Chief Scientist at IOV Labs and researcher specializing in computer security and crypto.

About Sergio.

Currently, Sergio is the Chief Scientist at IOV Labs, and co-manages the IOV Labs Research & Innovation area, which researches and develops improvements for blockchain scalability, privacy, fairness, decentralization, security, and ease of use. He is also recognized as one of the foremost researchers in the fields of computer security and cryptocurrency. In 2015, he co-founded RSK Labs, a company that develops the RSK Smart Contract platform, also known as Rootstock. Additionally, he has founded several other companies, including Coinspect (specializing in information security audits for startups and cryptocurrencies), Coinfabrik (cryptocurrency software), WayniLoans (a loan platform focused on Latin America), ASICBoost (developing more efficient ASIC miners), and Pentatek (a medical equipment manufacturer in Latin America).

What was the biggest challenge when developing Rootstock? We faced two significant challenges.

The first one was technical: creating the two-way peg (now known as the Bridge) to connect Bitcoin with Rootstock, the first Sidechain, and doing it as securely as possible. It was a team effort that began in 2016 and continued uninterrupted for 5 years, always striving to enhance security. In the blockchain world, you often come across projects that invest in security during their initial months of development, including conducting code audits. However, as time goes on, they tend to lose focus on this crucial aspect, and the outcomes are often far from desirable. In reality, security requires ongoing investment and necessitates continuous improvement, especially as the stakes (TVL), continue to rise. In Rootstock, we started with a multi-signature federation of only 5 participants, and now we have a Powpeg, secured by a multi-signature of 9 tamper-proof autonomous devices resistant to misuse or secret extraction attempts. These devices, which we call PowHSM, follow the consensus of RSK and cannot be externally commanded. They obey orders from the Rootstock blockchain and can recognize the honest chain by its massive accumulated hashrate. Additionally, there is an emergency federation of 4 signatories, which is automatically activated if funds are locked for more than 1 year. There are additional security mechanisms related to system monitoring. For example, the “Armadillo system” looks for early detection of potential main chain splits. Our next challenge is to introduce the advantages of segwit to expand the federation to more than 60 members. This experience has taught me multiple lessons. Firstly, it underscores that errors can arise at any point, and systems must be fortified against their own shortcomings through the implementation of multiple safeguards — an approach commonly referred to as “defense-in-depth” in Cybersecurity. Secondly, it underscores that when it comes to security, one should never become complacent, as it necessitates an ongoing journey of exploration and enhancement.

The second challenge was finding the bitcoiners (early adopters) who were capable of making a leap of faith and could envision Bitcoin not just as an isolated blockchain but as the center of a network of sidechains, each specialized in a niche or efficiently solving a use case. This required accepting that innovation doesn’t happen only within the Bitcoin ecosystem, but there are great minds working to create new technologies and applications based on smart contracts and blockchains, and all that energy can be channeled to strengthen Bitcoin not only as a store of value but as a platform for innovation. More and more bitcoiners are using sidechains and supporting drivechains. Nowadays, the notion of Bitcoin as a platform for application development is gaining popularity through informal communication and discussions, but initially, there were many skeptics within the community.

What valuable insights or aspects can you share from your experience in designing Ethash for Ethereum and being involved in one of the earliest Ethereum audits?

It was a truly fascinating experience. Regarding Ethash, the Ethereum founders opted to incorporate an algorithm I had previously published, even though I wasn’t directly involved in that decision. Ethash effectively served its purpose until Ethereum transitioned to PoS (Proof of Stake), and it was no longer needed.

The audits provided me with a direct opportunity to contribute to Ethereum’s design. I had previous experience since I had designed the first smart contract platform a year before Ethereum. My primary contributions were centered around bolstering security and incentives.

My experience with Ethereum reaffirmed my conviction that introducing competitive cryptocurrencies alongside Bitcoin has both positive and negative aspects. In the short term, it fosters innovation and experimentation as new blockchains, equipped with the capability to issue their own tokens, quickly attract speculative funds, which can accelerate the transformation of ideas into products. However, the flip side is less favorable: I hold the belief that the proliferation of speculative tokens doesn’t necessarily benefit society to the fullest.; considering that the greatest innovation brought by Bitcoin is the creation of a decentralized currency that can serve as a store of value and facilitate peer-to-peer transactions without intermediaries. Consequently, these insights served as my motivation to create Rootstock, enabling innovations in smart contracts to utilize Bitcoin as the native currency.”

Another lesson drawn from my Ethereum audits is the significant cost associated with introducing “features” to the blockchain after its initial launch. Conversely, certain “features” can be deferred and added later without complications. The art of designing a decentralized system hinges on discerning whether a particular feature belongs to the former or latter category.

As an illustration, I remember that one of the recommendations from one of my audits was to launch the platform with “account abstraction” already integrated. This is a mechanism that allows wallets to operate with tokens (e.g., crypto-dollars) without needing to possess native currency beforehand (like ether), and it’s crucial for easily acquiring new users without technical preparation. However, the Ethereum founders chose to exclude this feature. Now, 8 years later, due to the various methods available to integrate this mechanism, it remains a subject of debate and decision-making, with its activation still pending.

3 tips you would give to a builder who is taking their first steps in blockchain product development and that you would have liked to know from the beginning. Invest in security consistently and continuously.

1. Construct business models that focus on the long term and scalability.

2. Avoid being swayed by short-term solutions tied to speculation.

3. Seek and test the market fit of your product before diving into complex and ambitious development.

These tips apply not only to web3 development but can also be valuable in other software development projects involving complexity and the management of high-value information or assets.

Where do you see the industry heading in the next 5 years?

I try not to play the fortune-teller, but it seems we’re at a pivotal moment. The lack of solid regulation, or any regulation at all, is the main hurdle right now for industry growth. I think the next few years will bring some clarity on that front. The approval of Bitcoin ETFs in the USA might kickstart a closer relationship between traditional finance and decentralized finance. As clearer rules emerge in different legal territories, crypto companies will start scouting for the most welcoming nations to set up shop, expand, and roll out their products. I believe there will be a new appreciation of Bitcoin, a DeFi product explosion, and the normalization of decentralized finance becoming part of everyday life for millions.

Thanks for reading!

To stay up to date with the latest news from WakeUp Labs, follow us on Twitter and LinkedIn 🙌

Chief Scientist at IOV Labs and researcher specializing in computer security and crypto.

About Sergio.

Currently, Sergio is the Chief Scientist at IOV Labs, and co-manages the IOV Labs Research & Innovation area, which researches and develops improvements for blockchain scalability, privacy, fairness, decentralization, security, and ease of use. He is also recognized as one of the foremost researchers in the fields of computer security and cryptocurrency. In 2015, he co-founded RSK Labs, a company that develops the RSK Smart Contract platform, also known as Rootstock. Additionally, he has founded several other companies, including Coinspect (specializing in information security audits for startups and cryptocurrencies), Coinfabrik (cryptocurrency software), WayniLoans (a loan platform focused on Latin America), ASICBoost (developing more efficient ASIC miners), and Pentatek (a medical equipment manufacturer in Latin America).

What was the biggest challenge when developing Rootstock? We faced two significant challenges.

The first one was technical: creating the two-way peg (now known as the Bridge) to connect Bitcoin with Rootstock, the first Sidechain, and doing it as securely as possible. It was a team effort that began in 2016 and continued uninterrupted for 5 years, always striving to enhance security. In the blockchain world, you often come across projects that invest in security during their initial months of development, including conducting code audits. However, as time goes on, they tend to lose focus on this crucial aspect, and the outcomes are often far from desirable. In reality, security requires ongoing investment and necessitates continuous improvement, especially as the stakes (TVL), continue to rise. In Rootstock, we started with a multi-signature federation of only 5 participants, and now we have a Powpeg, secured by a multi-signature of 9 tamper-proof autonomous devices resistant to misuse or secret extraction attempts. These devices, which we call PowHSM, follow the consensus of RSK and cannot be externally commanded. They obey orders from the Rootstock blockchain and can recognize the honest chain by its massive accumulated hashrate. Additionally, there is an emergency federation of 4 signatories, which is automatically activated if funds are locked for more than 1 year. There are additional security mechanisms related to system monitoring. For example, the “Armadillo system” looks for early detection of potential main chain splits. Our next challenge is to introduce the advantages of segwit to expand the federation to more than 60 members. This experience has taught me multiple lessons. Firstly, it underscores that errors can arise at any point, and systems must be fortified against their own shortcomings through the implementation of multiple safeguards — an approach commonly referred to as “defense-in-depth” in Cybersecurity. Secondly, it underscores that when it comes to security, one should never become complacent, as it necessitates an ongoing journey of exploration and enhancement.

The second challenge was finding the bitcoiners (early adopters) who were capable of making a leap of faith and could envision Bitcoin not just as an isolated blockchain but as the center of a network of sidechains, each specialized in a niche or efficiently solving a use case. This required accepting that innovation doesn’t happen only within the Bitcoin ecosystem, but there are great minds working to create new technologies and applications based on smart contracts and blockchains, and all that energy can be channeled to strengthen Bitcoin not only as a store of value but as a platform for innovation. More and more bitcoiners are using sidechains and supporting drivechains. Nowadays, the notion of Bitcoin as a platform for application development is gaining popularity through informal communication and discussions, but initially, there were many skeptics within the community.

What valuable insights or aspects can you share from your experience in designing Ethash for Ethereum and being involved in one of the earliest Ethereum audits?

It was a truly fascinating experience. Regarding Ethash, the Ethereum founders opted to incorporate an algorithm I had previously published, even though I wasn’t directly involved in that decision. Ethash effectively served its purpose until Ethereum transitioned to PoS (Proof of Stake), and it was no longer needed.

The audits provided me with a direct opportunity to contribute to Ethereum’s design. I had previous experience since I had designed the first smart contract platform a year before Ethereum. My primary contributions were centered around bolstering security and incentives.

My experience with Ethereum reaffirmed my conviction that introducing competitive cryptocurrencies alongside Bitcoin has both positive and negative aspects. In the short term, it fosters innovation and experimentation as new blockchains, equipped with the capability to issue their own tokens, quickly attract speculative funds, which can accelerate the transformation of ideas into products. However, the flip side is less favorable: I hold the belief that the proliferation of speculative tokens doesn’t necessarily benefit society to the fullest.; considering that the greatest innovation brought by Bitcoin is the creation of a decentralized currency that can serve as a store of value and facilitate peer-to-peer transactions without intermediaries. Consequently, these insights served as my motivation to create Rootstock, enabling innovations in smart contracts to utilize Bitcoin as the native currency.”

Another lesson drawn from my Ethereum audits is the significant cost associated with introducing “features” to the blockchain after its initial launch. Conversely, certain “features” can be deferred and added later without complications. The art of designing a decentralized system hinges on discerning whether a particular feature belongs to the former or latter category.

As an illustration, I remember that one of the recommendations from one of my audits was to launch the platform with “account abstraction” already integrated. This is a mechanism that allows wallets to operate with tokens (e.g., crypto-dollars) without needing to possess native currency beforehand (like ether), and it’s crucial for easily acquiring new users without technical preparation. However, the Ethereum founders chose to exclude this feature. Now, 8 years later, due to the various methods available to integrate this mechanism, it remains a subject of debate and decision-making, with its activation still pending.

3 tips you would give to a builder who is taking their first steps in blockchain product development and that you would have liked to know from the beginning. Invest in security consistently and continuously.

1. Construct business models that focus on the long term and scalability.

2. Avoid being swayed by short-term solutions tied to speculation.

3. Seek and test the market fit of your product before diving into complex and ambitious development.

These tips apply not only to web3 development but can also be valuable in other software development projects involving complexity and the management of high-value information or assets.

Where do you see the industry heading in the next 5 years?

I try not to play the fortune-teller, but it seems we’re at a pivotal moment. The lack of solid regulation, or any regulation at all, is the main hurdle right now for industry growth. I think the next few years will bring some clarity on that front. The approval of Bitcoin ETFs in the USA might kickstart a closer relationship between traditional finance and decentralized finance. As clearer rules emerge in different legal territories, crypto companies will start scouting for the most welcoming nations to set up shop, expand, and roll out their products. I believe there will be a new appreciation of Bitcoin, a DeFi product explosion, and the normalization of decentralized finance becoming part of everyday life for millions.

Thanks for reading!

To stay up to date with the latest news from WakeUp Labs, follow us on Twitter and LinkedIn 🙌