Andrew Poelstra谈Liquid的简洁之道 | SLP686

大家好，欢迎回到Stefan Lovera播客。今天再次加入我们的是Blockstream的研究总监Andrew Polstra。Andrew，欢迎回到节目。

Hi everyone and welcome back to Stefan Lovera podcast. Joining me again today is Andrew Polstra, director of research over at Blockstream. Andrew, welcome back to the show.

嘿，Stefan。很高兴回来。

Hey, Stefan. Great to be back.

Andrew，我们团队最近在Liquid上推出了SimpliCity。所以想聊聊这个项目，以及它对比特币开发和Liquid的意义。我想先为新人快速解释下Liquid，根据我的理解，你随时可以纠正我。Liquid的技术术语是'联邦侧链'，意味着比特币用户可以将BTC锚定到Liquid网络获得LBTC，它采用UTXO模型，用户可以在Liquid网络内转账，然后通过兑换商锚定回比特币。总体而言，它提供了与比特币主链不同的权衡方案。

So Andrew, know I the team have recently launched Simpli SimpliCity on Liquid. So gonna chat a bit about that and what it means for Bitcoin development as well as Liquid. I suppose maybe I'll I'll just try to quickly for new people just to explain a little bit about Liquid, I guess, in my understanding and you tell me where I'm getting anything wrong. But the idea with liquid, I guess the technical term people would use is it is a federated side chain, meaning on Bitcoin people can peg coins or BTC into liquid and then they've got LBTC and then it's using a UTXO model and people can send coins around inside of Liquid and then they can peg out using a swap provider and so on. And, the general idea is it offers different trade offs to Bitcoin main chain.

它没有挖矿机制，采用签名区块，每分钟出一个区块，支持保密交易。这些就是Liquid的一些不同权衡特性。

It doesn't have mining. It has signed blocks. It has one minute block times. It has confidential transactions. So see that these are some of the different trade offs that liquid has.

Liquid生态中有各种钱包和服务提供商。比如Blockstream官方应用就支持Liquid，还有Aqua、Bull Bitcoin钱包、SideSwap等，以及Bolts交易所作为服务商。

And so there are different, let's say, wallets and providers in the ecosystem of liquid. So that's how I would explain liquid just for somebody who's new. And then there are wallets, I guess, Blockstream, obviously, Blockstream app supports it. There are others like Aqua, Bull Bitcoin wallet, maybe SideSwap and some of these others, and Bolts. Exchange as a provider.

这些是我能想到的关于Liquid的概况。你还有什么要补充的吗？然后我们可以讨论什么是SimpliCity。

Those are a few off the top of my head as a bit of an overview on liquid itself. Yeah, guess, you want wanna elaborate a bit on that? And then then we can get into what is simplicity.

当然。你对Liquid的总结很到位。它确实是条侧链，是条区块链。

Yeah. For sure. That's that's a great summary of liquid. It is it's a side chain. It is as a blockchain.

这是比特币的一个分叉。我们使用的客户端，或者说验证节点，叫做Elements核心。它直接是从比特币核心分叉出来的，我们添加了大量新功能，就像你说的。保密交易、现在有Simplicity、在Simplicity之前的新脚本操作码、一分钟出块、多资产支持，一大堆这样的功能集合，我们还有一个锚定机制对吧？所以你可以把比特币从主链转移到Liquid网络，也可以转回去。

It's a fork of Bitcoin. The the client that we use, or the validating node that we use, is called elements core. It's directly a fork of Bitcoin core, where we've added a whole bunch of new stuff, as you said. Confidential transactions, now simplicity, new script opcodes prior to simplicity, one minute blocks, multiple asset support, just a whole pile of, a grab bag of things like that, and we have a peg, right? So, you can move Bitcoin from Bitcoin onto liquid, you can move Bitcoin off.

就像你提到的，要把比特币从Liquid转回主链，直接操作是有机制的，但由于这会减少侧链余额，需要一些额外的签名。通常的做法是通过兑换服务商来完成，他们最终会使用锚定机制来平衡账本，但作为用户你可能只想用兑换服务，因为可以即时到账，有几种不同的使用方式。Liquid于2018年上线，之前我们有个测试网络叫LMS Alpha，它包含了一些很酷的技术：通过额外操作码实现的契约支持，还有一个比比特币更早的隔离见证版本，当时在Elements上开发时其实挺难看的。

As you mentioned, moving Bitcoin off of liquid, to do this directly, there is a mechanism, but because that's reducing the balance of the side chain, there's some additional signatures that are required. The typical way that you would do it is by using a swap provider, who eventually, to rebalance their own books, will actually use the peg mechanism, but as a user, you probably just want to use a swap, right, because that's gonna be instant, and there are a few different ways that you can use that. So, Liquid launched in 2018. Before that, we had kind of a Liquid test network, or a preview called LMS Alpha, and LMS Alpha had a number of kind of neat technology things. It had covenant support through extra opcodes, and it had a version of SegWit that predates the version of SegWit in Bitcoin, which actually was, at the time that we developed it on Elements, it was pretty ugly.

如果直接放到比特币上会是个硬分叉改动。所以我们在Elements上开发了隔离见证的核心概念，后来比特币那边的几个人（特别是Luke Dasher）发现可以软分叉方式部署，避免了硬分叉需要的协调工作和各种问题。比特币部署隔离见证后，我们又把这个版本反哺回Elements（也就是现在的Liquid）。这个故事说明Liquid已经存在近七年了，既是独立的侧链，有时也作为展示比特币潜在改进的平台。

It would have been a hard forking change to put it into Bitcoin. And so, Elements, we developed the main idea of SegWit, and then a few people on the Bitcoin side, in particular Luke Dasher, figured out that there was a way to deploy SegWit where it would be a soft fork, and where it could be deployed with much less coordination and like a flag day, and all sorts of problems that would come with a hard fork. And then Bitcoin launched SegWit, and then we took the Bitcoin version of SegWit, pulled it back into Elements, which is now Liquid, and now we have it on Liquid. So, the point of that story is that Liquid's been around for, I guess, seven, almost seven years now, and has a long history of kind of this interplay between Liquid is a side chain in its own right, but also it sometimes serves as kind of a platform for demonstrating potential improvements to Bitcoin.

明白了。我们今天主要要讨论的话题是Simplicity。能给不太了解技术细节的听众简单介绍一下吗？

Gotcha. Yeah. And as we were discussing, obviously, main topic we're going to be talking about today is simplicity. So can you give us just a brief overview? What is simplicity for people who maybe aren't as familiar with some of these technical aspects?

好的。Simplicity与比特币脚本（更准确说是Tapscript）并列，是人们给代币附加脚本的另一种机制。比特币的脚本系统通常只用于验证签名，但也能实现更复杂的用例：多签、时间锁备份密钥等结构，还有使用哈希原像的更复杂结构（比如构成闪电网络的HTLC）。

Sure. Yeah. So, Simplicity sits alongside Bitcoin script, or alongside Tapscript, I should say, as a mechanism for people to attach scripts to their coins. So, on Bitcoin, as many people are aware, there's a scripting system that exists that typically is just used to validate signatures, but there are more advanced use cases that people do. Various multi signature and time locked backup keys and various constructions like this, and then also a couple more elaborate constructions that use hash pre images, and so things like HTLC, which build up the Lightning Network and stuff.

可能较少人知道的是，Taproot对脚本系统做了微调：一个输出可以关联多个脚本，而顶层脚本其实根本不是脚本，只是个签名密钥。Taproot的理念是，无论代币由个人还是多人控制，最终决定移动代币的签名者都可以（可能通过交互）产生单个签名。所以Taproot顶层总是用单个密钥签名，这个密钥可能代表多个人。这是Schnorr签名实现的巧妙技巧。

And what maybe fewer people are aware of is that with Taproot, the scripting system was slightly tweaked, in that in Taproot, you can have multiple scripts associated with a single output. And the top level script, if you will, is not even a script, it's just a key, it's just a signing key that you sign with. So, the idea behind Taproot is that if you have some coins that maybe they're owned by you as an individual, maybe they're owned by multiple people, maybe there are multiple keys involved, but in all of those cases where ultimately there's some signers deciding whether to move the coins, they can come together and produce a signature, possibly interactively. They can produce a single signature for a single key. So, the top level of a taproot is always just like signed with a single key, and that key might be multiple people even though it's one key.

在这个密钥里还嵌着不同脚本的默克尔树。你可以编码各种情境：比如当无法签名时（典型例子是闪电网络中一方掉线或试图发布旧链状态），就需要用比特币脚本来强制执行替代条件。Taproot中可以包含任意数量的这类条件，甚至能容纳数百万个。

It's kind of a cool trick that the Schnorr signatures make able. But then, embedded in that key, there is what's called the Merkle tree of different scripts. So, there are all these different situations that you can encode where if for whatever reason you can't sign a script. So, the classic example is in a Lightning channel where one party just drops offline or tries to publish an old version of the chain state or something Then, like obviously, one of your parties is not cooperating, so they can't participate in a signature, so then you've got to go use Bitcoin's script to say, well, okay, here these alternate non signature conditions that the blockchain is enforcing for you. And in Taproot, you can have as many of those as you want, and you can fit millions of them in there.

这些脚本都使用一种名为比特币脚本的语言，它支持签名验证、哈希原像检查、时间锁功能，并能以多种方式组合这些功能，对吧？你可以设置'与'或'或'条件，甚至设定阈值，比如满足三到五个条件之类。而Simplicity就相当于替代脚本解释器的角色。在Simplicity体系或当前的Liquid网络上，你可以创建一个Taproot输出，其中比特币脚本和Simplicity脚本可以并行作为备选方案。

And each of these scripts uses a language called Bitcoin script, which supports checking signatures, it supports hash pre images, it supports time locks, it supports composing these in various ways, right? You can have an and or an or, some thresholds, like three or five of these conditions kind of thing. And so simplicity sits in where script would be. So, in a simplicity world, or on Liquid today, you can have a taproot output where you have a Bitcoin script that can be used as an alternate, and a Simplicity script that can be used as an alternate, and they're sitting beside each other. So, that's what Simplicity is, it's kind of an alternate script interpreter.

Simplicity相较于现有脚本的优势（我们会深入探讨）在于其更强的表达能力。它能实现任何可能的纯计算——只要是纯计算，Simplicity都能完成。比特币脚本则不具备这种通用性，除非使用BitVM这类技巧，通过数百万甚至数十亿操作码跨多笔交易拼凑出计算引擎。此外，Simplicity原生支持完整契约功能，这是比特币脚本无论如何取巧都无法实现的——除非利用哈希碰撞这种非常规手段。

And the benefits of Simplicity over the existing script, which we'll probably dig into, are it's much more expressible. Expressive, you can express any kind of computation that you might be able to do, and any pure computation that you can do, you can do in simplicity. This is not true of Bitcoin script, at least without BitVM like tricks, where you wind up using, you know, millions or billions of opcodes that you have to spread across multiple transactions and stuff to try to build up a computational engine out of the small arithmetic you can do in script. In addition to being able to do any pure computation, Simplicity has full covenant support, and this is something that you simply cannot do in Bitcoin script, no matter how many clever tricks you use. Well, maybe you can use shock collisions.

好吧，确实存在一些取巧方法，我们现在——对，正在讨论

Alright, there are some clever tricks, now we're -Right, going

但这些方法都不太实用，确实。

beyond but these are not very practical methods of, yeah.

——没错，这相当于需要数千万美元专用硬件才能实现一次。Simplicity直接具备完整契约支持，可以访问支出交易的任何部分并进行任意计算。因此表达性是其核心优势。另一个重要特点是Simplicity的极简性——从实现者角度看，整个语言仅由九个被称为'组合子'的基础计算单元构成。

-Yeah, we're into like tens of millions of dollars of specialty hardware to implement once, kind of thing. So, Simplicity has full covenant support. In Simplicity directly, you can access any part of the spending transaction, and you can do any arbitrary computation on that transaction. So, expressivity is a big thing. And then the other big benefit is that simplicity is simple, and I mean that from an implementer's perspective, and that simplicity is defined by a set of nine, what we call combinators, which are these basic building blocks of a computation.

每个组合子的数学定义甚至用不了一行公式。就像我说的，有件T恤（我总忘记在播客前展示）印着完整的语言规范，照着T恤就能实现解释器。这种极简性让我们能在区块链实际部署中用C语言实现，同时还用Rust、Haskell实现了版本，更重要的是用ROC定理证明助手实现了——这个版本成为了语言的正式规范。

And these combinators are, each of them is really just like one line, not even a line of mathematical notation to describe. Like I said, you've got a t shirt somewhere that I always forget to bring up before the podcast starts, but you can fit the whole language onto a t shirt, and you can implement a simplicity interpreter off of this t shirt. And the benefit of this is, for one thing, it's so simple that we can implement it in C on what we do in the actual blockchain implementation. We also implemented an interpreter in Rust, we implemented one in Haskell, and more importantly, we implemented one in the ROC theorem proving assistant. And the ROC implementation serves as a formal specification of the language.

我们不仅能确保多版本实现的兼容性，更关键的是ROC实现可作为形式化规范。无论是实现者还是用户，都能生成机器可验证的正确性证明（或任何合约需要满足的属性证明）。而比特币脚本则完全不具备这些特性：表达能力有限、数值操作限制极大、缺乏契约功能、无法形式化推理（因其定义依赖于C++实现）。事实上，其不可推理性导致连一致性复现都困难——历史上出现过Ruby/Python等语言的脚本替代实现，但最终都因边缘案例行为差异（比特币核心实现与替代实现的微妙分歧）而逐渐被弃用。

So, not only can we write these multiple implementations and we know that they're all compatible with each other because this is so simple, what they're doing, one of those implementations serves as a formal specification, and what you can do with that is either an implementer or a user is you can produce machine checkable proof of correctness, or whatever sort of property that you might want your contract code to meet, you can produce a machine checkable proof. And in Bitcoin script, you've got none of these. The language is not very expressive, it has tremendous limitations on the size of numbers that you can manipulate, it doesn't have covenants, you can't reason about it because it's defined in terms of the C plus plus implementation, and in fact, it's so far away from being able to be reasoned about that you can't even re implement it consistently, and there's been a long history of alternate implementations of script, and they're not so popular today anymore, where people would try to implement Bitcoin script in Ruby, or in Python, or in these various languages, and always after some weeks, or months, or years, there would be some obscure behavior in Bitcoin script that somebody would notice that, as far as we can tell, nobody had ever noticed before, and the Bitcoin Core implementation would behave differently in this obscure edge case than the Python or the Ruby one.

事实上，在2014、2015年左右曾有过一段黄金时期，当时Coinbase使用Bitcoin Ruby作为验证比特币脚本的方式，他们设有漏洞赏金计划。每当发现Bitcoin Ruby与Bitcoin Core存在差异时，他们就将这视为安全漏洞并支付1000美元奖励——当时相当于1个比特币，所以有人能拿到3个比特币。我就拿到过两次这样的奖励。

And in fact, there was kind of a golden era in maybe 2014, 2015, when Coinbase was using Bitcoin Ruby as their way of validating Bitcoin scripts, and they had a bug bounty program, and whenever you found a divergence between Bitcoin Ruby and Bitcoin Core, they considered that a security bug, and they would pay you out a thousand dollars, which at the time was 1 Bitcoin, so you could just get like 3 Bitcoins. Got two of these.

真是不少钱。

Lots of money.

是啊。我还认识其他几个也拿过这种奖励的人。可惜的是，后来他们真的停止使用比特币了。

Yeah. I know a couple other people who got some of these, so sadly, sadly, they they stopped using Bitcoin really.

那样的日子一去不复返了。不过说回形式化验证这个概念，实践中这具体意味着什么？是说这样更容易确保安全性吗？还是说如果要构建其他类型的链下计算，这样能让合约或协议的安全证明更容易实现？

Days are gone. Yeah. But, I guess, bringing you back to this concept of, you know, the formal verification, what does that mean in practice? Like, are we saying that makes it easier to make it secure? Does it mean if you were to build other sort of off chain computation, it's easier for the security proof of that contract or protocol?

能否详细说明，如果我们是比特币或Liquid的构建者或开发者，这在实践中对我们意味着什么？

Can you elaborate, what would that mean for us in practice if you are a builder or a developer in Bitcoin or Liquid?

是的，这些都包含在内。这意味着相当广泛的内容。用最笼统的话来说，就是你可以编写一个关于代码预期行为和功能的正式规范。你可以用ROC、Lean或Alloy等语言来编写这类规范。

Yep. It means all of those. So it means a fairly wide spectrum of things. So in the most high level hand waviest terms, it means that you can write a specification, a formal specification of what you expect your code to do and how you expect your code to behave. And you can write this in ROC, you can write it in Lean, you can write it in Alloy, there's I think.

现在有很多这类规范语言可供使用。规范可以根据需要写得非常详细或非常概括。比如如果你是NASA这样的机构，就可以编写涵盖程序所有方面行为的完整规范，详细到每个可能情况下用户与代码交互时会发生什么。如果要编写一个非平凡合约，制作这样的规范可能需要多名全职规范工程师花费数月甚至更长时间。有了规范后，你就可以生成机器可验证的证明，确保实际在区块链上运行的Simplicity代码和解释器符合该规范。

There's all these kind of specification languages that exist that you can use. And specifications can be as detailed or as general as you want, right? So, you could have, so, if you were NASA or somebody, you could write a full specification of every single aspect of your program behavior, right down to like, in every possible case what will happen no matter how users interact with your code. And if you're writing a non trivial contract, then producing such a specification would probably take multiple full time specification engineers, like many months or a long time to produce. And then once you have the specification, you can produce a machine checkable proof that your simplicity code, which actually runs on the blockchain and the simplicity interpreter, meets that specification.

由于我们有一个关于简洁性本身的正式规范，你可以从头到尾生成这样的证明。因此，你有一个关于代码功能的规范，你可以生成一个机器可验证的证明，证明你的代码符合该规范。现在，每当你更新代码、添加新优化或新用例时，只要行为变化对应着规范的更新，你就能重新生成机器可验证的证明。顺便说一句，生成证明本身可能就是一项相当困难的工程工作，但关键在于这是可以实现的，对吧？现在，规范也可以非常通用且非常简洁，对吧？比如一种规范形式可能是：这段代码总会执行，如果成功，则交易中使用的空间将少于200字节。明白吗？

And because we have a formal spec of simplicity itself, you can produce such a proof end to end. So, you have a specification of what your code does, you produce a machine checkable proof that your code matches that specification, and now whenever you update your code, whenever you add new optimizations, whenever you add new use cases or whatever, assuming that any changes in behavior correspond to updates in your specification, then you can reproduce your machine checkable proof, and that, by the way, even producing the proof is potentially a lot of quite difficult engineering work, but the point is that you can do this, right? Now, a specification can also be extremely general and extremely small, right? So, one form of specification, you might say, is this code will always execute, and if it succeeds, then it will use less than 200 bytes of space in the transaction. Okay?

这就是一个规范。它不会告诉你太多关于代码功能的信息，但另一方面它非常容易编写，并且能给你一个很大的保证——你的代码在区块链上不会占用超过200字节的空间。这让你能够进行费用估算，因为你知道交易大小有这个上限。你可以想象这类简单条件的整个家族。比如你可能是联署人，类似BitGo或Blockstream应用这类分权托管方案，你的规范可能是：如果这段代码执行成功，则必然包含签名。让我重新表述一下。

And that's a specification. It doesn't tell you a lot about what the code does, but on the other hand, it's very easy to write, and it gives you a pretty big guarantee that your code will not take, will not use more than 200 bytes on the blockchain, and that lets you do fee estimation, knowing that you have that bound on the size of your transaction. And you can imagine kind of the whole family of simple conditions that you might write like that. You might say, maybe you're a countersigner, maybe you're like BitGo, or like the Blockstream app, or one of these split custody things, and your specification might be, if this code succeeds, then it did so with a signature. Let me restate that.

没有我的签名，这段代码就不会成功。这就是你的规范，你可以对此进行形式化证明。对于这类简短的单行条件规范，并不需要数月的工作，对吧？任何对形式化规范和机器验证证明工具有基本了解的人都能完成。实际上，对于资源平衡问题，你甚至不需要使用这些工具。

Without a signature from me, this code will not succeed. That's your specification, and you can do a formal proof of that. And for specifications like this, that are like these short one liners that are a single condition, that's not months of work, right? That's something that anybody who's kind of a little bit familiar with the tools for formal specifications and machine checkable proofs produce. And actually, specifically for resource balance, you don't even need to use these tooling.

简洁性内置了静态平衡机制（这个我们稍后可能会讨论）。因此你可以限制程序的大小。但对于联署人这样的例子，任何对Alloy、Lean或Rock等工具有基本了解的人都能生成这种证明。在这里你能看到好处，对吧？拥有这些机器可验证证明的核心优势在于：你的规范非常灵活，它允许各种行为变更同时仍满足规范要求。想象你作为联署人，你的客户/对手方不断更新代码、调整内容，而你作为联署人只需要确保无论他们做什么疯狂改动，都不会移除你的签名要求，对吧？

Simplicity has built in static balance that we might talk about later. So, you can bound the size of your program, but for something like a counter signer example, anybody who's a little bit familiar with using Alloy or Lean or Rock or whatever would be able to produce such a proof. And here, you can kind of see the benefit, right? The Where benefit of having these machine checkable proofs, where your specification is very flexible. It allows all sorts of changes in behavior while still meeting the spec, and so you can imagine if you're a countersigner, say, that your customer, your counterparty, constantly updating their code, and they're constantly tweaking stuff, and what you want as a countersigner is to know that no matter what crazy things they do, they are never going to take away your signature requirement, right?

但反过来，你也不想限制他们的操作空间。你不想说'只允许做我们审核过的这五种操作'。通过这种规范，你可以证明：他们给你一堆代码，你能基于这些代码生成证明，证明它仍满足你的所有要求。而你的要求可以详细到...

But conversely, you don't want to limit what they can do. You don't want to say, well, you're only allowed to do these five things that we've vetted are okay. So, by having this specification, you can prove that, well, they give you a pile of code, you can reduce the proof based on that code that it still meets whatever your requirements are. Where your requirements can be as detailed as

听起来这更像是企业级的高安全性应用场景，这是我的理解。我还好奇能否详细说明简洁性的应用场景？网上讨论过保险库、契约和零知识验证器之类。能否阐述下不同应用方向？简洁性能实现哪些当前比特币脚本难以或无法实现的功能？

I'm This reading sounds more like maybe like an enterprise sort of higher security use, as I'm understanding you. And I guess I'm also curious, like, maybe you can spell out a little bit around the uses of like, what does simplicity enable people to build? I know there was some talk online about vaults, maybe some covenants, and, a ZK verifier. Can you just elaborate a bit on some of the different uses there? Like, what can Simplicity enable that's difficult or impossible with Bitcoin script today?

是的。正如你所说，关于规范的讨论暂时告一段落。这个范围很大。

Yep. Yep. Yeah. As you say, to close-up the specification discussion for now. This is large.

这是面向大型合约实施者的内容，适用于企业级应用。作为普通用户，如果你只有一把或几把密钥，确实不需要针对少量密钥的正式规范，对吧？那么，简洁性带来了什么？除了规范之外，我提到的另一支柱就是这种新的表达能力。简洁性通过完全访问交易数据，可以实现任何类型的契约方案；凭借完整的计算能力，基本上能实现所有对比特币乃至更广泛领域的提案。

This is for implementers of large contracts. This is for enterprise kind of stuff. As an ordinary user who's got a key, maybe a couple of keys, you really don't need a formal specification for coins that have a couple keys, right? Now, what does simplicity enable? Beyond specification, right, the other pillar that I talked about is this new expressivity, And simplicity by dint of having full access to the transaction data, can do any sort of covenant implementation, and having full computational power, can implement basically any proposal that's been made for Bitcoin and beyond.

在我们的官方网站simplicitylang.org上，我们提供了一个Web集成开发环境（Web IDE），更像是一个用高级语言Simplicity HL编写简洁代码的游乐场。在这个Web IDE中，我们有几个示例程序，包括opcat的实现、SIGHANNAPREVOUT的实现、AVault的实现，还有其他一些内容。这些都是人们对比特币提出的一些重大提案，而简洁性都能涵盖。听众们可能不意外我们能实现契约、保险库、速率限制代币、支付池等讨论较多的契约功能，但可能惊讶于我们能实现像SigHash AnyPrevOut这样的功能。SigHash APO（简称）是比特币的一个提案，闪电网络开发者希望拥有它，允许你生成一个可重新绑定的签名交易。

So, on our, we have online our website, simplicitylang.org. We have what we call a Web IDE, which is more of just a playground for writing simplicity code in a high level language called Simplicity HL, and in our Web IDE we have a couple example programs that include an implementation of opcat, we have an implementation of SIGHANNAPREVOUT, we have an implementation of AVault, and there are a couple other things there. But these are all kind of big proposals for Bitcoin that people have, and all of them can be captured by simplicity. And the cool thing here is that it's maybe unsurprising for your listeners to hear that we can do covenants, and we can do vaults, and rate limited coins, and payment pools, and all of these kind of covenant things we've been talking about a lot, but it might be surprising to hear that we can do something like SigHash AnyPrevOut. So, for context, SigHash APO, as it's called, is a proposal for Bitcoin that Lightning developers would like to have that allows you to produce a signed transaction, a signature on a transaction that's what's called a rebindable.

你可以在多个交易上使用同一个签名，但要受某些约束。在闪电网络中，如果子支付通道被更新数百、数千甚至数万次，总存在一个风险：一个行为不当的交易对手可能会发布一个旧状态。当这种情况发生时，诚实的一方需要发布一个响应交易，利用旧状态收回资金并撤销它，对吧？因为旧状态应该是无效的，所以我们有这个索赔或退款机制。如果有人发布旧状态，由于比特币的单调性，旧状态会继续有效，因此你需要额外的退款步骤。理想情况下，每一方都可以有一个签名，无论发布的是哪个旧状态，都可以使用这个签名。

You can use the same signature on multiple transactions, subject to certain constraints. And the idea here is that in the case of Lightning, if you've got sub payment channels being updated hundreds or thousands or tens of thousands of times, there's always a risk that a misbehaving counterparty there will try to publish an old state, and then when they do so, the honest party needs to publish kind of a response transaction, taking the old state and then pulling the coins back and undoing it, right? Because old states are supposed to be invalid, so we have this claim or refund mechanism, where if anybody posts an old state, which will continue to be valid according to Bitcoin because of a property called monotonicity, you can't turn things into, make things become invalid. The old states will continue to be valid, so instead you have this extra refund step where somebody has to post this. And ideally, your counterparty, ideally, each party could have a single signature that they've got laying around that they could use no matter which of the thousands of old states are published.

他们可以取出签名，将其放到链上，撤销不良交易。目前，每次状态更新都需要一个单独的签名。更糟的是，因为闪电通道是双边的，你需要双方的单独签名。如果一方行为不当，事后不会重新生成签名。因此，每次更新都需要两个签名，每个人都必须有自己的签名和对方的签名。

They can grab their signature, they can put it onto the chain, and they can undo the bad transaction. Today, you need a separate signature for every single state update. And actually worse, because lightning channels are two party channels, you need a separate signature from both parties, and if one's misbehaving, he's not going to reproduce them after the fact. So, as you're going, you have to get two signatures. Everybody has to get their own signature and their counterparty signatures.

每次更新时，他们都会获得新的签名，必须存储起来。你需要保存这个不断增长的签名链。SigHash AnyPrevOut意味着你只需拥有一对签名，而不是不断增长的签名链。如果你的交易对手行为不当，发布旧状态，你可以取出这个单一签名，它是可重新绑定的，适用于任何旧状态，然后发布它。在简洁性中实现这一点的方法是，获取你想要签名的所有交易数据（除了你正在签名的特定输入），这就是AnyPrevOut的含义：你可以在签名上放置任何输入。

And every update, they get new signatures, which they've got to store. You've got this ever growing chain of signatures you've to keep around. The SIGASH any prevote would mean that rather than having this ever growing chain of signatures, you just have one pair of signatures, and if your counterparty misbehaves, he publishes an old state, you grab the single signature, it's rebindable, so it will work for any state no matter which old one that he published, and then you publish it. And the way that you implement this in simplicity is you have, you grab all of the transaction data you want to sign, which is the entire transaction, except for the specific input you're signing. That's what any prevo means, is that you can put any input on the signature.

利用契约机制获取所有这些数据，进行哈希处理，然后验证该哈希上的签名。顺便说一句，你也可以用opcat和opchecksig from stack实现同样的功能，因为它提供了相同的机制：构建一个签名哈希，然后签名。你也可以用TX cache加上check sig from stack实现，这是OPCTV的一种形式，将签名与交易模板生成分开。但你无法用CTV实现，我认为也无法用Vault实现。

You grab all of that data using the covenant mechanisms, you hash it all up, and then you check a signature on that hash. And And by the way, you can do the same thing with opcat and opchecksig from stack, because it kind of gives you the same mechanism, build a sig hash, and then sign it. You can do the same thing with TX cache plus check sig from stack, which is the form of OPCTV, where you kind of split apart the signature from the transaction template generation. But you can't do it, for example, with CTV. I don't think you can do it with Vault.

一般来说，你不能仅凭任何契约实现来完成，因为它有点复杂。你不仅需要交易内省和交易约束，还需要一种方法来对这些交易数据进行签名。但在简洁性中，这些工具一应俱全，所以我们能够实现它。让我再详细说明一下，然后再交回给你。

So, you generally you can't do it just with any sort of covenant implementation, because it's a little bit tricky. It's not just transaction introspection and transaction constraining you need, but you also need some way of having a signature on that transaction data. But in simplicity, you just it's there. All the tools are there, so we were able to implement it. And let me expand on that one more time before I hand back to you.

好的，没问题。

Yeah, sure.

具体是指

Which is

在Simplicity中，你不仅可以签署任何交易模板，对吧？比如在APO示例中，你签署的是除输入数据外的所有数据。不仅如此，你还能签署交易的任意函数组合——这是现有脚本扩展方案（包括Rusty Russell的优秀脚本扩展方案）都无法实现的。那些方案都只是零散的单个小功能扩展，而Simplicity却能提供完整的表达能力。

that in Simplicity, you can not only sign any transaction template, right? You can sign, in the APO example, you're signing all the data except the input. Okay. You can also sign arbitrary functions of your transaction, and here's something that really no script extend No new opcode other than Rusty Russell's great script extension, which, yeah, is just everything. No kind of single small extension a script gets you.

举个例子，你可以生成一个签名，将权限委托给另一个低安全级别的密钥，并附加条件限制：只有当交易手续费率处于特定区间时，该低安全密钥的签名才有效。具体实现是：用高安全级别的冷钱包密钥签署交易，但只签署交易核心部分（允许后续添加输入输出），同时签署关于手续费率的约束条件（手续费率=总输入减总输出的差值除以交易字节权重的计算结果）。你实际上是在签署一个验证程序，该程序会判断手续费率是否处于预设区间。

And as an example of this, you can a You can produce a signature which delegates to another lower security key with the additional condition that the less secure key signature is only valid if the transaction was in a certain fee rate range. So, what you can do is you have this high security cold key, and it signs the transaction, but it signs the transaction only up to a point where it's still possible to modify the transaction, it's still possible to add new inputs and outputs, so that the core transaction is signed. And furthermore, it signs the fact that the transaction's fee rate, and the fee rate, by the way, you compute the transaction's weight by adding up all the bytes in the transaction, and then you divide that by the total fee, which in Bitcoin is the total input amount minus the total output amount. So, you do this computation on all of your transaction data, and you check, is it in a range? And you sign that bit, that it's in a range or not, and you sign the program that produces that bit.

现在你把这笔交易交给手机钱包等设备，它们就能完成最终签名并广播。如果因手续费率过低或市场波动导致交易未确认，你的低安全密钥可以用略高的费率重新签名。更妙的是：我们还能让手续费率成为交易存活时间的函数。比特币的相对时间锁功能（根据UTXO存在时长触发脚本逻辑）正好能实现这种动态调整。

And now, you have this transaction, you hand it off to your cellphone wallet or whatever, and that's able to sign off and publish it. And if the transaction turns out not to confirm because the fee rate was too low, and the fee market spiked, you weren't expecting it or whatever, then your phone wallet, your low security key is able to re sign the transaction with a slightly higher fee rate. But we can do one better, right? We can even say the fee rate is a function of the age of the transaction. So, in Bitcoin we have something called relative time locks, which essentially allow you to gate certain logic in a script on how old the UTXOs you're spending are.

于是你的高安全密钥可以签署初始严格约束手续费率的交易，随着交易存活时间增长，约束条件会逐步放宽。这样手机钱包就能在交易未确认时提升费率——这种精妙的方案已被Sanket Kandelkar实现，他在Delving Bitcoin上详细介绍了Simplicity的实现方法。这正体现了Simplicity的完整表达能力——其他提案都难以实现这种复杂逻辑。顺便说句，虽然我把Simplicity称为提案，但它显然不可能在本十年内登陆比特币网络。

So, now you can say your high security key is going to sign a transaction with a tightly constrained fee rate that will become less and less tightly constrained as the transaction gets older, and this allows your phone wallet to bump the fee rate, but only if the original transaction is not being confirmed. So, is an example. Actually, Sanket Kandelkar implemented this, and he did a post on delving Bitcoin describing how to do this in simplicity. So, is a kind of cool application that really you need the full expressivity of simplicity to implement something like this, right? And as far as I'm aware of the proposals that are on the table, right, for this, I'm calling simplicity as a proposal, but as I'll say, not like we won't see simplicity on Bitcoin this decade, right?

Simplicity是个重大变革，这个我们稍后再谈。目前比特币可接纳的提案中：Rusty的Great Script Restoration最接近可立即部署状态；其次是Simplicity；另外还有源自ChiaCoin的Chialisp（一种为区块链设计的Lisp变体，虽缺乏正式规范且与Simplicity存在关键差异，但设计理念相近）。至于其他零碎改进提案（如添加OP_CAT/OP_VAULT/OP_CTV等操作码或签名模式），都无法像Simplicity这样提供完整的、无所不能的编程能力。

Like simplicity is a big change, and I'm sure we'll talk about that later, but of the proposals that could fit into Bitcoin, right, there is Rusty Script's Great Script Restoration. Great Script Restoration, Which is certainly the closest thing to something that we could deploy like tomorrow if we had the will. There's simplicity, and then there's something called Chialisp, which came from Bram Cohen's ChiaCoin, I guess it's called, which is a form, a variant of Lisp, which is designed for blockchain interaction, although it doesn't have a formal specification, and there are a few important ways in which it differs from simplicity, but it's got a lot of the same motivations and some of the same development power behind it. And everything else, all the stuff that we're really talking about, like all these small improvements, like, can we add op cat, can we add op vault, can we add op CTV, can we add these individual opcodes or SIGH modes, They don't get you this kind of full, like, bore, you can do anything kind of functionality the way the Simplicity does.

本节目由Bold赞助播出，这是专为比特币用户设计的银行平台。使用Bold虚拟Visa借记卡，每笔消费都能赚取比特币返利。通过Bold购买的比特币越多，卡片返现的聪就越多。购买2500美元比特币可获得3%聪返现。持续使用Bold累积最高可享10%聪返现。

The lead sponsor of this show is Bold, the banking platform designed for Bitcoiners. With the Bold virtual Visa debit card, you earn Bitcoin back on every purchase. The more Bitcoin you buy with Bold, the more Sats back you get on the card. Buy $2,500 of Bitcoin and earn 3% Sats back. Keep stacking with Bold to earn up to 10% Sats back.

Bold提供业内最低的比特币买卖手续费，且无额外点差。新手可使用团队管理的Bold钱包，同时Bold还支持通过Bold Vault实现三方协作托管的多签自托管，零月费。Bold为您提供FDIC保险的支票账户，可存储发送法币、支付账单、工资直存，替代传统法币银行。立即注册，首笔1万美元比特币交易免手续费，购买100美元以上比特币还可获赠25美元比特币。访问getbold.io。

Bold offers the industry's lowest fees on Bitcoin buys and sells with zero added spreads. When starting out, you can use Bold Wallet, which is managed by the team, but Bold is also supporting self custody with Bold Vault, a two of three collaborative custody multisig for zero monthly fees. With Bold, you get your own FDIC insured checking account to store and send fiat, pay bills, direct deposit your paycheck, and replace your legacy fiat bank. Sign up today and get zero fees on your first $10,000 of Bitcoin buys and $25 of free Bitcoin when you buy a $100 of Bitcoin or more. Go to getbold.io.

本期节目由CoinKite赞助，他们制造了我最爱的比特币硬件钱包Coldcard Q。有人认为自托管太难，但这关乎对比特币财富的责任担当，理解自托管能带来真正的自由感。Coldcard Q配备全键盘和大屏幕，双安全元件和真正气隙隔离，从种子生成到交易签名全程可通过二维码实现完全气隙操作。使用三节AAA电池供电，无需插电。可轻松搭配PC端Sparrow Wallet或移动端Nunchuck使用，并可根据需求自定义安全与复杂度等级。

This episode is brought to you by CoinKite, the makers of my favorite Bitcoin hardware wallet, the Coldcard Q. Now some people think self custody is too hard, but it's really about taking responsibility for your Bitcoin wealth and understanding that self custody gives you a true feeling of liberty. The Coldcard Q has a full keyboard and big screen, it's got two secure elements and a true air gap allowing you to go fully air gapped using QR codes from seed generation to transaction signing. You can power the device using three AAA batteries so you don't even have to plug it into the wall for power. You can easily use it with Sparrow Wallet for PC or Nunchuck on mobile and you can dial it into the right level of security and complexity that you choose.

若想要简单设置，只需使用12个单词和单签模式。想用密码短语也很简单。如需添加多签或联署功能也一应俱全。访问coinkite.com使用代码LAVERRA可享Coldcard等设备9折优惠，立即升级您的自托管方案。

If you want a simple setup just use 12 words and single signature. If you want passphrases easy. If you want to add multisig or cosigning features you've got those too. So go to coinkite.com use code LAVERRA to get 10% off on your cold card or other devices and level up your self custody today. Yeah I see so yeah it comes down to I guess what you're saying around what is enabled, what's expanded here.

那么我想把这个问题具体化——在Liquid上至少能构建哪些具有简洁性的应用？比如...其实我一直想问，我知道你们团队的Jonas Nick有个叫'屏蔽CSV'的概念，这个能用简洁性构建吗？

So I guess putting this into, like, what would be what would you what could you envision that might get built with simplicity at least on liquid? So things like, actually, I was curious to ask you this. I know Jonas Nick from your team has this idea called shielded CSV. Could that be built using simplicity?

屏蔽CSV实际上...我认为在比特币链上是可行的。屏蔽CSV则不行。请允许我先简要解释屏蔽CSV。这里的CSV指客户端验证，其核心理念是：与其将脚本上链并由每个区块链验证者检查脚本合规性，在屏蔽CSV中，区块链只需确保交易按序嵌入链中。

So shielded CSV actually, I believe works on Bitcoin. Shielded CSV does not. So let me do a brief digression into shielded CSV. So, Shielded CSV. The CSV here stands for client side validation, and the premise behind client side validation is that rather than having scripts that go on the chain, and every blockchain validator checks that the script passes, and that all the rules are being followed, In shielded CSV, essentially all your blockchain is doing is checking that transactions are embedded in the chain, in the order.

区块链仅负责维护交易顺序，可能附带余额检查确保交易平衡（但非必须，完全客户端验证）。其理念是：作为用户，当你接收代币时，不是通过查询区块链或全节点来验证该代币历史合规性，而是由发送方提供该代币完整历史记录，由接收方自行验证。历史记录会引用区块链，但仅作为发布证明和排序机制，而非脚本验证依据。这个构想早在2013-14年甚至更早就已出现，记得Adam在区块链早期就极力推崇，而我当时认为这不可能实现。

All the blockchain is doing is enforcing an order, and possibly doing like balance checks and making sure transactions balance, but they don't even need to do that, full client side validation. And the idea there is that as a user, when you receive a coin, you don't go to the blockchain, you don't go to your full node and say, is this a valid coin whose entire history followed all the rules? Instead, for that individual coin, from your sender, you receive a transcript of its whole history, and then you validate that before accepting the coin, And the transcript will make reference to the blockchain, but only as a proof of publication and an ordering mechanism, not as, here are the scripts that are involved and every blockchain validator checks the scripts are passed. And this idea has been floating around since probably 2013, '14, or earlier. I remember Adam, like, really in the 2014, in the early days of blockchain, Adam really wanted us to go at this, and I'm like, no, it's impossible.

你看，这不太合理，仔细想想。因为作为接收硬币的人，那枚硬币的历史记录非常庞大，对吧？这枚硬币来自一个有多重输入的交易，现在所有这些输入本身又需要追溯来源，它们会不断扩展，最终都源自创币区块的输出，也就是最初产生这些硬币的区块。但很快，每枚硬币的历史记录就会膨胀到几乎相当于原始区块链的一半大小，既然如此，为什么不直接下载整个区块链并提前验证呢？

Like, that doesn't, come on, think about it. Right? Because as a person receiving a coin, the history of that coin is massive, right? Like, that coin came from a transaction that had multiple inputs, and now all the inputs are themselves, You gotta go back and check where did they come from, and they expand, and then eventually that all grounds out in coinbase outputs, and like the blocks that originally created the coins. But very quickly, the history of every coin kind of expands until it's basically half the size of the original blockchain, and then, okay, why don't you just download the blockchain and validate it ahead of time, right?

比如，CSV是否让你困扰？ShieldedCSV及其之前的几篇论文的创新之处在于，通过使用可更新的零知识证明和一些巧妙的累积与聚合技术，可以将整枚硬币的历史记录压缩成一个零知识证明，这个证明的大小固定，大概只有几百或几千字节，不会无限增长，当然也不会膨胀到整个区块链的规模。这个证明需要引用链上最近的单个输出。

Like, is CSV getting you? And the innovation of ShieldedCSV and a couple other papers before it is that using updatable zero knowledge proofs and some clever accumulation and aggregation techniques, it turns out that you can have an entire coin's history packed into a zero to knowledge proof that is just, I think, a couple 100 or a couple thousand bytes, it's a fixed size. It doesn't grow forever. It certainly doesn't grow to the size of a Yeah. Of the whole chain, and that proof has to refer back to, I believe, the single most recent output on the chain.

你需要做一点区块链验证工作，但验证的不是完整交易，而是输出。这些输出中嵌入了类似40字节的标记或承诺。目前阻碍shielded CSV成为现实应用的主要是链下开发工作，比如需要编写大量加密代码，还有很多高难度的加密工作要完成，但这些都与比特币本身无关。

There's a little bit of blockchain validation you have to do, but what you're validating are not full transactions, what you're validating are outputs. So, just have something like a 40 byte kind of marker or a commitment embedded in them. And so, what's preventing shielded CSV from being a real thing that we're using today is actually off chain development work. Like, somebody's gotta write a bunch of crypto code. Somebody's gotta like there's a lot of really difficult crypto work to be done, but it's actually all independent of Bitcoin.

我认为从比特币平台需要的只是嵌入这些承诺的功能，而我们已经有了opreturn输出，以及利用taproot调整和签名合约调整的更聪明方案。所以CSV不需要区块链提供任何东西，当然也不需要Simplicity。虽然论文中描述的shielded CSV没有脚本功能，其前提是个人之间互相发送硬币，每次只用一个密钥。

And I believe what you need from Bitcoin is just a platform to stick these commitments in, and we've already got opreturn outputs and some more clever things using taproot tweaks and signed to contract tweaks. So, to CSV does not need anything from the blockchain. It certainly doesn't need simplicity. Although, shielded CSV, as described in the paper, has no scripting ability. The premise behind shielded CSV is that it's individuals sending coins to each other, like one key at a time.

理论上，你可以在Shielded CSV中加入脚本系统，然后

And ideally, and in theory, you could put a scripting system into Shielded CSV, and then

这就是在扩展那个...对，我明白这个想法了。

It's here's your like extending that Yeah. Idea I see.

没错，完全正确。这样你就可以在Shielded CSV内部实现Simplicity，这很酷因为不需要上链操作，无需共识机制就能实现。所以当我想到Shielded CSV中的Simplicity时，最让我兴奋的方向就是：这可能是一种实现Simplicity的机制。明白了。

Right, exactly. And then you could do simplicity inside of Shielded CSV, and then that's kind of cool because it's not happening on chain. Doesn't need consensus, and you could do it. So when I think of simplicity in Shielded CSV, that's the direction that's exciting to me, is maybe that's a mechanism Gotcha. To get to get Simplicity.

我想带你回顾一下，现在人们正在做的那些事情。比如，我听说，可能在X上看到过关于在Simplicity中实现ZK验证的讨论。你能详细说说这个以及它能实现什么吗？

Bring you back to, I guess, things that are, like, more kind of things that people are doing that now. Like, I've heard, I think I might have seen, maybe on X, some noise about ZK verifying being done inside Simplicity. Can you elaborate a bit on that and what's being enabled there?

是的。这其实不仅限于Liquid网络，但因为Liquid上有Simplicity才在这里实现。Simplicity能执行任何计算，特别是能验证任何形式的零知识证明。Starkware团队已经用Simplicity编写了一个能塞进区块的Stark验证器。

Yeah. Yeah. So, the and this is actually not liquid specific, but it's been done on liquid because that's where we have Simplicity. But because Simplicity can do any computation, in particular, it can verify a zero knowledge proof of any form. And so, the folks at Starkware have put together a Stark verifier written in Simplicity that fits into a block.

我认为它甚至能塞进标准交易里，不过目前他们的验证器体积很大，我稍后会谈到。你可以用Cairo（Starkware用于生成零知识证明的高级语言）编写代码生成Stark证明，然后在Liquid上验证这些证明。现在Starkware生态中构建的许多ZK Rollup等项目，几乎都能通过生成Simplicity验证的零知识证明部署在Liquid上。这本身就非常令人兴奋——尽管访问simplicitylang.org和我们的GitHub页面时会发现还有很多不完善之处，但Starkware团队毫不畏惧地深入研究了我们的代码，甚至在未完成的分支上实现了这个功能，这太棒了。

I think it even fits into a standard transaction, but right now their verifier is very large, and I'll talk about that in a sec. But you can take any Stark proof, which you might produce by writing some sort of code in Cairo, which is Starkware's high level language for producing zero knowledge proof, and then you can verify those starts on Liquid. So, a lot of the kind of ZK rollups and other things that are being built in the Starkware ecosystem now can be deployed, pretty much just deployed on Liquid, by producing zero knowledge proofs that are validated on simplicity. And this is very exciting by itself, for one thing, because as your listeners will notice, if they go to simplicitylang.org and go to our GitHub page and try to get started, right, they'll find that there's still quite a few rough edges. We're not as welcoming as we want to be, but the guys at Starkware apparently were undaunted and they dug into our code and like unfinished branches and stuff, they just implemented this, which is great.

超级、超级酷。关于Stark验证器有个现象：如我所说它非常庞大。这是因为Simplicity本身是底层语言，编写代码时需要从基本原理构建计算。为避免每笔交易都变得异常庞大（比如签名验证需要数百万甚至数十亿个Simplicity组件拼凑比特），我们开发了JETS功能——针对常见的大型Simplicity表达式，我们用优化过的C代码替代，当解释器遇到这些表达式时可以直接调用JET。

Super, super cool. One observation about the Stark verifier is that as I said, it's very large, right? And the reason for that is that simplicity itself is a very low level language. You have to, if you're writing code in simplicity, you've gotta build up your computations from first principles. And to avoid every transaction being enormous, like every signature validation taking, you know, like a million or a billion simplicity components that are all like inventing bits and then pasting bits together, we have a feature called JETS, where for large, common simplicity expressions, we have optimized C code that when the simplicity interpreter encounters one of these common expressions, or rather, as a developer, when you have one of these expressions, can just replace it with a JET.

形式化规范的另一个好处是：我们可以用经过验证的C语言（COMP cert C编译器支持的C子集）编写JET代码。虽然COMP cert编译器不开源且需付费，但它能确保编译后的代码严格符合规范。这意味着我们能证明JET代码与它替代的Simplicity代码功能完全等价——尽管Simplicity代码可能需要运行数小时，而C代码只需几微秒甚至纳秒。例如我们为SHA-256实现的JET：你不需要用Simplicity编写哈希计算。

And here's another benefit of having a formal specification, is that we can write this JET code in verified C, which is a subset of the C language, which is supported by the COMP cert C compiler, and the verified C has a formal specification, and the COMP cert C compiler, which sadly is not open, you've gotta pay to use it, but if you wanna do this, maybe you should, you can compile your code, and the compiler has been verified, has been proven in a machine verifiable way to meet that specification. Which means that we can prove that a JET for simplicity code is actually a drop in replacement for the simplicity code that is replacing produce. Machine check will prove that the C code and the simplicity code are exactly functionally equal, even though the simplicity code might take multiple hours to run and the C code takes tens of microseconds, right? Or nanoseconds. And as a specific example of this, we actually did this with the SHA-two 56 jet, where if you want to compute a SHA256 hash in simplicity, you wouldn't write it out in simplicity, right?

你可以改用Simplicity指定的JET——解释器不会执行Simplicity规范，而是执行对应的C代码。2008年左右有研究者开发了经过验证的SHA-256 C实现，并证明其符合数学描述。这条证据链表明：从纯数学的SHA-256到C代码再到Simplicity规范完全等价，因此现在无需在Simplicity中缓慢执行SHA-256，直接调用C代码即可。而且整个流程确保了新JET操作码的行为没有任何改变或边缘情况。

You would instead use a simplicity JET, which is specified in simplicity, and then rather than the interpreter executing that simplicity specification, it actually executes some C code. And in 2008 or so, some researchers developed a Verified C implementation of SHA-two 56 and verified that it matches the mathematical description of SHA-two 56. They got this chain of the pure, the platonic mathematical SHA-two 56 had been proven equivalent to the C code, which we proved equivalent to the simplicity specification, which means that you can swap those out, and so now rather than doing SHA-two directly in simplicity, which would be very large and slow, you just do it in C. But we've got this chain of custody that shows that this new JET, this new opcode, if you will, it hasn't changed the behavior. It doesn't have weird edge cases.

它不会出现意外情况（比如某些输入导致输出全零，这是C++代码容易出现的毛病）。目前我们有SHA-256的JET、验证Schnorr签名的JET，以及从8位到256位整数的各种算术运算JET：包括乘除法、模运算、扩展欧几里得算法（用于模逆运算），还有调整Taproot密钥和处理secp256k1曲线的工具。

It doesn't have surprising things where it turns out that it's not actually SHA-two. Sometimes if you give it a funny input, it will output all zeros or something, which is the kind of thing that the C plus plus code tends to do. So, anyway, we have JETS for SHA-two 56, we have JETS for verifying Schnorr signatures, we have JETS for a whole bunch of arithmetic in bit sizes, from, I think, eight bits up to two fifty six bits. We have multiplication, division, modular arithmetic, Euclidean, the extended Uplit algorithm, which is used to implement modular inversion. We have a couple things for tweaking taproot keys and for manipulating secp256 k1 points.

因此，如果你试图实现使用libsecpi或secpi256k1曲线的新加密方案，你可以在效率和简洁性上做到非常高效。但如果你是Starkware并使用自己独立的曲线，采用自定义的31位有限域和配备定制哈希函数的默克尔树结构，你就需要基于我们提供的算术喷射技术自行实现所有功能。在他们实际操作时（且尚未进行任何优化——我认为这将是他们未来几个月的重点改进方向），最终生成的程序体积会非常庞大。这说明在简洁性方案出现之前，如果你想实现链上原生不支持的功能，那根本行不通——你无法做到。

So, as a result, if you're trying to implement some novel crypto that uses libsecpi, or that uses a secpi256k1 curve, you can do it in efficiency, in simplicity, pretty damn efficiently. But if you're Starkware and you have a separate curve that you're using, and you're using these kind of custom 31 bit finite fields and these Merkle trees that use custom hash functions and stuff, you've got to basically implement all of that yourself using the arithmetic jets that we've provided, And when they did so, and prior to doing any optimization, which I think will be their focus and will be helping over the next several months, right? When they did so, the result was a very large program. So, what this illustrates is that prior to simplicity, if you wanted to do something that just wasn't supported by the chain, it just wasn't supported. You can't do it.

而有了简洁性方案后，即便你想实现链上完全不支持的疯狂功能，也能实现（尽管成本可能很高）。无论是后量子签名、STARK验证、配对加密，还是RISC-V处理器实现——你能想到的任何功能都有可能实现，只不过规模可能会很大。所以我们能做的

After simplicity, if you wanna do something wild and completely unsupported by the chain, you can do it, but it will probably be expensive. So, if you're trying to do post quantum signature, if you're trying to do stark verification, if you're trying to do pairing based crypto, if you're trying to do a risk five processor implementation, like, whatever you can think of here, there's a chance that it's going to be pretty large. And so what we can do

好的。

Okay.

对，就是增加更多

Yeah, is add more

纯粹出于好奇，这具体意味着什么？比如在这个案例中，我们说的是通过简洁性方案实现这类零知识验证吗？这是否意味着...我不太确定...像某些零知识rollup方案可以...比如Liquid虽然已经是条侧链，但能否实现将证明提交到Liquid区块链的rollup？这个构想具体是指什么？

So just out of curiosity, what would that mean then? Like, in this example, are we saying being able to do this kind of ZK verification using simplicity? Would that mean, like, I don't know, some of these zero knowledge, like, roll up things could like, you could have, like I mean, I guess Liquid is already a side chain, but would you have, like, a roll up that is, you you know, having proofs posted to the Liquid Blockchain? Or what what would what would be the idea there?

没错。目前这些庞大的STARK验证程序和证明，在实践中只能通过rollup方式使用——即在链下将数千甚至数万笔交易打包成单个STARK证明，再提交到Liquid链上验证。你确实可以在Liquid上构建二层网络。如果把Liquid视为比特币的二层，那么这就像是二层的二层网络。

Yep, yeah. So, are So, right now, with these stark verification proofs that are stark verification programs that are extremely large, yeah, I mean, the only way you can use these in practice is by doing roll ups, right? Where kind of off chain you've got thousands or tens of thousands of transactions that are all rolled up into a single start proof, and that's verified on liquid. And you could indeed have basically a layer two on liquid. If you think of liquid as a layer two of bit coin, then now you've got like a layer two of a layer two.

我忘记我们是否称其为L3还是另有术语，但这确实是可能的应用方向。另外由于STARK证明具有高度通用性，在设计之初就尽可能做到与区块链无关，因此可用于构建跨链桥等设施。你可以在STARK rollup内实现原子交换，直接操作Liquid上的比特币和以太坊上的比特币（或其他链支持的各种资产），实现全链互操作性。本质上现有的STARK rollup生态会自然延伸——Liquid几乎能零成本接入这个生态，尽管Blockstream和Liquid团队目前并未重点发展这个方向。

I forget if we call those L3s or if that means something else, but that's one thing you would see. But also, because Stark the proofs are very general, and have kind of already been designed to the extent possible to be blockchain agnostic, you can use this to produce bridges and stuff. You can do atomic swaps inside of the Stark rule of, where you are directly transacting in a way where you're manipulating both bitcoin on liquid and bitcoin or whatever on Ethereum or whatever other kind of assets these different chains support and across all sorts of chains. So, there would be essentially the existing Stark roll up ecosystem. Liquid kind of gets to join for free, for free, because even though at Blockstream and on Liquid, these ecosystems are not really a focus that we're looking at.

简洁性具有足够的表达能力，使得这些生态系统通过Starkware能够扩展自身，现在可以支持Liquid了，对吧？它们获得了这些roll up，而不需要向我们申请Stark验证器，也不需要说服我们聘请密码学家花一年时间审查所有代码，决定Stark是否真的是我们想要的零知识证明，或者我们是否想等待Stark二代，又或者考虑使用CK Boo或其他正在流传的方案。这些都不需要。它们只需用简洁性实现。一旦简洁性代码运行起来，我们就可以评估其广泛使用程度，并将Stark验证器拆分为通用组件，通过我们的协助使它们的代码在Liquid上更廉价高效，而无需我们在Liquid上实现完整的Stark验证器，也无需考虑如何与共识逻辑等对接。

Simplicity is expressive enough that those ecosystems, through Starkware, are able to extend themselves to now support Liquid, right? And that they get these roll ups, and they don't, they didn't need to petition us for a Stark verifier and like, convince us to hire a cryptographer to spend a year reviewing all of their code and like, deciding whether Stark's are really the zero knowledge proof that we want, or maybe we want to wait for Stark's two, or maybe we want to like, you use CK Boo or one of these other things that are floating around. None of that. They just implement it in simplicity. And then, once they have the simplicity code is working, we can look at that and say, well, widely used is this and how general can we break up the Stark verifier into general components that we could jet out, and then with our assistance we can make their code much cheaper and more efficient on liquid, again, without us having to implement a whole Stark verifier on liquid, and like how that tied into our consensus logic and stuff.

我们可以通过逐步构建更大规模的计算来实现，选择那些我们认为具有广泛通用性的计算模块，对吧？是的。因此我们在推进方式上拥有很大灵活性。

We can kinda build it up by jetting out larger and larger computations, and computations that we feel are very generally widely used, right? Yeah. So, we have a lot of flexibility in how we move forward.

好的。现在如果我们讨论，比如说金库或这种资金池的概念，据我所知可以利用某些契约技术来实现。我试着想象一个具体场景：像某些去中心化交易所，或者像Bull Bitcoin这类兑换服务商，或许能利用这些新型资金池或共享金库方案，在简洁性框架下批量处理客户付款？

Okay. And now if we talk through, let's say, some of the vault or maybe this kind of coin pool sort of idea, as I understand some of the covenant techniques could be applied to do that. So I guess I'm trying to imagine, like, an example, even, some of these decentralized exchanges or maybe not decentralized, but just like, you know, bull Bitcoin or some of these swap providers, maybe they could do a lot of batching of their payouts to the customers using some of these kind of coin pool or shared vault kind of ideas that are possible now in Simplicity, right?

没错。简洁性催生的技术模块对它们很有价值。其一是你说的支付池或共享金库这类概念，兑换服务商只需创建单个输出就能代表数百甚至数百万笔提款，作为单一输出意味着可以附加极高手续费来获得优先交易处理。

Yep. Yep. Absolutely. So there's kind of pieces of technology that the simplicity makes possible, is valuable for them. So, one is, as you say, these payment pools, or shared vaults, or however there's a few different kind of similar ideas, where the payment processor, the swap provider, produces a single output that represents coins for hundreds or thousands or millions, but whatever of withdrawals, and is a single output, which means that the swap provider can attach a relatively very high fee to that and get a very high priority transaction.

这样链上效率就非常高。

So, it's like very high efficiency on chain.

是的。随后每个参与者会创建新交易，实质上是从共享输出中提取并回存原有资金。关键在于每位参与者可自主设置手续费率——急用钱的用户可签署高费率交易，不着急的则选择低费率。

Yep. And then individual participants would then create a new transaction, which effectively withdraws from the shared output and puts back all of the old coins. And the trick there is that each participant can choose their own fee rate. So, every individual is paying for their own transaction, right? So, now that the incentives are aligned properly, and so users who want their withdrawal right now can just sign a very high fee rate one, and users who are not in any particular rush can sign a very low fee rate transaction.

资金流向完全由经济激励驱动。这显著改善了市场整体效率（虽然看似矛盾：原本单笔交易现在拆分为多笔会增加链上数据量，但由于交易结构更符合经济规律，最终对网络参与者更有利）。另一个对兑换商和去中心化交易所特别重要的点是，简洁性支持链上订单功能。

And everybody, the money is coming from the people who are incentivized to move the money. So, that's a big thing, right? That's definitely an application of vaults that improves incentives and should improve the overall efficiency of the market, which is a little ironic, right? Because it's obviously increased the total amount of stuff that hits the blockchain if you've multiple transactions from previously you had one, but because the transaction structure is more economically efficient, it works out better for participants in the network. Then the other piece, which particularly for swap providers and decentralized exchanges and stuff, is that simplicity allows you to do on chain orders.

目前要成为交换提供商，或执行跨链交换甚至单链交换，本质上需要每个交换参与者都签署同一笔原子性执行的交易，对吧？这就是为什么托管交易所如此快速、高效且成本低廉的原因——因为不需要多方参与者共同完成一笔交易。但要求所有参与者签署同一笔交易不仅成本较高，而且缺乏灵活性，因为每个人都必须完全同意交易的每个细节。

So, right now, in order to be a swap provider, or in order to execute a cross chain swap, or even a single chain swap, essentially what you need is every single participant in that swap needs to sign a single transaction which executes the swap atomically, right? So, if you have this is by the way why custodial exchanges are so fast, so much faster, and so so much cheaper, right? Is that there you don't have multiple participants who have to come together on a single transaction. But the fact that you need all these multiple participants to sign the same transaction is, well, for one thing, it's a little bit expensive. It's also quite inflexible, in that everybody has to agree on exactly the transaction.

你不能让某个参与者说‘我愿意签署这个价格区间内的任何交易，你们看着办吧，这是我的签名’。所有人都必须协调一致，精确到每一个聪，确定他们要签署的交易内容。如果任何条件发生变化，包括参与者变动，所有人都需要重新签署。

You can't have one participant who says, you know what, I'm willing to sign any price within this range, like, just whatever, guys. So, you guys figure it out. Here's my signature. They've all got to coordinate and agree and like, down to the last Satoshi, what's the transaction they're signing. If anything changes, including a change in the participants, then everybody has to re sign.

因此，参与去中心化交易所或交换协议的主要用户成本在于：你需要保持热钱包（如手机钱包）始终在线，不断重新签署这些已完成的交易订单。而利用现有脚本功能很难实现这种灵活性。虽然可以签署半笔交易让他人完成另一半，但仍需精确到每个聪定义交易参数。而通过简化方案，你可以设置限价单，比如声明‘这里有一些包装美元’

So, is really the big user cost, is that in order to participate in one of these decentralized exchanges or one of these swap protocols, you need to have hot keys, right? You've got to have your phone wallet or something that's always online constantly re signing these completed transaction orders. And using existing script capabilities, it's very hard to make this flexible, right? You can do these sort of like, you can sign half a transaction and let somebody else sign the other half, but you've still got to define the exact parameters down to the last Satoshi of what that transaction looks like, right? Whereas with simplicity, you can do a limit order, say, where you can say, here are some wrapped USDs.

我将提供这些美元，只要有人能给我至少X数量的比特币（X对应比特币价格达到12万美元或更高）就可以兑换。顺便说一句，录制此刻比特币刚创下历史新高。

I am going to put these up, and anybody can take the USDs as long as they give me at least X amount of Bitcoin, where X corresponds to a Bitcoin price of like 120 ks or higher, I think of that. As we're recording this, I think we just hit an all time high, by the way.

哦，太棒了。

Oh, fantastic.

我想我还没有

And I think I don't have a

反正大概是12万美元。继续说去中心化交易所和重新签署的事。

think it's like 120 ks anyway. Anyway, talking about the decentralized exchange and re signing.

是的，你可以描述这些条件，对吧？比如这是我的硬币，这是我的美元，这是我的比特币，这是我愿意交易的条件，这是我接受的价格范围。任何人都可以接受我的交易条件。他们可以接受从零到全额之间的任何数量，只要他们给出的价格在可接受范围内，达到阈值就行。这其实是传统市场中最基础的功能——限价订单，对吧？

Yeah, you can, yeah, so you can describe these conditions, right? So here's, are my coins, right here are my dollars, here are my Bitcoin, here's what I'm willing to trade it for, and here's a range of prices that I'll accept. And anybody can take my side of the trade. They're allowed to accept, you know, any amount of it from zero up to the full amount, as long as the price that they give me is within the acceptable range, if it meets the threshold. And that actually, and this is such a basic piece of functionality, in traditional markets, you can do a limit order, right?

这通常是你唯一能下的订单类型。这个基础功能常被人忽视，但它其实是个有趣的算法机制——你告诉经纪商、交易所或DeFi软件：这是一组开放条件，只要满足这些通用条件，我愿意执行任何具体交易。有些经纪商提供完全开放的算法交易，许多提供交易API，让你编写算法在自己的电脑上运行，根据算法执行交易。如果你是亿万富翁级客户或经纪商本身，甚至可以直接在交易所服务器上运行算法，实现极速撮合。

That's often the only kind of order that you can do. It's such a basic piece of functionality that people miss that actually is kind of an interesting algorithmic thing, where you're telling your brokerage, or you're telling your exchange, or you're telling your DeFi software, these are This is kind of an open ended set of conditions under which I am willing to execute any specific trade that meets these general conditions. And some brokerages offer completely open ended algorithmic trading. Many brokerages offer trading APIs, so you write your own algorithm and run it on your own computer, and then it executes trades based on what your algorithm does. If you're some sort of like, you know, billionaire, like, if you are a brokerage, then you can often execute algorithms on the exchanges, computers directly, and that's kind of cool because they can do matching extremely quickly.

而简洁性（如EVM或其他图灵完备的区块链）让你能自由发挥：可以设置限价单，可以设计任意算法交易，可以构建金融产品。比如与限价单奇妙相似的完全抵押期权或股票期权——你把一笔交易打包成合约，声明愿意在特定日期以特定价格出售比特币，然后将其投放市场，这个合约本身就能被交易。作为期权卖方，你还能提前获得权利金收入。

And what simplicity gets you, like EVM or like, you know, these other kind full Turing complete rich statefulness kind of blockchains, simplicity lets you do arbitrary things. It lets you do limit orders, it lets you do arbitrary algorithmic trades, it lets you build financial products. So, something weirdly similar to a limit order is a fully collateralized option, or a stock option, which is a financial contract where you basically bundle up a trade, you say, I'm willing to sell Bitcoin at this price, at this date, and then you just throw the trade up, and the trade can you can trade the trade, right? Like, the trade is bundled up into this contract called an option, and then that has a market price, and people who want to be on either side of that trade can buy or sell that. So, you can get a bit of money up front as a premium for basically selling your trade into the market.

这本质上就像把限价单打包成可流转的合约。通过简洁性，你可以直接在链上、Rollup层或任何扩展层实现这类功能。因此我预计未来会看到更多基于此的新型金融产品被创建和实施。

And this is basically just like a limit order that you bundle up and then that trade around, and that's the kind of thing that you can implement directly on chain or within a roll up or whatever extra layer you want using simplicity. So, I would expect we're going to also see some new financial products that are built and implemented Right. Using

更多可能出现在DEX领域和跨链兑换场景，比如流动性资产这类。我知道Blockstream的Adam非常推崇比特币国库公司，也对Stocker和LBTC与这些国库公司的交易很热衷。或许我们会看到这个方向的新发展。另外很好奇您对流动性主要应用场景的看法？

Some more like in the DEX world and cross chain swapping and maybe liquid assets, this kind of thing. Like, like I know, well, Adam from Blockstream, I know he's obviously very big on Bitcoin treasury companies, he's also very big on Stocker and LBTC trading against those Bitcoin treasury companies as well. So I know he's super into that. And so maybe maybe we see some more, something in that direction also. Also, just curious to get your thoughts on, I guess, what direction do you see the main liquid uses being?

在我看来，目前主要有资本市场应用（比如用流动性比特币交易CMSTR这类代币化策略产品或国库公司代币），另一个重要方向是像Breeze SDK无节点钱包那样——基于流动性比特币的钱包，同时支持闪电网络出入金交换，用Boltstock交易所作为交易钱包。还有像Aqua这样让用户在流动性比特币与各种USDT形态间自由转换的场景。您认为流动性目前及未来的核心应用场景会集中在哪些领域？

Like, as I see it, it seems like you've got this capital markets use, like, which we're talking about, like trading, let's say, liquid Bitcoin for CMSTR, which is like the tokenized form of strategy or something like that or the other other treasury companies. And then I I guess the other big one I've seen is a lot of people using as an example Breeze SDK nodeless, which is like or which is like using like having a liquid Bitcoin based wallet, but using it for like swaps in and out of Lightning, using Boltstock exchange as like a transactional wallet. And also maybe in some cases like Aqua where you've got like liquid Bitcoin, but that user can easily rotate in and out of liquid Tether or the various Tether forms. So I'm curious, where do you see the main uses, for liquid, I guess, nowadays or into the future, if you could elaborate on that?

没错。作为Blockstream研究总监，我常把Liquid视为技术演示平台——特别是用来展示我希望比特币未来具备的功能。但事实上Liquid与比特币有几个重大区别：比如我们采用联盟信任模型分配区块，这是根本性差异。

Yeah. Yeah. So, from my position as director of Blockstream research, right, like I like to pretend that Liquid is a technology demo platform, or even especially a platform for demoing things that I would like to see in Bitcoin one day. But the truth is Liquid is very different from Bitcoin, and a couple important aspects. So, one is that we can deploy well, okay, one is that we assign blocks and we have a federated trust model and stuff, which is a huge difference.

另一种方式是，由于Liquid作为侧链的本质，它并不追求像比特币本身那样广泛适用，我们可以对验证链的人提出更高的硬件要求。这让我们能够实现诸如保密交易等功能，并在链上应用这些复杂的加密技术。但与比特币最大的不同之处在于，Liquid支持多种资产。也就是说，Liquid作为区块链允许你发行新的资产。

Another way is that Liquid, because of its nature as a side chain that is not trying to be as broadly usable as Bitcoin itself, we can demand a much higher hardware requirements from people who are validating the chain. This lets us do things like confidential transactions and throw all this really heavy crypto onto the chain. But then the big way that Bitcoin, that we differ from Bitcoin where Bitcoin will never follow, right, is that we have multiple asset support on liquid. Right? So, liquid as a blockchain allows you to issue new assets.

发行资产后，你还可以发行我们称之为再发行代币的NFT，这些代币允许你增发更多该资产。你可以选择封闭式发行，即发行时不设再发行代币，让所有人永远知道供应量是固定的；或者你也可以持有再发行代币，例如Tether公司就持有USDT的再发行代币，这样他们就能在Liquid上增发新的USDT。我们在保密交易中内置了曾被称作保密资产的功能，不仅隐藏了输入输出金额（就像CT在比特币上的运作方式），还隐藏了具体资产类型。一笔交易可以包含多种资产输入和输出。

Once you've issued an asset alongside that, you can issue what we call reissuance tokens, which are NFTs that allow you to reissue more of that asset. So, you might do like a closed issuance where you issue it, there are no reissuance tokens and everyone can see forever that there's a fixed supply, or you might have reissuance tokens that are held by, like if, for example, Tether has a reissuance token that is held by the Tether Corp, right? So, they're able to issue new tethers onto Liquid. We have built into confidential transactions, we have what we used to call confidential assets, where we hide not only the input and output amounts, the way that the CT works, way it would work on Bitcoin, the way it works on the narrow and so forth, but we also hide the individual assets. You can have transactions that have multiple assets going in, multiple assets going out.

因此，这为我们提供了一个平台，除了展示比特币新技术组件外，更形成了一个拥有多种资产的独特生态系统。其中许多资产是其他金融产品的代币化形式，包括Blockstream的挖矿节点BMN——这可以说是最早在Liquid上流通的有趣金融产品之一。那么Liquid平台为这类代币化和交易用例提供了什么？我之前提到过，我们拥有易于理解的供应控制机制。资产发行是公开的，当然你也可以进行保密发行。

And so, this gives us a platform where beyond being kind of a place to demonstrate new Bitcoin technology components, there's actually a very different ecosystem that has multiple assets, many of which are wrapped issued assets that are tokenized forms of other financial products, including, by the way, Blockstream's mining node, BMN, is one of the earliest, I would say, interesting financial products that was floating around on Liquid. And so, what Liquid as a platform gets you for these kind of tokenization and trading use case? Well, one I hinted at, right, is that we have supply controls that are very easy to reason about, right? When you issue an asset, that's public. You can actually do confidential issuances.

我不

I don't

知道是否有人在实施保密发行或为何要这样做，但我们很容易就能支持这个功能。不过通常发行都是公开透明的，这样每个人都能看到发行总量，也能查看是否存在再发行代币。这些信息非常重要，现在你就能知道Liquid上每种资产的总供应量。

know if anyone's doing confidential issuances or why you would, but it was easy for us to support, so you can do it. But typically you do an issuance in the clear, so everyone can see the total amount that you're issuing. You can see how many reissuance tokens exist, if any, right? And that's a big important piece of information. And so, now you know the total supply of every asset on liquid.

理论上任何人都可以秘密销毁代币，比如通过保密OP_RETURN输出。所以你可以秘密减少供应量，但除了公开可见的参数外，没人能增发资产。此外，我们还提供了让用户查看和控制资产交易的方式。通过建立在Liquid之上的资产管理平台AMP，发行者可以创建各类资产，并出于各种原因只允许白名单上的交易者操作这些资产。

Up to, I guess anybody can burn coins confident. You can have like a confidential op return output, I suppose. So, you could secretly reduce the supply, but nobody can inflate the supply except by the parameters that are publicly visible. Beyond that, we also have ways that people can have visibility into and control over how their assets are traded. So, have various classes of assets that use what we call AMP, the asset management platform on top of Liquid, which allows users who are trying to issue assets where, for whatever reason, they only want a whitelisted set of traders to interact with those assets.

听起来你主要是在讲Liquid上的资产发行对吧？这就是你看到的发展方向。是的。

It sounds to me mainly like you're speaking about asset issuance on Liquid, right? That's kind of the direction you see things going. Yep.

作为资产发行，这种方式在透明度上是其他区块链平台所不具备的。简洁性也是其中的一部分，对吧？它为这些资产发行添加了任意功能，同时所有内容都是公开可验证的。只要人们愿意花功夫提供证明，一切都能以机器可验证的方式被证实。真正的目标是让人们拥有坚如磐石的确信。

And as asset issuance, That is transparent in a way that it is not on other blockchain platforms. Simplicity is kind of part of that, right? So, it's adding arbitrary functionality to these asset issuances in a way where everything is publicly verifiable. And everything is, to the extent people are willing to do the work to make the proof, right, everything can be proven in a machine checkable way. Really the goal, that people can have rock solid.

我想谈另一个热点话题，因为最近几天关于某些稳定币的动向有不少讨论。对吧？现在有一批稳定币发行方，比如Tether、Circle和一两家其他公司，基本上都公开表示要推出自己的链。

One other topic that I think it's kinda topical just because the last few days has been a bit of chatter about this around what some of the stablecoins are doing. Right? That they are now a bunch of them. I think Tether, Circle, and one or two others have basically come out saying, hey. We're gonna do our own chain.

他们要发行自己的L1代币。关于这个有很多争论，但我很好奇你对比特币和Liquid可能受到的影响有什么看法。

We're gonna do our own l 1 token. And I think, you know, there's been a lot of back and forth on this, but I'm curious to get your thought on this about, you know, what it means for Bitcoin and Liquid, if anything.

是的。我是个纯粹的比特币支持者，从未使用过稳定币。我之前不知道这个公告，确实有点意外。

Yep. I'm really I'm a Bitcoiner. I've never used a stablecoin. I see, wasn't aware of this announcement. This does surprise me a little bit.

所以我想更深入了解，他们自建链相比使用现有的多资产链（比如Liquid）能获得什么优势。

So, I would like to understand more about what they would get from having their own chain versus having, you know, an existing multi asset chain like liquid or mean,

我个人推测（并不确定），可能是为了加强合规审查。有点像美国政府非正式地要求他们——这只是我的猜测，没有内部消息。我的猜想是美国政府某种程度上在收编他们，表示：

my speculation, I don't know for sure. My speculation would be maybe there's more compliance checking. So maybe it's kind of like the US government is sort of saying is I'm speculating, right? I don't have inside info, but this is my guess. My guess is it's kind of like a US government is sort of bringing them in the fold and saying, hey.

‘你们可以参与其中，但我们需要更多合规审查，希望他们承担更多责任。可能想要反洗钱和制裁措施，用他们的话说是‘阻止恐怖分子’之类的。当然，现在的稳定币本就处于监控之下，这是人们应该知道的基本情况。’

You can have a seat at the table, but we want more compliance checking or we wanna we want a bit more on their side. Maybe they want, like, AML and sanctions to, quote, unquote, stop the terrorists and whatever or to stop the sanctioned whatever individuals. Maybe that's, I don't know. I of course, stablecoins right now are also surveilled. That is a standard thing that people should be aware of.

它们显然不具备比特币那种抗审查的特性，这是我的猜测。但我也认为稳定币发行商自己推出链的做法，可能削弱了某些人所说的所谓'效用代币'理论，比如那些老牌链如波场、以太坊、Solana等等。这就是我的解读。嗯。支持比特币，因为持有比特币显然有其理由。

They do not have the same censorship resistant qualities, obviously, that Bitcoin has, but that's my guess. But I also think it kind of this idea that the stablecoin issuers are putting out their own chains themselves, maybe it undermines this quote, unquote so called utility token thesis that some people spoke about that, you know, of some of the old coin chains, things like Tron or Ethereum and whatever else, Solana, whatever. So that that that's that was my interpretation of it. Mhmm. In favor of Bitcoin because, obviously, there's a reason to hold Bitcoin.

对吧？总量不会超过2100万枚。我们视之为未来货币，这些典型特征。而我认为效用代币这个概念一直有点站不住脚，现在看起来...我想说的是，这并非我独有观点，而是比特币支持者的普遍论点：最终会出现中心化趋势，因为这些项目本来就不去中心化。明白吗？

Right? There's no more than 21,000,000. We see it as a future of money, all these typical things. Whereas, I think this utility token thing has always been a bit of a bunk idea, and now it seems like, you know, I guess I guess what I'm driving at and I think this is not unique to me, just a common Bitcoin or argument is this idea that there's gonna be this kind of centralization, fact or this kind of force because these things were not decentralized anyway. You know?

就像，没人在乎。没人会假装由特定实体发行、以美国政府债券等资产背书的稳定币是去中心化的。所以这里可能存在某种中心化驱动力。当然比特币是独特的类别，不过我很好奇，你对此有什么看法？

Like, no one cared. No one was pretending that stablecoins are a decentralized thing if they are issued by a known individual with, like, backing by whatever US government bonds and whatever else. So maybe there's kind of a general a centralization, you know, force there Now of course, Bitcoin is in a unique category, but I'm curious, do you have any reactions or thoughts on that?

是的是的。我确信Blockstream内部的业务发展团队正在研究这个，试图搞清楚他们认为通过自建区块链能解决什么问题。就我个人而言，我希望不用参与那些电话会议。不过...

Yeah, yeah. So I'm certain that within Blockstream our business development people are looking at this and and, like, trying to figure out what what problem they think they solve by by going on to their own own blockchain is. And for me personally, I I hope that I don't get pulled into those phone calls. But the

至少目前看来，他们并没有要停止支持其他链。

I mean at least for now, it doesn't sound like they're taking away support from other chains.

好吧。

Okay.

但这更像是...他们会朝这个方向发展吗？我们谁都不知道。确实。

But it's just like, is this the direction they're gonna move? I mean, none of us know. Yeah.

我是说，拥有这些支持各种代币的大型链很重要，对吧？这让交换变得非常容易，对吧？它让去中心化金融（DeFi）类操作变得简单，因为你可以在一条链上通过单笔交易执行任何类型的交易，无论人们想设定什么条件。而一旦涉及独立区块链，你就得进行跨链交换，这虽然可行但更困难，对吧？速度更慢、实现更复杂，还存在奇怪的时间问题，比如那种最后时刻才决定是否签名的自由选择权问题。对于像实用代币这样的东西，几乎整个意义就在于可交易性，对吧？

I mean, big to have these these kind of mega chains that support all of these different tokens, right, is that it makes the swaps very easy, right? It makes it very easy to do DeFi like things because you can have a single transaction on a single chain that executes whatever sort of trade under whatever conditions people want to enforce. And as soon as you've got independent blockchains, then you're doing cross chain swaps, which are certainly possible, but they're harder, right? They're slower, they're more difficult to implement, and they have these weird timing issues, like, there's this kind of free option problem where somebody can wait till the last second they're allowed to sign and then sign or not. And Yeah, it's So, for something like a utility token, like almost the whole point is that you can trade it, right?

比如，我不确定这些东西除了可交易性之外还有什么其他目的。或者说，除了让交易更高效之外，它们还有什么理由必须存在于区块链上？

Like, I'm not sure what other purpose many of these things have, other than being tradable. Or like, maybe like, what purpose these things have to be on a blockchain, other than it makes the trading more efficient, right?

是啊。否则的话，某种程度上说，你干脆用SQL数据库之类的就行了，对吧？连链都不需要，懂我意思吗？

Yeah. Because otherwise, I mean, at a certain level, it's like you might as well just have a SQL database or something, you know? Don't even have a chain, you know?

对，对，完全正确。我是说，我也有同样的

Yeah, yeah, exactly, right. Yeah. Mean, I've got the

疑问，这是个开放性问题。其实我们谁都不确定。我们只是在猜测以理解现状。我在网上看到过不同观点，有人说

same question as you bit of an open question. I mean, none of us really knows. We're just kind of speculating a bit just to understand what's going on. Now, different arguments I've seen kind of online. Some people are saying, okay.

但真正原因其实是所谓的'可组合性'，对吧？这条链和那条链之间的。还有个说法是，等等，其实有些发行方可能喜欢'我们不控制这条链'的概念。这样他们就能说'监管先生，链不在我控制范围内，某某币或链上发生的事与我无关'——可能有点监管套利的意味。我也不确定。

But actually, the real reason is so called composability, right, between this chain or the other or maybe the other argument I've seen is like, well, hang on. Actually, some of these issuers might like the kind of idea of having a bit of a we don't control the chain. So, they can sort of go, oh, look, mister regulator, I don't control the chain. What's happening on whatever coin or chain, that's out of my control so maybe there's a bit of that that kind of regulatory let's say arbitrage or something, for that reason. I don't know.

聊到Liquid时我还有个好奇的点：你如何看待现在Liquid与比特币上各种二层方案的演变对比？闪电网络显然是最去中心化、应用最广的比特币二层方案，而现在我们又看到Arc和Spark，还有Liquid本身。

I guess one other thing I'm curious to get your thought on while we're talking about liquid, how are you seeing this evolution now of liquid as compared with different l twos on Bitcoin? Right? Because we've got obviously Lightning, the most decentralized and, you know, arguably the most adopted l two for Bitcoin. And then now we're seeing Arc and we're seeing Spark. You know, we've got Liquid.

有像电子现金这样的东西。我想这取决于你如何计算这些。但你如何看待Liquid与这些的对比？比如，我们是否看到，或至少你是否看到Liquid更多出现在资本市场资产发行领域？你如何看待Liquid的比较优势？

There's things like e cash. I guess it depends it depends how you count these things. But where do you see Liquid contrasted with those? Like, are are we seeing it or at least are you seeing Liquid more in the, let's say, the capital markets asset issuance space there? How do you see Liquid comparing?

是的，简而言之，没错。由于Liquid是一条公有区块链，在某种意义上它并不是一个扩容方案。所以如果你认为L2是建立在比特币之上、能让比特币更好扩容的方案，那么Liquid并不属于这一类。

Yeah. Yeah. So in in short, yes. So by liquid being a public blockchain, in some sense it's just not a scaling solution. So if you consider an L2 to be something on top of Bitcoin that allows Bitcoin to scale better, liquid's sort of not that.

我是说，某种程度上它属于Liquid验证者集合。

I mean, sort of is in the set of liquid validators.

比如那些互换提供商，Boltstock交易所，这类机构

Like the swap providers, the Boltstock exchange, and this kind

是的。作为一个不想验证比特币链、愿意短暂信任它的比特币用户，你可以先兑换到Liquid上，然后进行一系列无需验证的交易，最后再兑换回来，这样就限制了风险敞口。当然你也可以运行一个Liquid节点来验证所有交易，但那样在可扩展性方面就毫无优势了，对吧？

of Yeah. Yeah. So, as a Bitcoin user who like doesn't want to validate the Bitcoin chain and is willing to trust it briefly, right? You could swap into liquid and then do a bunch of transactions that trusted in the sense that you're not validating it, and then swap back, and then you've kind of limited your exposure. You're of course welcome to run a liquid node and then validate all the transactions, but then at that point, you haven't gained anything in terms of scalability, right?

你可以将其与闪电网络对比。闪电网络的底层逻辑是建立双方支付通道序列，所有更新都发生在仅需参与者双方验证的通道内，直到通道关闭。这才是真正的扩容改进——既没有降低信任模型，仍享有比特币链的完整支持，同时大幅提升了可扩展性，因为每笔交易（除最后一笔外）只需通道双方验证签名即可。

Now you're running two nodes and validating every transaction, so no. So, you can compare that to something like Lightning, where the premise behind Lightning is that you've got a sequence of two party payment channels, and all of the updates are happening in these two party payment channels that only those two participants need to validate until the channel gets closed out, right? And then that is a real scaling improvement, in that you haven't reduced your trust model in any way. You still have the full backing of the Bitcoin chain, and it's public blockchain, although you're not, except in the uncooperative case, you're not falling back on that, but you greatly improve scalability because each transaction, every transaction except the final one, is only verified by the two participants in the channel, right? They sign it, they verify, okay, it's good.

他们进行更新时只需签署新状态，丢弃旧状态。那些被丢弃的状态无需公开广播，也无需全网验证，这才是真正有意义的扩容改进。ARC协议也类似，在很多方面像闪电网络，但通道关闭的拓扑结构不同，能更好应对突发性集体退出等极端情况，而且我认为通过契约条款还有更大改进空间。

They do another update, they throw it away and sign a new one, right? And then that one that they threw away doesn't have to be published, it doesn't have to be verified by everybody, and that's a meaningful scaling improvement, right? And then ARC is similar. It's in many ways like Lightning. It has a different topology of how channels closures work, which should be more resilient to like some catastrophic everybody trying to exit at once kind of construction, and which I think has more room to be improved by covenants.

所以，我从未真正将Liquid视为比特币的扩容方案。就它与比特币的关系而言，对吧？我认为它很适合作为某些功能原型开发的场所，至少在这些功能不依赖于多资产支持A或不受其过多干扰的情况下，

So, I have never really thought of liquid as a scaling solution for Bitcoin. Far as its relationship to Bitcoin, right? I think it works nicely as a place to prototype some functionality, at least where that functionality doesn't depend on or get interfered with by the multi asset support A too much,

比方说，试验田。

ground, let's say.

对，应该说是个试验场，对吧？我真的不想

Yeah, it's a testing ground, I should say, right? I really don't want to

假装我不喜欢它，毕竟我们已经有测试网、Signet等等了。

pretend I don't like it's if have test nets and Signet and so on.

是啊。Liquid与比特币大不相同，很多比特币爱好者并不喜欢Liquid，所以我不想假装它得到了比特币社区的认可。但它是一个形态非常相似的区块链，我们有许多比特币开发者参与其中，能够相对快速地部署功能，而且协调成本比比特币低。所以当我看到这些比特币上的L2不断发展时，显然觉得这很棒。这对比特币是好事，然后我可能会稍微关注：我们是否希望这些L2建立在Liquid之上？对吧？

Yeah, yeah. Liquid's very different from Bitcoin, lots of Bitcoiners really don't like liquid, so I don't want to pretend like it's sanctioned by the Bitcoin community in any sense, but it is a very similarly shaped blockchain that we've got a number of Bitcoin developers working on who are able to kind of get stuff deployed on fairly quickly and with less coordination than on Bitcoin. So, So, as I see these L2s evolving on Bitcoin, think that's awesome, obviously. That's great for Bitcoin, and then I maybe keep half an eye on like, do we want those L2s on top of liquid? Right?

我把Liquid视为与之并行的独立L1，它的使用场景并不与其他L2竞争。如果真要说的话，Liquid完全可以复制那些L2技术。要是我们4MB（更正：3分钟）的区块空间不够用了，也可以在Liquid上使用相同的L2方案。

I think of liquid as a separate L1 beside it, and like, his use cases are not liquid is not competing with other L2s, right? If anything, liquid could be liquid could just copy those L2s, and we could use the same L2s on liquid if we ran out of space in our four meg, Right. Three minute

知道有人开玩笑说理论上可以在Liquid上运行闪电网络对吧？这样就能实现各种创意。但我注意到一个明显现象：在费用飙升的符文序数（retardinals/ordinals）时期，Liquid确实获得了更多采用。我们看到很多人用它来做这类交换，比如Aqua钱包或bolts.exchange这类Breeze SDK应用场景。还有个叫Stash的钱包。

know some people joke about you could theoretically run lightning on top of liquid, right? And so you could do various ideas. But I guess one thing definitely I noticed was liquid did get a bit more adoption during the fee spike of the, you know, the retardinals or ordinals era. So, that was something we saw a lot, you know, we saw a lot more people using it for this kind of swap, like, aqua wallet or this kind of bolts.exchange, Breeze SDK sort of use case. There's another wallet called Stash.

我认为是StashPay。但无论如何，重点是有些人将其作为一种廉价的交易链来使用，可以这么说。讽刺的是，有点像Bcasher的交易链，考虑到历史发展轨迹，这确实很讽刺。是的。

I think it's StashPay. But, anyway, the point is there are people who are using this as, a kind of a cheap transactional chain, let's say. Ironically, kind of like the the Bcasher transactional chain, which is ironic given the way Yeah. Historically things played out. Yep.

不过听起来你的关注点可能是将其作为测试平台，同时这种资产发行和资本市场似乎更像是Liquid的潜在应用场景。那么你有什么总结性想法吗？大家应该考虑些什么？

But, yeah, it sounds to me like your focus is maybe yeah. It's a testing ground and also this asset issuance, capital markets seem to be more like the likely use cases of liquid, let's say. Yep. So I guess any closing thoughts? What should people think about?

你希望获得什么样的反馈？或者说你希望开发者们去了解Simplicity的哪些方面？

What are you looking for in terms of, I guess, feedback or developers to go have a look at Simplicity?

是的。我们在大约两周前发布了Simplicity，现在已经在Liquid上线。我们正在加紧编写README、贡献指南、欢迎页面和各类文档来吸引开发者。目前有一个开发布道师的职位空缺，后续可能还会开放更多。这个职位需要喜欢把玩我们的Web ID、准备演示材料、完善文档体系，甚至能主动发现文档缺失并告知团队——这些都非常有帮助。还需要优化编译器错误提示等用户界面，理解用户使用Simplicity时的痛点和需求场景。

Yeah, yeah. So, we launched Simplicity, probably when this was published close to two weeks ago, and it's live on Liquid. We are working, we have a website, simplicity.hl.org, and we are frantically working to write readmes and contributing documents and welcome pages and documentation and all this to bring people in. We have one job opening, probably we'll have a few more soon, for a developer advocate, which is somebody who wants to play with our Web ID, wants to put together presentations, wants to work on this documentation, really just even identifying missing documentation and letting the rest of us know that that's super helpful. Building, improving our error messages in our compiler, improving all these user facing things and understanding what people are trying to do with simplicity and where the pain points are.

相关职位信息可以在blockstream.com/careers查看，请持续关注该页面获取更多招聘信息。最后我想说，目前Simplicity已在Liquid上线，官网是simplicitylang.org。希望半年后我们能讨论Signet或MutinyNet上的Symplicity，但现在还处于起步阶段。今天就到这里，谢谢大家。

So, we've got a job opening for that, which you can find at blockstream.com/careers, and keep an eye on that page for more things. And I'll probably close with that, simplicitylang.org, and hey, hopefully I'll be back in six months, and we'll be able to talk about how we have Symplicity on Signet or on MutinyNet or something, but we're not there yet, so where I'll close today is Simplicity on Liquid. It's live today, simplicitylang.org. Thanks.

太棒了。好的，安德鲁，感谢你的参与。也谢谢你。

Fantastic. All right, well thank you for joining me, Andrew. Yeah, thanks.