The idea of turing complete crytocontracts is super exciting, but I understand why Satoshi didn't add a turing complete language in Bitcoin.
Turing complete contracts add a whole new level of complexity (e.g. http://en.wikipedia.org/wiki/Halting_problem). I guess many (most?) could be solved by limiting computation time - it it's still a scary world. If one just considers how many significant issues the much more basic Bitcoin protocol has managed to hide (e.g. transaction malleability). If implementing a "basic" protocol is that hard - the idea of a turing complete protocol is formidable!
In Ethereum, you need to fund a contract in order for it to perform computations, and the amount that gets charged to a contract depends on the amount of work it does. So if someone were to write an infinite loop, for example, eventually the contract would run out of money and die.
The halting problem is not a practical issue with Ethereum, because the system doesn't care, in advance, whether or not a contract will halt. It will just run it to find out.
How does this work as the network scales? If I understand it correctly, every node needs to execute every contract. This means that for some large enough number of nodes, it must either cost more for the network to perform the computation than any constant cost of execution, or the cost of contracts must vary by the size of the network executing them. Could someone more knowledgeable about the project explain more?
Nodes can't be compensated for this— only the single miner who chose to burden the chain with the contract. Everyone else has to go along for the ride (or skip verifying it and hope that the anonymous miner wasn't lying). This is one of the reasons Bitcoin has very purposefully eschewed contracts which are computationally expensive to execute.
You can almost always perform a computationally expensive contract externally to the system and bind it with a hashlock or multisig, in any case. The inability of the a consensus system to perform IO to outside world usually demands those techniques in any case.
It would be really cool if they could figure out a way to adapt the fees of various operations to match their costs. Fixed fees will almost certainly not do this.
Imagine someone develops a chip that can calculate ECDSA operations 10 times faster, consuming 100 times less electricity. In a well-functioning market, the consequence of this would be that the price of ECDSA operations would drop, to reflect the fact that they now cost less to verify. With fixed fees, this isn't possible, and there is no financial incentive to optimize any given operation, without optimizing all operations simultaneously.
> How does this work as the network scales? If I understand it correctly, every node needs to execute every contract.
Such a network can grow to some extent, but how can it truly scale? There is limited scaling, of course, but node requirements increase as traffic increases, and there is no scalability through distribution of computational resources. So the more work the system does, the stronger each node needs to be.
If the answer to this is, "No problem - we'll just make it more expensive," then the required computational resources could be purchased with the very cryptocurrency that is generated from the system. At that point, it seems to me that the snake eats its own tail.
Regardless, before we declare that there can be any democratization enabled by this tech, I think we need to ask the question, "How does this not transfer even more power to those with the most computational power?"
Put another way, it seems this is tailor-made for Google and Amazon, not an organization of Joe Publics, each with a couple extra GPU's installed. It's still going to be about the "haves" and the "have-nots."
I'm happy to be proven wrong on any of these thoughts. I just think that if we were talking about any other tech, this computational model would not be considered scalable in any meaningful way.
Yes, an ethereum contract might cost 50 cents to run.
Now try calling some lawyers and ask them how much it typicaly costs to defend a contract in our traditional court system... it will probably be a number 100000% higher than 50 cents.
Would someone mind explaining the concept of contracts in Ethereum? Specifically how it’s related to paper contracts, for example my rental contract, in which all parties (me, the landlord and the jurisdiction) agree upon several rules like "appartment for money" and "violation leads to punishment by the jurisdiction". Who/what are the parties, what are the rules and what mechanisms prevent violations?
A contract in Ethereum is a basically a software agent that runs on a Bitcoin-like blockchain. It's a computer program attached to a bank account that is triggered by, e.g., transferring money into the contract's account. The program can do calculations, read and write from memory, as well as transfer money to other accounts and a few other things.
From there you can write contracts that do things similar to their paper, real-world counterparts. Say you wanted to set up a one-year rental contract. The landlord would create the contract and you, the tenant, would transfer your security deposit into it. The contract would have logic something like this whenever it is activated:
if rent money was just deposited
transfer the money to the landlord
mark last month as paid
else if payment is more than 30 days overdue
transfer security deposit to landlord
end contract
else if one year has elapsed since contract started
transfer security deposit to tenant
end contract
This contract will keep track of whether a tenant is up-to-date on their rent payments. As long as the contract survives, the tenant is allowed to stay in the unit.
The idea is that instead of a contract being enforced by the good will of the participants, or a court if that fails, it's enforced by the logic programmed into the contract itself.
else if one year has elapsed since contract started
transfer security deposit to tenant
end contract
This ignores the reason for a deposit in the first place. What if the carpets were burned in that year? Some of the deposit needs to be kept by the landlord. How does etherium know the carpet was burned? If the landlord says so, then the landlord may be lying.
For simpler operation - if rent not paid - then end contract - that sounds like it adds no benefit. No need for a program to tell you the contract has ended.
This is very useful to prove authenticity of a contract and for very simple contracts as well such as a bet. If there can be any sort of dispute about the contract though I don't see how it can be useful again save for authenticity.
Actually, we kind of discovered that, unless we radically cripple our model (eg. by removing the first-class-citizen property) Turing-completeness is basically irrelevant either way.
Vitalik, are you aware of the construct of total functional programming languages? It is possible to have recursion without giving up solution to the halting problem.
Ah okay, interesting, thanks for the link. So it's basically a maximally powerful non-Turing-complete language. I would argue that the section in our v2 whitepaper on non-Turing-complete languages still covers the fallacy behind that: you can still have exponential blowup, so you still need a concept of maximum steps, but then once you have a concept of maximum steps there's little benefit to restricting the programming language.
In essence, it's just recursion that's only allowed when the recursive input is in some sense strictly "smaller" than its input and therefore necessarily terminates if the input is of finite size and cannot drop below zero.
However, it's not magic: it's not automatically trivial to generate such a proof of termination (I'd assume there exist definitely terminating programs for any given proof system that cannot be proven to terminate in that formalism), and it may be a moot point since a slow enough algorithm is for all intents and purposes non-terminating...
"The project’s team, which is almost entirely male, includes experts in finance, "
I don't understand how is that relevant. Why is press so sexiest these days? Are they trying to toehold to anything even remotely political to get the views?
I understand that it probably isn't relevant, but I don't think it is sexist. It doesn't say that an almost entirely male team is good nor bad for the project.
For me is like they have said, a team mostly based on <random city>
"A team mostly based in <xyz>" actually does add information that explores part of a story.
If the team was based in San Fransisco, it would be part of the established silicon valley culture, versus if it was based in an emerging tech hub, then the story would be that they are part of an emerging tech hub.
Very little can be written in journalism that isn't relevant in some way.
We've accepted a value system in the west that more males in a field == bad, unless that field is physically dangerous or otherwise undesirable. So the sex composition of things is noticed and considered important.
However, note that every frontier field is male-skewed, probably due to lower male risk-aversion. So this philosophy is anti-innovation.
There is some statistical evidence that males have higher variance in general. CEOs are mostly male, people in extremely advanced math classes are mostly male, but at the same time people in prison are mostly male, and people performing dirty and dangerous labor are mostly male. Since personal utility is logarithmic in success, but visibility is close to linear, it's very easy to miss the importance of this other side of the issue, but it's there and IMO not sufficiently talked about (likely because saying "X has high variance" has no bearing on whether X is high or low, and is therefore not really useful to any side trying to make a political point).
The general four categories of options that we had are:
(i) a traditional banking/tax haven (Isle of Man, Panama, etc)
(ii) Switzerland
(iii) Iceland
(iv) Singapore / some other "Asian tiger"
The reason we discarded (i), aside from reputational concerns, is that such jurisdictions tend to be unstable; they are nice to you right up until the US government wants them to stop being nice to you, at which point they flop over in ten seconds. (iii), while nice for other crypto-startups, is bad here because there is unfortunately a hostile legal environment for cryptocurrency. The choice between (ii) and (iv) is arbitrary; both categories of jurisdictions have a good legal environment for these kinds of projects, and both have a reputation for being reliable and consistent. We chose Switzerland because (1) the government is more accessible, so there is no need to wait six months to talk to regulators, (2) we are working with OpenTransactions, who had an established understanding of the local legal environment and have been able to provide massive help to us, and (3) because it's linguistically and culturally easier for us to deal with Swiss regulators than Chinese regulators.
So it's not at all a free-for-all; it's a solid legal environment with an established reputation for stability that meets our objectives. If we wanted/needed a true free-for-all, we would be working with Panama.
Thanks for commenting. I don't think there is a misunderstanding, but just to clarify, I was taking issue with the article author's description of Switzerland -- not your choice of where to set up shop.
I can see why Switzerland is a smart choice, for reasons such as those you give.
I agree. This article seems slanted pretty heavily against some pretty common ideals on hacker news. Notice the FUD about sky net and then the souless algorithm part at the end. Not to mention the random comment that most of the dev team are male (but not all, which I guess might have worthy of reporting if it were true).
Basically it's an article on an interesting topic. I just wish a better source had been posted.
This is not correct. It's a part of the consensus system rules and cannot be just enabled and disabled on a node by node basis. It must be preformed precisely and identically on all systems.
What is the case is that nodes don't relay transactions with unusual scripts to prevent DOS attacks, but once they're in a block they're fine.
It will probably have almost as many security issues as Javascript has on the Internet today, but even so, it will probably be worth it, if it enables a ton of good things that weren't possible before either with cryptocurrencies or on the current Internet.
Cryptocurrency contracts inherit the remote code challenges that Javascript experiences but also a whole set of additional really gnarly challenges because the systems must reach exactly identical states in all cases or the network will irreparably fork.
It would be like if the entire web split into mutually incompatible partitions the first time someone crafted some JS code which behaved differently in IE and Firefox.
> Simple, templated Scripts are allowed in Bitcoin
This is a common misconception. Stock nodes won't relay transactions with weird scripts by default, but they're perfectly valid in the blockchain and verified by all nodes once someone configured to mine them has mined them.
> It is also not Turing-complete
Nor, pedantically, is what etherum proposes. Nothing time and space limited is.
What consensus systems like Bitcoin (and alt coins) do, however, is not executing programs in so much as that they are verifying an execution transcript that someone else performed (which is why all nodes compute the same values). Verification of an transcript of even arbitrary program execution is in P— you don't technically need turing completeness to express it. Though some forms of transcript expression may be more efficient. What Bitcoin does has the advantage of making the computationally work simply statically decidable— it's proportional to script size— and this relation means that— within reason— there is only one limited resource transactions have to worry about consuming, which makes the appropriate fee model obvious.
Lately I have become much more comfortable with the idea of computer-controlled systems for one simple reason: our world is already computer controlled. The computer in question is the universe with its laws of physics and humans provide the inputs to this great multisig by manipulating their body parts. At the "base layer", no semblance of compassion really exists: the person who wins is the one who can wield the most violence. This is true even in anarchies; when it comes down to it, it's the guy with the guns who has the final say. And yet humans have managed to take this base layer and build all sorts of other structures on top. The world of programmatic smart contracts is exactly the same; it's just a set of cryptographic "laws of physics" that you can build stuff on, except it's designed to be both much more efficient and at the same time voluntarist at the core - unlike in the "real world", it's much harder to successfully steal a private key than it is to create and use one.
Very well said. In addition, due to our evolutionary origins, humans tend to be inherently far more prone to malevolent behavior. Human history demonstrates the severity of this tendency quite dramatically.
A an impartial system of rules may not be understanding of specific emotional contexts, but it is by definition fair. This is because it will always behave in the same manner given the same inputs.
Given the judicial reality of most present (and past) societies, I would trust my fate to a carefully designed legal algorithm over a human jury every time.
The use of the word "successor" in the article title implies that Bitcoin is dead. It's a shame how many people (and news outlets) equate the failure of MtGox with the failure of bitcoin.
I dont think the subjugation of bitcoin to the past-tense is exclusively due to Mt Gox; the recent IRS ruling in the US of bitcoin as property also downgraded bitcoin's status significantly, at least in the US
Turing complete contracts add a whole new level of complexity (e.g. http://en.wikipedia.org/wiki/Halting_problem). I guess many (most?) could be solved by limiting computation time - it it's still a scary world. If one just considers how many significant issues the much more basic Bitcoin protocol has managed to hide (e.g. transaction malleability). If implementing a "basic" protocol is that hard - the idea of a turing complete protocol is formidable!