Moved from internals forum here. Some initial comments were posted there, but lets continue here.
cryptofin is a term I use for Crypto-Finance - a growing industry using software and cryptography to build systems transferring value. It notably includes, but is not limited to: Bitcoin, other crypto-currencies, blockchains etc.
Before we begin: Please let's keep our personal opinions about Crypto Finance, Bitcoin and alikes to minimum.
I'd like to start with observation that programming languages greatly benefit from establishing themselves in certain niches. It ensures traction, real life usage, corporate support, mind share etc.
Notable example: Kotlin's popularity exploded after it became official language of Android. Similarly other recent yet successful languages established themselves like this: Swift has iOS, Go - distributed systems, Kotlin - Android.
Rust is very versatile and is specifically trying to establish itself in webassembly, embedded and core systems programming. While obviously worthwhile and with some success, embedded and general system programming are a more difficult areas, because they already do have estabilished dominant programming languages.
Fintech seem so interesting is that it is a fairly new niche, without a strong, long estabilished or otherwise dominant PL. Additionally Rust is really a perfect fit for cryptofin, which has unique and demanding set of requirements:
- security, safety and reliability - as cryptfin operates on valuable digital assets in adversary environments, there is no room for mistakes;
- performance - as performance characteristics are critically important for economic and functionality of the system;
The fit is good, that without much attention Rust has already become de facto language of choice for cryptofin. A lot of popular cryptocurrencies and cryptofin systems is using and is fond of Rust, despite Rust community never explicitly trying to address that niche. Even Bitcoin, which was initially implemented in 2009 in C++, has a growing community of Rust developers.
While cryptofin is not yet a huge industry, it is really quite well funded, and as a principle - is typically based on Open Source: any cryptofin Rust project tends to provide Rust community with a lot of Open Source work.
Cryptofin is also on the cutting edge of many efforts: security, trust minimization, cryptography, etc. Dominating cryptofin means getting a mindshare in many areas important to high-caliber, mission-critical system software.
I think it's worthwhile to raise the awareness of this quiet success, and possible future benefits . While at it, I'd like to list from the top of my head problems with Rust for cryptofin (and specifically rust-bitcoin
, which I'm somewhat participating in). Addressing or helping address these, could lead to even stronger dominance of Rust in this area.
Trust (bootstrapping). Cryptocurrencies are a lucrative target for cyber-crime, malicious software etc. Because of this cryptofin developers are very distrustful, and are trying to eliminate any technical risks. Specifically, right now most Rust users are trusting rust compiler binaries, compiled and distributed by Rust team. That is putting a lot of trust in Rust team - their infrastructure, employees etc., especially in the light of possible state-level actors trying to subvert or shut-down such systems. One could just compile the compiler itself... but you can only do that with a Rust compiler, again ... provided by Rust Team. It's a circular dependency, and unlike languages like C/C++ Rust has only one feature-complete implementation ATM. The problem was somewhat solved by independent bootstrapping using mrust
, but it is still a a pain point. I don't know how much can be done about it - maybe Rust developers would be OK with making sure newer versions of the compiler, compile with somewhat older versions, to ease the pain of independently bootstrapping the compiler, or mrust
could get more help to keep up with the evolving language.
Language and ecosystem stability guarantees. Partially because of the bootstrapping problem, and partially because of general conservative approach, lack of any LTS releases, backporting fixes, minimum required rust compiler version management, etc. is a problem. Cryptofin developers can not and do not really want to roll with the "just use the latest stable version" mantra. I observe that this creates a lot of tensions (example). One one hand I understand that language and ecosystem are very alive and quickly evolving, on the other hand I understand that people working on rust-bitcoin
are used to their code compiling with no problems on 10-year old c compilers. Rust is simply not yet there (not even 10 year old in the first place), but it seems to me that it would be really beneficial for perception of Rust's stability and maturity to start rolling out some stability guarantee: eg. starting with 6-month-long LTS cycles, that could get extended with time, as the language stabilizes, and encouraging some backward-compatibility minimums in the ecosystem.