Jae Kwon, founder and CEO of Tendermint and president of the Interchain Foundation, and Ethan Buchman, cofounder of Tendermint and Cosmos and technical director of the Interchain Foundation, discuss the various technologies that form the Cosmos/Tendermint system. When the Cosmos network launched on March 13, it was built on what is the blockchain equivalent of an operating system, a consensus algorithm called Tendermint, Cosmos is like the world wide web (for blockchains) built on top, and the Cosmos Hub is a specific blockchain that exists in the system that can be used to connect other blockchains. We discuss all the above, as well as how secure the chain is, and how governance works in the system.

Check out the full show notes on Forbes: http://www.forbes.com/sites/laurashin/2019/04/30/cosmos-a-world-wide-web-for-blockchains/

Thank you to our sponsors!

CoinDesk/Consensus: Since 2015, Consensus has been recognized as the most influential blockchain and digital assets event of the year. Hot-button topics such as adoption challenges, privacy,blockchain innovation, capital formation and more take centerstage as experts and pioneers give voice to the new developments and innovations occurring around the globe. Don’t miss this three-day experience! Register today: www.consensus2019.com. Use promo: UNCHAINED300 to save $300 on your pass.

ConsenSys/Ethereal: Head to Etherealsummit.com with my discount code LAURA20 to get 20% off tickets to Ethereal Summit New York, May 10th to 11th at Pioneer Works in Brooklyn.

CipherTrace: https://ciphertrace.com/unchained

Episode links:

Cosmos: Cosmos.network Cosmos.network/launch

Luni: Luni.io

Tendermint: Tendermint.com – company and product

Interchain Foundation: Interchain.io

Cosmos intro/FAQ: https://cosmos.network/intro

Cosmos white paper: https://cosmos.network/resources/whitepaper

Chart showing number of transactions vs. validators: https://medium.com/paradigm-fund/cosmos-network-the-internet-of-blockchains-is-coming-9ce956c7b78

The Control on Cosmos: https://thecontrol.co/into-the-cøsmos-433586b82865

Paradigm’s description of Cosmos: https://medium.com/paradigm-fund/cosmos-network-the-internet-of-blockchains-is-coming-9ce956c7b78

Bitfish’s response to Game of Stakes, in which it grew to 55% of the network: https://medium.com/bitfishlabs/bitfish-response-to-gos-5-24eaeeea9876

CoinDesk on Cosmos launch: https://www.coindesk.com/a-blockchain-to-connect-all-blockchains-cosmos-is-now-officially-live

Cosmos vs. Polkadot: https://tokeneconomy.co/the-state-of-crypto-interoperability-explained-in-pictures-654cfe4cc167

Transcript:

Laura Shin:

Hi, everyone. Welcome to Unchained, your no-hype resource for all things crypto. I’m your host, Laura Shin. Unchained is now on YouTube. You can find the most recent episodes there every week on the Unchained podcast channel, and we’ll soon be getting the full archive up. Also, if you’re not yet subscribed to my weekly newsletter, go now to unchainedpodcast.com to sign up.

Cipher Trace

CipherTrace makes it easy for exchanges and crypto businesses to comply with cryptocurrency anti-money laundering laws. Avoid illegal sources of funds, and maintain healthy banking relationships. Ciphertrace is helping you grow the crypto economy by keeping it safe and secure.

Ethereal Summit:

Head to Etherealsummit.com with the discount code LAURA20 to get 20% off tickets to join Laura and hundreds of the brightest minds in blockchain at Ethereal Summit New York, May 10th to 11th at Pioneer Works in Brooklyn.

Laura Shin:

My guests today are Jae Kwon, founder and CEO of Tendermint and president of the Interchain Foundation, and Ethan Buckman, cofounder of Tendermint and Cosmos and technical director of the Interchain Foundation. Welcome, Jae and Ethan.

Jae Kwon

Thanks, Laura. Great to be here.

Laura Shin:

Jae, let’s start with you. Cosmos and all of the technology around it is just a massive system. I was trying to wrap my head around this, and there’s just a lot there. So, before we dive into all the pieces, why don’t you give a high-level overview? What problem or problems were you trying to solve with this project, and what is the vision for the Cosmos system?

Jae Kwon:

Tendermint is an open source project that started in 2014, and the idea is to create a better consensus system. It started with the idea that distributed systems, distributed consensus systems can be created without proof of work, and turns out, if you use classical Byzantine fault color and consensus algorithms that don’t require minding, you can actually address speed scalability and the environmental issues associated with proof of work and some bitcoin, so Tendermint is an open source consensus engine that can be used to trade any blockchain system.

We used Tendermint to create Cosmos. You can think of Tendermint maybe as an operating system, and Cosmos is maybe analogous to worldwide web. The idea is to create a network of blockchains, and what are blockchains? Blockchains can literally securely communicate with each other to create a scalable interoperable network of distributed ledgers.

We recently launched the Cosmos hub. It’s a blockchain powered by Tendermint. It’s a Byzantine fault tolerant based proof of stakes system that doesn’t require proof of work, and the purpose of the Cosmos hub is to connect to many blockchains and enable token transfers via two-way pegging. This way, we can create a scalable foundation for a new token economy.

Laura Shin:

Wow, okay. So, this actually my next question for you, but even before we’ve asked it, I realized that some of the thoughts I had when I phrased this question were actually incorrect. So, there’s Tendermint the company, which is…you know, when I introduced you, that’s what you’re CEO of, but then there’s now also this Tendermint operating system that you described, and then, Cosmos you said is a network that uses Tendermint, I guess…is built on top of Tendermint, and you called that a network of blockchains that’s sort of like a worldwide web, you said, as opposed to Tendermint being the operating system.

Then, within the Cosmos network, you are now also operating something called the Cosmos hub, which is different than the Cosmos network, so I guess we’re going to dive more into that in a bit, but there are multiple things where some of these names are reused.

Did I get all those definitions correct?

Jae Kwon:

Sure. Yeah, that’s basically correct. We use the term Tendermint to actually refer to multiple different things. One is the company. The company is All in Bits, but it does business as Tendermint, so you see it around as Tendermint, Inc., and then, there’s Tendermint, the software, which we typically refer to as Tendermint Core, and this is the actual software that you would download on GitHub that you would run as the basis of this operating system that we’ve been talking about, and then, there’s Tendermint the consensus algorithm, which is kind of the underlying protocol that is implemented in Tendermint Core.

We use the work Tendermint to refer to all three different layers of that.

Laura Shin:

All right, so let’s go back to Cosmos, which I think is what most people think of when they hear your name.

On March 13th, you guys launched the Cosmos network that’s internet of blockchains, which enables the different blockchains to be interoperable. So, what is Cosmos, and what problems are you trying to solve with Cosmos?

Ethan Buckman:

Sure, like Jae was saying, Tendermint is like an operating system or it’s software for basically running a single blockchain, and lots of people are out there building individual, independent siloed blockchains that don’t really communicate with one another well.

We felt that what we could do with Cosmos was to start thinking about how to interconnect all those blockchains and how to design a protocol that would allow different blockchains, even if they’re built potentially with different consensus algorithms or with different applications or different styles of managing the cryptocurrency, that we’d still be able to have some protocol that allowed them to interoperate.

So, for instance, the vision with Ethereum was that you can deploy all these different smart contracts onto Ethereum, and by virtue of all of them being on the Ethereum blockchain, they’d all be able to communicate with one another.

Obviously, that led to an explosion in interest and value of the Ethereum network, and so, in a similar way, we’re trying to generalize that a little bit further. Instead of saying, well, instead of having many applications on a single blockchain, they’re able to communicate with one another like you have with Ethereum, we wanted to find general purpose protocols that will allow many different blockchains, despite what is running on top of them, even very different applications, to still be able to communicate with one another.

So really, the key design goal of the Cosmos network was to facilitate many independent, heterogeneous blockchains to still be able to communicate with one another, and so, the founding approach to that…at least to get it started…is this idea of starting with what we call the Cosmos hub, and starting with a set of blockchains that the first thing they’ll do is connect to the Cosmos hub, and the Cosmos hub will serve as this kind of router between the first set of blockchains that come online.

So, as you mentioned, the Cosmos hub is online now. There’s no other blockchain yet online in the Cosmos network. A lot of people are building their own blockchains and are either in Testnet phase, or actually, there is IRIS-net, which is a blockchain based out of China that’s built using the same technology stack as the Cosmos hub, but they’re not connected yet because we haven’t quite finished the piece that will allow them to interoperate what we call IBC, or the inter-blockchain communication protocol.

Once that is actually developed and deployed, then these different blockchains…at least these two, the Cosmos hub and IRIS-Net and then whatever others come online…will start to be able to communicate with one another, but in the long term, the idea of the Cosmos network was to roll out these protocols that would really do the blockchain space what protocols like TCP did to the internet, which was to actually create the internet, create this massive network of interconnected smaller networks.

So, in the same way, we think about this as like the interchain. We have many chains out there, and we’re trying to build protocols that will give us the interchain, and right now, we’ve localized it in this idea of the Cosmos network, which is the blockchains that are building up around the Cosmos hub, which was the first blockchain in this network.

Laura Shin:

So, what would be an example of how it works? I don’t know if this is a good example because these are both proof of work, but these are the two most popular coins, so what if I have bitcoin and I want to use it on Ethereum? Can I use…I just need theoretically because, obviously, you mentioned that you’re only working so far with things IRIS-Net, but if I wanted to do that, theoretically, how would I use the hub to do that? Or pick whatever blockchains…that’s for the example.

Jae/Ethan:

Bitcoin and Ethereum are based on proof of work, so it’s a bit more involved than just connecting to Tendermint based chains together, so I’ll use a different example, and maybe get back to the bitcoin example.

So, we have this framework called the Cosmos SDK. A lot of projects are building on the SDK in anticipation of IBC development being finished very soon. For example, IRIS was mentioned. There’s also Lino…it’s another blockchain that’s up and running. They actually have the most amount of users, last I heard 800,000 users on their chain, and with the IBC module, the two blockchains can communicate securely.

In other words, each blockchain can be aware of the other blockchain’s latest state, and they can start passing packets of information back and forth. On top of the packet is information encoded about how many tokens are being transferred to what blockchain and to what account on the destination.

It can be as simple as trading a Cosmos SDK-based blockchain using that framework, but there are other frameworks that plug into Tendermint as well, and so, it doesn’t have to be the SDK, but the idea is to create an interoperable network of blockchains that is very easy to plug into. If you build on the SDK, it would be very easy to connect to the Cosmos hub.

Laura Shin:

Okay, so yeah. Now, we’re getting into other terms we haven’t defined previously. So, the Cosmos SDK, which I think is a way that you guys provide tools for other developers to build their own blockchain. Is that correct?

Jae/Ethan:

Kind of like Ruby on Rails is an easy way to build a new website, Cosmos SDK is a framework for developing a blockchain application. That also includes Tendermint.

Tendermint is very agnostic to how you develop your blockchain application. You can develop it in any language, such as Python, Java or Go, and the Cosmos SDK is currently the leading framework to build on Tendermint, and it’s a Go framework.

Go is the language developed by Google. It’s a great language for developing a secure, complex application that is very efficient and fast.

Laura Shin:

When I was learning about this, there was something that seemed somewhat similar to Substrate from the Parity team. Is that correct?

Jae/Ethan:

There are a lot of analogies. Maybe one way to describe the differences, maybe the way bitcoin is to Ethereum, Cosmos may be to Polkadot. If you’re referring to Polkadot, then yeah, and Substrate, right?

Laura Shin:

Yeah, yeah.

Jae/Ethan:

We like to keep things very simple and modular. For example, the Tendermint consensus algorithm is a state-of-the-art consensus system, but it’s all based on rather simple concepts, and we try to keep the consensus algorithm as simple as possible because it’s quite complex. Consensus systems, I think, are definitely one of the most complex things I’ve ever had to develop, and it’s really important to keep such a complex algorithm simple, so that people can understand it.

There are similarities, but maybe one large difference is that we don’t start off, for example, with the assumption of complex cryptographic primitives like DLS features. We don’t have a virtual machine on the Cosmos hub, although you can develop your own virtual machine on the Cosmos SDK.

The idea is that the Cosmos hub is there to be a conservative set of features required to scale the cryptocurrency ecosystem by enabling interlocking token transfers, and really, that’s all we want to solve, but there’s a lot that you need to build in order to solve that well.

For example, we had to implement a governance system so that the blockchain can decide on what to do in the case of various failures. There’s a novel governance system built into the Cosmos hub. Recently, the network passed a proposal to upgrade the Cosmos hub to enable token transfers, so that’s governance in action there, and we had quite a bit of participation from the stakeholders, but there’s also a lot more that you need in order to make a good proof of stakes system.

We have pretty advanced or maybe the most advanced proof of stake delegation system, so that you can take your stake in tokens. Anyone can delegate to any of the validators, or you can run a validate yourself and earn a proportion of transaction fees, and there’s a commission system built in.

Recently, there was a blockchain…I won’t name it, but they had a delegation system that allowed the validator, the signor to run off with the earnings and the fees from the delegators, but we’ve implemented a novel and very efficient system that automatically handles transaction fee distribution on chain, so there’s a lot of components that need to come together to make this all happen.

Laura Shin:

One thing that is not clear to me is why use Cosmos rather than simply exchanging the tokens on an exchange or using an atomic swap?

Jae/Ethan:

Well, if you use an exchange to swap tokens…let’s say you have Bar coins on Bar Chain and Fu coins on Fu Chain, and you have you have Bar coins, but Fu Chain has the functionality that you need because it has the smart contract system or privacy features that you want that Bar Chain doesn’t, then you would have to trade Bar soins for Fu coins, but with the Cosmos system via two-way pegging and IPC connections, you can use the same tokens on any of the chains that accept them.

So, you’re essentially using the same token, although it’s two-way pegged, and that opens the door to a simplified model for everyone, so you don’t have to keep track of different tokens and all those different chains.

Jae/Ethan:

I think maybe a good analogy for that question…it kind of sounds similar to me saying why would I use the internet when I could just use AOL? You know, the internet opens up a whole new host of possibilities, both for people building applications and for people using them that aren’t really accessible through the kind of centralized gateway of an exchange or even just like a two-way atomic swap.

So, the goal of the Cosmos network is to really blow open the design space of possibilities for building new kinds of blockchains that can communicate with one another, and we’re only at the very beginning of that experimentation.

Jae/Ethan:

Here’s maybe just one more analogy. Let’s say you want to scale Ethereum because a single-way Ethereum chain can only process so many transactions per second. Once we connect to the Ethereum Mainnet, you can send your ether tokens to any number of EVM-based chains, so there could be 100 EVM-powered blockchains, all connected to the Cosmos hub, so now, we have an overall throughput that’s a hundred times greater than a single Ethereum chain, all using the same token.

Laura Shin:

All right, and then, one other thing I feel like I need to understand here…is so, the Cosmos hub is one of the blockchains that will exist in this system, and hubs have the zones that are associated with them. So, what are the zones, and who builds the zone? Is it you guys that build the zone? So, for instance, Zcash could have a zone. Would it be that Zcash developers would need to build that? Or how do you get these other chains to build these zones on your network?

And also, what happens in the zone, and how does it relate to the original blockchain?

Jae/Ethan:

Zones and hubs are just relativistic distinctions between different blockchains that, more or less, refer to the connectivity between them. So, a hub is a blockchain just like a zone is a blockchain, and anyone can build these kinds of blockchains and permissionlessly connect them. That’s the key goal, right?

So, the Cosmos hub is up and online, and anyone who has build a blockchain on top of Tendermint and implements the IBC protocol, which they would get for free if they use the Cosmos SDK, but they can implement themselves if they were using a different system, would then be able to, assuming they have a set of validators running their blockchain…whatever that set might be, they would then be able to connect with the Cosmos hub and engage in these kind of one-way token transfers and data transfers through the Cosmos hub.

Laura Shin:

Wait, just so I’m clear…so, the Cosmos hub only supports blockchains running on the Tendermint consensus algorithm?

Jae/Ethan:

In the short-term.

Laura Shin:

Oh, okay, so then, at some point, you’ll build out support for other types of consensus algorithms.

Jae/Ethan:

We would like to. Really, what this comes down to is the IBC protocol, and the IBC protocol has a number of requirements for a consensus that’s done for a blockchain to be able to utilize it. Right now, Tendermint is our main reference point for what that should look like, but we’re trying to design the IBC specification to be generalized enough so that any other kind of blockchain consensus system that satisfied the same kind of guarantees that Tendermint does would also be able to participate in this kind of IBC ecosystem.

Laura Shin:

And then, one other thing that I have seen is that, in order to connect to Cosmos, it’s best if the blockchain has fast finality rather than probabilistic finality, and Bitcoin and Ethereum have probabilistic finality, and they’re the most popular blockchains.

Can you define fast finality versus probabilistic finality? Let’s start there. Just define the difference between the two.

Jae/Ethan:

Sure. This is exactly the kind of property I was talking about with respect to IBC that Tendermint provides, so any other consensus algorithm that would provide this kind of fast finality and a few other things would fit within the IBC framework.

Basically, what fast finality means is that the protocol is designed such that, within the assumptions of the protocol, which tend to be that less than a third of the participants or of the voting power are malicious, so within those assumptions, when a block is created and voted on and committed, it’s finalized, and that happens very quickly.

What that means, finalized, is that it will not later be reverted. There is no way, within the protocol, for a block to be undone once it’s been committed. That’s what we mean by fast finality, that this finalization process whereby you have a strong guarantee within the protocol that the block is committed, it happens very quickly, right?

We can contrast that with this kind of probabilistic finality, that proof of work-based blockchains offer, like Bitcoin and Ethereum, where technically, theoretically and also in practice, block can actually be reverted at any time as part of the protocol.

So, in the Bitcoin protocol, blocks can be orphaned, which means a miner mines a blocks sends it out to the network, but another miner mined a block at the same height, and other people built on top of that, and so one of the blocks…even though it was created, and people saw it, and even, if possibly, a few blocks were built on top of it, it still gets reverted, and that’s part of the protocol where you have so wait some number of blocks…Bitcoin, they typically say six before the probability that it will be reverted is low enough that you can have enough confidence to continue on with your economic or commercial activity.

So, dealing with that kind of probabilistic nature of the commit of a block makes it very difficult to build these kinds of interoperability protocols because you don’t know, once a block has been committed, you don’t really know when that commit has happened or if it’s going to be reverted, and you don’t get the same kind of guarantee.

That’s basically the difference…is that, in a probabilistically final protocol, blocks can be reverted, undone, as part of the protocol, whereas in something with fast finality like Tendermint, once a block is committed, it’s never reverted.

Of course, if the assumptions of the protocol fail, like maybe more than a third of the validators happen to be malicious, then at least some of these guarantees could fail, and then blocks could be reverted, but that would be considered a failure state, rather than just a normal occurrence.

Jae/Ethan:

And once it fails, there’s a way to figure out which greater than one-third of voting power is responsible for it and recover from it.

Just one thing I wanted to mention is that it’s fast finality in the sense also that blocks can be committed very quickly. In the Cosmos hub, for example, blocks are committed once every six seconds.

Laura Shin:

Okay. I actually wanted to ask about validation in the Cosmos network. You guys only have 100 validators to start. Is that really sufficient to secure the chain? How can you be sure that…because as far as I understand, if, as you mentioned, it can go into a failure state if more than a third of the voting power is not there, and that’s necessary, I think, to create a fork, right? So, that would be 33 validators. It just feels like it’s so easy that it’s going to fail.

Jae/Ethan:

It’s actually much less than 33 right now because it’s 33 percent of the…it’s one-third of the total voting power, and so, I think right now that’s about five validators. If they got together, they would control more than one-third of the voting power, so obviously, it could be much better than that, and we would like to see it decentralized far beyond five.

I think it’s important to note a few things. First of all, the faults are attributable, which means that, if this one-third or more than one-third gets together to maliciously fork the blockchain or revert blocks or whatever, them doing that is attributable, so anyone else looking at that will know who was involved. The community then could say, okay, well, these guys are untrustworthy. We know that they’re the bad guys because there’s irrefutable proof that they did it, and so, we’ll make a new blockchain and fork them out.

To some extent, we rely on these…

Laura Shin:

But they could just change their identity and hook up to the new blockchain. It would be not exactly a simple attack, but do you know what I mean?

Jae/Ethan:

They should, but they wouldn’t necessarily have stake in the new blockchain because the new blockchain can say, well, we’re going to eliminate all those validators’ stake and kind of start again over here.

Laura Shin:

Right, but they could obtain stake again.

Jae/Ethan:

Absolutely, absolutely. You’re right, it’s not a…

Laura Shin:

And you wouldn’t know it was the same entity.

Jae/Ethan:

You wouldn’t. You could though, right, because part of the proof of stake system is that you have to attract delegators, and part of doing that is establishing a robust public identity, so if you look at the top validators, at least on Cosmos, they’re all publicly identifiable, publicly recognizable entities who have significant reputation on the line.

So, to some extent, at least there is this kind of business relationship or business offering that these people are positioning for, and that helps to secure this in a way that is maybe blasphemous in the eye of, say, a Bitcoin maximalist, but I think it’s part of the reality of the next generation of blockchains.

Jae/Ethan:

If I may, I’ll try to draw an analogy to Bitcoin. In Bitcoin, there’s a like of miners, but there are only so many mining pools within the top 99 percentile, and even to get to 51 percent of proof of work voting power is only a handful, maybe even less than five today of mining pools.

So, in Bitcoin, if the mining pools were to get together and conduct a 51 percent attack or a double spend, then they would lose the energy that they spent for, say, the one hour or however many hours, however many blocks…just a handful of blocks…that would be lost, but they would not lose their mining infrastructure, but in a proof of stake system, they would lose all of their stake, so it’s as if the miners were to lose all of their…it says if their mining equipment were to blow up, so it’s potentially significantly more secure.

Laura Shin:

Well, that’s interesting. Also, earlier, you were saying that, essentially, you would just fork the system, but I guess at that point, you would solicit new validators because, otherwise, then you have even a reduced number of validators. Do you know what I’m saying?

Like if you fork, and you get rid of the bad actors, then you’re starting off with a pool of validators that’s even smaller than before and is even more gameable.

Jae/Ethan:

Well, it’s likely that the distribution of stake will be a little bit more uniform. If it was before concentrated in the top five, and you’ve gotten rid of the top five, then your new validator set is going to be more evenly distributed.

There are a lot of parameters around how this would actually shake out with respect to the new token that would be created by this fork and what the value of that token is and how much would actually be at stake, so you know you’re right, that there are significant concerns and security issues around this, but we believe that this is an alternative system to what exists with proof of work and that it is more secure in many respects, and at the very least, there is significant skin in the game. There’s a lot more at stake for people participating, and there’s this kind of new opportunity to build resilient, fault-tolerant networks with very strong guarantees that you can actually at least look at and understand the guarantees and understand the failure mode and what the risk is.

In the same way that there are risks that the banks collude or that in existing systems things will go wrong, but it’s all behind closed doors, and there’s not much transparency, and you can’t really analyze the structure of the system in the same way. At least here, all of that is kind of out on the table. There’s a lot of encouragement for the identities of the validators to be public and so on.

Laura Shin:

All right. We’re going to discuss more about security after the break, but first a quick word from our fabulous sponsors.

Ethereal Summit:

Ethereal Summit returns to New York City this May 10th to 11th to kick off Blockchain Week and offer you a chance to go deep into the heart of crypto, blockchain, and Ethereum. Ethereal Summit is where you can get up close with the builders of blockchain and Ethereum, including many guests from Laura’s podcasts, like Amber Baldet, Tushar Jain, Ameen Soleimani, Chris Burniske, and Mike Novogratz. Head to Etherealsummit.com with the discount code LAURA20 to get 20% off tickets to join Laura and hundreds of the brightest minds in blockchain at Ethereal Summit New York,ÊMay 10th and 11th at Pioneer Works in Brooklyn.

Cipher Trace:

Did you know that if money laundering were an economy, its GDP would be the size of Canada’s? Large volumes of tainted crypto assets move through financial networks, often below the radar of banks. Cyber-criminals use unregulated crypto exchanges to avoid detection. No wonder governments around the world are rolling out tough new anti-money laundering laws for cryptocurrencies. Complying with those laws isn’t easy. Banks and exchanges need the best cryptocurrency intelligence available, to avoid penalties. Now you can use the same powerful AML and compliance monitoring tools used by regulators. CipherTrace is Securing the Crypto Economy. To learn more, visit Ciphertrace.com/unchained.

Laura Shin:

Back to my conversation with Jae Kwon and Ethan Buckman of Tendermint and Cosmos.

So, you guys admit already that, right now, the system is not very secure. What’s your plan to get more? Well, I don’t even know how you would do it, but it sounds to me like you would need more validators. Am I right?

Jae/Ethan:

I don’t know that it’s fair to say that we admit the system’s not very secure. I mean, security is a very dense, complex topic, and there’s a lot of dimensions to it, and in some ways…

Laura Shin:

Earlier when you said it would only take five validators because of the way things are delegated to…

Jae/Ethan:

Sure, but it only takes like three mining pools to collude to have a 51 attack on Bitcoin, so it’s already more decentralized than Bitcoin.

Laura Shin:

Okay, okay, so you feel comfortable with where you guys are at?

Jae/Ethan:

We’re sure that this is the right way to do it, and here’s one more example. First, I want to address your point earlier.

Once there’s an attack, those validators who conducted the attack and they’re greater than one -third of the total stake that’s bonded, they would disappear. They would get slashed out, and there was be, say, 95 or 90 validators left, but more validators can enter, and the delegations would change to accommodate, so that’s one aspect, but I think the more important aspect and the greater purpose or the reason why this is necessary for a scalable cryptocurrency ecosystem is because, with proof of work, you’re relying on miners who are so anonymous that it’s really easy for a small chain or any chain that’s, say, not Bitcoin to get 51 percent attacked.

Like I mentioned earlier, the miners would not get punished much. They would not be found. Their energy would be wasted, but that opportunity cost is small compared to how much they might gain, so with a proof of work system or if you only had proof of work, you can’t really have more than one secure blockchain.

With proof of stake and Tendermint Byzantine fault tolerance-based proof of stake especially, the security of one chain is independent of external actors, no matter how much computation power a nation-state may have. If one blockchain and their validators didn’t want to double spend the chain, then they will remain secure. There’s just no way for an external actor to affect the security of a chain in a proof-of-state system.

Laura Shin:

Oh, okay, and what you mean by that…because that was a question I was going to ask you later on, so what you’re saying is a nation-state can go to a miner on a proof of work blockchain and shut down their mining equipment or cut off their access to electricity, but here, they can’t force somebody to unbond their…I don’t know if I’ve used the terms correctly, but they can’t force them to move the coins out of their stake. Is that what you’re saying?

Jae/Ethan:

Any actor, including a colluding set of powerful miners with powerful electricity and mining infrastructure could attack any other chain as long as their mining equipment and the proof of work algorithm were compatible, and largely, they are, whereas in a proof of stake system, you can’t attack that externally with proof of work or computation power, so no matter how much money an organization or even a nation-state were to have, sure if they were to cut all the access to the global internet infrastructure, then everything’s off the table, but beyond that, it’s a very secure system.

Laura Shin:

Okay, this is interesting, but one other thing I wanted to ask about the number of validators you have, so in your white paper, you showed how with 64 validators, you can get about 4,000 transactions per second, or it was in the single-digit thousands, but it wasn’t tens of thousands, and you know, over time, you guys plan to increase to like 300 validators, so would that then decrease the amount of transactions per second?

In the white paper, the graphics show that the more validators you have, the fewer transactions you get per second, like when it’s four or whatever, it’s in the tens of thousands, so how do you plan to increase the number of validators but then also keep the throughput high?

Jae/Ethan:

That paper was describing the performance characteristics of Tendermint, and largely, the biggest thing that happens with a lot more validators, say 1,000 validators versus 100, is that your block commit time gets slower, so as opposed to, say, five-second blocks, it might take 15 seconds. The reason why is because this kind of consensus system that we’re building, classical Byzantine fault-tolerant algorithms that Tendermint’s based off of, requires quite a bit of communication overhead, so that’s why we limit it to 100 validators today, but I would say that a blockchain, a public blockchain especially, should really be a ledger, an application that can run on any laptop.

It should be able to run on a typical workstation because, otherwise, developers don’t have access to it, right? The blockchain should be accessible. Anyone should be able to sync with it, so I would say you don’t want that many transactions per second on a single blockchain.

Instead, what we focus on is providing horizontal scalability by allowing coordination among many blockchains in order to get overall higher transaction throughput.

Laura Shin:

And by that you mean you’ll have multiple hubs that are working within the Cosmos networks, and so if one hub is at its max, then they can just go to another hub. Is that what you’re saying?

Jae/Ethan:

Primarily what I mean is having many zones or many blockchains connected to a hub, so by virtue of, say, having 100 blockchains connected to the hub, you get 100 times of throughput than having a single blockchain, but you can also have a hierarchy…or it doesn’t have to be a hierarchy, you can have a network of hubs as well.

Laura Shin:

Okay, that’s interesting. One other thing I want to draw out, not only for the listeners but also for myself, because I’ve heard this term so many times, and I think I sort of understand it, but I could not explain it in simple terms to somebody else. That’s why I’m not really sure if I understand it.

When describing your consensus algorithm, you’re always talking about practical Byzantine fault tolerance. What exactly does that mean?

Jae/Ethan:

Practical Byzantine fault tolerance was a consensus algorithm that was described, I believe, in a 1999 paper. I’ll just give a really brief history of these non-proof of work classical Byzantine consensus algorithms.

It started in about the ‘70s or so in academia into papers. In literature, there had been a lot of research into Byzantine fault-tolerant consensus algorithms that don’t use proof of work, and then, of course….

:Laura Shin:

Can you describe what Byzantine fault tolerant means?

Jae/Ethan:

Okay. Byzantine means arbitrary or malicious behavior, so in a public blockchain, because it’s an open system where anyone can participate, you need to be able to tolerate arbitrary behavior, especially behavior that is malicious and trying to attack, say fork, the blockchain.

So, Byzantine fault tolerance means the ability to tolerate malicious behavior, and there’s always a limitation to how much fault tolerance a consensus system can tolerate, and in proof of work that’s 40 percent of malicious proof of work mining power, but in Tendermint, it’s 33 percent of voting power.

The reason why it’s 49 versus 33 is because, in Tendermint, we designed a system to be fast, so it’s based on what consensus literature calls a partially-synchronous model, which just means essentially you’re trying to make progress as soon as possible, and you’re acknowledging that network might have some delays.

Bitcoin can tolerate slightly more, 49 percent, but it’s also slower, and block times are 10 minutes each, and you have to wait an hour, and all of that is because it makes less assumptions or actually stronger assumptions about the network, and then, it requires that much time to ensure that blocks can fully propagate.

Does that answer your question?

Laura Shin:

I think so.

Jae/Ethan:

So, Laura, can you explain to us now what Byzantine fault tolerance is?

Laura Shin:

So, basically, it’s a LAN designing a system where the system can still be secure under a certain threshold of bad actors. Is that…?

Jae/Ethan:

That’s right.

Jae/Ethan:

The industrial context for this, the reason academics started working on it, is because humans decided they wanted to use computers to fly airplanes, and when you put a computer on an airplane 30,000 feet in the air, it’s in a very hostile environment. There’s a lot of incoming radiation, and the bits could arbitrarily flip, and the computer could fail in weird ways and not just crash, but explicitly do something that it wasn’t programmed to do, like some incorrect behavior.

So, the challenge that was posed to the researchers was how can you build a consensus system between the computers that are on an airplane that is fault tolerant not just to some of those computers crashing but even to some of them doing something incorrect. As part of that, it meant there had to be some kind of a voting algorithm in there so that you would need a quorum, like some kind of super majority or something, so that you would only say that, if something happened once that large set had agreed on it, and even if some of the computers are failing in arbitrary ways and telling you incorrect information, the system would still be okay, and your airplane would still fly straight.

That was kind of generalized over time to  how can we build these systems that operate over the internet with many different stakeholders that are participating where they all can stay in sync…they’re basically sharing a database, even though some of the participants might be explicitly malicious or adversarial.

The word Byzantine has come to represent any kind of arbitrary, non-protocol-following behavior, so anyone that’s acting incorrectly according to the rules of the protocol is effectively Byzantine, and so, what’s unique about the Cosmos hub and where its security comes from and so on is the fact that it’s really the first system to use classic Byzantine fault-tolerant consensus protocols on the public internet with real economic value at stake.

To even have “only” five distinct stakeholders in multiple jurisdictions across the world, with more than a third of the stake is a huge step forward for computer science and economics in some sense. So, as much as we’d like to improve that further, and maybe five isn’t enough, it’s still a huge gap from what was previously just one entity.

Laura Shin:

Right. I’m glad that you circled back to this because I did want to ask also about what happened during the game of stakes, which was this competition that you held in Testnet because it looks to me like there were some participants who showed how easy it would be to create a cartel amongst the validators with an incident involving a group called bitfish.

Can you describe what happened there? And then, just describe that story first.

Jae/Ethan:

Sure. I think it’s important to understand the difference between the game-of-stakes test and the Mainnet. They’re very different conditions, and when we set out to do game-of-states, there were a few things we were going after, and it’s possible that we conflated too much at once, and in future iterations of a game-of-stakes like thing, you want to disentangle the different goals.

One of the goals was really to prepare validators for adversarial scenarios and staying on line and securing their private keys and actually operating the network because we want experts, basically, to be involved in this, and so, Game of Stakes offered people a real ability to do that.

The other thing we thought we’d be able to test, but I think probably turned out not to be the case was the actual economics of the system, and the reason it wasn’t an accurate test of the economics was because it was just a short-term game with a minimal amount at stake, so no one had to pay to actually participate. There were expenses to running servers, but no one had to pay an entry cost, and you wouldn’t lose anything, so because you weren’t putting anything up, if you did something wrong, you weren’t going to lose any money.

There was some reward on the table in the form of Atoms, and it was a short-term game where your reputation wouldn’t be damaged if you attacked the system maliciously, so the Game of Stakes context is very different from Mainnet, so it’s hard to really draw too much learnings on the economic side from Game of Stakes and fly them to Mainnet.

What did happen on Game of Stakes, which was very interesting to see, is that, first of all, to participate in Game of Stakes, you had to complete a KYC process, so we collected quite a bit of information about the participants, and that was required for participation and to actually potentially receive the reward.

Laura Shin:

Just out of curiosity, why? Why if there wasn’t real money? Oh, oh, because they were being rewarded in Atoms?

Jae/Ethan:

Yeah, the reward was in Atoms, and so basically, the Interchain Foundation, which coordinated the Game of Stakes process said that of its allocation of Atoms in the genesis block, it would recommend that some of those go towards the winners of Game of Stakes, but in order to do that in a regulatory-compliant manner, it collected KYC information from all the participants and so on.

We also expected that, by collecting KYC, it would prevent anyone from mounting a civil attack on the system or on the game, so that no one would just be able to knock out the game by taking over with 33 percent of the vote, but what ended up happening was there was a civil attack where some group…this bitfish group ended up signing up using a large number of their relatives and friends and so on to actually register in the process and completed the KYC for them but thereby ended up controlling a significant amount of stake.

Actually, a number of people claimed to have detected this very early on when they saw a bunch of nodes come online at the same time and so on, and I think people were really curious to see how it would play out, but what ended up happening was they basically came to control quite a significant portion of the stake on the network, and so the rest of the validators, the rest of the participants, basically coordinated to have them removed, so they basically mounted a hard floor to remove that cabal from the validator set and to move on without them.

Laura Shin:

Yeah, did I read that they eventually collected 55 percent of the voting power?

Jae/Ethan:

I think that’s about right, yeah.

Laura Shin:

Wow. So, do you feel like the resolution that remaining validators came up with is something that would actually happen in a normal situation, not in a Testnet situation?

Jae/Ethan:

It’s conceivable. I don’t know. I think a single validator collecting that much…there were also some parameter changes on the Game of Stakes that made accumulation of stake in the large validators happen a lot more quickly, and so, that’s not the case on Mainnet, so attaining that much stake in one validator is probably far less likely to happen if at all.

If it did happen, I don’t know how the rest of the network would respond. It’s possible they would do that. It’s possible they would start by petitioning online to say, oh, you should decentralize, reduce your stake. It’s kind of like what we saw with…I think it was GigaHash, the mining pool a few years ago, and Bitcoin, they had close to 50 percent or at one point over 50 percent, and there was a large social effort to have people point their miners somewhere else to reduce their stake back down, and so, it’s possible the same kind of tactics could be used here.

Laura Shin:

Let’s move on because we’re running out of time.

One other thing I was curious about…I totally get how Cosmos is interesting because it enables this interoperability between chains, but in a way, right now, we have something like that on Ethereum with all these decentralized apps being able to interact with each other, so why should a developer build a blockchain using Cosmos, rather than just launching a decentralized application on Ethereum where they can tap into this whole ecosystem that’s been built there?

Jae/Ethan:

The main difference here is the developer environment. On Ethereum, you’re confined to the Ethereum virtual machine, which is a very limited and almost a toy version of an execution environment, and you’re stuck with the languages that were built for that virtual machine, which are very young, at most a couple years old. They’re maturing, and everything’s improving over time, but compared to a well-established language like Golang or Rust or JavaScript or anything that people have been writing in for a decade if not longer, the Ethereum development environment just pales in comparison to that.

If you want to free yourself from that and to use mature language tools and developer tools that you’ve been using potentially for decades and build a blockchain application in that kind of much more friendly and mature development environment, Cosmos offers the opportunity for that.

Jae/Ethan:

I want to be fair to the Ethereum system in that there’s definitely a need for a scripting system, say, a flexible way to upload arbitrary logic onto a chain. I think that is a fantastic idea. It allows for interoperability within a single chain, so that’s great, and that will remain useful and an important part of the cryptocurrency system.

There are some limitations to this. One is you’re reliant on, as of now, a single chain, so there are only so many transactions per section that the Ethereum Mainnet can handle, but also, in the case of, let’s say, conflict…if you remember what happened with the Dow hack and the hard fork that happened from the Dow hack, there was a lot of discussion and contention about what to do about this situation.

In that case, what happened was that the chain itself split into two because there wasn’t a good governance system built in, but you can see how, in the case of contention for all kinds of issues. In the future, there will be more issues like this in general as cryptocurrencies and blockchain ecosystem matures and grows. It’s necessary to provide sovereignty to a community that wants to run their own chain.

By having the Cosmos network and allowing any blockchain to have their own validator set and their own application logic and their own rules and their own governance, we believe this is necessary to accommodate everyone in a large new token economy.

Laura Shin:

So, there is this proposal for something called AfirmeNet, which is Ethereum running on Tendermint, so it’s not clear to me how that would be different form Ethereum…like what could people do in ethermint that they couldn’t do in Ethereum, or why would they prefer that environment over Ethereum? And also, is this something people are actually working on, or is it proposed? I can’t figure that out either.

Jae/Ethan:

It is a real project. It’s in development. It’s still kind of alpha software. Everything is still sort of alpha software, but ethermint in particular. We had an initial version a couple years ago, and we’ve rewritten it to use now the Cosmos SDK so that it can integrate very nicely into the Cosmos network, and the idea there is, like Jae was saying, as much as young and novel as the Ethereum virtual machine is, it’s still extremely valuable to have that kind of a scripting engine where you can just upload code on the fly.

There’s a huge developer community there, and there’s a ton of interesting work happening, being built on top of the Ethereum virtual machine, and so, what we built with ethermint was basically a way to support anything you might build on the Ethereum virtual machine, but instead of it running on proof of work, like it would on the Ethereum Mainnet, it can run on top of Tendermint, right?

So, you can do anything you could have done on Ethereum, but now you can do it faster and with lower latency, and on a blockchain where the validator of that chain has more sovereignty compared to the rest of the Ethereum network, but the one thing you can’t do if you’re using ethermint is communicate with all the other smart contracts that have been deployed on the Ethereum Mainnet because you’re on a different blockchain.

Laura Shin:

Oh, you can’t? Oh, now I understand.

Jae/Ethan:

Not immediately. Anyone could take the ethermint software and run an ethermint blockchain with some validators set, and they could take any contracts that they’ve written for the Ethereum Mainnet, and they could run those on their ethermint deployment, but it’s an isolated blockchain, so unless it’s connected up through the Cosmos network to everything else, it kind of stands on its own.

Even once it is connected up, it won’t have the same kind of access that a contract on Mainnet Ethereum would have to the other contracts on Mainnet Ethereum. So, we’re working on that interoperability piece, but it’s still a little bit away, and it’ll be a different kind of interoperability than you would get if you deployed directly to Mainnet.

So, if you want to talk directly to other contracts on Mainnet Ethereum, you pretty much have no choice but to deploy a contract to Mainnet Ethereum.

Laura Shin:

So, it’s not like you would create MakerDAO on ethermint, and suddenly, people would be using the ethermint DAI to take out loans using Dharma or put that money into Compound and earn interest. Basically, you would have to create that whole new ecosystem.

Jae/Ethan:

Exactly. You could replicate all of that DEFI stuff on top of ethermint on Cosmos. The benefit of doing that would be that there could be a much higher throughput because, first of all, it’s running on Tendermint, so it would be much faster than on the proof of work public Ethereum blockchain, but because we can also have the vertical scalability through having multiple ethermint blockchains that are able to connect to one another, they wouldn’t have to contend with, say, CryptoKitties.

The CryptoKitties transactions could be on one ethermint blockchain, and a bunch of the other DEFI stuff could be on another, and that way you’d be able to have higher throughput through the system.

Jae/Ethan:

I just wanted to add here that we’re focusing on token interoperability to start, but we will be designing our tech so that, eventually, it will be possible to also make cross chain smart contract calls, but our focus with the Cosmos hub certainly is just to focus on the token economy to start off with.

IBC, Peggy, which is our IBC equivalent to connect to Ethereum, eventually can be used for any kind of cross chain interoperability.

Laura Shin:

All right. Actually, I’m glad you brought up tokens again because I did also want to ask you about Atoms. What do Atoms do in the Cosmos network, and at this moment, if I own Atoms, what can I do with them?

Jae/Ethan:

Atoms…we call it a staking token. It’s not meant to be a currency. It’s certainly not a stable coin. It’s not meant to be something that you transact with regularly, but it’s maybe analogous to virtual bitcoin miners in that it gives you a voting power on the Cosmos hub.

When you stake your staking tokens, your Atoms, you can participate as a validator, or you can delegate your staking tokens to any other validators, and that gives you access to governance. You can vote on proposals. It also gives you access to transaction fees so you can earn transaction fees and any block rewards in the future.

Laura Shin:

Since  you also mentioned governance…you did mention it earlier as well. It sounds like it’s done on chain. Can you describe how that works?

Jae/Ethan:

Yeah. It’s a very simple governance system where you can make any proposal you want, so that the last proposal that passed was just written in English. The idea is that, as long as more than 51 percent of the bonded stakeholders vote in favor of that proposal, it passes, so there’s a social consensus there, too.

You can imagine there being an implicit constitution that’s also implemented in the code. There’s also a bit of a twist in that a one-third minority can also veto, so even though a proposal passes, it’s possible for it to be vetoed in the case there’s a small minority that is strongly not in favor of that proposal, but that’s the basic idea, and soon, we will have parameter changes as well.

Through governance, you can tweak, the parameters of this blockchain, and certainly you can upgrade a chain through plain English proposals, but in the future, you can imagine we’ll also implement automatic upgrading as well.

Laura Shin:

And then, earlier in the podcast, we talked about some of the other…I guess these are blockchains that are building zones. I’m just blanking on the names.

Jae/Ethan:

The Cosmos SDK?

Laura Shin:

They’re short names. There are two…

Jae/Ethan:

Like Iris and Lino.

Laura Shin:

Yes, exactly, Lino. Yeah, yeah, but aren’t there other ones that are using Tendermint as well? Isn’t BinanceDex using Tendermint?

Jae/Ethan:

Yeah, and we believe a variant of the Cosmos SDK, so there’s actually a very large number of projects building either directly on Tendermint or using the Cosmos SDK. For instance, Loom, which is a project that’s built around pegs to Ethereum is built on top of Tendermint. There are many others as well.

Laura Shin:

So, in the short term, what would be the chains that would be interoperable?

Jae/Ethan:

Well, it’s up to them. The ones that are using the Cosmos SDK will get the interoperability out of the box when those features land in the SDK, and others would have to either pull them in or make it work within the framework they used to build their blockchain application, but the goal of the IBC specification is to make it general purpose enough that anyone will be able to implement it and be compatible with it, regardless of how they built their application on top of Tendermint and down the road on top of other consensus algorithms, too.

Jae/Ethan:

There are other frameworks besides the SDK that people are using as well. There’s Lotion, which is an SDK for JavaScript, and some projects are even implementing their own or foregoing any frameworks and building directly on top of Tendermint.

For example, there’s the Thailand National ID project, which is built directly on Tendermint, and in the future, they can also interoperate with the Cosmos hub through IBC.

Laura Shin:

All right. So now, Tendermint, the company, has launched Cosmos, but you guys also recently raised $9 million led by Paradigm, which is the crypto VC firm that was launched by Fred Ehrsam, the cofounder of Coinbase and Matt Wong, formerly of Sequoia Capital.

What’s next for you guys? What are you focused on?

Jae/Ethan:

Just a bit of clarification. Tendermint is the software provider, and it was the Interchain Foundation technically that lost to Chain.

Laura Shin:

Oh, okay.

Jae/Ethan:

But no problem.

Jae/Ethan:

It was the community that launched the chain that we are all part of the community. Let’s be real here.

Jae/Ethan:

It was a decentralized launch

Jae/Ethan:

Neither the company nor the Interchain Foundation were actually running validators, so the network launched completely independent of those entities, which I think was quite cool to see.

Laura Shin:

In case anyone from the SEC is listening…

Jae/Ethan:

Or anyone else who’s interested in this decentralized launch of cryptocurrency networks.

Jae/Ethan:

We’re currently focused on completely the infrastructure, so IBC is a big one. Peggy is the next, but Tendermint, the company, soon after we’re done with all of this, will be developing actual applications. So, we’re looking for a sustainable source of revenue in two prongs. One, something in the financial space and something else that’s a little less financial, but we can’t talk about yet but would love to discuss as soon as we can.

Laura Shin:

Okay. Well, I guess maybe I’ll open with that the next time I have you guys on Unchained. Where can people learn more about you and Cosmos and Tendermint and the Interchain Foundation and etc., etc.?

Jae/Ethan:

Log into their respective websites. The main Cosmos website is Cosmos.network and especially if you check out Cosmos.network/launch, there is a lost of block explorers there where you can go…there’s a whole bunch of community-built block explorers where you can explore the network, see the validators.

There’s also Loonie, which is listed there…Loonie.io, which is a wallet system that was built for interacting with the Cosmos network and exploring it, and then, Tendermint, of course…tendermin.com, and that’s a site both for the company and for the product, Tendermint, and then for the Interchain Foundation, there’s interchain.io, which is just the home page for the Interchain Foundation.

Laura Shin:

Great. Well, thanks so much for coming on Unchained.

Jae/Ethan:

Thank you so much for having us.

Jae/Ethan:

Thank you, Laura. It’s been a pleasure.

Laura Shin:

Thanks so much for joining us today. To learn more about Jae and Ethan and Cosmos and Tendermint and the Interchain Foundation, check out the show notes inside your podcast player.

If you are not yet signed up for my weekly newsletter, go to unchainedpodcast.com right now to get my thoughts on the top crypto stories of the week, and be sure to check out our new channel on YouTube. Unchained is produced by me, Laura Shin, with help from Raelene Gullapalli, Fractal Recording, Jennie Josephson, Daniel Nuss, and  Rich Stroffolino Thanks for listening.