Identity and The Blockchain: Key Questions We Need to Solve

What are the architecturally-significant use-cases for identity?

Some of the most interesting uses for cryptocurrency technology in finance are securities processing, supply chain finance and derivatives operations.   These are areas where there should be almost total automation but there is, in reality, still large amounts of manual processing, rework, reconciliation, complexity and endless opportunity for confusion and dispute.

To help think about how blockchain technology could play a role, I suggested the “trust bundles” concept as a way to think about which aspects of a given business, such as securities exchange and settlement, could be moved onto a decentralized consensus system – and what benefits might accrue.

However, there’s a big problem that needs to be addressed before many of these opportunities become realistic. That problem is identity.  The anonymity (or pseudonymity) of Bitcoin may be great for some use-cases but it doesn’t help a firm accused of paying a “crypto dividend” to a terrorist if they have no way of proving they didn’t!

So let’s imagine we’re living in the future… Smart property technology means that securities can be issued and traded on a blockchain-like system and smart contract technology has allowed us to move all derivatives contracts onto a global platform.

What identity problems would we need to have solved for that future to come true?

Smart Property Issuance

Imagine you’re an investor. You have a Smart Property wallet. Perhaps it contains multiple cryptocurrencies, some bank-issued fiat currencies and your equity portfolio, safely secured with a multi-signature scheme.

You decide you want to add some IBM stock to your portfolio. So you instruct your wallet to place an order on a decentralized equities exchange.

What do you place the order for?

What do you physically type into the user-interface to tell it you want IBM stock and not somebody else’s stock?

It would be nice if you could simply type “IBM”.

But how would that work? We’re in a decentralized world, remember. We’ve “unbundled trust”. So how should the wallet interpret “IBM”? Which asset on the decentralized ledger represents the “real” IBM?   A Namecoin-like system doesn’t help if a “cryptosquatter” took the IBM name before the real IBM did.

And, in any case, what do you mean by “IBM”?

Intuitively, you probably mean something like: “The big American IT company based in Armonk, New York that had 2014 revenues of about $100bn and is a component of the Dow”.   Or something like that. But how to capture that intuition in a way that a decentralized network can interpret?

And how to distinguish the security you want from something similar (and legitimate) issued by somebody else? And, of course, how to distinguish it from a security issued by a fraudulent third party who is trying really hard to fool you into buying their product?

Identity 1

In a pseudonymous world, how do I distinguish “real” blockchain assets from scams?

One really unimaginative way would be to do what we do today: just decide to trust somebody to do the mapping for you.   Tell your wallet that you trust Bloomberg or Markit, say, to maintain a directory and you’re done. This would be an oracle service, in effect.

But this is a new point of centralization. Whoever controls that list can extract a rent and they are a source of risk: what happens if their database gets hacked or a rogue employee changes the records? Maybe having multiple oracles is the way forward.

Alternatively, perhaps we can use the internet X.509 Certificate system as a model. But even that would require some thought: you don’t want your webmaster issuing a $1bn bond!

What does it mean to be an issuer?

But we also need to think about it from the perspective of the issuer and this is altogether more difficult.  To keep things interesting, let’s use a currency example this time.

Imagine we’re still in the future and I am a customer of Citi with a $1M balance. I could ask Citi to issue a token on the blockchain representing this balance and send it to my wallet. My balance in my Citi account would be converted into ownership of a token representing $1M USD.      (I shouldn’t need to state it but I will:  I chose Citi purely as an example. I have no insight into their plans, if any, in this space!)

Identity 2

Richard is a Citi customer. Citi converts Richard’s balance into a “CitiUSD” token on a blockchain and sends it to Richard’s “1RICHRD” address

So I would now be a holder of a 1M CitiUSD token, owned by my “1RICHARD” address.  Note that this is essentially what happens when I use a gateway on the Ripple system but let’s assume we’re on a blockchain system for now to keep things consistent.

Aside: imagine if all banks did this… we could have CitiUSD, ChaseUSD, BarclaysGBP all issued on the same platform. Perhaps they’d trade at different prices based on market perception of their credit-worthiness? Prices as a function of CDS spreads perhaps?

Now, Citi would know exactly who I was: I was already a customer, remember, and they needed to know my blockchain address to issue the token to me.

But think about what happens next. I now have full control of this token.

So I could send it to anybody else in the world. And that person would now own a token representing a claim of $1M against Citi. Let’s imagine I bought a house from Charlie and paid using my CitiUSD tokens, sending them to his blockchain address, 1CHRLIE

Identity 3

I “pay” Charlie with my CitiUSD tokens. So Charlie now owns the claim on Citi. But Citi had no part in this transaction…

What would Citi think about this?   Who is “1CHRLIE”?? Are they already a customer? If not, how do they know if “1CHRLIE” is a “good guy” or not? Is Citi obliged to pay $1M upon presentation of the token?

More trickily, what happens if the token has passed through the hands of a “bad guy” at some point between issuance and redemption?   Sure – the initial owner of the token might be OK – and the person presenting the token some time later for redemption might also be OK. Perhaps we do know that 1CHRLIE is Charlie and that Charlie is a Chase customer and we’ve doubled checked with Chase. But do we need to know who has held the token in the intervening steps?

Identity 4

Do we need to know the identities of everybody who has ever owned a token?

What if one of the intermediate owners was 1TRRST, aka “Terry the Terrorist”?

You can be pretty sure we do need to know something about them.    Good luck if you try to tell your regulator that these tokens are “bearer assets” that are morally equivalent to cash!

So, leaving aside the possibility that we just don’t go down this road at all, what are some of the options for making this work?

I think there are two broad options:

Option 1: Ex-Ante Prevention – The Issuing Bank “Co-Signs”

This option is pretty simple. You change the model so that these assets are not bearer assets. Holders of Citi tokens need to get Citi to co-sign any blockchain transactions that move the asset. So Citi gets the chance to vet the recipient and check they’re happy owing them money.   You can think of this as “ex ante prevention”.   It would work, of course, but it would heavily constrain the usefulness of such a system.

Option 2: Ex-Post Prevention – The Bank Won’t Pay Up Unless You’ve Behaved Yourself

This option is more interesting. You can send the token wherever you like, but if you want to redeem the token for real USD, the bank will ask you to prove that everybody who ever owned it was a “good guy”. If you can’t prove a clean ownership history then the token is worthless; the bank won’t pay up.

Leaving aside the question of what we mean by “good guy” and the natural worry that this could give banks an excuse to renege on their commitments, how might you do it?

First, let’s cover off the obvious option.   The obvious option is simply to say: “We’ll only redeem a token if its ownership chain consists only of Citi customers”. Or perhaps you could extend it and say: “We’ll only redeem a token if its ownership chain consists of customers of the following banks”.   The latter approach might pave the way for an industry “register” that maps bank identifiers to blockchain addresses. Again, we’re back to centralization and the very real risk of a “balkanization” of the system: you would effectively have “white” addresses and “black” addresses – those that can hold banking-system assets and those that cannot.

If several of my readers are about to explode in outrage, bear with me because this isn’t what I’m proposing…. Happily, there could be another way.

“Identity is the New Money”

I was fortunate last week to attend Consult Hyperion’s “Digital Identity” unconference at Barclays Bank’s “Escalator” venue in East London.   Our host, Dave Birch, encouraged the audience to really exert themselves to think deeply about questions of digital identity. It gave me the motivation I needed finally to read his book, “Identity is the New Money”. I recommend it. It’s short, snappily written and made me think.

One of his key themes is that we’re thinking about identity all wrong. Most of the time we think we need to know who somebody is, what we actually need to know is something about them:

  • A bartender doesn’t need to know your name; they just need proof you’re over 18.
  • A UK doctor doesn’t need to know what town you were born in to know if you’re entitled to free healthcare.
  • … and so on

Similarly, and at a very conceptual level(!), what an issuer of USD tokens on a blockchain needs to know is probably something like:

  • The actor who controls an address is a legal person…
  • … and this person has a US bank account…
  • … and somebody has studied this person’s identification documents closely and has no concerns about them…
  • … and whoever is making these statements about them is trusted by the issuer of the tokens (say Citi)

Now, I say “conceptual”, because AML, KYC and CDD regulators might not see things this way yet but let’s keep going…

What these concepts all have in common is that they have this idea of a “certifier” – somebody or something that:

  • Is trusted by the issuer
  • Ties something I have (my face or my blockchain address) to something I am (“over 18”, “a holder of a US bank account”, etc)

If you trust the certifier then you can trust that somebody proving ownership of the face or the address is over 18 and a holder of a US bank account, etc.

What does a bank need in order to be satisfied?

So now let’s return to our currency example.   Remember the problem we’re trying to solve: If I am Citi, I want to be sure that anybody who has ever held one of my tokens is somebody I am allowed to transact with.

So how could we achieve this without a centralized database? Well, imagine Charlie is a customer of Chase.

  • Let’s assume Chase knows who Charlie is and is satisfied that Charlie is a good guy.
  • So if Charlie can prove to them that he controls a particular blockchain address, they might be willing to issue him with a “certificate”
  • This certificate might say: “I am Chase. Here’s my proof. I know who is the owner of address 1CHRLIE…. That person is a US Citizen and, as of 3 December 2014 was a retail customer, with a good account history and no warning signs on his account”

And perhaps I could get a certificate from Citi that says they think I’m a “good egg” and one from the UK government confirming I’m a UK citizen:

Identity 5

Could asset issuers use certificates from third parties they trust to satisfy their regulatory and other “client due diligence” requirements?

So now we have something really interesting.

An issuer can set down their conditions when they issue the asset.  They could say something like: “I will redeem this asset at par if the redeemer can prove that they and every intermediate owner was a US citizen with a KYCd US bank account. I will accept proof from any FDIC insured bank”.

So if I was considering buying a CitiUSD token from somebody, I no longer care who they are. I just care that they possess one or more certificates that comply with the conditions that were specified in the definition of the asset. My wallet software could even check it automatically for me.

And when somebody wants to redeem the token, they simply return it to Citi, with the chain of certificates and Citi can immediately tell that the token has only been in the hands of people with the attributes it specified.   No need to reveal my identity to anybody and no central third parties we need to trust.  If somebody does need to figure out the identity, they can get a court order and the certifier will reveal it.

Reality is more complex. In particular, how to stop a black market in certificates? e.g. a “mule” obtains a certificate for a blockchain address and then turns over the certificate and the address’s private key to a bad person. A difficult problem to solve but probably not unsurmountable.

But the underlying principle is absolutely crucial: if we’re moving to a world where trust is unbundled and control is decentralized, we need to rethink identity. Anchoring it in a diverse set of “certifiers”, who attest to the linkage between something I have (a blockchain address? My face?) and something I am (British, Over 18) surely has to be the way forward.

The “Unbundling of Trust”: how to identify good cryptocurrency opportunities?

Decentralization and centralization are two ends of a continuum. Look for opportunities to disaggregate “bundles of trust” to identify good opportunities in the cryptocurrency space

There are so many potential uses for cryptocurrency technology. But how do you know if any of them are good ideas? Blockchain-mediated financial exchange? I have a good feeling about that one. A bank-sponsored local currency system for small businesses? My sense is that it’s probably a terrible idea. But short of going out and building it, how would you know?

So are there any test you can apply beforehand to figure out if a blockchain is a good technical solution for a given problem?   And can you turn a bad idea into a good idea?

It’s a topic that comes up regularly when I present to audiences on Bitcoin and cryptocurrencies. Here are some slides I often use in these discussions. Slide 15 is where I discuss this topic.

Slides I sometimes show when presenting on cryptocurrencies. These represent my views, not IBM’s. But they are Copyright IBM. Please do not reproduce without asking permission first.

For me, the key to deciding if an idea is good enough is the one I’ve summarized on page 15 of the deck: this space is all about decentralization and if your problem isn’t about centralization then this technology may not be for you.

That may sound obvious. But internalizing this point is the key to understanding what a good cryptocurrency use-case looks like. And how to turn a bad one into a good one. Because even if your problem looks centralised, there may be portions that don’t need centralised trust and unbundling those components could be the key to doing something valuable. Here’s what I mean…

Go back to the beginning: what problem was Bitcoin designed to solve?

Bitcoin was invented as an answer to a decades-old question:

How do you come to consensus about some facts with a large group of people when you don’t know each other and some of you are cheating?

In Bitcoin’s case, the “facts” are “who owns what?”

And one answer to that question is, of course: “we all agree to trust somebody (e.g. a bank) and now we don’t need to trust each other”. But the obvious problem is: you have to trust the bank and that’s a potential point of failure. The breakthrough of Bitcoin was in showing us how to answer this question in a way that doesn’t require us to trust any single third parties.

We say the system is “decentralized”, as a shorthand for this concept.

(As an aside, I explained Bitcoin from first principles in this post on how the counter-intuitive genius of Bitcoin is that it works by going slow! For those who want to go even deeper, I share a way to think about the confusing “Unspent Transaction Output” concept in Bitcoin through an analogy of land.)

This is why Bitcoin is often positioned as being a decentralized equivalent to the centralized banking system:

decent1

Bitcoin allows us to agree who owns what without having to know each other or trust anybody else. This is the opposite of the traditional system where everybody has to trust their bank

Bitcoin-as-envisaged isn’t what we have

But there’s a problem: Bitcoin-as-envisaged isn’t what we have today. Phenomena such as mining centralization and the use of SPV Wallets mean that Bitcoin isn’t completely decentralized. It’s not currently a problem but one can already see its effects. For example, some miners refuse to mine certain types of transactions. The effect on average confirmation time for these transaction types might be marginal but it exists, nevertheless.

So Bitcoin-today is somewhere in between. It’s not 100% decentralised yet nor is it centralized.

decent2

Bitcoin today is neither fully decentralized nor is it centralised

So it seems reasonable to consider that centralization may actually be a continuum rather than an either/or phenomenon:

decent3

Are centralization and decentralization actually two ends of a continuum?

This way of thinking can be helpful because it allows us to think about other innovations in this space, such as Smart Property.

Smart Property

I’ve written in the past about a decentralized securities systems being built “hidden in plain sight”. The key idea here is that you can use blockchain platforms (like colored coins or counterparty, etc) to track the ownership and transfer of real-world assets. What distinguishes these platforms from Bitcoin itself is that they have to bridge to the real world: the asset could be a bond with a corporate issuer, being kept safe by a custodian bank, for example.  So there are several real-world entities on whom you depend.

I’ve written about how smart property allows these two roles to be merged (the issuing company could do both) but somebody has to do it – let’s just call them issuers.

So this system has points of centralization (the issuers) and points of decentralization (the ownership tracking and exchange). So perhaps it sits somewhere here on the continuum:

decent4

Perhaps there is value in different “degrees” of decentralization for different business problems

You can have more than one type of decentralization in a single service

But it’s actually more interesting than that. Because not only do smart property systems sit somewhere on the decentralization continuum, the key point is that different parts of the systems sit in different places:

  • the ledger, exchange and transfer system use the underlying Bitcoin consensus system – so they’re all pretty decentralized. No need to depend on any trusted third parties.
  • But you do, of course, have to trust the issuer.  That part of the proposition is centralised

So the important thing about smart property systems is that the all-or-nothing “trust bundle” is unbundled: you need to trust a specific issuer but the ledger, exchange and transfer functions are decentralized in their operation.

The unubundling of trust

And I think that’s what gives decentralised consensus systems some of their power: you can now break down products and services into their constituent elements of trust and implement each one with the most appropriate degree of centralization. For smart property, perhaps the picture looks something like this:

decent5

Different degrees of decentralization can exist within the same service: trust is being unbundled

So what?

Of course, none of this tells us whether smart property or cryptofinance is a good idea. But it is a way to think about whether a particular service is doing anything particularly novel.   Think about it the other way: if somebody proposes a cryptocurrency business idea that doesn’t meaningfully unbundle any trust in an existing service, is it actually doing anything valuable?  Likewise, take any real-world centralised service and ask yourself: what are all the things I need to trust for this to work? Which components have to be centralised? Which could be decentralised? Does that lead to lower risk? Lower cost? More opportunities for competition? Reduced friction for consumers? If the answer is “yes” to those questions then you could have an interesting proposition on your hands.

Unbundling trust in payments

A similar analysis works for systems like Ripple. Ripple’s architecture is more distributed than the traditional payments systems but less so than Bitcoin (at least as envisaged) so perhaps we may place it somewhere like this on the scale:

decent6

Ripple is another example of a “trust unbundling”

But, just like in the Smart Property example above, in the Ripple system there is a “trust unbundling” going on: the ledger is fairly decentralized in its operation whilst you necessarily need to trust a specific gateway.  So it actually looks like this:

 decent7

Different degrees of decentralization can exist within the same service: trust is being unbundled

To see why this is important, recall how current payment systems work. I wrote a simple explanation of it here. As the article shows, you have to trust a lot of moving actors and the point is that you have to take this as a bundle… it’s all or nothing. You trust all those parts of the system or you can’t achieve your objective.  With a Ripple-like system, you only trust the minimal set of actors you have to – namely, the banks who issued liabilities.  Everything else can be decentralised to some degree.

Unbundling trust in contract execution

One last example: a similar argument applies to financial contracts. Projects like Ethereum (and Counterparty!) are exploring the decentralized modeling and execution of law. Gavin Andresen has written about how something similar could be achieved on the base Bitcoin platform.

You can think of this in terms of “trust unbundling” too: the decentralized platform ensures the integrity of contract execution and you can use n-of-m oracles to provide reliable external data. You only trust who you have to, to the minimal degree possible.

Using “trust unbundling” to turn bad ideas into good ideas..?

So now we can put this model to the test. Does it help us spot the silly ideas? Even better, does it help us turn the silly ideas into good ideas?  [UPDATE 2014-11-15 this section was heavily reworked)

Antonis Polemitis commented on an earlier version of this article:

Here’s what I think he means:

A better airline miles system?

As Antonis points out, airline miles systems are highly centralised: the airline is the issuer, redeemer, owner of the ledger, setter of the rules and controls everything else too.

So imagine an airline were to announce that their new airmiles programme was to be based on a fork of Bitcoin. Perhaps they would create their own Blockchain, issue the miles on top, secure it themselves and distribute wallets to all their customers. Brilliant…  an airline miles programme with all the benefits of Bitcoin!

Really? From a consumer perspective, surely this system would be indistinguishable from a traditional system and what is the argument that says it would be better in any meaningful way?

But take a step back and think about airline miles again and think about the trust bundle. Which parts of the system require you to trust the airline?  Issuance and redemption of the miles, for sure.  And setting of the scheme rules.  But storage, exchange and trade doesn’t need to be done by them.

And perhaps there’s a cost saving for airlines if they offload that work to a decentralised network and a benefit for customers if it gives them additional utility – perhaps new ways of swapping miles between competing programmes to accumulate enough points to book a flight?  Some very interesting possibilities emerge if multiple airlines base their systems on the same platform or if third parties can build new services on top of a platform like this.

Suddenly you might have something interesting: an interoperable, multi-provider airline miles storage, transfer and redemption platform. Now it could be a terrible idea – these schemes only work because most miles are never redeemed, after all! But the thought process is important: who are users expected to trust to use your service?  And what are they trusting them for?  What if a component was decentralised? What new possibilities would that enable? What risk could it mitigate?

Now the real world is more complicated than this. But the key insight remains:

  • if your cryptocurrency idea requires users to trust only you, you’re missing the point
  • but if there’s something in the value proposition that can be usefully decentralized or shared with others, you could be on to something

A simple explanation of Bitcoin “Sidechains”

Could sidechains be the enabler of “semi-decentralised” Bitcoin products and services?

An important paper was published this week:

Sidechains

If you’ve followed Bitcoin for any time, you’ll know this is a seriously eminent group of authors

It describes a way to build “pegged sidechains”. Sidechains themselves are not new – the idea, and how to build them, has been discussed for some time and the key breakthrough was outlined earlier in the year. But this paper gives more detail on the concept and has attracted a lot of comment.

But what are they? And why should anybody care?

A mental model for Bitcoin

The key to understanding most innovations in the Bitcoin space is to make sure you have the right mental model for how Bitcoin itself works. It turns out that most people I speak to don’t really understand how it works and, as a result, have a faulty mental model.

To help with this, I came up with an analogy for Bitcoin earlier in the year, based on thinking of Bitcoin “unspent transaction outputs” as parcels of land. Some people hated the analogy but I still think it has value 🙂

But in this piece, I’ll skip the analogy and net it down to the basics.

First, clear your head of anything related to money, currency or payments. And clear your head of the word ledger, too. The mind-bending secret of Bitcoin is that there actually isn’t a ledger! The only data structures that matter are transactions and blocks of transactions. And it’s important to get this clear in your head if sidechains are going to make sense.

When you “move” Bitcoins, what you’re saying is:

  • Hello everybody… I’d like to move these specific Bitcoins, please.
  • Here is the proof that I am entitled to move them
  • And here is how the recipient will, in turn, prove that they are entitled to move them.

three pictures

The critical three parts of a Bitcoin transaction

There are several important points here:

  1. Bitcoins are not perfectly fungible… when you move (or spend) them, you’re spending some specific bitcoins
  2. In order to spend them, you have to prove you’re entitled to do so. And you do that by providing the solution to a challenge that was laid down when they were sent to you in the first place. This challenge is usually just: “prove to the world that you know the public key that corresponds to a particular Bitcoin address and are in possession of the corresponding private key”. But it can be more sophisticated than that.
  3. When you send Bitcoins somewhere, you lay down the challenge for the next owner. Usually, you’ll simply specify that they need to know the public and private keypair that correspond to the Bitcoin address the coins were sent to. But it can be more complicated than that. In the general case, you don’t even know who the next owner is… it’s just whoever can satisfy the condition.

Keep saying the three steps to yourself until they’re etched on your memory!

Fine. So the “grammar” of a Bitcoin transaction is clear:   “Here are the coins I want to move, here’s the proof I’m entitled to and here’s what the recipient must do, in turn, if they want to spend them”.

This transaction is published into the network, it will eventually find its way into a block and, after other blocks have been built on top, everybody can be pretty sure it won’t be reversed and the world moves on.   What more do you need?

The core Bitcoin “grammar” works just fine, mostly…

This three-part structure to a Bitcoin transaction works well and it turns out that you can do some really interesting things with it.   For example, you can use the “not-entirely fungible” feature to “tag” coins. This is the basis of the “Colored Coins” and “Smart Property” worlds.

But there are problems, such as:

Block interval

Bitcoin’s block interval is ten minutes so it takes about five ten minutes on average for a new transaction to find its way into a block, even if it pays a high fee. This is too slow for some people so they have experimented with alternative cryptocurrencies, based on the Bitcoin code-base, which employ quicker block intervals   [UPDATED 2014-10-27 to correct my embarrassing misunderstanding of mathematics…]

Transaction Structure

The “three-part” transaction structure is very general but it only allows you to transfer ownership of Bitcoins. Some people would like to transmit richer forms of information across these sorts of systems. For example, a decentralized exchange needs a way for participants to place orders. Projects such as Mastercoin, Counterparty, NXT and others either build layers on top of Bitcoin or use entirely different codebases to achieve their goals.

Transaction Transfer Conditions

I said above that you can build sophisticated rules into Bitcoin transactions to specify how ownership is proved. However, the Bitcoin scripting language is deliberately limited and many ideas in the Smart Contracts space are difficult or impossible to implement. So projects such as Ethereum are building an entirely new infrastructure to explore these ideas

One-size-fits-all security model

It doesn’t matter if you’re moving $1bn or 0.01c across the Bitcoin network, you get the same security guarantees.   And you pay for this in fees and time.   What if you were prepared to trade safety for speed?   Today, your only real option is to send the coins to a centralized wallet provider, whom you must trust not to lose or steal your coins. You can then do all the transactions you like on their books, with their other customers and you never need touch the Bitcoin blockchain. But now you lose all the benefits of a decentralized value-transfer network.

One-size fits all doesn’t help if the size doesn’t fit you!

Now, making experimental or rapid changes to Bitcoin is very risky and so change happens slowly. So if the one-size-fits-all architecture of Bitcoin doesn’t suit a particular use-case, you have a problem. You either have to use an entirely different cryptocurrency (or build one!). Or you have to use (or build) a centralized service, which brings new risks.

This is very inconvenient. It creates risk and fragmentation and slows the build-out of products, services and infrastructure.

Centralised Wallet Providers as a “poor-man’s sidechain”?

But there’s an interesting observation we can make. Think about what happens if you send Bitcoins to a centralized wallet such as circle.com for safekeeping.

  • You send your coins to a particular Bitcoin address
  • They appear inside your circle wallet and are out of your control on the blockchain.
  • At some point in the future, you might send your coins back out of your circle wallet to a Bitcoin address you own
  • You now have control of some coins on the Bitcoin blockchain again!

From the perspective of the Bitcoin network, Circle is a black box.   You had some coins… you sent them to a specific address…   some stuff happened that Bitcoin couldn’t see…. And at some point later, you had control of some coins again.   It’s as if those coins had been moved from Bitcoin to somewhere else and then back again.

Here’s the Sidechains insight

The key idea behind the sidechains concept is:

What if you could send Bitcoins not only to individuals, addresses and centralized services but to other blockchains?

Imagine there is a Bitcoin-like system out there that you’d like to use. Perhaps it’s litecoin or ethereum or perhaps it’s something brand new.   Maybe it has a faster block confirmation interval and a richer scripting language. It doesn’t matter.   The point is: you’d like to use it but would rather not have to go through the risk and effort of buying the native tokens for that platform. You have Bitcoins already. Why can’t you use them?

The sidechains ideas is this:

  • Send your Bitcoins to a specially formed Bitcoin address. The address is specially designed so that the coins will now be out of your control… and out of the control of anybody else either. They’re completely immobilized and can only be unlocked if somebody can prove they’re no longer being used elsewhere (I’ll explain what I mean by this in a minute).   In other words, you’ve used the core bitcoin transaction rules I described above to lay down a specific condition that the future owner – whoever it ends up being – needs to fulfil in order to take control
  • Once this immobilisation transaction is sufficiently confirmed, you send a message to the other blockchain – the one you were wanting to use. This message contains a proof that the coins were sent to that special address on the Bitcoin network, that they are therefore now immobilized and, crucially, that you were the one who did it
  • If the second blockchain has agreed to be a Bitcoin sidechain, it now does something really special… it creates the exact same number of tokens on its own network and gives you control of them.
  • So it’s as if your Bitcoins have been transferred to this second chain. And remember: they’re immobilized on the Bitcoin network… so we haven’t created or destroyed any…. Just “moved” them.
  • You can now transact with those coins on that second chain, under whatever rules that chain chooses to implement.
  • Perhaps blocks are created faster on that sidechain. Perhaps transaction scripts are “turing complete”. Perhaps you have to pay fees to incent those securing that sidechain. Who knows. The rules can be whatever those running that sidechain want them to be. The only rule that matters is that the sidechain agrees to follow the convention that if you can prove you put some Bitcoins out of reach on the Bitcoin network, the same number will pop into existence on the sidechain.
  • And now for the second clever part. The logic above is symmetric. So, at any point, whoever is holding these coins on the sidechain can send them back to the Bitcoin network by creating a special transaction on the sidechain that immobilises the bitcoins on the sidechain. They’ll disappear from the sidechain and become available again on the Bitcoin network, under the control of whoever last owned them on the sidechain.

sidehcains_ex

Sidechains use the standard bitcoin “three-step” transaction to immobilise bitcoins whilst they’re “on” the sidechain

So, to repeat, we’ve used standard Bitcoin transaction functionality to move coins out of reach and we then prove to a second, unrelated chain, that we’ve done this.  And when we’re done, whoever owns them on the sidechain can do the same thing and send them back to the bitcoin network.

So developers get the opportunity to experiment with different types of cryptocurrency rules without needing to create their own currency.

And it now becomes possible to do some very interesting things in the Bitcoin space.

Step back from the details for moment and consider what’s been described.  We now have a way to move coins from Bitcoin onto another platform (a sidechain) and move them back again.   That’s pretty much what we do when we move them to a wallet platform or an exchange.  The difference is that the “platform” they’ve been moved to is also a blockchain… so it has the possibility of decentralised security, visibility and to gain from other innovation in this space.

For example, one could imagine a sidechain that is “mined” only by one company. That would be identical to a single-company wallet, but with full visibility of transactions.

Going further, you could imagine a sidechain that is mined by 100 different companies in a loose federation. Not totally decentralized, but harder to censor or subvert than if it were just one.

And there are lots of other possibilities. The key is that you can build these experiments and products and services without also needing to create a new currency or fall back into the old centralised style.

So when I look at sidechains, I’m looking at them as an architecture for building semi-decentralised products and services for Bitcoin that were simply impossible before.

Now there are some serious issues with the scheme. Peter Todd has raised doubts about how secure it might be and it might require a one-off change to Bitcoin.

But it’s early days.  I’m looking forward to watching this space develop

Cryptocurrency products and services will determine adoption of the currency – not the other way round

The critics of Bitcoin-the-currency are right… but only in the sense that the motor-car was a poor imitation of a horse…

I had a light-bulb moment this week. It was triggered by a panel I sat on at Sibos, hosted by the wonderful Adam Shapiro from Promontory Financial Group.

My argument to the audience was the one I usually give: they should simply ignore the currency use-case: it’s the least interesting thing about Bitcoin. They should, instead, look at it as a platform for decentralized value-exchange and focus on the opportunities this enables.

Sibos TV

The panel discussion isn’t online but you can see us debate the issues on Sibos TV.

I then returned to the warm embrace of the Innotribe room and thought little more of it.

I thought little more, that is, until I returned home on Friday and went for a run. I took the opportunity to catch up with a few podcasts, one of which was Dave Birch’s interview with Jeffrey Robinson, author of BitCon. (Aside: everybody I know thinks I’m weird for listening to economics and FinTech podcasts when I run. I can’t be alone… surely?!)

It is fair to say that Jeffrey is not a fan of cryptocurrencies. And he makes some well-aimed shots at the heart of the “Bitcoin is a useful currency” argument in the podcast. For example, he points out that vanishingly few retailers actually accept it, despite the hype (they, instead, receive dollars from BitPay or Coinbase instead).

Now, one could take issue with Robinson’s arguments (he’s very confused on some technical aspects and the Boston Fed does see some evidence that consumers pay marginally less when using Bitcoin rather than payment cards).

But surely this is to miss the point. Whether or not cryptocurrencies are superior than today’s currencies for today’s payment problems isn’t really interesting.

It’s like saying that the automobile is a terrible way of pulling a plough.

Cryptocurrency technology will succeed only to the extent that it enables new products and services that were previously impossible or unimaginable.

And here’s the light-bulb moment: most of the really interesting use-cases turn out to need a payment mechanism – and having a currency and payment mechanism built into the platform turns out to be really, really useful.

Causation runs in the opposite direction to what everybody seems to think: it is new products and services that will drive adoption of the underlying currency. Not the other way around.

Two interesting viewpoints

Perhaps you think I’m setting up a strawman…? Happily, there have been two separate posts this weekend describing what some of these applications might be. So let’s check…

First, Chris Dixon offers some ideas for native Bitcoin apps. If I’m being critical, I thought they were somewhat pedestrian – they all seem to be answers to the question: “if Bitcoin the currency was widely deployed, what could you do with it?” – which I think is the wrong way to look at this. It has causation in the wrong direction.

But Adam Ludwin at Chain.com also blogged on this topic. And his argument is more compelling to me. He acknowledged that we really can’t anticipate where this will go – but he highlights ideas like smart assets and so forth as promising areas of research.

So can we flesh this out some more and identify additional examples?

When the audience takes photos and makes notes, you know they’re excited by the topic…

I hosted five startup CEOs on the Innotribe stage at Sibos on Monday and it’s interesting to me that the demo that created the most excitement was Yoni Assia’s demo of colored coins. He showed the (fake!) example of a large US bank issuing IBM stock on the blockchain so that it could be traded and transferred without the need for the plumbing we take for granted in the securities processing world. I think he used the CoinPrism platform. And it’s worth also checking out ChromaWallet.

coloredcoins

Using the Colored Coins concept to issue, track and transfer securities on a blockchain.

I spoke to various attendees over the following days and this topic clearly excited them. The demo had helped them move from an intellectual, but shallow, understanding of the concept to one that helped them envision a future where custodians, clearing houses, exchanges and brokers work in a completely different way. I’ve written about decentralized securities processing here and seeing it in a live demo made it real for people.

Now the interesting thing is: this use-case has nothing to do with currency. The Bitcoins are just being used as a transport layer. All the intelligence and disruptive power is at higher layers of the stack.

The key insight: what is the best payment mechanism for colored coins?

But now… ask yourself a question: imagine this platform gained adoption. In what currency – and using what mechanism – would participants pay each other?

Sure – you could use whatever you like. But the interesting thing is: if you paid in the native currency of the platform – Bitcoin in this case – some very special possibilities arise. For example, you can use the Bitcoin scripting system to make binding bids and offers without needing a central exchange. And you can achieve atomic swaps of currency for securities – delivery versus payment – without needing a custodian.

So suddenly, a “currency” which may indeed have limited utility for today’s developed markets for today’s problems suddenly becomes utterly superior for this new use-case of decentralized asset exchange.

Now, I should point out that not all of this infrastructure yet exists so I’d advise readers to read an interesting paper by Mark Friedenbach and Jorge Timón on how to modify the underlying Bitcoin system to support it. (My thanks to Ian Grigg for the pointer). In passing, I think these systems also need two other critical pieces of infrastructure:

  • An identity and reputation system: how do I know an issuer of IBM “stock” really is who they say they are? And how do I know they are authorized to make the statement? The complexity here goes beyond narrow concepts of corporate identity
  • What rules are needed to underpin this? Which legal precedents?

But I think it’s examples such as this will lead us to a world of 1) unanticipatable products and services, for which 2) the optimum payment mechanism is the native token of the platform.

To repeat: new apps will drive cryptocurrency usage… not the other way round.

So what are some other potential use-cases?

I’d classify the example above as Smart Property.   I think there are at least two others:

The Economy of Things

I wrote recently about the work we at IBM are doing around the economic model of the Internet of Things. The work is focused on the underlying architecture through which trillions of devices can discover, connect and collaborate. But what would happen if these “things” needed to transact with each other? Wouldn’t the most obvious payment vehicle to use be the native token for the platform? (Usual disclaimer: I raise this as an open question… it’s not a statement of direction or intent by IBM)

Indeed, one potential example of this has already been studied in Switzerland. A recent paper by Dominic Worner and Thomas von Bomhard examines “Exchanging Data for Cash with Bitcoin” – one could easily imagine “things” paying each other for access to trusted data feeds in other scenarios too.

Smart Contracts

Vitalik Buterin’s presentation on Ethereum was a highlight of the first day at Innotribe this week. And I thought his host, Dan Marovitz, showed excellent judgement in allowing him to talk at length and in significant technical depth about his vision. The audience of senior bankers seemed to be completely rapt.

etherscript

Using Ethereum in a world where the there’s been a breakdown in trust between children and the tooth-fairy

At the core of the Ethereum concept is the idea that real-world relationships and contracts can often be reduced to deterministic rules that can be executed by a neutral, unimpeachable platform. And these contracts often (not always) involve the exchange of economic value, usually in the form of the native currency of the platform.

Now… I have some reservations about Ethereum… it is so ambitious and so audacious that I worry that it might prove to be unbuildable – and I note that real-life isn’t always reducible to deterministic rules….   But, as Gavin Andresen has argued, it might be possible to achieve much of what Ethereum aims to do on top of the Bitcoin platform itself. At which point, the world of smart contracts would drive usage of Bitcoin-the-currency.

And I’m sure there are more…

So where next…?

It’s still early days, of course. But the lesson I learned this week was that we need to get away from the sterile “Bitcoin the currency” versus “Bitcoin the platform” debate. Instead, we should consider how one drives the other… and how it’s the platform that is likely to drive the currency, not the other way round.

 

“Device Democracy”: IBM’s IoT Paper – Or “on the blockchain, nobody knows you’re a fridge – made real”

The IBM “Device Democracy” paper is another example of how blockchain technologies could have impacts well beyond currency

I recorded an interview for Finextra last year, where I argued that we should view Bitcoin and cryptocurrencies as far more than just currency and payment systems: they’re enablers for whole new classes of innovation.

One of the example I gave was how they could provide an economic underpinning for the Internet of Things (IoT) and pointed out that if devices in your home each had their own Bitcoin wallet, the Internet of Things could rapidly become the Economy of Things

On the blockchain, nobody knows you’re a fridge (Buy it from teespring.com!)

But talk is cheap. Implementation and delivery is what counts.

So I have been enormously privileged to contribute, in a very small way, to a fascinating project being led by Paul Brody, IBM’s Vice President for our Mobile and Internet of Things consulting team. It has been well-covered by CoinDesk, GigaOm and “Two Bit Idiot” but, as Two Bit Idiot observes, I think its true significance has yet to be understood.

Here’s my simplified take on what this project is all about:

Imagine the predictions of the futurists come true and the Internet of Things becomes a reality: wireless locks controlling our houses, wifi-enabled lightbulbs and internet toasters, all that stuff.

Think about the economics from the manufacturer’s perspective.

My elderly iPhone 4 has finally reached end-of-life: it’s getting slow, iOS 8 will not run on it and I can expect apps to start failing one-by-one as their developers stop updating them for iOS 7. And yet the phone is only four years old. Most other phone manufacturers abandon their customers far more quickly, which means Apple’s four-year support for my phone is industry-leading.

My iPhone 4 served me well – even serving as a prototype for Apple Pay (Not really).  But, after four years, it is obsolete and the latest version of iOS won’t run on it

But, for the internet of things, a four-year old device is barely a child! These devices could last for far longer than anybody expects. How often do you change the locks on your door? When did you last replace your toaster? Some observers claim LED lightbulbs could last for twenty years.

Now imagine what the world would be like if Apple had to support the iPhone 4 for twenty years.  That is a long time to support, maintain and upgrade an internet-connected device.   As Paul and the team write in their very readable whitepaper, we can’t assume that the data produced by these devices will somehow create enough value to fund the ongoing costs.  Consumers seem to be in no mood to give away ever more data in exchange for “free” services… and it’s entirely unclear that this data has as much value as people think, in any case.

Technology Principles for internet-connected devices that could run for decades

So we need to make it as easy as possible for manufacturers and others to support these devices in the field. And part of the answer is surely that we need to make it as easy, cheap and sustainable as possible for manufacturers to do the “right” thing. And the argument that Paul’s paper makes is that the key to doing this is to decentralize as much logic as possible – so that what’s left at the centre is as small as possible.   They capture this intuition in the form of three key “technology principles”:

  • think “peer-to-peer” wherever possible… if two devices can find each other and communicate directly, why route it through a central point?
  • assume you’re operating in a “trustless” world: if you can’t be sure that everything is running perfectly all the time (because it won’t be), then choose a design that needs as little trust as possible
  • decentralize autonomy to the greatest extent possible – if something doesn’t need to be decided at the centre, decide it at the edges. Build on the insight that those with the greatest ongoing incentive to keep these systems running are those closest to them and who depend on them the most.

Device Democracy

This concept inspires the title of the paper: “Device Democracy”. They call the resulting architecture an “Internet of Decentralized, Autonomous Things”. The project’s IBM landing page explains more.

The paper explains the reasoning in more depth but the intriguing result is that the principles above are well-matched to concepts well-understood by the crypto and cryptocurrency worlds. A secure point-to-point messaging system like Telehash is a good candidate for direct device-to-device messaging, for example. Similarly, a trustless decentralized contract platform like Ethereum (a second-generation blockchain technology) could be a way to encode agreements between devices and to enforce rules.

Indeed, the team’s prototype (which has real locks opening and closing – I so wish I had been in the room when they demonstrated it) is based on Ethereum, Telehash and BitTorrent (you need something to distribute billions of firmware updates, after all)

But it’s important to realize that this isn’t a break from the past; it’s incremental. Existing protocols will still be needed and manufacturers will still need a way of communicating with their devices. This is all about making it as easy and secure as possible and to give end-users as much control as possible – hence “Device democracy”.

It’s perhaps likely that we’ll see hybrid models emerge where these peer-to-peer technologies are coupled with centralized services (cloud-based to hit cost objectives).

This is why I say Bitcoin and Cryptocurrencies are about so much more than currency…

For me, this project gives me further reason to believe that the impact of blockchain technologies and cryptocurrencies will be far greater than anybody expects: their applications go beyond the imaginations of any one of us.

We first saw this with Bitcoin. You needed good knowledge of economics, finance, cryptography and computer science to understand the Bitcoin concept in its full breadth. Indeed, I think this is why may academic economists, central bankers and computer scientists were amongst the slowest to grasp its importance: they were, in general, just too specialised and narrow.

So it is with this project: it has taken a team with knowledge of electronics, engineering, manufacturing, decentralized protocols and economics to devise this prototype platform.

The future belongs to the versatilists?

I wonder if this could be further evidence that the future will be owned not by the specialists or the generalists – but by the versatilists?

 

Disclaimer and Notes

1) I know there’s a lot of interest about this project so a quick reminder that this blog contains my views and analyses… not IBM’s.  I am not an official spokesman on IoT or anything else. 

2) I have lost the contact details of the clever person who created the excellent t-shirt design above. Please do get back in touch so I can credit you

 

What happens if Bitcoin mining companies vertically integrate?

Creeping centralization can come in many forms – are the Web Application Server wars a lesson from the past?!

First some history of the IT industry (you can skip this bit if you just want the meat…)

Travel back in time with me to the late nineties…. I started my career during the Web Application Server wars. The web was taking off in the late nineties and companies like WebLogic (quickly acquired by BEA) spotted a need in the marked for a Web Application Server.

They were solving an obvious problem: it was a real pain to write proper applications. Sure: you could write HTML and run it on Apache. And you could use the CGI interface to have scripts run to generate basic dynamic content. But it was painful to do anything more sophisticated

If you were a bank that wanted to build an online banking service that interfaced with your core banking system, it needed a huge amount of effort and care… and you were wholly responsible for figuring out how to manage session state, failover, transactionality and everything else. And what we quickly found was that everybody needed a similar set of code “middleware” services – and were building for themselves each time.

And one solution to this problem was the web application server. This was a server, usually written in Java, that provided a defined set of APIs and an execution environment for web applications.    You could think of it as having two faces: one face spoke “web” – it sent and received HTTP. The other face spoke “enterprise” – it provided a set of APIs, SLAs and common behaviours that app developers could rely on to build their applications.

Products like BEA WebLogic, as it became, Netscape Enterprise Server, IBM WebSphere Application Server and Microsoft’s Internet Information Services platform were all designed to solve this problem… and it became a billion-dollar industry.

Sure – somebody still had to buy, configure, install and manage these platforms (usually in corporate datacenters, running on expensive hardware) but at least there was now a clear separation: and a division of labour emerged: J2EE developers, App Server administrators, infrastructure engineers and so on.

Today is different but not that different!

Fast-forward to today and the world is different: we take a rich execution environment for granted and the state-of-the-art consists of cloud offerings that protect the developer from worrying about anything apart from their code: infrastructure, connectivity, bandwidth, middleware configuration is all delegated to the platform. (IBM’s BlueMix is a recent example of such a service)

But the insight is the same: in any field, we see lower levels of the stack become standardized and commoditized. A small number of specialized players, with economies of scale and benefitting from experience-curve effects, begin to dominate.

So I’ve often wondered if we’ll see something similar in the Bitcoin space.   Are there any parallels we can draw and, if so, what can we learn from them?

Can we see any parallels with Bitcoin infrastructure?

Look back a few years and anybody wanting to build a product or service on Bitcoin had to do it all for themselves.

For example, it seems that Mt.Gox wrote their own custom implementation of the Bitcoin protocol – which is not, perhaps, surprising given the nature of its business and the maturity of the ecosystem when it was founded. I guess that’s similar to people who wrote their own HTTP servers or implemented custom schemes for producing dynamic content back in the nineties.

More recently, APIs like BitcoinJ and platforms like BitsOfProof have emerged as credible abstraction layers upon which interesting products and services can be built. In both cases, developers typically run and maintain their own instance(s) of  Bitcoinj or BitsOfProof, etc. So one could argue this is a parallel to the on-premise app-server days of the web.  

So it’s tempting to ask… are the parallels with the web appropriate? If so, what happens if cloud-based services for Bitcoin developers emerge?

And, of course, we don’t need to imagine. These services already exist. chain.com is one such example.

Chain.com is a cloud-based Bitcoin API for developers. From their website, it appears that they maintain a set of Bitcoin nodes and ensure they are well-run and well-connected, perhaps in the way that Amazon or IBM might maintain app servers, infrastructure, routers and connectivity to major peering points on the internet.

And developers simply write their Bitcoin product or service in a language of their choice, calling the Chain APIs as and when they need to interface with the Bitcoin network.  One can imagine that coding against Chain.com makes it an order of magnitude more easy to get a new Bitcoin company up and running. You don’t need to worry about any of the infrastructure detail: Bitcoin is abstracted away to a set of easy-to-use, well-documented, high-level APIs.  

You might hardly even know you were even using Bitcoin!

And that’s a really important subtlety: if you are not running your own Bitcoin nodes, how do you know the information your service provider is giving you is accurate? How do you know you’re connected to the “real” network and seeing the real blockchain and that your transactions are making it across the network?

Now I’m sure the chain.com team are hugely competent and ethical people. This post is emphatically not a criticism of them or their service. But one does need to be open-eyed about the tradeoffs one is making as an engineer.  And one approach app developers could take might simply be to maintain their own independent copy of Bitcoin core to act as a monitor/sentinel.  It’s probably not a show-stopper.

And I can see this sort of service being immensely popular: it is a lot of effort to install and maintain Bitcoin network infrastructure… keeping it patched, making sure you really are well-connected to the Bitcoin network and so on… and if your business has latency dependencies (mining? Exchanges?) then you also need to worry about making sure your nodes are “close” to other major nodes. And so on and so forth.

Figuring out how to do this sort of stuff well has good scale effects and there will be big learning/experience curves. Just as cloud vendors can run web infrastructure better and cheaper than most companies could do themselves, we should probably expect to see small startups outsourcing their Bitcoin network integration to firms like chain.com – and maybe even hosting providers who include Bitcoin APIs and network abstraction as a core part of their service offering.

So, leaving aside the concerns this might raise around decentralization and ask yourself:

if a cloud-based Bitcoin API/application platform were to become really popular, who is best placed to deliver it?

Until a few weeks ago, I would have said I expected more firms like chain.com to be founded over the coming months and for a handful of them to gain critical mass and become the dominant application platform players of the future.

And then CoinTerra bought BitsOfProof

It was one of those lightbulb moments for me when I heard about it. Of course! How Obvious!

It makes perfect sense. Think about the capabilities and advantages that big mining firms have that they could use to build a powerful hosting proposition for developers:

  • Hosting in low-cost locations
    • They already maintain massive farms of servers, usually in locations with cheap power. They could easily offer colocation to their clients
  • Massive hashing power
    • They could commit SLAs to application clients that nobody else could make – “At this SLA, we will guarantee your transactions make it into a block within x hours”, perhaps?
  • Optimised network connectivity
    • The mining firms must surely have deep knowledge of the Bitcoin network topology so I suspect they could make promises about transaction propagation times and other time-critical requirements that would measure to some clients – “You will see transactions from other people faster on our platform than if you ran your own node”, perhaps?
  • 100% Virgin coins on tap
    • Mining companies can offer businesses who use their APIs access to freshly-minted coins… no taint, no need to ask where they came from
    • … and I’m sure there are more

Many observers, myself included, have tended to ignore mining, regarding it as an infrastructure function, with the main debate being around the threat of concentration of hashing power. What I missed until now is that a well-run mining platform is also a phenomenally powerful platform from which to build up the stack to middleware/APIs and beyond.

So the question for me is: what happens if (when?) one of the mining firms offers a hosted application environment for Bitcoin companies with a really easy-to-use abstraction API over the Bitcoin network?   Commentators such as Tim Swanson have written extensively about the incentive structure of Bitcoin mining but I’ve not yet seen an analysis that thinks through the implications of vertical integration of the sort I outline here – and what it would mean for any security analysis of the system as a whole.  

If anybody’s aware of one, I’d love to read a copy.

Disclaimer: I’ve not spoken to any of the firms named in this post and I have no insight into their product plans

A decentralized securities trading and settlement system is being built hidden in plain sight

Colored coins, chromawallet, coinprism, NXT Asset Exchange, Mastercoin, Counterparty… tens of projects are working on asset tracking, transfer and exchange systems. What are they doing? Will it work?

I wrote a piece last year explaining how today’s securities trading and settlement systems work. The full picture of participants is pretty complex:

Figure 8 csd

There are surprisingly many parties involved in the safekeeping and exchange of securities. What would the picture look like in a “decentralized world”?

At core, I think the system is all about assuring “performance”. That is… it’s all about making sure that people actually deliver on the promises they make when they enter into a trade

Recent controversies might make this seem hopelessly naïve – and they show that ensuring fairness in exchange is important – but assuring performance is the core of the aspiration.

And to deliver on this aspiration, today’s system is based on a closed, centralized model. I talked about it here and also argued  Mt.Gox model was even more centralized than the mainstream system.

We’re now seeing serious projects work on this problem. Perhaps revisiting the fundamentals will help us predict which of these projects will prevail?

Why do we have exchanges in the mainstream world?  There are lots of valid answers (liquidity, fairness, …) but none of this matters if you can’t be sure a trade you make will be settled. After all, what’s the point of agreeing a trade with somebody if they can just change their mind afterwards if it suits them?

In the mainstream world today, the general model for a stock exchange is one where it has members, who are the only entities allowed to trade on that exchange. These members are subject to strict rules. For example, the London Stock Exchange’s rule book has over 100 pages: http://www.londonstockexchange.com/traders-and-brokers/rules-regulations/rules-lse.pdf

Rule G5000 sums captures the critical function of the exchange for me:

G5000

“Obligation to settle: A member firm shall ensure that every on Exchange trade effected by it is duly settled.” Obvious, perhaps… but it needs to be said!

So the exchange helps ensure an orderly market by vetting and monitoring its members. This gives participants confidence: they don’t need to worry about who is on the other side of their trade. They know the trade they agree to will get settled. But other exchanges employ different models:

  • Prefund: Mt. Gox asked everybody to deposit their Bitcoins or fiat with them before they could trade. It guaranteed that trades executed on Gox would settle. Unfortunately, it only guaranteed they would settle on the books of Mt.Gox. As many people discovered to their cost, a settled trade on Gox was not the same as cash the bank or Bitcoins in their wallet
  • Escrow: The model I outlined in my piece earlier this year was essentially an escrow scheme. You place your Bitcoins beyond reach and they are either delivered back to you when your bid/offer expires or are delivered to the buyer. The trick here is in choosing the escrow “agent” (or agents…) carefully.
  • Clearing: This is how the The London Stock Exchange does it. In certain situations, members don’t even need to own the securities they’re selling at the time they trade them; they just need to make sure they deliver them as promised on the day of settlement. This model works because there is a closed group of trusted and well-known entities. However, there is clearly a risk: what happens if one of the participants goes bust between trade and settlement? That’s what a clearing house is there to solve, amongst other things. It keeps a close eye on its members, requires them to contribute to a “default fund” and steps in to make the other members whole if one of them fails.

Now, when we look at some of the most vibrant projects in the Bitcoin and cryptocurrency world, we see something interesting: a large number of them are working on representing non-crypto assets – such as securities – on the blockchain – They’re building out the vision of a decentralized general-purpose asset ledger.

There are two concepts we need to understand:

  • A token – something that represents an asset. Perhaps 100 shares of IBM Common Stock or ownership of a particular car.
  • An issuer – somebody that makes a promise to confer the rights and benefits associated with that asset to whomever holds it at any given point.

A concrete example: imagine I owned 10000 IBM shares (I wish…). I could issue them onto one of these platforms and publish the definition so others could see it and could see it was from me. I would, in effect, be making a promise:

“I will convey whatever benefits I enjoy through my ownership of these shares to whomever holds the token”.

So if I receive a dividend cheque, I pay it to the holder of the token. If you trust me to be good for this promise, you might be willing to purchase the token from me for $2m or so… the price of the IBM shares… owning the token would be just as good as owning the shares… and you could store it in your Bitcoin wallet and not have to deal with your broker any more!

Now, it is unlikely that you’d trust such a promise from me. But if was made by a major custodian bank you might. But note: you do have to trust the issuer.

So why bother? Why bother going to the trouble of building a decentralized asset ledger if you have to trust somebody at the end of the process?

For me, the answer is that this approach might allow increased competition between issuers. Furthermore, moving disparate asset registers (custody records, vehicle registration databases, etc) onto a common architecture might enable innovations we haven’t yet considered.   It’s too early to tell so we can all be grateful to the pioneers who are experimenting so we don’t have to.

I think there are three broad camps:

  • Coloring Bitcoins. Projects such as chromawallet and coinprism are working on systems to “tag” Bitcoins so that they can be tracked across transactions
  • New Protocols Running Over Bitcoin. mastercoin and counterparty piggy-back on Bitcoin’s peer-to-peer network, double-spend protection and consensus system but their tokens are essentially independent of Bitcoins. A counterparty token is not simply a “tagged” Bitcoin.
  • Entirely Separate Protocols. NXT and ethereum fit into this camp.

I have no particular insight into the structure of any of these projects so let’s assume they’re all run by capable, honest people and further assume that we’ll see a future where assets of all types, including securities, will be represented on a blockchain-like decentralized platform.

Then what? Presumably people will want to buy and sell…. To exchange.

And that’s where things get interesting… because we have to solve the performance problem.   We’re now in a decentralized, pseudonymous world… how do we ensure somebody who offers to buy an asset for a given price actually goes through with it and pays up?

What is the crypto-ledger rule G5000?

Is it possible to build a decentralized exchange on any of these platforms that has the strong performance guarantees we need? Can we build a decentralized exchange where a matched bid and offer inevitably lead to a settled trade?

It we look at our three models from previously, “clearing” isn’t going to work (it is, by definition, centralized and reliant on trusted identities). “Prefunding” is also problematic – what happens if the entity you sent your assets to disappears? So it looks like “escrow” is the only game in town.

Now, part of the solution already exists: we can construct “atomic” asset transfers using the Bitcoin protocol today. So I will assume exchanging payment and asset in a single transaction (“Delivery versus payment”) is achievable today on any of the platforms discussed above. But we need to get to a point where creating a valid transaction like this is inevitable once a bid and offer are matched.

Here’s where I think the state of the art is with the three approaches and it’s surprisingly different:

Coloring Bitcoins. The systems I’ve looked at don’t route bids/offers over the Bitcoin system so any matching will be done external to the platform. So it seems to me that “decentralized exchanges” on this model will have to require those posting bids or offers to demonstrate that they have placed the corresponding colored coins/Bitcoins in escrow with one or more acceptable third parties. There’s nothing that will do this automatically. So, it’s worth watchin firms like Xapo in the US and Elliptic in the UK. Professionally-run Bitcoin “cold storage vaults” such as these feel like “proto custodian banks” that could perform this function. The question is: can they devise a service that is sufficiently decentralized yet which still allows them to earn an income?

New Protocols Running Over Bitcoin. My understanding of these systems is that they embed bids/offers in the blockchain and have a protocol definition that means matches can be determined unambiguously. Furthermore, the act of making a bid or offer locks the associated assets until the trade is resolved or a bid/offer expires… automatic escrow, if you like. Assuming I am right, then this does appear to offer the “inevitability” promise that I think is so important. But it is at the expense of polluting the blockchain with bids/offers. It seems inelegant to me that one would store transient data (time-limited bids/offers) in such a permanent form of storage. But perhaps there’s no other way?

Entirely Separate Protocols. My working assumption is that NXT, too, works on the basis of bids/offers encumbering the associated assets until the outcome of the trade is resolved.  With Ethereum, the answer to every question is, of course, “it’s Turing Complete so of course you can do it” but I need to dig a little deeper to be sure….

 

Where is this going?

I think we’re going to see a market test: the colored coin approach is, in many ways, the most elegant as it uses the blockchain solely for storing/transferring the asset.   It means a range of exchange types can be trialled (escrow, pre-funding, reputation-based?)… but none of them will deliver full “inevitability” of settlement.  Perhaps consumers will care. Perhaps they won’t.

Projects like mastercoin and counterparty look able to deliver on the “inevitability” promise but will it be at the cost of blockchain bloat?

It will be an interesting few months ahead.

 

A final thought… What if we simply don’t worry about it and price it instead?!

The other approach is completely radical… instead of trying to force performance, why not model it as an option? We can think of somebody who posts a bid/offer but who then reneges as exercising an option to renege. This option clearly has value – if they would lose money by completing the trade as agreed, the option payoff is at least as much as they stood to lose! So is it possible to model the value of the option to renege and force participants to pay the option value up-front in order to post a bid/offer?

Unanswered questions: to whom would the price be paid? Is there any precedent for modeling the “option to renege” in this way? What would be the liquidity implications?

Conclusion

I said at the start of this piece that a new financial infrastructure is being built “hidden in plain sight”. For the reasons outlined above, I think the “exchange” aspect of this infrastructure still has a long way to go but we’re about to witness a fascinating experiment.