Posted by

gendal

Posted on

April 5, 2016

Posted under

blockchain, Corda, distributed ledger, r3

Comments

101 Comments

Introducing R3 Corda™: A Distributed Ledger Designed for Financial Services

UPDATE: The Corda introductory whitepaper is now available! And this blog post gives more context.

As reported in Bloomberg this morning, I’m delighted to confirm that R3 and our member banks are working on a distributed ledger platform for financial services: Corda™. I explain it on our official R3 blog and reproduce it here.

For the last six months, my team and contributors from our membership have been building a distributed ledger platform prototype from the ground up, specifically designed to manage financial agreements between regulated financial institutions. I am massively excited by the progress our team, led by James Carlyle, our Chief Engineer, and Mike Hearn, our Lead Platform Engineer, are making and I think the time is right to share some details.

Corda: A Distributed Ledger for Recording and Managing Financial Agreements

Corda is a distributed ledger platform designed from the ground up to record, manage and synchronise financial agreements between regulated financial institutions. It is heavily inspired by and captures the benefits of blockchain systems, without the design choices that make blockchains inappropriate for many banking scenarios.

Corda’s key features include:

Corda has no unnecessary global sharing of data: only those parties with a legitimate need to know can see the data within an agreement
Corda choreographs workflow between firms without a central controller
Corda achieves consensus between firms at the level of individual deals, not the level of the system
Corda’s design directly enables regulatory and supervisory observer nodes
Corda transactions are validated by parties to the transaction rather than a broader pool of unrelated validators
Corda supports a variety of consensus mechanisms
Corda records an explicit link between human-language legal prose documents and smart contract code
Corda is built on industry-standard tools
Corda has no native cryptocurrency

Corda’s design is the result of detailed analysis and prototyping with our members and will be open sourced when the code has matured further.

In the remainder of this post, I want to share some insight into our thinking. Why are we building Corda? Why have we made some of the design decisions we have? When will the code be ready for others to examine and build upon? How does this relate to other platforms and projects?

A thought experiment

When I joined R3 from IBM in September 2015, I forced myself to stop and think. The blockchain bandwagon was running at full speed, I’d just been appointed CTO of a project intended to bring blockchains to finance but there was a nagging worry at the back of my mind… how could I avoid falling into the trap of believing all the hype?!

I imagined myself sitting in front of the CIO of one of our member banks some time in the future. I imagined we had naively selected a “blockchain for finance” based on what was popular at the time and widely deployed a range of products and services on top of it. And I imagined we had believed the hype, had suspended our critical faculties and had omitted any engineering. In this imagined scenario, I now found myself facing an angry CIO, who wanted to know why the system I had built had just failed calamitously. Why on earth did I build it the way I did?!

I concluded that an entirely inappropriate answer to that question would be: “because blockchains were cool in 2015”! No. That simply won’t do.

The reality is that solutions based on selecting the design first and then trying to apply it to arbitrary problems never work out well. Every successful project I’ve worked on started with the requirements, not some cool piece of technology, and I was determined to bring that discipline into our work at R3.

Remind me again why a system designed to replace banks is also supposedly their saviour?

And there is a second reason for this caution: the technology and finance industries collectively “decided” some time in early 2015 that “blockchain technology” was somehow the future of financial services.

Indeed, I am one of the most active proponents of precisely that claim. But the reason for blockchain technology’s importance is extremely subtle – and this subtlety is something that most people seem to have missed.

To understand this, we need to look at Bitcoin.

Bitcoin’s architecture, as I have often written, is a marvel. Its interlocking components are one of those rare examples of something so elegant that they seem obvious in hindsight, yet which required a rare genius to create.

But what is often missed is that the cleverest part of Bitcoin isn’t actually its architecture; I think the cleverest part was to articulate the business problem. We don’t tend to think of Bitcoin as being the solution to a “business problem” but it can perhaps be thought of as a wonderfully neat solution to the problem of: “how do I create a system where nobody can stop me spending my own money?” Now, I can’t claim to know the mind of Satoshi and he certainly didn’t write the whitepaper in this way but it triggers a very useful thought-experiment.

In fact, once you write this ‘business problem’ down, the design drops out almost trivially! (Almost…) You want always to be able to spend your own money? Then you can’t have a central point of control. It could be shut down by the authorities. You can’t even have a collection of validators with known identities as they could also be shut down with concerted effort. Very quickly you realise you need a massively replicated consensus system and, if you don’t want to tie actions to real-world identities, you need something like Proof of Work to make the voting work. You work the logic through and pretty much the whole design (the blockchain, the need for mining, block rewards, maybe even the UTXO transaction model, etc., etc.) drops out. Of course, it does push a lot of work onto the users: confiscation of somebody’s bitcoins is easy if you know their private key… but let’s leave that to one side for now.

And this way of looking at it is important because it highlights how Bitcoin’s blockchain can be thought of as the solution to a business problem. Satoshi Nakamoto didn’t wake up one morning wanting to “apply Blockchain to finance”. Blockchain was the tool that was invented to solve a real problem.

So we have a conundrum, right? If that’s the case, then what on earth is the argument that says blockchain has any relevance at all to banking?!

Indeed, last time I checked, banks have the inverse of my Bitcoin problem statement!

What is the defining characteristic of blockchain systems?

So I spent most of October sitting in a dark room (really! This was our first London office… a tiny four-person room in a shared working space in the City of London) questioning some of the most fundamental assumptions about blockchains. What is it exactly that makes them interesting to banks?

Most people had already made the mental leap that the “bitcoin package” was unacceptable as a take-it-or-leave-it deal: proof of work is unnecessary for private deployments, for example. But, as I looked around, all I could see was firms who had accepted everything else… It seemed strange to me that, as an industry, we could tease apart one part of the “blockchain bundle” but then stop there.

I spent several of my earlier, formative years at IBM in a role called “technical sales”. If you’ve ever bought technology from a large IT vendor, you’ll have met somebody like me. We’re the people who visit clients with the sales rep and act as the technical expert: we explain how the product works, make sure we’re proposing the right solution to the client and ensure there is no technical barrier to closing the deal.

A lesson I learned very early in that role was: it doesn’t matter how hard you wish or how many client meetings you schedule or how aggressive the sales rep gets, if you can’t show how your solution is going to solve the client’s business problem then the deal almost certainly won’t close. And those that do are the ones you’ll live to regret…

Fast forward a decade, and as I surveyed the blockchain landscape in October 2015, all I could see was excitable (and vocal!) firms touting solutions that made very little sense to me for the kinds of problems I was trying to solve. I will confess to many moments of self-doubt: maybe they were all sane and I was the mad one..?!

But I ploughed on: even if they are right that a “take it or leave it” blockchain design is the saviour of the financial industry, I’ll be doing our members a favour if I could explain why.

So we started picking away at what can perhaps be called the “blockchain bundle”: the collection of services that blockchains provide to those who use them.

We concluded that a blockchain such as the ones underlying Bitcoin or Ethereum or any of the private variations actually provide at least five interlocking, but distinct, services. And the right approach is to treat them as a menu from which to select and customise… different combinations, in different flavours, for different business problems.

CONSENSUS

The first, and most important, feature of blockchains – and the thing that is probably genuinely new in terms of scale and scope – is that they create a world where parties to a shared fact know that the fact they see is the same as the fact that other stakeholders see:

“I see what you see… and I know that what I see is what you see”

And, critically:

“I know that you know that I know”!

And:

“I know that you know that I know that you know…”

And so on…

And it makes this promise across the Internet between mutually untrusting parties. Sure: consensus systems and replicated state machines have existed for years but consensus systems at Internet scale, between untrusting actors, that work in the face of powerful adversaries? That’s a step forward.

In Bitcoin, the shared facts are things like: “What are all the bitcoin (outputs) that have not yet been spent and what needs to happen for them to be validly spent?”. And the facts are shared between all full node users.

In Ethereum, the shared fact is the state of an abstract virtual computer.

But notice something interesting: there isn’t some law of nature that says the set of people who have to be in consensus is the whole world. Bitcoin just happens to work that way because of its unique business problem. If you don’t have Bitcoin’s business problem then be very wary of those trying to sell you something that looks like a Bitcoin solution.

VALIDITY

The second feature in the “blockchain bundle” is validity. Tightly linked to consensus, this feature is the one that allows us to know whether a given proposed update to the system is valid. It is how we define the rules of the game. What does a valid “fact” look like in the system? What does a valid update to that fact look like?

UNIQUENESS

The third feature in the blockchain bundle is its “uniqueness service”. I can quite easily create two perfectly valid updates to a shared fact but if they conflict with each other then we need everybody who cares about that fact to know which, if either, of those updates we should select as the one we all agree on. The “anti-double-spend” feature of blockchains gives us precisely this service and it’s hugely important.

IMMUTABILITY

The fourth feature in the “Blockchain Bundle” is often, if misleadingly, termed “immutability”: data, once committed, cannot be changed.

This isn’t quite true: if I have a piece of data then of course I can change it. What we actually mean is that: once committed, nobody else will accept a transaction from me if it tries to build on a modified version of some data that has already been accepted by other stakeholders.

Blockchains achieve this by having transactions commit to the outputs of previous transactions and have blocks commit to the content of previous blocks. Each new step can only be valid if it really does build upon an unchangeable body of previous activity.

AUTHENTICATION

The final critical feature in the “Blockchain Bundle” is authentication: every action in the system is almost always associated with a private key; there is no concept of a “master key” or “administrator password” that gives God-like powers. This is quite different to traditional enterprise systems where these super-user accounts are prevalent and petrifying from a security perspective.

So what is the financial services business problem?

So why did I take us through this analysis? Because it gets us to the heart of the distributed ledger domain: the thing that is genuinely new is the emergence of platforms, shared across the Internet between mutually distrusting actors, that allow them to reach consensus about the existence and evolution of facts shared between them.

So if that’s what this is all about, then what are the “shared facts” that matter in finance? What business problem would we need to have for any of this work to be of any use at all?

And this is the light bulb moment and the fundamental insight driving the entire Corda project:

The important “shared facts” between financial institutions are financial agreements:

Bank A and Bank B agree that Bank A owes 1M USD to Bank B, repayable via RTGS on demand.
This is a cash demand deposit
Bank A and Bank B agree that they are parties to a Credit Default Swap with the following characteristics
This is a derivative contract
Bank A and Bank B agree that Bank A is obliged to deliver 1000 units of BigCo Common Stock to Bank B in three days’ time in exchange for a cash payment of 150k USD
This is a delivery-versus-payment agreement
… and so on…

The financial industry is pretty much defined by the agreements that exist between its firms and these firms share a common problem: the agreement is typically recorded by both parties, in different systems and very large amounts of cost are caused by the need to fix things when these different systems end up believing different things. Multiple research firms have postulated that tens of billions of dollars are spent each year on this problem.

In particular, these systems typically communicate by exchanging messages: I send an update to you and just hope you reach the same conclusion about the new state of the agreement that I did. It’s why we have to spend so much money on reconciliation to check that we did indeed reach the same conclusions and more money again to deal with all the problems we uncover.

Now imagine we had a system for recording and managing financial agreements that was shared across firms, that recorded the agreement consistently and identically, that was visible to the appropriate regulators and which was built on industry-standard tools, with a focus on interoperability and incremental deployment and which didn’t leak confidential information to third parties. A system where one firm could look at its set of agreements with a counterpart and know for sure that:

“What I see is what you see and we both know that we see the same thing and we both know that this is what has been reported to the regulator”

That’s Corda.

How does Corda choose from the “Blockchain Bundle” Menu?

So now we understand the financial services requirement, we can look again at the “Blockchain Bundle” menu from above and outline the choices we’ve made.

CONSENSUS

A critical piece of the Corda philosophy is that our problem is to ensure that “I know that you see the same details about a shared fact that I see”.

But this does not mean that a third party down the road also needs to see it: our consensus occurs between parties to deals, not between all participants.

VALIDITY

Furthermore, in Corda, the only people who need to be in agreement about a fact are the stakeholders to that fact: if you and I agree about something that pertains only to us then why should we care what some completely unrelated third party thinks? And why would we even think of sending them a copy so they could opine on it? So, in Corda, we let users write their validation logic in time-tested industry-standard tools and we define who needs to be in agreement on a transaction’s validity on a contract-by-contract basis.

UNIQUENESS

Just like every other distributed ledger out there, we need to be sure that two valid, but conflicting, transactions cannot both be simultaneously active in the system. But we also recognise that different scenarios require different tradeoffs. So Corda’s design allows for a range of “uniqueness service” implementations, one of which is a “traditional blockchain”. But it doesn’t need to be and, for our purposes, we also need implementations that make different tradeoffs under Brewer’s CAP theorem: in particular, some financial services use-cases need to prioritise consistency at the expense of availability in the event of a network partition.

IMMUTABILITY AND AUTHENTICATION

Here, Corda’s design departs very little from existing systems: our data structures are immutable and our building block is the exchange of digitally-signed transactions.

So Corda is very traditional in some respects – we directly apply the “authentication”, “immutability” and “uniqueness service” features of blockchains but we depart radically when it comes to the scope of “consensus” (parties to individual deals rather than all participants) and “validation” (the legitimate stakeholders to a deal rather than the whole universe or some arbitrary set of ‘validators’).

How is Corda Different?

Hang on? Isn’t this the same pitch that every other blockchain firm is making? Not quite.

Notice some of the key things: firstly, we are not building a blockchain. Unlike other designs in this space, our starting point is individual agreements between firms (“state objects”, governed by “contract code” and associated “legal prose”). We reject the notion that all data should be copied to all participants, even if it is encrypted.

Secondly, our focus is on agreements: the need to link to legal prose is considered from the start. We know there will still always be some disputes and we should specify right up front how they will be resolved.

Thirdly, we take into the account the reality of managing financial agreements; we need more than just a consensus system. We need to make it easy to write business logic and integrate with existing code; we need to focus on interoperability. And we need to support the choreography between firms as they build up their agreements.

Different Solutions for Different Problems

But… we should be clear. We are not viewing Corda as a solution to all problems. This model is extremely powerful for some use-cases but likely to be less well suited to others. It’s why we continue to engage extremely deeply with all our partners who are working on complementary platforms in this space; we are not omniscient. Moreover, there are still many significant design and research questions we have to resolve: there is still a great deal of work to do.

Furthermore, I have been deeply impressed by the quality engineering embodied in the many platforms that have passed through our labs and you will continue to hear about projects we are delivering on platforms other than Corda: different solutions for different problems is our mantra. Indeed, those who have attended panels or workshops in recent months will have heard me saying this for some time now.

Corda does not seek to compete with or overlap with what other firms are doing: indeed, we are building it because no other platform out there seeks to solve the problems we’re addressing. That’s what makes this space so endlessly exciting.

What next?

In the coming weeks and months, you’ll hear more about Corda, about our initial projects and about its design. We will also be gearing up to release the core platform as open source, possibly as a contribution to other endeavours. Watch this space.

And… we’re still hiring: there is a great deal of work still to do!

Posted by

gendal

Posted on

August 26, 2015

Posted under

advice, architecture, blockchain

Comments

18 Comments

Free advice can be valuable… but only if you take it

If a client tells you your solution doesn’t solve their problem, it may not be the problem that needs to change…

I often argue for the importance of blockchain and distributed ledger technology by using the following chain of logic:

Bitcoin’s architecture solved the problem of censorship-resistant digital cash
But few, if any, financial firms are interested in censorship-resistant digital cash
So why are they looking at this technology?
Because some principles underpinning Bitcoin’s architecture – shared ledgers, for example – could be relevant to problems that banks face.

Sure, a blockchain or a replicated shared ledger could indeed be useful to banks. Perhaps it could reduce the need for reconciliation between firms if they all ran off a single ledger, for example. But this says nothing about whether blockchains are the optimal solution to any particular problem in banking. That still has to be argued, of course.

Recall: the bitcoin architecture was a solution to a very specific, very carefully framed problem – how to transmit value without the risk of censorship. Just because the underlying architecture could be used to solve some pressing problems in banking doesn’t mean it’s the best way to do so. Indeed, although the interlocking aspects of the Bitcoin solution are in some ways quite elegant, there are also some compromises. After all, it is an engineering solution to a set of very specific constraints and so it has to be demonstrated that it’s the right solution when the constraints are different.

Lee Braine, of Barclays Investment Bank CTO Office, made an important contribution to this debate when he spoke at London Blockchain Conference 2015 recently. The video is now available and I urge anybody working in this space to watch it and to internalise its message.

[vimeo 137190236]

We all too often “talk past each other” in the distributed ledger world and we are quick to assume the other person just “doesn’t get it”. I can assure you that Lee does get it and it would be a brave startup in this space that chooses to disregard what he said. He’s giving us free advice! Take it!

Like I say, watch the video for yourselves.

I think another way to capture the chain of logic in the video is as follows:

Assume the ongoing interest in the application of blockchain technology continues
Assume further that some banks identify some compelling business opportunities in deploying a cryptographically-secure shared ledger between themselves.
What is the probability that a derivative of Bitcoin or Ethereum or any other current platform will be the best solution to that specific problem?
Given that none of them were invented to solve that problem, surely it’s quite low, right?

So we could find ourselves in the situation that bitcoin and blockchain technology have catalysed an orgy of activity, that this activity has identified countless high-quality business problems and yet none of those opportunities are best addressed with the technology that triggered the excitement in the first place!

The theme of this blog is “free advice” and the free advice I’m taking from Lee’s comments includes:

First, we shouldn’t get enamoured by a particular implementation of a technology. Sure: if you have an implementation then you may have bought a place at the table. But don’t make the mistake of assuming that if the business problem doesn’t fit the technology then it’s the business problem that needs to change!

Secondly, if you’re working in a financial institution, be careful to distinguish between the principles embodied in these technologies. Shared ledgers? Yes. That seems to be at the heart of this domain. Indiscriminate replication? Perhaps. Cryptographically-secured access down to the “row” level? Probably. And so on.

Thirdly, consider the complexity of banks’ existing IT environments. An idealised, “wouldn’t the world be perfect if…” solution is no use to anybody if it requires the whole world to move at once and/or if there is no credible migration path. This points to a need to listen to the incumbents when they object. Furthermore, consider the non-functional requirements which are simply a given in this space.

Fourthly, if we assume that today’s current hyperactivity will lead to a new understanding of the possibilities for banks but don’t assume that today’s blockchain platforms (permissioned or permissionless) are the (whole) answer, then surely we’re back in the land of engineering, architecture and hard work? Perhaps this means that the combination of persistence, data models, APIs, consensus, identity and other components that we need won’t all come from one firm. So a common language, some common vision and an ability to collaborate may become critical. Where is your distinct differentiation? Where would you fit in an overall stack?

Posted by

gendal

Posted on

July 23, 2015

Posted under

Bitcoin, blockchain, ledgers, models

Comments

47 Comments

Bitcoin and Blockchain: two revolutions for the price of one?

I gave a brief talk on Bitcoin and blockchain technology to an audience of non-specialists at a dinner last week. It covers many of the themes I’ve explored on this blog before. But the short, fifteen-minute, format forced me to be brief and clear. This is an edited version of the speech

A £20 note has an obvious, yet extraordinary super-power. I can hand it to anybody in this room and £20 of value will be transferred instantly, directly, peer-to-peer, person-to-person. Settlement, with finality, in central bank money! And nobody else need know. And nobody can stop me.

Super £20!! [I really hope there’s no law against posting photos of money…]

But this super-power only works at close distance. If I want to transfer £20 of value to somebody in a different town or in a different country, I need to trust other people. Sure: I could put the £20 in an envelope and post it. But even then I’d have to trust the postal service.

Or I could use a bank. But I’d be trusting them to be good for the money. And I’d have handed over control: if my name’s on the wrong list, the bank would be obligated to seize my funds. And if you’re on the wrong list, the bank will refuse to transfer the money to you…

“Digital” money is not the same as physical cash.

And the world’s financial plumbing – payments systems, correspondent banking, SWIFT, … – is a direct consequence of this observation: physical cash really is fundamentally different to every other form of money: only physical cash is a bearer instrument. And only physical cash can be transferred without permission – censorship-resistant.

Or so we thought.

Because a curious email to an obscure cryptography mailing list at the end of 2008 said something quite audacious. The email, from the hitherto unknown Satoshi Nakamoto heralded the arrival of Bitcoin and the advent of “purely peer-to-peer electronic cash”.

“A purely peer-to-peer version of electronic cash”

We all know the story of what happened next.

Except… what many people have missed is that the choice of the word “cash” in that email was absolutely critical and absolutely deliberate. What this email announced was the arrival of a digital bearer asset that is censorship resistant. Digital cash. A digital asset that you can hold outright, with no risk of confiscation, and which you can transfer to anybody you choose with no permission from anybody else.

And the funny thing is: the architecture of Bitcoin flows almost trivially (almost…!) from this requirement. Proof-of-work, the peer-to-peer gossip network, mining, the mining reward, the blockchain. The lot. It’s as if the genius of bitcoin was to ask the question.

But why am I saying this in the summer of 2015? This exact same thing could have been said at any point from 2009 until now. There’s nothing new here.

Except…

Nobody asks the obvious question:

Who actually wants a censorship resistant digital bearer asset?!

Well… some people do, of course. But none of them are banks or corporates. At least, I’ve not yet met a bank that wants this.

So why are so many banks, corporates, VCs and startups spending so much money in this space?!

I think there are two completely distinct reasons and that that the world of “blockchain technology” is actually two completely different worlds, with different opportunities and different likely winners. And those who don’t realise this might be about to lose a great deal of money.

First, let’s look at Bitcoin.

We should probably be realistic here. Bitcoin is not the solution to Greece’s crisis and it won’t bring finance to the world’s poor. But it turns out that censorship resistance is extremely valuable, even for people who don’t think they need it.

Because censorship resistance implies openness.

Anybody or anything can connect to an open network like Bitcoin to own and transfer value. And anything that is open, standardised, owned by nobody and useful smells very much like a platform. And we’ve seen how those stories play out.

But notice something else: Bitcoin is worse than existing solutions for all the use-cases that banks care about. It’s expensive. It’s slow. And it’s “regulatorily difficult”. And this is by design.

So this makes it doubly interesting.

Because it means Bitcoin is probably worse than existing solutions for all the things most people and firms care about but vastly better for one single use-case (open access to value transfer) that could be very useful for some people.

Isn’t that pretty much the definition of a disruptive innovation? Something that’s worse for existing use-cases but solves a niche use-case very well?

So, if this is true, we should expect to see adoption of Bitcoin come from the margins, solving marginal problems for marginal users.

But disruptive innovations have a habit of learning fast and growing. They don’t stop at the margins and they work their way in and up.

So this is why I think so many of the big-name VCs are so excited about it.

So the incumbents should be keeping a very close eye on what’s going on. If anything in this space is going to disrupt them, it will probably come from this world. But it’s perfectly understandable that vanishingly few of them are actually engaging deeply in this world.

So if Bitcoin isn’t why banks are looking at this space, what are they looking at?

How have so many people convinced themselves that there is something of interest here that is “separate” to Bitcoin or systems like it?

At this point, it’s customary to observe sagely that “of course, the real genius of bitcoin was the blockchain; that’s where the value is”.

But I’ve discovered something rather amusing. If you push the people who say this, and ask them what they actually mean, most of them can’t! And yet… whether they understand why or not, they are actually on to something.

It comes down to how bitcoin delivers on the design goal of “censorship resistant” cash.

Imagine Bitcoin didn’t already exist and you were asked to design a system of censorship-resistant digital cash. How would you do i?

Well… you couldn’t build it around a central database: the government could shut it down. That doesn’t sound very censorship resistant.

And you couldn’t rely on a network of trusted people around the globe since law enforcement could simply collaborate to shut them down too. And in any case, who would control the identity system that helped you be sure these people were who you thought they were in any case?

It turns out that the answer is quite unexpected… and it’s something I’d bet almost all engineers would consider completely mad.

The answer is that you get everybody who fully participates in the system to maintain a full copy of the ledger. And every time somebody, anywhere in the world, spends some bitcoin, we’re going to inform everybody who’s maintaining this ledger and they’re going to store a copy of that transaction too.

Bitcoin essentially runs on a MASSIVELY replicated, shared ledger. (The trick is in keeping it consistent, of course…)

It sounds insanely inefficient and expensive… and perhaps it is. But we also have to ask ourselves: inefficient and expensive as compared to what?

And this leads us to the other world

Just look at the state of banking IT today… Payments, Securities, Derivatives… Pick any one. They all follow the same pattern: every bank has built or bought at least one, usually several, systems to track positions and manage the lifecycle of trades: core banking systems, securities settlement systems, multiple derivatives systems and so on.

Each of these systems cost money to build and each of them costs even more to maintain.

And each bank uses these systems to build and maintain its view of the world. And they have to be connected to each other and kept in sync, usually through reconciliation.

Take even the simplest OTC derivative contract: it is recorded by both sides of the deal and those two systems have to agree on everything for years. Very costly to operate.

But what if… what if these firms – that don’t quite trust each other –used a shared system to record and manage their positions? Now we’d only need one system for an entire industry… not one per firm. It would be more expensive and complicated to run than any given bank-specific systems but the industry-level cost and complexity would be at least an order of magnitude less. One might argue that this is why industry utilities have been so successful.

But a centralised utility also brings issues: who owns it? Who controls it How do the users ensure it stays responsive to their needs and remains cost-effective?

The tantalising prospect of the blockchain revolution is that perhaps it offers a third way: a system with the benefits of a centralised, shared infrastructure but without the centralised point of control: if the data and business logic is shared and replicated, no one firm can assert control, or so the argument goes.

Now, there are lots of unsolved problems: privacy, performance, scalability, does the technology actually work, might we be walking away from a redundant (antifragile?) existing model? Who will build these platforms if they can’t easily charge a fee because of their mutualised nature? Difficult questions.

But see: this has nothing to do with funny internet money, bitcoin or censorship-resistant digital cash. It’s a completely different world

Two revolutions for the price of one

So… the blockchain revolution is so fascinating because it could actually be TWO completely different revolutions… both profound in their implications:

Censorship-resistant digital cash providing a new platform for open, permissionless innovation driven from the margins
And industry-level systems of record driving efficiencies for incumbents.

Neither of these are “sure things”… they are both high risk speculative bets… but they’re also very DIFFERENT bets…

[EDIT 2015-07-23 Gideon Greenspan has written a great piece that comes at this argument from a very different angle]

As ever, the thoughts and comment on this blog are mine alone and don’t represent the view of my employer….

Posted by

gendal

Posted on

July 5, 2015

Posted under

balance sheets, Banking, blockchain, distributed ledgers, shared ledgers

Comments

20 Comments

A Simple Explanation of Balance Sheets (Don’t run away… it’s interesting, really!)

Shared ledgers could be revolutionary but do we need to share a mental model for banking to make sense of it all?

What would be your first instinct if your friend were to tell you they had £1m in the bank? To congratulate them on their good fortune? To suppress a pang of jealousy?

Wrong, wrong, a million times WRONG!

The only acceptable first instinct is to shout loudly at them: “No! You fool! You don’t ‘have’ a million in the bank. You have lent a million to the bank. They owe it to you. How could you reveal so casually that your mental model of banking is so wrong?!”

If your first instinct was the correct one then you need read no further; there is nothing for you here. But, for everybody else, you could be missing something really important. And this could matter: as I’ve written repeatedly, we could be witnessing the emergence of shared ledger systems in finance – blockchains, if you prefer. And they will be used to record obligations of – and agreements between – firms and people of all sorts. A more complex (and larger) example of this, if you like:

The four-column model of shared ledgers

To make this work, we’re going to have to get a lot more precise about how we think about financial relationships. And I’m pretty sure it all comes down to having a clear mental model for balance sheets.

What is a balance sheet?

Imagine you were starting a bank. You’d want to put a system in place to keep track of the finances: how much cash do you have in the vault? To whom do you owe money? How much have you lent out? And so on.

The basics are not rocket science and there are only two key reports at the heart of this: the balance sheet and the income statement (aka the P+L).

They exist to answer two important questions:

What do I own and how much do I owe? This is what the balance sheet tells you. Think of it as a point-in-time snapshot.
How did I do in the last period? That is what the income statement tells you. Think of it as the story for how you got from last year to this year.

In this piece, we’ll look at the balance sheet, because I think it’s the one you need to understand to make sense of where shared ledger technology could be going.

And the good news is: a balance sheet is simple… it’s just a two column table:

You write all the things you own – your assets – in one column
You write all the things you owe – your liabilities – in the other column.
If you own more than you owe, the difference belongs to your shareholders: their “equity” is what makes it “balance”.
If you owe more than you own, then you’re bankrupt (“insolvent”):

A balance sheet only has two important columns: what you own and what you owe.

Let’s open a bank!

So now let’s imagine you’re ready to start your small bank, “GendalBank”. Your friends think it looks like a good bet so they’ve agreed to contribute towards the £1m you need to get it up and running in return for shares.

£1m to start a bank?! As you can tell, my example is going to be very unrealistic indeed…

It may be obvious but I’ll say it anyway: they have no right to ask for this money back… it’s not a loan. But if you closed the company down, anything that was left after you’d paid off all your employees, suppliers and lenders, etc., would be returned to the shareholders.

So what they really have is a residual claim on the company. That’s what equity is. And when you look at it this way, it’s obvious that equity is a liability of the company: GendalBank has an obligation to return what’s left over to the shareholders if it ever closes down.

So GendalBank has been set-up and the shareholders have handed over their £1m. How would we draw up a balance sheet to reflect all this?

GendalBank’s balance sheet after the shareholders have paid for their shares. (Pedants: please forgive me… I omitted the trailing apostrophe on “Shareholders’ funds”. I don’t have time to update ten diagrams… but I can assure you the mistake pains me more than you)

It’s as exactly as we’d expect. Your new bank has £1m in cash – maybe you’re holding it in a vault or perhaps you’re holding it at the Bank of England. But, either way, this cash is now GendalBank’s… it doesn’t belong to the shareholders any more; it belongs to the company. It’s the bank’s asset now. It can use that cash for whatever it likes. So we note it down in the assets column.

And remember what the shareholders have paid for: a residual claim on the company. Well, there are no other claims on the company right now, so we record a liability to the shareholders of £1m. If we closed down right now, they’d be entitled to be paid £1m.

It bears repeating: bank capital is a liability. And this turns out to be a really useful thing to know. Because it allows you to spot charlatans at a thousand paces… any time you hear somebody talking about capital as if it were an asset of the bank (“holding more capital” is a great giveaway) then you know they don’t know what they’re talking about…

(I can’t help thinking making statements like that opens me up for all kinds of ridicule when the faults of this piece are identified…)

Great… so now we buy some IT equipment and an office with some of that cash. So perhaps the balance sheet looks like this at the end of the first week:

We use some of the cash to buy some equipment and an office, etc

To keep things really simple, I’m going to assume the bank has no expenses. I did say this was a very unrealistic example! So we’ll assume we own the office and that there are no employees to pay. This is just to avoid having to look at the income statement for now.

And now we’re open for business… time to make some loans…

Bob walks in off the street and asks to borrow £100k because he’s planning on buying a very nice car at the weekend. He looks a trustworthy sort so we make the loan.

And now another really interesting happens: we create money out of thin air…

Our loan to Bob has created money out of thin air!

Now Bob hasn’t withdrawn any money yet – he’s not buying the car until the weekend, remember. But look at how counterintuitive the balance sheet has become.

Look first at the asset side: we still have £500k cash, of course: he’s not drawn anything out yet. And we see the £100k loan to Bob. That’s our asset since Bob is obliged to pay us back £100k in the coming months and years. That’s a valuable promise to hold – it’s an asset of the bank, for sure.

Aside: just as above, I’m making some massive simplifications here, not least that I’m completely ignoring interest rates and discount rates, etc. Humour me 🙂

And now look at the liability side: it records that we owe £100k to Bob. That’s fair enough. If he looks at his account, he’ll see £100k there that he can withdraw whenever he likes. As far as he’s concerned he thinks “has £100k in the bank”.

So we have £500k of our own cash – either in the vault or at the Bank of England. And Bob thinks he has £100k “in the bank” as well.

Hang on… what’s going on? Did we just turn £500k into £600k by updating a spreadsheet?! Or does this mean that £100k of the £500k is now Bob’s? Or what?

The way to understand this of course is to observe that the £500k is our asset , whereas the £100k is Bob’s asset – and our liability. They’re not the same thing at all and it makes no sense to compare them in this way.

And so here’s another way to spot a charlatan: if you ever hear somebody talking about bank deposits as if they’re assets of the bank, you know you can safely ignore anything that person says… As this example makes clear, bank deposits are liabilities… and you have to be careful around them… because customers have the annoying habit of asking you to give them the money so they can spend it on something. And, to do that, you’d better have enough cash (on the asset side of your balance sheet, remember) to be able to honour that request.

This is what people mean in this context when they discuss “liquidity” – do you have enough cash or stuff you can quickly turn into cash to meet withdrawal requests from your customers?

Aside: in many ways, this conundrum is the absolute heart of banking: how to manage the problem of issuing short-dated liabilities (e.g. demand deposits) whilst holding longer-dated assets (e.g. one-year car loans). There’s even a name for it: maturity transformation. It obviously relies on not all “depositors” wanting “their” money back at the same time and so is inherently unstable.

But it turns out we do have enough cash on hand. So we get to live another day.

And this could go much further…. We could make lots of loans. As long as not everybody wants to take out money at once, maybe we’ll be OK. Let’s imagine lots of other customers plan to make some big purchases in the future and borrow some money from us. This is what the balance sheet would look like immediately after we’d made those loans but before any of them had withdrawn any of the cash:

We make lots of loans and make the balance sheet bigger and bigger…

What happens if the people who borrowed the money from us want to draw out the cash? They presumably borrowed the money for a reason, after all…

Well, that’s probably OK too, at least in “good times”. Let’s say they ask to withdraw £5m between them. There’s the minor problem that we don’t actually have £5m in cash… we only have £500k. But that’s OK… provided we’re not bust – that we’re solvent – and people believe we’re solvent, perhaps we can borrow the cash temporarily from somebody else – maybe the central bank.

So that’s what we could do:

We borrow £5m cash from somewhere else and use it to pay the depositors who want cash. Notice “deposits” have reduced by £5m and loans from other banks have increased by the same amount. The asset-side of the balance sheet is unchanged in this example.

Of course, another thing we could have done was sell some of the loans to somebody else for cash. And that would have also reduced the size of the balance sheet… since we’d only have £5m loans remaining on the asset side.

But it’s counterintuitive, isn’t it? We set up a bank that is making lots of loans and we’ve not yet taken a single deposit!

Indeed, it’s even weirder… we’ve created deposits seemingly out of thin air by the very act of making these loans. Where else did Bob’s “deposit” come from except from the fact that we made a loan to him? And it turns out this is a really important point. The Bank of England, no less, argues that this mechanism is the primary way money is created in the modern economy. Everything you were taught at school about how banks need to take in deposits in order to make loans isn’t actually true… But let’s leave that debate for another day…

“Deposits”

I once wrote a piece explaining how payment systems work. I was blown away by the response: hundreds of thousands of hits, huge numbers of them from people at banks. Clearly: this stuff isn’t as obvious as perhaps it should be.

One of the key points I made in that post was the one I was hinting at above: it makes no sense to say you’ve “paid money into the bank” or that you have “money at the bank”. There’s no jar in the back office containing your money, with your name on the front. Instead, when you “deposit” money with a bank, what you are actually doing is lending it to the bank. It ceases to be yours and that cash becomes an asset of the bank. It becomes theirs, to do with as they wish. In exchange, they make a promise to you: to give you cash in the future if you ask for it. You acquire a claim on the bank.

So let’s see how that works. What happens if and when somebody finally does make a deposit?

Let’s imagine Alice has just sold her house for £500k and needs somewhere to park the cash for a few days:

We have an extra £500k on hand as a result of a £500k deposit from Alice.

So this works as we’d expect: we record the fact that we owe £500k to Alice – our liability – and that we have an extra £500k in the vault (or with the Bank of England) – our asset.

OK, OK, Enough! What does this have to do with distributed ledgers?!

Well done for getting this far. Why have I written so many words and laboured so many points? Because, and as I argued recently, we could be moving to a world where agreements and obligations between firms are recorded on a shared ledger at the level of an industry or market, rather than on private systems maintained separately by each of the players.

And, if this is true, we’re going to need to represent the idea that Alice has a £500k deposit at GendalBank or that Freddie has borrowed £500k from “OtherBank”. And this is only going to work if everybody building this systems has a deep, intuitive sense that “deposits” should be modelled as “claims against an identifiable entity” and that £500k at GendalBank is fundamentally different to £500k at OtherBank and so on. I think we need to be thinking in terms of a “four-column model” of “issuer”, “holder”, “assetID” and “quantity”:

Will the “four-column” model be the core data structure of the shared ledger world? (This is not an original idea to me: the concept is at the heart of systems like Ripple, Stellar and Hyperledger, amongst others)

Perhaps more importantly, once you start thinking about things in this way, it becomes possible to see the outlines of how the future state could work.

One can imagine a world where the bank still records that it owes some money to its customers but the shared ledger is the place that records precisely who those people are. This is fundamentally different to using the shared ledger as a mirror (or mirroring it to the bank’s own ledger) – it’s more akin to seeing the shared ledger as a partial subledger.

And it might perhaps be something that gets adopted to different degrees by different firms.

Perhaps GendalBank just uses the shared ledger to record some balances. So we update GendalBank’s system to say that it owes £5m to somebody but that it’s the distributed ledger that records to whom. And we see on the distributed ledger (above) that these people are Charlie and Debbie. So the total (£5m) is recorded in both places but only the shared ledger keeps track of the fine-grained detail. So it becomes a logical sub-ledger for some deposits (“DistLedger below) whilst the bank’s own ledger is used to record other facts.

Perhaps GendalBank only uses a shared ledger to record details of some accounts (“DistLedger”) and continues to maintain others locally.

OtherBank, by contrast, might go further and move pretty much everything to the distributed ledger – both records of its liabilities and assets. So OtherBank’s internal ledger is extraordinarily simple: it just records the value of assets and liabilities managed externally on the shared ledger:

OtherBank has “outsourced” or moved all processing to the shared ledger

So what?

Let’s look at the shared ledger again:

Imagine you’re Charlie. If you have the ability to read/write to this shared ledger, you could pay away your claim against GendalBank to any other user of that ledger without having to go through any of GendalBank’s systems. We’d have decoupled the deposit-taking and lending functions from the record-keeping, accounting, payment and trading systems.

If you were OtherBank, you could sell your loan to Freddie to somebody else and the business logic might move with the loan (the “smart contract idea): previously illiquid assets might become tradeable under this model. As I keep saying, this space is about more than just payments, after all.

Now, obviously: there is a lot of detail here that I’ve not even touched on. The reality is going to be so much more complex than this.

But hopefully this sketch shows some possibilities for where this could be going. And, like I said earlier, none of this will happen unless we get everybody to the same page with the right mental model for how banking works…

Appendix: Aside on Regulation… what stops us going completely mad with this?

I can’t write a piece on bank balance sheets without talking about risk. And a legitimate question is: if my analysis above about how loans are made and deposits are created is correct, what’s to stop us going completely mad and taking in huge amounts of deposits or making huge numbers of loans? Don’t irresponsible banks tend to get into trouble and need to be bailed out? Well, yes they do. And there are (at least) two very different things that can go wrong.

Illiquidity

The first problem banks can face is one of liquidity. Imagine lots of customers want their money back at once and the bank doesn’t actually have enough cash on hand. What happens?

As discussed above, the bank might be able temporarily to borrow the cash from somebody else. But what if nobody wants to lend it to the bank? They’d be suffering from illiquidity: the value of their assets exceeds their liabilities, so they’re not bust… but they can’t meet their obligations to repay people. Oops!

In most countries, the central bank will step in in such scenarios and temporarily lend the money to the banks. Indeed, we might say that the ECB’s “Emergency Liquidity Assistance” programme for Greek Banks was an example of this: on the assumption (pretence?) that the Greek banks weren’t bust, the ECB lent increasing amounts of Euros to the Greek banks to support deposit outflows.

From a regulatory perspective, rules such as the Basel Accord’s “Liquidity Coverage Ratio” is an attempt to force banks to hold enough cash (or cash-like instruments) on their balance sheet for forseeable withdrawals.

Insolvency

Another problem banks can run into is insolvency – being bust. It’s easy to see how this could happen:

Imagine that some of the people to whom you’ve lent money lose their jobs or their companies go bust and you suddenly realize there is no way they will ever be able to repay their debts to you.

Let’s say £2m of the loans you’ve written become unrecoverable. So you “write down” the loan book from £10m to £8m… since you now know you’ll only ever recover £8m.

Now your assets are worth £9.6m. But your liabilities haven’t changed. You still owe £10.6m to your customers and the banks you’ve borrowed money from.

You owe more than you own. Game over. Good bye. You’re insolvent.

Your losses on loans mean your assets are now smaller than your liabilities. You’re bust

But notice something really interesting…. If you’d only lost £500k on your loans, you’d have been OK because your assets (£11.1m) would have still been greater than your liabilities (£10.6m):

… but if you only lost £500k on the loans you’d have been OK

So you can lose some money on your assets and be OK. But if you lose too much, you’re in trouble. What determines how much you can afford to lose? The answer is capital – shareholders’ funds.

You got away with the £500k loss but not the £2m loss because of your capital. Your shareholders took the hit. Before the bad debts came along, their residual claim on the company was worth £1m. A £500k loss takes their claim down to £500k. But in the £2m bad case above, the loss was greater than the “loss-abosrbing” cushion of £1m provided by the capital and that’s why you went bust.

And so this is why regulators are so fixated on capital: the more the bank is funded by capital rather than deposits or debt, the more resilient the bank is when they make losses on their assets. Capital can be written down to absorb losses on assets in a way that debt can’t. It’s why you hear so much talk about “capital ratios” and the like: what percentage of your assets should be financed by capital rather than debt?

But notice: the bank is in no sense “holding” capital. You hold assets and capital is not an asset… Instead, think in terms of capital being a mechanism through which the bank is funded.

And these phenomena can interact: if you are illiquid, you might need to sell lots of assets a “firesale” prices, turning a liquidity problem into a solvency problem.

[Update 2015-07-05 My description of insolvency is *very* simplified, as Ken Tindell has noted here… https://twitter.com/kentindell/status/617719608875872256]

Posted by

gendal

Posted on

June 8, 2015

Posted under

Bitcoin, blockchain, replicated shared ledger

Comments

30 Comments

Towards a Unified Model for Replicated, Shared Ledgers

Don’t Say The “B Word”!

I’ve come to the conclusion that saying “blockchain” has become unhelpful. It just confuses people. It means too many different things to different people and so it’s almost impossible to have a conversation in this space without talking past each other. So, as I argued in this piece on permissionless ledgers and this piece on permissioned ledgers, it can be useful to talk in terms of replicated shared ledgers – since I think this gets to the heart of what unifies – and separates – these two worlds.

Shared: because multiple actors can read or write to different parts of the ledger
Replicated: because everybody who needs a copy can have a copy, rather than relying on a powerful central entity

In this piece, I try to bring it all together – to explain why we should be thinking about permissionless ledgers as a classic example of disruptive innovation and how I think banks could think about permissioned ledgers in the interim.

In what follows, I build up the model below from its constituent parts:

A unified model of permissioned and permissionless ledgers?

Permissionless Ledgers: Censorship Resistance

Let’s be clear: the breakthrough of Bitcoin was to create the closest system yet of “digital cash” – something that you can own outright and transfer to anybody else without permission. Its design flows naturally from that objective:

Bitcoin’s design follows directly from its objectives. Its replicated, shared ledger is designed to enable the existence of a censorship-resistant digital bearer asset

As I argued here, it’s little surprise that bankers and regulators look at it with deep suspicion! However, there’s a good reason why the smart observers aren’t dismissing it: censorship resistance implies an open, neutral platform that could be a driver of permissionless innovation:

Censorship-resistance enables permissionless innovation in digital ownership

So, it’s not a surprise that we’re seeing innovation and experimentation in the fields of value transfer – such as micro-micro payments (nanopayments?) for video content – and in the recording and execution of agreements. This is, almost but not entirely, exclusively being driven by people from outside the traditional financial sector. They’re taking a platform that is, in most meaningful ways, slower and more expensive than today’s financial system and using it for novel purposes.

I think the smart firms are keeping an eye on this because they know how stories like this end:

“Disruptive innovations usually find their first customers at the bottom of the market: as unproved, often unpolished, products, they cannot command a high price. Incumbents are often complacent, slow to recognise the threat that their inferior competitors pose. But as successive refinements improve them to the point that they start to steal customers, they may end up reshaping entire industries” (The Economist)

Permissioned Ledgers: Industry-Level Systems of Record

Notwithstanding the promise – or threat – of permissionless systems, I sense that many financial firms are looking closely at permissioned systems, by which I mean technologies that allow multiple firms to run a private, shared ledger of some sort. What most people fail to ask is: why?! If you don’t have censorship-resistance as your business objective, why are you looking at this space at all?

The answer, I argued, in this piece is that replicated, shared ledgers can also solve a different problem: if you’re in an industry where multiple firms all run similar systems to keep track of records (account balances? derivatives positions? orders?) then you’re probably carrying cost you don’t need: everybody is paying to maintain these duplicated, non-differentiating systems. And, because they’re all slightly different, you need to reconcile them with each other all the time to make sure they agree.

So the argument for applying replicated, shared ledger technology to this problem is that you could mutualise the cost of running and securing a single logical ledger, copied across your firms so you each have your own copy and so aren’t reliant on a powerful central entity for access. So nothing to do with censorship-resistance and nothing to do with cryptocurrencies. The idea, instead, is to move from each firm having its own systems of record to having systems of record at the level of the industry:

Is the promise of permissioned ledger the possibility of industry-level systems of record without a powerful central gatekeeper?

But we can take this thought-process further. Imagine such a platform existed: perhaps a replicated shared ledger that recorded all inter-bank balances or recorded all derivatives positions between firms. What we would effectively have is a transaction processing system for that industry: if we all agree that this shared ledger is authoritative for records (e.g. who owes what to whom) then could we not also agree that this ledger is something to which we could deploy code that describes our agreements? Could this industry-level ledger also host inter-firm business logic? How much cost and complexity might that remove from firms?

Is a common ledger between firms the enabler for a common transaction processing platform for an industry?

And this is where, I think, the two worlds – those of permissioned and permissionless ledgers – come back together:

Unifying the worlds of permissionless and permissioned ledgers

In the permissionless world, some of the most interesting developments are happening at the level of transaction scripting and smart contracts. The Ethereum project is the most obvious example, of course, but even projects like Streamium are showing how Bitcoin features can be used to create interaction models that simply aren’t possible on today’s financial platforms.

Similarly, and as I argued above, the driver of innovation on permissioned ledgers might be the migration of inter-firm business logic from individual firms to a shared ledger between firms: think of code that represents an agreement between two firms, that executes “on” a ledger, which can take custody of assets on that ledger and execute in response to external events: if both firms have signed it off in advance, suddenly they don’t need all the cost and expense of their own systems. I wrote about this idea in my piece on smart contracts.

So we see that the two worlds of replicated, shard ledgers – permissioned and permissionless – might actually be leading us to the same place: a world where business logic for money – automated fiduciary code, if you like – is deployed to a shared ledger and run autonomously.

Perhaps the permissioned and permissionless worlds aren’t as different as they seem?

Posted by

gendal

Posted on

May 12, 2015

Posted under

Bitcoin, blockchain, strategy

Comments

23 Comments

Blockchain is where banks have the most obvious opportunity. But you ignore Bitcoin at your peril

Nasdaq’s recent announcement shows you need a strategy for both

I have argued for some time that the world of “blockchains” is actually two worlds: the permissionless world of “bitcoin-like systems” and the permissioned world of “ripple-like systems”. The reason we so often talk about them together is because they share a common architecture: the “replicated, shared ledger”.

But they solve very different problems. Tim Swanson has written about the permissioned-ledger world and my last post gave an argument for why banks, in particular, should be paying close attention to them.

But this observation can be dangerous if people believe they are building a “blockchain strategy” for their firms when they are actually focusing only on the permissioned world.

As this exchange between Jerry Brito of Coin Center and Michael Casey of the Wall Street Journal shows, Nasdaq’s recent announcement of a blockchain experiment is noteworthy because they are explicitly building on Bitcoin, using a colored coins protocol, not on one of the permissioned/closed ledgers:

@mikejcasey are they using Bitcoin-inspired blockchain technology or "the" blockchain?
—
Jerry Brito (@jerrybrito) May 10, 2015

I have no inside information into this project. But it should give pause to any who had dismissed bitcoin-based platforms as being irrelevant to finance use-cases.

Forget Bitcoin at your peril?

As I argued in my last post, the world of permissioned ledgers is pretty easy to think about: if you’re in a market where multiple firms in the industry are all building and maintaining undifferentiated systems that do pretty much the same thing – and they have to be reconciled with each other – then it can make sense to replace them with a single system that you all share. But if you’re concerned about having a single central operator then these new blockchain technologies give you an option that didn’t previously exist: you can implement the common infrastructure on a replicated, shared platform that you all help secure/maintain and so mutualise the effort of maintenance rather than delegating it to a separate entity.

But, all too often, the analysis starts and ends there and disregards the “bitcoin-like” world. To see why this could be dangerous, we need to go back to the beginning.

The first nine words of the abstract to the Bitcoin whitepaper tell you everything you need to know to understand its architecture:

Everything you need to know to understand Bitcoin

“A purely peer-to-peer version of electronic cash”

Those nine words seem innocuous but they have profound implications and explain why so many people still steer quite clear of it. The key is “electronic cash”. What can you do with cash that you’d need to emulate in an electronic version?

First, cash is a bearer asset. The only way somebody can take away the money in my pocket is by confiscating it from me. Nobody in a central bank can “delete” my cash whilst leaving everybody else’s untouched.
Secondly, cash is a peer-to-peer instrument: I can pay you directly. There are no third parties we need to rely on, assuming we’re physically co-located

There’s a phrase for this set of requirements: censorship resistance. A true system of digital cash can only work if it is censorship resistant. And Bitcoin’s architecture does a pretty good job of achieving this through a very novel architecture. I sketch out some of the details for interested readers at the end of this article.

There’s just one tiny problem…

Censorship resistance is not an objective that is shared by most governments, regulators, banks or most individuals! No wonder there is so much controversy around the system. Perhaps it’s just easier for respectable firms to steer well clear.

And it gets worse when one observes that Bitcoin is worse than existing digital money in pretty much every significant way! It’s slower, it’s more expensive to operate, its value jumps all over the place and it’s really hard for consumers to use safely. So ignoring it is perfectly understandable.

But it could also be a mistake.

Permissionless Innovation

Because it turns out that censorship-resistance implies an even more interesting property: permissionless innovation.

“Permissionless innovation”—the general freedom to experiment with new technologies and business models—has been the secret sauce that fueled the success of the Internet and the digital economy

Think back to the design goal for the bitcoin system: electronic cash. And how that implied a need for a censorship-resistant bearer asset. These scary properties from a regulatory and banking perspective imply some very interesting properties from a technical perspective: this is the world’s first asset that can be held by anybody or anything and transferred to anybody or anything without needing permission.

Why could that be interesting? Let me sketch three simple scenarios:

The Internet of Things

How do you do KYC on a fridge? Do you really want your washing machine having your credit card details on file? Perhaps the future of machine-to-machine payments is one where the machines hold their own assets on an open system. Sure: you could build a permissioned payments system for device-to-device payments but the simplicity and open-access nature of Bitcoin could mean that it’s just easier to do it that way.

Firms for whom payments are a secondary concern

We often make the mistake of viewing this space through the eyes of incumbents. It can be useful to put ourselves in the shoes of others. For example, imagine you’re building a business for which getting a bank account and payment processing services would be difficult. Maybe you plan to operate in tens of countries. Or perhaps payments are a secondary concern for one of your use-cases… you just need a quick and easy way to make and receive payments. Sure… you could go through the process of getting a merchant account, signing up with a payment processor, proving compliance with various security standards. Or you could just use something with no barrier to adoption: bitcoin may have lots of problems but at least you can be up and running in seconds.

Second-order use-cases

Perhaps the most interesting future scenario is one where bitcoin isn’t used for payments at all. Instead, the security and censorship-resistance of its platform is seen as having value in and of itself – perhaps for notary services in the first instance – recording facts about the outside world – and so Bitcoin becomes nothing more than the token you need to own in order to purchase the services of the network. It becomes an app-coin, if you like.

Why we need to keep an eye on the Bitcoin world

I accept that none of these use-cases is particularly compelling as I write this piece. There are lots of great counterarguments for all of them. But that’s partly the point: if any of these were obvious, nobody would be dismissing it.

And this is why I find the Nasdaq example so interesting. Using the inherent security and open-access of the Bitcoin system to “carry” representations of real-world assets – “colored coins” – is an old idea*. And it also fits into my “second-order use case” category above.

Now, Tim Swanson and others have written convincingly about many theoretical issues with the idea but we now have a brand-name firm experimenting for real and we’ll hopefully all learn from the exercise in time.

So, sure: bitcoin raises all kinds of conceptual, legal, technical and philosophical questions. But it would only take one of these scenarios to drive some adoption and, very quickly, bitcoin might cease to be a sideshow. And, given that its core design goal of censorship-resistant digital cash has such disruptive potential – good and bad, this possibility alone is reason to keep an eye on it. Dismissing it entirely could be a big mistake.

Coda: How to build a system of digital cash

Note: you don’t need to read this section to understand the main argument of this piece.

Recall the implications of a true digital cash system: censorship resistance. This drives some very strong implications for anybody trying to design such a system:

First, you simply can’t have the concept of an issuer in such a system: the issuer could selectively choose to honour only certain claims.

So, if you can’t have an issuer of the currency on such a platform, it will have to be native to the platform. Hence Bitcoin as the currency unit and the interminable debates about why it has value and what that value should be, if anything.

If you want true electronic cash, there can’t be an issuer. So the asset has to be native to the platform

Secondly, you can’t have an identifiable operator or processor for such a system, either: they could choose to block certain transactions and their central database would be an obvious target for those seeking to exert control. So this means you need to have lots of actors providing the processing services and they need to be able to join and leave. And they probably also all need their own copies of the ledger – we can’t have a single central one, after all:

If you want true electronic cash, its ledger will have to be massively replicated and you’ll need a large pool of “processors”

Thirdly, you’ll need to pay the processors. You obviously can’t pay them with “real” money (since the issuer of that money could simply refuse to allow payments to be made to processors who refuse to co-operate with them). So you’ll need to pay the processors with the platform’s own asset:

If you want true electronic cash, the processors will need to be paid in the currency of that platform.

The breakthrough of bitcoin was figuring out how to put these building blocks together: how to ensure sufficient scarcity of the currency unit? How to keep the multiple ledgers synchronized? How to ensure the processors’ incentives are aligned with those of the users of the system? And so on.

There’s more than one way to talk about it

Of course, this isn’t the only way to think about the system. If you’re still interested, here’s my attempt to explain how it works by imagining how you could invent digital cash using an email system.

*Disclosure: I am an adviser to a colored coins firm (ChromaWay) in a personal capacity, albeit one that uses a different architecture to the one apparently being explored by Nasdaq

Posted by

gendal

Posted on

December 3, 2014

Posted under

Bitcoin, identity

Comments

24 Comments

Identity and The Blockchain: Key Questions We Need to Solve

What are the architecturally-significant use-cases for identity?

Some of the most interesting uses for cryptocurrency technology in finance are securities processing, supply chain finance and derivatives operations. These are areas where there should be almost total automation but there is, in reality, still large amounts of manual processing, rework, reconciliation, complexity and endless opportunity for confusion and dispute.

To help think about how blockchain technology could play a role, I suggested the “trust bundles” concept as a way to think about which aspects of a given business, such as securities exchange and settlement, could be moved onto a decentralized consensus system – and what benefits might accrue.

However, there’s a big problem that needs to be addressed before many of these opportunities become realistic. That problem is identity. The anonymity (or pseudonymity) of Bitcoin may be great for some use-cases but it doesn’t help a firm accused of paying a “crypto dividend” to a terrorist if they have no way of proving they didn’t!

So let’s imagine we’re living in the future… Smart property technology means that securities can be issued and traded on a blockchain-like system and smart contract technology has allowed us to move all derivatives contracts onto a global platform.

What identity problems would we need to have solved for that future to come true?

Smart Property Issuance

Imagine you’re an investor. You have a Smart Property wallet. Perhaps it contains multiple cryptocurrencies, some bank-issued fiat currencies and your equity portfolio, safely secured with a multi-signature scheme.

You decide you want to add some IBM stock to your portfolio. So you instruct your wallet to place an order on a decentralized equities exchange.

What do you place the order for?

What do you physically type into the user-interface to tell it you want IBM stock and not somebody else’s stock?

It would be nice if you could simply type “IBM”.

But how would that work? We’re in a decentralized world, remember. We’ve “unbundled trust”. So how should the wallet interpret “IBM”? Which asset on the decentralized ledger represents the “real” IBM? A Namecoin-like system doesn’t help if a “cryptosquatter” took the IBM name before the real IBM did.

And, in any case, what do you mean by “IBM”?

Intuitively, you probably mean something like: “The big American IT company based in Armonk, New York that had 2014 revenues of about $100bn and is a component of the Dow”. Or something like that. But how to capture that intuition in a way that a decentralized network can interpret?

And how to distinguish the security you want from something similar (and legitimate) issued by somebody else? And, of course, how to distinguish it from a security issued by a fraudulent third party who is trying really hard to fool you into buying their product?

In a pseudonymous world, how do I distinguish “real” blockchain assets from scams?

One really unimaginative way would be to do what we do today: just decide to trust somebody to do the mapping for you. Tell your wallet that you trust Bloomberg or Markit, say, to maintain a directory and you’re done. This would be an oracle service, in effect.

But this is a new point of centralization. Whoever controls that list can extract a rent and they are a source of risk: what happens if their database gets hacked or a rogue employee changes the records? Maybe having multiple oracles is the way forward.

Alternatively, perhaps we can use the internet X.509 Certificate system as a model. But even that would require some thought: you don’t want your webmaster issuing a $1bn bond!

What does it mean to be an issuer?

But we also need to think about it from the perspective of the issuer and this is altogether more difficult. To keep things interesting, let’s use a currency example this time.

Imagine we’re still in the future and I am a customer of Citi with a $1M balance. I could ask Citi to issue a token on the blockchain representing this balance and send it to my wallet. My balance in my Citi account would be converted into ownership of a token representing $1M USD. (I shouldn’t need to state it but I will: I chose Citi purely as an example. I have no insight into their plans, if any, in this space!)

Richard is a Citi customer. Citi converts Richard’s balance into a “CitiUSD” token on a blockchain and sends it to Richard’s “1RICHRD” address

So I would now be a holder of a 1M CitiUSD token, owned by my “1RICHARD” address. Note that this is essentially what happens when I use a gateway on the Ripple system but let’s assume we’re on a blockchain system for now to keep things consistent.

Aside: imagine if all banks did this… we could have CitiUSD, ChaseUSD, BarclaysGBP all issued on the same platform. Perhaps they’d trade at different prices based on market perception of their credit-worthiness? Prices as a function of CDS spreads perhaps?

Now, Citi would know exactly who I was: I was already a customer, remember, and they needed to know my blockchain address to issue the token to me.

But think about what happens next. I now have full control of this token.

So I could send it to anybody else in the world. And that person would now own a token representing a claim of $1M against Citi. Let’s imagine I bought a house from Charlie and paid using my CitiUSD tokens, sending them to his blockchain address, 1CHRLIE

I “pay” Charlie with my CitiUSD tokens. So Charlie now owns the claim on Citi. But Citi had no part in this transaction…

What would Citi think about this? Who is “1CHRLIE”?? Are they already a customer? If not, how do they know if “1CHRLIE” is a “good guy” or not? Is Citi obliged to pay $1M upon presentation of the token?

More trickily, what happens if the token has passed through the hands of a “bad guy” at some point between issuance and redemption? Sure – the initial owner of the token might be OK – and the person presenting the token some time later for redemption might also be OK. Perhaps we do know that 1CHRLIE is Charlie and that Charlie is a Chase customer and we’ve doubled checked with Chase. But do we need to know who has held the token in the intervening steps?

Do we need to know the identities of everybody who has ever owned a token?

What if one of the intermediate owners was 1TRRST, aka “Terry the Terrorist”?

You can be pretty sure we do need to know something about them. Good luck if you try to tell your regulator that these tokens are “bearer assets” that are morally equivalent to cash!

So, leaving aside the possibility that we just don’t go down this road at all, what are some of the options for making this work?

I think there are two broad options:

Option 1: Ex-Ante Prevention – The Issuing Bank “Co-Signs”

This option is pretty simple. You change the model so that these assets are not bearer assets. Holders of Citi tokens need to get Citi to co-sign any blockchain transactions that move the asset. So Citi gets the chance to vet the recipient and check they’re happy owing them money. You can think of this as “ex ante prevention”. It would work, of course, but it would heavily constrain the usefulness of such a system.

Option 2: Ex-Post Prevention – The Bank Won’t Pay Up Unless You’ve Behaved Yourself

This option is more interesting. You can send the token wherever you like, but if you want to redeem the token for real USD, the bank will ask you to prove that everybody who ever owned it was a “good guy”. If you can’t prove a clean ownership history then the token is worthless; the bank won’t pay up.

Leaving aside the question of what we mean by “good guy” and the natural worry that this could give banks an excuse to renege on their commitments, how might you do it?

First, let’s cover off the obvious option. The obvious option is simply to say: “We’ll only redeem a token if its ownership chain consists only of Citi customers”. Or perhaps you could extend it and say: “We’ll only redeem a token if its ownership chain consists of customers of the following banks”. The latter approach might pave the way for an industry “register” that maps bank identifiers to blockchain addresses. Again, we’re back to centralization and the very real risk of a “balkanization” of the system: you would effectively have “white” addresses and “black” addresses – those that can hold banking-system assets and those that cannot.

If several of my readers are about to explode in outrage, bear with me because this isn’t what I’m proposing…. Happily, there could be another way.

“Identity is the New Money”

I was fortunate last week to attend Consult Hyperion’s “Digital Identity” unconference at Barclays Bank’s “Escalator” venue in East London. Our host, Dave Birch, encouraged the audience to really exert themselves to think deeply about questions of digital identity. It gave me the motivation I needed finally to read his book, “Identity is the New Money”. I recommend it. It’s short, snappily written and made me think.

One of his key themes is that we’re thinking about identity all wrong. Most of the time we think we need to know who somebody is, what we actually need to know is something about them:

A bartender doesn’t need to know your name; they just need proof you’re over 18.
A UK doctor doesn’t need to know what town you were born in to know if you’re entitled to free healthcare.
… and so on

Similarly, and at a very conceptual level(!), what an issuer of USD tokens on a blockchain needs to know is probably something like:

The actor who controls an address is a legal person…
… and this person has a US bank account…
… and somebody has studied this person’s identification documents closely and has no concerns about them…
… and whoever is making these statements about them is trusted by the issuer of the tokens (say Citi)

Now, I say “conceptual”, because AML, KYC and CDD regulators might not see things this way yet but let’s keep going…

What these concepts all have in common is that they have this idea of a “certifier” – somebody or something that:

Is trusted by the issuer
Ties something I have (my face or my blockchain address) to something I am (“over 18”, “a holder of a US bank account”, etc)

If you trust the certifier then you can trust that somebody proving ownership of the face or the address is over 18 and a holder of a US bank account, etc.

What does a bank need in order to be satisfied?

So now let’s return to our currency example. Remember the problem we’re trying to solve: If I am Citi, I want to be sure that anybody who has ever held one of my tokens is somebody I am allowed to transact with.

So how could we achieve this without a centralized database? Well, imagine Charlie is a customer of Chase.

Let’s assume Chase knows who Charlie is and is satisfied that Charlie is a good guy.
So if Charlie can prove to them that he controls a particular blockchain address, they might be willing to issue him with a “certificate”
This certificate might say: “I am Chase. Here’s my proof. I know who is the owner of address 1CHRLIE…. That person is a US Citizen and, as of 3 December 2014 was a retail customer, with a good account history and no warning signs on his account”

And perhaps I could get a certificate from Citi that says they think I’m a “good egg” and one from the UK government confirming I’m a UK citizen:

Could asset issuers use certificates from third parties they trust to satisfy their regulatory and other “client due diligence” requirements?

So now we have something really interesting.

An issuer can set down their conditions when they issue the asset. They could say something like: “I will redeem this asset at par if the redeemer can prove that they and every intermediate owner was a US citizen with a KYCd US bank account. I will accept proof from any FDIC insured bank”.

So if I was considering buying a CitiUSD token from somebody, I no longer care who they are. I just care that they possess one or more certificates that comply with the conditions that were specified in the definition of the asset. My wallet software could even check it automatically for me.

And when somebody wants to redeem the token, they simply return it to Citi, with the chain of certificates and Citi can immediately tell that the token has only been in the hands of people with the attributes it specified. No need to reveal my identity to anybody and no central third parties we need to trust. If somebody does need to figure out the identity, they can get a court order and the certifier will reveal it.

Reality is more complex. In particular, how to stop a black market in certificates? e.g. a “mule” obtains a certificate for a blockchain address and then turns over the certificate and the address’s private key to a bad person. A difficult problem to solve but probably not unsurmountable.

But the underlying principle is absolutely crucial: if we’re moving to a world where trust is unbundled and control is decentralized, we need to rethink identity. Anchoring it in a diverse set of “certifiers”, who attest to the linkage between something I have (a blockchain address? My face?) and something I am (British, Over 18) surely has to be the way forward.