buckets of permissioned, permissionless, and permissioned permissionlessness ledgers
TRANSCRIPT
Buckets of Permissioned, Permissionless, and Permissioned
Permissionlessness Ledgers
Who is developing shared, replicated ledgers and why
Brief outline
• Characteristics of a distributed ledger• Motivations for building non-proof-of-work ledgers / private blockchains• Known, trusted parties versus unknown, untrusted parties• Unclear governance• Scalability challenges• Disproportional rewards from metacoins
• Where has VC funding gone?• Opportunities for professional service firms
Questions to consider this session• What are the design assumptions and goals for using new technology?• What are the client business requirements?• Are entities and actors on the network known or unknown, trusted or
untrusted?• Who is allowed or not allowed to validate transactions?
• e.g., mintettes as defined by Laurie (2011) and Meiklejohn (2015)
• Are the validators spread around globally?• Is communication between them synchronous or asynchronous?• Are faults tolerated? How are Byzantine faults handled?• What type of consensus is needed? Or none at all?
Why distributed ledgers?
• There are many reasons for why companies, institutions and organizations are interested in shared, replicated ledgers and disinterested in existing networks or systems.
• What do financial institutions want? • Cryptographically verifiable settlement and clearing systems that are globally distributed
for resiliency and compliant with various reporting requirements. And the governance / versioning changes of both the network and software is clear and explicit.
• What don’t certain organizations always need? • Censorship resistance-as-a-service and artificially expensive anti-Sybil mechanisms.
What is a “block chain” anyways?
• Neither the term “block chain” nor “blockchain” were used in the original Satoshi whitepaper• Many projects, both permissioned and permissionless, use the
following tech pieces:• Public key cryptography • Cryptographic signatures • Cryptographic hash functions • Hash tree • Cryptographic time-stamps • Resilient peer-to-peer networks
What cont’d
• Some projects (both permissioned and permissionless) use a type of consensus algorithm that works by using blocks of transactions organized in a chain• Permissionless ledgers attempt to do so via pseudonymous/anonymous consensus
(validation); permissioned via known/trusted validators
• Some permissioned ledgers do not chain blocks as there are no blocks at all (such as Hyperledger)• Fun fact: Hyperledger was originally called “Mintet.com” named after Ben Laurie’s
term (mintettes) coined in 2011
• Some permissioned ledgers are explicitly “decentralized” not “distributed” as the pieces of the ledger are not actually distributed but instead wholly replicated
“Who defines a term? The community, the creator, the market? The market knows 'blockchain' as a catch-all term and that's how language evolves, by common usage.”
- Dan O’Prey, co-founder of Hyperledger (now part of DA)
Three Bucket Mental Model
Types of ledgers
Permissioned ledgers
Permissionless ledgersPermissioned
permissionlessness hydrabinocoin
What comprises a permissioned blockchain?
Permissioned blockchain
Legally accountable
validators (mintettes)
Settlement finality (irreversible)
Suitable for off-chain assets
(securities, fiat, titles)
What are the characteristics of a distributed ledger?
Distributed Ledger
Independent permissioned
blockchain
Distributed virtual machine (Turing-
complete)
Smart contracts govern off-chain
assets
Network achieves settlement finality
Permissioned distributed ledgers / blockchains• Blockstack (formerly CryptoCorp)• Ldger (formerly Tillit)• Clearmatics• Hyperledger (acquired by DAH)• Eris Industries• Tezos• Tembusu (TRUST)• DAH• Guardtime (KSI)• PeerNova• SKUChain* (PurchaseChain/PPOW)• MultiChain* (Coin Sciences)• Ripple* (discontinued Codius)• Stellar* (potentially with their new SCP)• Traditional tech enterprises as well (e.g., IBM)
Each is targeting different use-cases
• Syndicated loans• Trade finance• Supply chain provenance• US Treasury repo• Clearing / settling OTC derivatives and FX• Cross-border payments• Identity / data authentication• Private stock / equity issuance
• Commonality: participants in these networks – including the validators themselves – are known (via KYC or KYB) and have legal or contractual obligations with other participants
What attracts or repels use-cases?
• Folk law: “Anything that needs censorship-resistance will gravitate towards censorship-resistant systems.”
• Sams' law: “Anything that doesn't need censorship-resistance will gravitate towards non censorship-resistant systems.”
• Banks are currently focused on: fulfilling compliance requirements, reducing cost (centers), downscaling branching and implementing digital channels. None of this requires censorship-resistance.
What cont’d
• In conversations with decision makers at financial institutions, three common questions that have arisen regarding potentially using a public chain:
• What happens if you pay a fee to a Bitcoin or Litecoin miner/mining pool in a sanctioned country (e.g., EBA concerns in July 2014)?• In February 2015 according to Free Beacon, Coinbase was on “the hot seat” for explicitly highlighting this
use-case in an older pitch deck• “Immune to country-specific sanctions (e.g. Russia-Visa)”
• What if the Bitcoin or Litecoin miner that processes transactions for financial institutions (e.g., watermarked tokens) also processes transactions for illicit goods and services from dark net markets? Any liability?
• How to identify and contact the miner/mining pool in the event something happens (e.g., slow confirmation time, accidentally sent the wrong instruction, double-spend attempt, etc.)?• Need to be able to influence upgrades, maintenance, uptime (i.e., typical vendor relationship)
What is one opportunity for professional service firms that build core banking infrastructure?
Finding ways to reduce cost centers for financial institutions• According to Deutsche Bank in 2012:
• “Measured as a percentage of revenues, financial services firms spend more on IT than any other industry. Banks’ IT costs equal 7.3% of their revenue’s, compared to an average of 3.7% across all other industries surveyed”
• According to a 2015 report from Celent:• “Total bank IT spending across North America, Europe, and Asia-Pacific will grow to
US$196.7 billion in 2015, an increase of approximately 4.6% over 2014.”
• According to a 2015 report from Oliver Wyman / Santander:• “[D]istributed ledger technology could reduce banks’ infrastructure costs attributable to
cross-border payments, securities trading and regulatory compliance by between $15-20 billion per annum by 2022”
What are opportunities for Finacle?“Finacle relies on a system of traditional accounting ledgers to serve as core banking systems. If they want to jump into the next field of vision around innovating back end banking system then it is an urgent imperative they understand and lead the effort to understand this technology. Capital markets, traditional lending, trade finance, loan sales and syndication, asset-backed finance, to loan processing and servicing using singular back end systems for the whole of processing will see its full sunset in 10-15 years utilizing Blockchain and ledger technology. It could effectively put them out of business.
The other advantage by utilizing Blockchain ledger technologies is that allows Finacle a significant competitive advantage in that it allows Finacle bank customer implementations to examine and offer new digital wallet based solutions for its retail base. It also allows for partnership opportunities with companies in the "Internet of Things" space to help revolutionize supply chain finance, letters of credit, factoring, export import finance and bankers acceptance business to one of vitality to match the third world’s smaller companies thirst to operate on scale resulting from the ledgers ability to enable a synchronous just-in-time financing model matched to their often challenged logistics operations and documentation to meet complicated and ever competitive global customer demand for hard to get goods and supply.”
- Raja Ramachandran, founder of eFXPath and R3 advisor
Importance of data integrity for Finacle“Once every generation we reach a point in which hardware capabilities evolve to make practical, things that were previously unthinkable. When that happens the challenge is to recognise these new possibilities, and to see that they can fundamentally change the way we think about the world. New models of computation arise that redefine the way in which ever-more complex systems can be constructed; they don't solve the problems of the previous generations so much as make them irrelevant.The last 25 years have seen a sea change in our lives, as first the Internet, and then mobile devices, have provided us with the mechanisms to access and share information. What's remarkable is that all this has been achieved with a model for computational information that has barely evolved in 70 years. Fundamentally we have to trust that the data we have, and the data held by everyone else that affects us, is correct. Our information seemingly floats through servers, routers and switches like driftwood in a stormy sea until it eventually reaches us. We have little or no hope of verifying its accuracy or veracity (*).This then is the opportunity now afforded by blockchain or other crypto-ledger technology. We can establish a new model for the way we manage our data, one that can make information integrity and trustworthiness checking the norm rather than a questionable afterthought.(*) You might ask how in the current informational world that you can be confident you're reading my original quote?”
- Dave Hudson, VP of Software Development at Peernova
What financial institutions are looking into distributed ledgers?• Based on public news releases, there are at least 17 different FIs independently looking at ways to use a blockchain / distributed
ledger. Note: it bears mentioning that these are all pilot programs and does not necessarily mean any of the tech will ultimately be used. According to CoinGecko:
• CBW Bank• ANZ• Westpac• Commonwealth Bank of Australia• BNY Mellon• LHV Bank• Barclays• UBS• Goldman Sachs• ABN Amro• ING• Rabobank• Santander• DBS• USAA• BBVA• Citibank
What about proof-of-work-based permissionless networks?
What comprises a permissionless blockchain?
Permissionless blockchain
DMMS validators
Censorship resistant
(anonymous consensus)
Suitable for on-chain assets
(virtual bearer asset)
Distributed databases / key value / hash table• BigTable• Druid• Dynamo• HyperDex• Voldemort• HBase (Hadoop/Chubby)• Redis• Cassandra• MongoDB• CouchDB• MemCache• IPFS
Check boxes
• One common rejoinder in social media is that all organizations need is a simple database but…• Does anything currently in existence provide the necessary set of cryptographic
features all in one system?• Currently, no.
• For instance, financial institutions already operate in a environment where they send value between trusted/known participants (e.g., interbank ‘trust’ is not a core issue). In such a private network with 15 participants each sharing and replicating the ledger, participants cryptographically sign transactions (and/or blocks); thus ordering and timestamps verifiable by all 15 participants. • In the case of contracts, all code will be executed by all nodes and will be visible to participants based
on granular permissions• (Git does not provide consensus, is a specialized Merkle tree, involves only a chain (no blocks) that provides
signing, history and distribution. Forking results in new repo.)
Blockchain does not mean Bitcoin
• Many VCs, reporters and Bitcoin entrepreneurs are ‘talking their book’ and ‘revising history’ when they euphemistically equate a blockchain solely with Bitcoin• Nakamoto-style consensus is just one way to “skin a consensus cat”• Over 30 years of academic research on Merkle trees, hash tables and
arriving at consensus in distributed computing• Technology is iterative and Bitcoin may just remain a proof-of-concept
due to its limitations and primary focus on being censorship-resistant above all else
Needing a token is likely a red herring• Energy conversion (mining) may only be a requisite if validators are unknown and
untrusted; staking and surety bonds may be an alternative too for a public network• There are other methods of securely validating transactions based on different
design goals and assumptions that do not involve burning coal in China or running a consumer device-based Tom Sawyer botnet• In general, why don’t permissioned shared, replicated ledgers necessarily need a
token?• Because they incentivize security through legally binding contracts with validators
whom have real-world identities and reputations• Validation on proof-of-work networks involves actors who are – in the design
model – not contractually obligated to fulfill a terms of service (using the network is caveat emptor); the marginal costs on a public network are higher and thus the compensation model has to be different
Why not (re)use one communal chain for everything?
Trying to turn a communal chain into a “one-size fits all” buffet is like using a clown car
Because these are (economic) networks, not just software• For the same reason organizations use different types of airplanes, boats and
automobiles – they have different needs and business requirements.• Blockchain size is an ongoing challenge to the “one-size fits all approach” that will be discussed
later below. Impacts other chains too: Ethereum testnet is already at 30 GB, Bitcoin mainnet is 36 GB.
• And because as more value is added to a public blockchain, the more incentives there are to attack it without going through the fan fiction Maginot Line narrative (brute force by hashrate).• Because of increased block maker centralization it is much easier to use other
techniques (rubber hose cryptanalysis, denial-of-service) to disrupt participation• Blatant bribery / hacking of pool• ‘An attacker can sniff the cleartext credentials in the “mining.authorize” message, credentials may be used
elsewhere across the internet and may lead to account compromise’• Canadian router hacked via Border Gateway Protocol fooling miners ($84,000 stolen)
Block makers, by design, lack terms of service• In the event of a block reversal or censored
transaction, there is no terms of service that mining pools (validators) must adhere to.• On April 25, 2015 a BitGo user, due to a software glitch,
accidentally sent 85 BTC as a mining fee to AntPool (Bitmain’s pool operated in China)• To resolve this problem, the user spent several days
publicly conversing with tech support (and the community) on Reddit.• Eventually the glitch was fixed and AntPool – to be viewed
as a “good member of the community” yet defeating the purpose of a proof-of-work blockchain – sent the user back 85 BTC• “Who” do you call in the future? Why bother with pseudonymity?
Unintended in 2009: knowing the pseudonoymous validators on an untrusted network?
• Below is a list of the first time a pool publicly claimed a block:• Pool | Height
1: Slush 978382: bitcoinPool 1101563: DeepBit 1103224: Eligius 1206305: BTC Guild 122608
And a list of the first time a pool signed a coinbase transaction:• Pool | Height
1: Eligius 1306352: BitMinter 1522463: BTC Guild 1527004: Nmcbit.com 1533435: YourBTC 154967
A little history: Slush began publicly operating at the end of November 2010. Eligius was announced on April 27, 2011. DeepBit publicly launched on February 26, 2011 and at one point was the most popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.
Permissioned permissionlessness
blockchain
Mostly known DMMS validators
Neither censorship resistant nor trade
finality
Bearer asset becomes a
registered asset
Permissioned Permissionlessness, BINO-style• One innovation in Bitcoin was anonymous/pseudonymous consensus which
comes with two large requirements: mining costs and block reorganization risk• Mining costs fluctuate in direct proportion to token value; more “energy efficient”
proofs-of-work is a contradiction in terms
• It was designed with anonymous consensus to resist censorship by trusted third parties• Today several startups and VC funds have (un)intentionally turned an
expensive permissionless system into a hydra gated permissioned network without the full benefits of either• Also turned a bearer asset into a registered asset with full costs of both• Result: Bitcoin in name only (BINO)
Permissioned Permissionlessness cont’d• If you are running a ledger between known parties who abide by
government regulations, there is no reason to pay that censorship-resistance cost. Full stop.
• The commercial logic of this (largely) VC-backed endgame seems to be: “privatize” Bitcoin through a dozen hard forks (the block size fork is the start of a trend)• Is it still Bitcoin if it is forked and privatized? It is BINO.
• All of the costs of Sybil-protected permissionlessness without the benefits (e.g., speed, lower marginal costs) of actual permissioned
Permissioned Permissionlessness cont’d• Nearly all of the startups creating hosted wallets (e.g., euphemism for
a “depository institution”), exchanges and ‘universal’ require users to gain permission first before providing a service
• Similarly “middleware” projects like Symbiont and Chain/NASDAQ appear to fit into the ‘permissioned permissionlessness’ bucket due to identification / key holding requirements
• All told, more than half of all VC funding to date has gone into building permissioned systems on top of a permissionless network
Raising funds for permissioned permissionlessness • Notable companies providing such ‘permissioned permissionlessness’ services include:
• Chain: ($13.7 million)• Bitgo: ($14 million)• Coinbase: ($106 million)• Circle: ($76 million)• Xapo: ($40 million)• itBit: ($28.25 million)• Bitstamp: ($10 million)• Kraken: ($6.5 million)• OKCoin : ($11 million)• Mirror : ($12.8 million)• Bitreserve: ($14.6 million)• Coinplug: ($3.3 million)
Three “sins” with trade-offs
Sin of Commission (forgery of
transaction)
Sin of Omission
(censorship of transaction)
Sin of Deletion (reversal of transaction)
Cryptocurrency systems prioritize mitigation of omission (censorship-resistance) over deletion (irreversibility)
• In contrast, any system of off-chain property titles will have to prioritize deletion (irreversibility) over omission (censorship-resistance)• Consequently, existing legal systems will likely never recognize a
system of property titles that can be reversed by anonymous or pseudonomyous validators (see EBA concerns)
Future-proofing hard forks
• Because technology and usage are not static, there needs to be a way to clearly upgrade and update both the software and network• The BIP process (“Bitcoin Improvement Proposals”) still largely depends on altruism and charity,
neither of which is necessarily sustainable and as shown empirically, beholden to special interest groups and their stakeholders• Devolves into “fork by social media,” “fork by populism,” “fork by upvotes”
• Other networks have learned from this situation:• Built around version control (e.g., Peernova)• Built-in, explicit governance:
• Tezos is a self-amending chain• Ethereum is attempting to “bomb” the chain to switch to proof-of-stake at a later date• Ripple, Stellar and others have clearer governance due to explicit chain-of-command, terms of
service, real-world reputations and contractual obligations. • Different set of challenges (e.g., identity / KYC management, trying to run this in a decentralized and secure way).• A financial network is different than an information network.
“When it comes to long term survival, adaptability is more important than strength. Seeing distributed ledger as mere technology is shortsighted, they are first and foremost networks and, as such, their governance model is paramount to their success. A decentralized network that does not internalize its governance is condemned to stagnation or centralization.”
- L.M. Goodman, creator of Tezos
The right tool for the right job
There are trade-offs of using different types of networks
One short-term reason to hold hydrabinocoin• Some of the stated use-cases make it self-defeating to use Xapo (e.g., using a DNM) • But in the short-run, there are probably niche cases • Why pay for a censorship resistant network and not use the utility? • Because you are betting others will and you aren't personally concerned with censorship • Example: a large US hedge fund wants to hold BTC because it believes its use will grow on the
Argentinian black market • The hedge fund isn't particularly concerned with censorship, but they have no expertise
handling keys, so they use Xapo • The Argentinian black marketeers are concerned with censorship, they use regular bitcoin
clients (Armory, Electrum, Breadwallet, etc.)• Both uses make sense in this scenario• Bearer assets are incredibly risky, that's why there's a whole industry of custodians that tie them
to identity
What about fintech funding and investments?
VS: Bitcoin-related funding as of 2015/04
VS: Fintech funding overall as of 2015/04
According to Accenture: $9.89 billion in fintech deals done in 2014 in the US
Where has that $800+ million gone so far?
• Buying and holding cryptocurrencies (BitPay, several hosted wallets)• Currency conversion (any mining-related
company)• Turning the on-and-off ramps into permissioned-
based entries and exits• A dozen other areas that are typical cost centers
for most startups
• Very little has been spent on actual decentralized, permissionless interactions (e.g., OB1)
Other cost centers for these BTC-focused startups
• Domain name(s) • Legal fees (company formation)• Office rent/lease/mortgage
• Utilities and internet access: particularly important for mining farms/pools
• Attending events• Event sponsorships• Marketing and advertising: user acquisition, lead generation, brand awareness• Front-end design• Advisory fees to banks• Lobbying special interest groups / policy makers• Acquiring board of Directors and Advisors• Company outings and vacations• Money transmitter licenses• Insurance of virtual currencies that a company may hold in custody• Acquiring and maintaining an inventory of cryptocurrencies• Customer service and bug bounties: reimbursing customer for problems with R values/RNGs• Denial of service (DOS) vandalism and extortion: commonly happens with mining pools • Ransomware (FBI: $18 million last year via Cryptowall and others)
Conclusions
• Many of the science fair projects that passed themselves off as cryptocurrency “startups” will likely burn out of capital leaving behind IP, software libraries and skilled developers• These libraries and IP, if there is any utility to them, will likely be forked
and integrated into existing institutions, organizations and enterprises• Similarly, some skilled developers may benefit from labor arbitrage due
to their knowledge and experience which other larger firms lack• In the end, just as PGP, OTR messaging and FOSS stacks like LAMP were
inspired in part by cypherpunks but ended up being used by a bevy of non-ideologically oriented organizations, so too will some of the moving pieces that comprise primordial blockchains
Conclusions cont’d
• There is room for both permissionless and permissioned systems to coexist and grow• Bitcoin-related startups have and will continue to teach the overall
fintech industry what works and what doesn’t• These two different network designs are both specialized to handle
certain different types of activity and consequently have different cost structures to secure their respective validation processes• What permissionless enthusiasts probably should be cautious of:
attempts to turn their network into a permissioned, gated system which is what has slowly happened to Bitcoin over the past six-and-a-half years – all of the costs of both worlds without the benefits of either
Appendix
“Long-chains”
• Agent-based modeling results using historical data
• Blue – agents that join a pool• Black – non-miners
(though potential)• Red – Solo miners
• In the end, agents using pooled mining are the last remaining participants
At current usage rates, blocks will be consistently filled in 18 months