2016-05-30

Tau-Chain - a programmer's perspective

EDIT:

After speaking to Ohad Asor, the creator of Tau, about the below piece, it's apparently "blatant obvious nonsense about things [I] don't understand" and "the contradictions are all around. just like eth". The Tau presale was apparently also meant for "only well informed buyers", "i have morals. im not ethereum!".

So yeah, the Tau project is not for mere mortals like myself, and the spam and promotional videos are meant for intellectual elites that will then buy the exclusive tokens. The project looks much better suited for some high-end computer science academia really, but no, token presale is the way to go.

Remember - the Tau is not for you, stupid.

END OF EDIT

Living in the Bitcoin land, you never know what you might come across next. It could be as benign as someone issuing a currency backed by pre-1965 silver US dimes, as geeky as someone creating a blockchain to mine for prime numbers, or it could be as convoluted as BitShares with the many iterations it had over the years (as someone put it - "BitSharesX - An Alt Coin That Is Impossible To Understand"). Over the last few months, I've been seeing a lot of spam about Tau-Chain, along with its many extravagant claims, and figured it might be interesting to try to understand it.

Disclaimer - the project appears to be delving really deep into the theoretical computer science that almost borders on philosophy. While I do have a masters degree in computer science, I can't claim I fully understand some of the topics Tau-Chain touches on or their implications. I will instead focus on more practical aspect of Tau and how it presents itself as a piece of software with practical use.

What is Tau-Chain?


So, what is Tau-Chain? Well, it's quite simple, just look at this graph from the founder of Tau:

A simple explanation of Tau-Chain...

Okay, it's not simple at all. This graph represents what sort of confusing things we're dealing with here...

From what I gathered looking at the project's website, its whitepaper, roadmap, some articles on it, listening to a LTB interview, viewing some other resources and talking briefly to the founder of Tau-Chain, I think we are dealing with two components here - Tau and Tau-Chain. Unfortunately, it seems the people involved in the project like to use those terms interchangeably and confuse everyone further.

Tau appears to be a new programming language, apparently similar to Idris. Unlike most traditional languages most programmers deal with on a daily basis, it is not turing-complete. Instead, it is a decidable programming language. What this means is that it avoids the halting problem, while still being able to do anything a finite turing machine can do. Since in practice we don't have infinite turing machines, from what I understand it should be able to do anything a turing-complete language could do. Apparently, this approach might be more secure. On top of that, Tau "has built-in P2P and blockchain".

Tau-Chain on the other hand, appears to be a sidechain-enabled blockchain that can run the Tau language. It seems to be similar to Ethereum with its contracts - both have a growing library of code embedded in it that anyone can call upon to build their code on. As I understand however, Ethereum's code can be more risky to use as you might not always be able to predict what the contract might do without its source code at hand, while Tau the language is more predictable in its execution?

The project also appears to have another component to it - the Agoras. As far as I can tell, they seem to be smart oracles that can execute various contracts and other Tau code. They appear to be able to interact with the Tau-Chain, as well as with one another directly. All in all, they remind me a lot of Codius, especially if you consider that that project aimed to be able to prove what code is being executed and so on. Not a bad feature, but there doesn't appear to be much new to talk about there.

What Tau-Chain promises


While initially researching Tau-Chain, one will stumble upon their promotional video:

Tau-Chain, solving all of your software development problems apparently...

Which lists a few outlandish claims about what Tau / Tau-Chain can deliver:

  • Software that always does what it is supposed to
  • No more bugs
  • Automatic requirement validation by the Tau client
  • It is impossible to write code that doesn't work
  • Thanks to Tau, the client doesn't need to trust the coder and vice versa
  • The payment for developing code is automatically paid when the code is verified by the Tau network
  • The Tau blockchain stores social norms, scientific theories, "whatever is based on facts and rules" (one example flashing in the video is "Once you start to eat you should never leave spoon, fork or knife on the table. Their place is on the plate.")
  • Tau-Chain code is reusable
  • Tau is a database of provably working code snippets
  • You can use the Tau-Chain to build search engines, social networks, market places
  • You can develop provable smart contracts on the Tau-Chain

As a software developer, I would take all of that with a huge grain of salt. Then again, it might be my turing-complete attitude talking and things might be different in the decidable language space. If this video was talking about traditional software languages, I would put my money on the video being about test-driven development - an approach to software development that starts with test cases (what the code should and should not do), and then developing the code to fulfil those tests. In theory this could mean that the software has no more bugs, it does what it is supposed to and can be verified automatically when new code is checked in. So while it would fulfil most of the listed requirements, in practice I would not expect it to be *the* solution to all problems - writing good test cases can be as hard and time consuming as writing good code, and I doubt 99% of the clients purchasing software would be able to use that. If the test cases aren't sufficiently complex, we might run into the problem of software being built just to tick the checkboxes and not much else. After all, any program operating on a sufficiently small domain could be replaced by a lookup table...

I am also very sceptical of how the software will decide what are the stored facts and how those will be handled and proven. Even more so when we're talking about "facts" about the real world and social norms. How do you prove you should not put used forks on the table, from a software perspective? How do you handle a problem having multiple contradictory answers (an infinite sum of (1-1+1-1...) can be proven to equal 0, 1, 0.5, -0.5, etc...)?

Some other claims I stumbled upon from other sources (1, 2, 3):
  • Tau client's behaviour is dictated on-chain, with the chain being able to hard-fork itself
  • Tau (-Chain?) has no rules at all, its users will set its behaviour
  • Tau does not need a coin, but it has a token presale anyway
  • "Tau network will be able to download virtually the whole internet, practically giving everyone the same information Google has, and more: data can be queried and processed more meaningfully and collaboratively, so you could perform queries as you like."

While there are more claims, lets just limit ourselves to those few (a lot more can be found in the LTB interview).

The Tau / Tau-Chain's feature of embedding how the network operates in the blocks themselves is rather unique feature as far as blockchains go, but at the same time it can be one of the more dangerous thing out there. It certainly offers the network more apparent freedom from Bitcoin-like hardfork stalemate, although in reality Bitcoin's hardfork problems are never about the code being hard to change, but about the people you need to convince. It might also impair some thin clients if they are applicable to the chain (how can you just run the chain from a given length if you don't know what the rules are from all of the previous blocks?). The definition of who the "users" in the system are (one-vote-per-person / machine / CPU?), as well as what the rules for hard-forks will be will probably shape the network very drastically early on. I wonder whether anyone will try to change the code of how the blocks are executed to "stop execution, return 0"...

The token presale doesn't appear to be anything new in the crypto world - it's the paradox of presales all over again. Tau the language and network doesn't need a new coin, it would probably operate better without it, but the developers need money to develop the language / network, so they sell tokens to speculators. Looks to me like another Bob Surplus-esque coin looking for a problem.

As for the last claim, and a few similar marketing blurbs, I think they deserve a section all of their own...

False equivalence, false dichotomy, eating your own dog food


The quote about basically being able to replace Google appears to be a false equivalence fallacy. There are many problems with trying to say you can basically be like Google:
  • I very much doubt the network could handle about 10 exabytes of data
  • Being able to efficiently categorize all of that data requires very smart algorithms and a lot of data. You can't even begin figuring some of the things out without having efficient access to enormous data sets. For example, how would you figure out a search for "high contrast pictures of fruit floating threateningly in the night" (thanks Reddit)?
  • Google is as much about the data (what the websites contain), as much as it is about the metadata (what the people are searching for and what they are clicking). Having just one part of that might not give you the full picture
  • Without having most of the data at hand, it is impossible to know if you returned most of the searched data. While you might be able to make queries based on the data you do know, you can never know how much you don't know
  • It is also impossible to prove that real-world data is correct. Since Tau-Chain is focused on storing "whatever is based on facts and rules", how would you be able to know, say, what is the weather outside right now? Sure, you can have a lot of data points, but you can't prove they are true or made up

All in all, statements like that are just red flags if someone also asks you for money. At best, they are marketing superlatives. So while sure, if we're talking about Tau the language, someone might use it to implement a Google-like service with it and so on, but the same could be said about computers based on cogs and wheels (after all, any turing machine is equivalent to another). All in all - false equivalence - your software is not even comparable to Google.

Now, lets finish this discussion with a subtle false dichotomy. I stumbled upon this marketing blurb about Tau from some of the spam I see pasted in a few chats I visit:


It compares how Tau-Chain is different from Ethereum, and links to a blog post by Peter Vessenes criticising how buggy some of the Ethereum smart contracts can be. He makes a lot of valid points - since you can't upgrade and fix the contract code post-launch, you either need a good failsafe, or write perfect code not to lose people's money. However, what I take slight annoyance with, is how this sort of marketing might misrepresent the situation - "Tau is different from Ethereum, here are a few reasons why. Here is someone criticising Ethereum (while not talking about Tau)", implying that since Tau was not criticised and it is presented as Ethereum's competitor, it somehow doesn't have those flaws. No Tau, criticism of your competitor does not mean you don't / won't have those problems yourself.

Lastly, I find it really amusing that Tau apparently doesn't like the taste of its own dog food - for all of its criticism of turing-complete languages, saying how Tau is a much better language and all of that, in the end they develop their code in C++. I did bring this point up to Tau's creator and he made valid points as to why that is - they want to develop the software in an efficient language to make it operate efficiently and in the future they might implement Tau-Chain in Tau. Understandably, software development takes a lot of resources and time, and you want to release early, release often, but this somehow doesn't fill me with confidence that Tau will be usable for any commercial-grade software any time soon...

Conclusions


While Tau appears to be an interesting development of a new programming language and its creator certainly sounds very knowledgeable in his field, Tau-Chain looks like a project looking for a problem. Bootstrapping a new token to run a blockchain to use a new programming language for smart contracts that don't halt seems like a very complicated way of reinventing everything just because you want to change a few things. I am highly sceptical of how the network will handle everything it promises, especially when it comes to dealing with things in the real world. It could be as mundane as a different flavour of Ethereum with a non-turing complete language, some smart oracles, etc., or something potentially new - only time will tell. Until Tau-Chain is released, I remain unconvinced.

Amusingly enough, the Tau-Chain video contains an Escher-like perpetual motion water mill at 1:40. I wonder if this is telling that the project is trying to invent something impossible?

2016-05-24

Bitcoin rivals

Recently I came by a tweet by Andreas Antonopoulos stating:

Stop calling ethereum "the bitcoin rival". No one in ethereum or bitcoin believes it is a rival. Post-national currencies are not zero-sum

Which got me thinking - can Ethereum or any other cryptocurrency be seen as a Bitcoin rival?

Bitcoin vs fiat


First, lets look at how Bitcoin competes with fiat.

Looking at the definition, a rival is defined as "A competitor with the same goal as another, or striving to attain the same thing. Defeating a rival may be a primary or necessary goal of a competitor." and "Someone or something with similar claims of quality or distinction as another.".

When talking about most fiat currencies like USD, Euro, GBP, etc., or hard assets like Gold or Silver, it might be hard to call Bitcoin a rival to those, at least so far. A lot of national and international currencies exist to facilitate trade, government programs, taxes, etc. on a scale where Bitcoin doesn't register yet. Previous metals are similarly used for some trade, as well as store of value, speculation, etc.

While Bitcoin can fulfil similar niches as those currencies, the currency would first need to rise in value a few orders of magnitude to be able to compete on the same scene. In the future, Bitcoin may be seen as a competitor to USD or Gold, but it will probably take awhile. That, however, doesn't stop it from filling in some other niches.

Bitcoin in various applications


While Bitcoin might not compete against Gold or USD, it can still catch the attention of some gold bugs, internet sellers, or the unbankables. Bitcoin might be too small to compete in the primary markets of companies like PayPal or Western Union, but it seems to be catching up in the more fringe markets.

Bitcoin vs altcoins


Bitcoin's most direct rivals would be the various altcoins.

Looking at the current cryptocurrency market, we have Bitcoin at $6.9B market cap, Ethereum at $1B, Ripple at $206M and Litecoin at $181M, with every other coin having substantially less than $100M.

Bitcoin's most direct competitor feature-wise would be Litecoin, sitting at 1/38th of the market cap. While it might be a notable currency for speculation, there doesn't seem to be as much adoption and development push from within and without the Litecoin community to say that LTC is competing with BTC. As such, it doesn't look like a potential rival for Bitcoin.

Ripple, due to the centralized control of its XRP tokens, can never hope to compete with Bitcoin. Similar to Omni and Counterparty, it might be better suited to be a Bitcoin compliment - dealing with user-created currencies, while leaving Bitcoin to be the decentralized currency.

This leaves us with the main topic - Ethereum...

Bitcoin vs Ethereum


Ethereum is a bit of a mixed bag. Its genesis block started with ~72M ETH being created for the presale (~60M ETH), the developers, and the Ethereum foundation (~12M ETH). With the current supply of 80M ETH, that presale constitutes a large chunk of the total ethers in circulation. Some might see that as premining, while others, like myself, don't see similar presales as such.

Ethers also aren't always viewed as currency, but rather as a token for executing code on Ethereum. While that might be true and some core developers might say that for legal reasons (to protect themselves from any legal fallout from the token presale), it hasn't stopped people from speculating on the value and bringing the value up more than 10 fold in the last year.

Lastly, Ethereum does a lot more with its scripting language than what Bitcoin can. Until we get something like sidechains up and running, Bitcoin will probably not be Ethereum's rival anytime soon.

However, the opposite might not be true. Ethereum has 1/7th the market supply of Bitcoin, a large community around the world, and is starting to get high-profile projects like The DAO. As such, Ethereum is shaping up to be a rival to Bitcoin.

The rivalry


With all of that being said, Ethereum and Bitcoin filling the same niche of decentralized internet currency might not be too bad. Both of the currencies still have bigger opponents to overcome on their way up - fiats, precious metals, centralized payment processors taking big cuts, etc. Success of one might not mean the loss of other. As long as both communities remain on good terms, developers, exchanges, and other crypto businesses are open to accepting both currencies, and we keep our eyes on the same target of overcoming the old way of banking, there is no reason why this rivalry couldn't be a friendly coopetition.

Conclusions


Bitcoin is not yet a rival to the big fiats or precious metals, as it is too small to register. Most altcoins aren't big enough to compete with Bitcoin. Ethereum is a potential rival to Bitcoin, but there is no reason for competing directly with one another when there are old currencies and use cases to take on first.

2016-05-16

Deniable proof of Satoshi

About two weeks ago in the Bitcoin community we were dealing with a bit of drama surrounding dr. Craig Wright claiming to be Satoshi, convincing Gavin Andresen of the fact with a shady signature, and then proceeding to be thoroughly debunked when a public proof was released. After which, Craig continued with his claim for a little while, saying he would move some old coins to prove he is indeed Satoshi, before quitting the Internet because people are such meanies.

What Craig's "signature proof" essentially looked like


One of the reasons why this hoax gained any legitimacy, was because Craig was able to convince Gavin by providing a signature of some random phrase allegedly using Satoshi's private key. However, he didn't want anyone to release that proof, so everything was done in a controlled environment and nothing was allowed to leave the room to be analysed in more detail:

Gavin explaining how Craig convinced him,
and Vitalik Buterin explaining why it was very unlikely Craig was really Satoshi

While some people blame Gavin for being duped, I personally wouldn't hold any grudges - everyone makes mistakes, it's no big deal. However, lets look at how we could prepare ourselves for when the next bidder to the title of Satoshi comes along.

Deniable proof of Satoshi


One reason why Gavin was unable to debunk the claim early was due to Craig not letting Gavin perform deeper analysis on a signature of a random phrase. This was allegedly to ensure Gavin couldn't leak the proof before the big reveal was supposed to happen. A reasonable precaution a legitimate claimant might make. If you would skip all of the drama, all the proof you would need would look like:


However, if the claimant would still insist on a big reveal or otherwise keeping his identity rather secret, /u/emansipater came up with quite a clever way to create a deniable proof of being Satoshi. Simplified:


  1. Verifier creates a random phrase, number or whatever with sufficient enough entropy
  2. They encrypt the message with Satoshi's public key
  3. They send the encrypted message to the claimant
  4. The claimant then proceeds to decrypt the message and return it unencrypted

This proves that the claimant is indeed in the possession of the private key (otherwise they wouldn't be able to decrypt anything), but at the same time the proof is completely deniable as it relies on the negative - the claimant NOT knowing what the random phrase is. As you cannot at any point prove the secret was NOT shared with anyone before being decrypted, the proof only works for you - you know you haven't released the secret, but you can't prove that.

This simple challenge would be enough to allow Gavin to have a strong proof of whether or not Craig was Satoshi, and it would allow Craig to be able to deny any leaks before doing a proper reveal. However, as his intent didn't appear to be to create a proof, but rather to deceive, obviously this wouldn't be the approach taken.

Conclusions


It is possible to create a deniable proof of owning a particular private key. Any future claims to someone being Satoshi or not should first pass through at least such a filter before they are given any credibility. Alternatively, you could just expect Satoshi to flat-out publish his proof for anyone to verify and possibly falsify without any drama.

Perhaps verifiers could also require some moderate BTC deposit (perhaps 50BTC?) before any claims are verified, to be returned if the claimant reveals themselves to be Satoshi within a certain amount of time. The deposit could either stay with the verifier, or be deposited at some Bitcoin charity.

EDIT:

The original wording of the article implied a personal attack on Gavin. It was not intentional. The sentence has been rephrased.