't mean anything to our security because the security is not external it's internal the security comes from people who are vested inside the system and you can actually quantify the dollar value of the security it's hard to know how many miners are out there and you know what the value of all those things are and actually how much people paid for things but you sure as hell can know the token price of a proof-of-stake system now it's not perfect and there's actually a lovely paper that some of our people wrote and it's called cryptocurrency egalitarianism a quantitative approach and it kind of discusses the concept of asic resistance and proof of work systems but actually curiously and nice and fun since our simulations show as expected that asic resistance increases the cryptocurrency's egalitarianism which means it's more equal in its distribution of participation we also measure the egalitarianism of proof-of-stake based protocol in particular oro boris and a hybrid proof-of-stake proof-of-work cryptocurrency decred and we show that stake-based cryptocurrencies under correct selected parameters can be perfectly egalitarian perhaps contradicting folklore belief so it's a really cool paper and highly recommend you guys read it and look at it and think about it but you know the the thing you should take away from this entire conversation is there's no silver bullet there's no notion of proof of work better than proof of stake or proof of stake better than proof of work it really depends upon your adversary and the security assumptions and the capabilities that you care about your network structure and what you value heterogeneity do you value external security or do you want security coupled and connected internally to the network what are performance requirements and so forth what what how much how expensive do you want to make an attack be are you worried about goldfinger attacks or these types of things where chains have nearest neighbors and so forth and uh also the other thing you should take away from this is that proof of stake is ridiculously hard in practice you have to know a lot about time you have to know a lot about random number generation you know vrfs or other types of protocols or things like that you have to really think carefully about recovery models is it okay to have a checkpoint do you not want to have a checkpoint and so forth your network assumptions is it a synchronized network it is not a synchronized network the more pristine things are with your assumptions like for example a fixed quorum and in a synchronized network the higher the performance can be but it's a glass cannon it's very brittle the more disastrous your assumptions are as you go from synchronous to asynchronous and affixed to a floating committee and the more egalitarian your selection mechanisms are generally that hurts your performance inside your system and this is a super well studied problem and if you actually take the time to go through these two collections of courses you'll actually understand and practice how remarkably intricate and beautiful this particular space is so i i just wanted to make this video to try to sort fact from fiction and let you guys know uh where these things sit i'm i'm really proud of the research that's been done with oro boris i mean if you you look at these these are these are not easy papers to write um you know uh if you actually go through them and spend time with them this wasn't just some babble you know there there was a huge amount of deep thought and very precise language every single one of these things were reviewed time and again and external people looked at them and they said sometimes very harsh things and you have to be intellectually honest with these types of papers like when you go to the oroboris original paper let's find it for you guys i might have moved it but actually if you google it or as uh that is 906 980 times if you actually go in it you'll notice something it says previous work and also it'll give credence to related and follow-up work so for example you look through it mentions fruit chain and mentions al grand and you know all these other things and actually if you go to the algorithm paper so 31 here let's go to the citations yeah sylvia mccauley al goran you'll notice something the paper actually cites if you go agalose another paper close to us orovorus approvally secure proof-of-stake protocol and it actually cites us and right there is the citation there and that's just how academia works you know there's so much tribalism and brutal competition that exists inside the cryptocurrency space but in the academic world this is just best practice everybody knows each other they talk about each other they they learn from each other and they piggyback there are some really cool and interesting and fun things in the algorithm paper that macaulay put together and macaulay is another one of those guys who got the nobel prize at computer science he's one of the smartest guys in the entire cryptocurrency space and it's just extraordinary that he's decided to honor this industry by being in the industry and mccauley's work stands for itself and similarly the the work that's done here stands for itself by the citation count the fact that it was accepted through the peer review process and this doesn't make a product the product is everything else it's the collection of assumptions economic assumptions the social dynamics inside the system and what that engine actually does when we talk about throughput not all transactions are created equally okay so a transaction on bitcoin is a very specific thing a transaction on ethereum is a very very different thing okay one is a general purpose computer the other one is not you know if you think about ethereum or cardano or any of these systems that aspire to have or do have smart contracts basically you could be talking about a uniswap transaction you could be talking about purchasing a cryptokitties you can be talking about running and executing uh some sort of decentralized uber all bitcoin can do is move a bitcoin from one location to another location one address to another address and it carries with it some crypto capabilities so you can build layer two infrastructure and some metadata capabilities so you can embed some metadata but transactions in themselves are incredibly rich there's actually five properties of them four to the transaction and one meta property you have assets that runs on the rail you have identity so those are the people behind it you have metadata that runs with it so for everything from the time stamp to why you're doing the transactions and forth the contractual construction and then the jurisdictions or the geographies and law the legal component okay so bitcoin really only moves one particular asset says nothing about identity limited metadata capabilities almost nothing about contractual capabilities and is completely blind deaf and dumb to the jurisdictions that it operates in well this is why we built ethereum because it does a lot more it actually allows you to do all those things but to do those things with a high throughput high-capacity engine does a lot of work for every block and you know those those things can happen quickly and do it low latency and be always available 99.997 percent of the time super hard and it requires a large family of protocols and the point of proof of stake is it gives us a much better overall engine and design and a much more egalitarian approach because you can have many synthetic resources and then also because you've eliminated an enormously expensive step you can now reuse all those resources towards the network's benefits so ultimately you can operate the network much much much more uh effect efficiently than you could otherwise now proof of work still does have its place and purpose and actually there's a whole new family of proof-of-work protocols that are coming that make proof work better and more efficient like the prism protocol that promote viswanath created and we we actually contribute there as well uh and there's still tons of innovation like log space mining was a recent uh paper that uh dns indros and aguilos gases uh published that do deal with that but it's a rich topic so jack the long of the short is proof of work is not equal to proof-of-stake they're different engines and to say that proof-of-work greater than proof-of-stake is really a crazy statement that's like saying a truck is better than a lamborghini i have both and i'll tell ya there's no reality that you can take your lamborghini up to wyoming and some of those ranches and i would never want to take the truck the the chevy 2500 to a track okay so it all depends upon the context the assumptions the environment and other such dynamics and what you're attempting to do with the system you want to do very useful things for example you want to build systems that permit for assets identity metadata contractual relationships and can automate the legal side and you want to quantify your security internally to the system then proof of stake is a significantly better way of doing things you want to do other things than perhaps proof of work work is a better way of doing things as well but there's a very deep and elegant story here and i hope this helps you guys kind of grok and understand this entire story and why these things are the way that they are the problem with bitcoin maximalists is they've become a cult and they don't really care about evidence uh it's kind of as preposterous as saying well the steam engine is the best engine ever and we will never ever move from the steam engine the cult of steam and if somebody comes to you with a battery-powered car or a really highly optimized diesel internal combustion engine and you say no no no this is much better than the steam engine you can provide all this evidence about horsepower and efficiency and operating cost and the portability of the fuel source et cetera and they won't care because it's not about empirical evidence and there's no burden of proof or standard that you can provide you know when we started in this industry in 2015 we didn't know if proof of stake was real or not there were a lot of people who purported that proof of stake was secure but there was no foundation there was no definition there were no security models there was no real rigorous analysis of the adversary and it took years of research and going through the peer review process and discussing the matter with scientists all over the world lots of prototyping lots of competition to get to a point where we could definitively say that under certain contexts proof-of-stake not only works but it's absolutely the best protocol to use and there's a long road to add things to it now that doesn't mean it's universally useful and amazing in every possible capacity and that all the research is done and that these protocols are final but that's being humble enough to admit that the road has many steps ahead in the journey is very long to say that everything that could ever be said and done in our industry was achieved in january third of two thousand nine and that's that it's exactly the same as the religious fanatic who throws religious doctrine at you and says no the earth is only seven thousand years old because this book says so and then you show them all the evidence and they say no i don't believe it god has said so and that is the final word and that's the only evidence that i need so they're trading one god for another god and that's something you should never do should always be having an open mind you should always try to understand what's the context behind these things and do understand distributed system is a very old field of computer science from the 1960s 1970s and people have been thinking about these things for over five decades and as a consequence there's an enormous corpus of tradition knowledge and best practices that exist and everything is up to how are you using the system why are you using the system and ultimately where do you want it to go and what do you want it to achieve what we've accomplished with orabor succinctly is we've run a global scale network that moves every day 10 billion dollars or more value for less than six gigawatts of power per year bitcoin on the other hand is in the hundreds of terawatts which is comparable to an entire nation state and it's only gonna get worse as the price of bitcoin and the use utility of bitcoin goes up okay so on a ecological basis proof of stake is significantly greener forever than proof-of-work what we've also achieved is constructing a system that has far more people involved in the construction of blocks and that's not just a throwaway statement there are literally thousands of stake pool operators who are uh registered and delegated to and making blocks every uh 10-15 seconds on the network you know just you can time your watch to it and go and see the block explorers and see them come through and there are probably state pool operators watching this right now that i've never met i know nothing about but they have that right and responsibility and it's dynamic every epic every five days those distributions change some make blocks some no longer make blocks some get retired some new entrants come and so forth so it's a dynamic quorum and it's parameterized that as the value of eta goes up you get more and more and more of them over time okay so these are already properties in my view that are significantly better from a decentralization viewpoint than proof-of-work especially given that as i mentioned it's a virtual or synthetic resource and so what that means is let's say a particular country bans that asset like china and it says oh we hate bitcoin now mining is gone well the problem with asics is when you optimize them they're in data centers they're very expensive and difficult to move from one place to another there was a mine that had a problem and the hash rate plummeted as a consequence a synthetic resource its jurisdiction can be relocated with the click of a mouse you basically move it to an address and and hold those private keys and operate those servers somewhere else so if there's a problem in switzerland you go to leash and stein the problem is now you go to chile you go to australia wherever you want you can still be the same individual you can just move the legal jurisdiction of the hosting infrastructure from one place to another with a turnkey it might be a slight inconvenience but it's not a logistical nightmare in some cases impossible and there's no threat of sovereign seizure of these things because it's public key cryptography okay so for those properties alone i think proof-of-stake is vastly superior for many of the things that we care about but for the idea of being able to have multiple synthetic resources not just one token but other baskets of things especially connected to governance or other activities social benefit inside the system you end up in my view having a significantly more egalitarian system as for security security only matters against an adversary and when he says it's more secure i'd like to understand what he's actually defining security as jack you can't just say x is more secure than why you have to say x's more secure than y given these assumptions within this model against this type of adversary and provide some evidence for that particular claim but again maximalists don't do this because they're part of a cult they're not part of a rational thought and dialogue and that's just where we're at and when people don't understand a lot about these things they somehow decide that something's true and they defend it very religiously with very little knowledge to pack that it's an extraordinary thing okay so anyway i hope this brief video helped you guys it was a lot of fun to make i really enjoyed it let me go back to streamyard there we go i and i wish everybody a uh a good day and you know hopefully we can have more conversation in the future about distributed systems and if you guys do take those courses let me know uh your experiences at some point we'll probably create some classes specifically about ouroboros the other thing is when we have omega i will absolutely make sure that we um we do a series of lectures on how orbis omega works that's really the magnum opus of the entire war boris agenda we've been as a collection of scientists and engineers working our way up to that final paper that really pulls all the stuff together it's the lebowski it's like the rug really ties the room together and we think that's going to be just the perfect way of doing proof of stake for a very long period of time and you can really focus on layer two stuff as opposed to optimizing the base layer okay thanks everyone this was a lot of fun cheers
