A simple model to make sense of the proliferation of distributed ledger, smart contract and cryptocurrency projects

Just when I think I understand the cryptocurrency/block chain space, I realize I didn’t understand anything at all

Four recent events have made me realize that I don’t understand this space anywhere near as well as I thought I did.   But that’s good: it means I’ve been forced to come up with a new mental model to explain to myself how all these projects relate to each other.

TL;DR: the two questions to ask about a “fiduciary code” requirement are: who do I need to trust and what am I trusting them about?

Who do I trust

A simple model to capture the essential differences between some consensus platforms

The rest of this article describes the four events that influenced me to draw it.

Event 1: Nick Szabo’s “The Dawn of Trustworthy Computing” Article

In his recent article, Nick Szabo introduces two really helpful terms to explain what makes systems like Bitcoin particularly noteworthy.

  • First, he talks about “block chain computers”. He defines these as the combination of the Bitcoin consensus protocol and strong cryptography to create the unforgeable chain of evidence for all data stored in the block chain data structure.   I think this formulation is useful because it shines a bright light on an obvious, but often overlooked fact: a “block chain” is just a data structure, utterly useless on its own. What makes the Bitcoin blockchain remarkable is the network of computers – and protocol they follow – that makes it so hard for any single actor, no matter how determined, to subvert it.
  • Secondly, he talks about “fiduciary code”: the code in an application that needs to be the most reliable and secure. For example, in a banking application, this is likely to be the core ledger: who owns what. He points out that a secure block chain computer is an extremely expensive piece of kit: you should only use it to secure that information that really needs it.

Event 2: Albert Wenger’s “Bitcoin: Clarifying the Foundational Innovation of the Blockchain” Article.

In this piece, Albert Wenger makes a really obvious-in-hindsight point: Bitcoin-like block chains are organizationally-decentralised – no one organization can control it but the entire point of the system is to build and maintain a logically-centralised outcome: a single copy of the ledger, which everybody agrees is the true single copy.

ArthurB uses the term “decentralized mutable singleton” to capture the same idea, I think.

And he echoes one of Szabo’s implicit points: a “block chain” is not something of value in and of itself. This insight is also important because it edges us further away from the idea that “decentralization” is some sort of end-goal or absolute target. I made a similar point in this piece on the “unbundling of trust” but Albert and Arthur have captured the key point far more succinctly.

Event 3: The Eris Launch

On Wednesday this week, Eris Industries held the launch event for their new platform. Tim Swanson has done a good job summarizing the Eris concepts. (Disclosure: I was invited to, and attended, the launch).

I’ll admit I still don’t fully understand it. But the general picture that’s forming for me is of a platform that allows you to build and maintain one of these “decentralized mutable singletons” but to specify precisely who is allowed to update it and under what conditions.

In essence: take the idea of a shared common state (Albert’s Arthur’s “mutable singleton”) but relax the constraint that the maintenance of it necessarily happens in a fully public, adversarial environment, for which something like a proof-of-work system may be required, and allow for the idea that the participants might be known.  [EDIT wrong name!]

Fine… but I think the Eris insight is where they go next. They suggest that if you had such a system then you might also be able to distribute the processing of application logic more broadly, too. And I think it’s the application logic they’re most interested in. Their documentation is full of talk of “smart contracts” and it’s perhaps no surprise that their founders are lawyers. In fact, maybe that’s why I don’t understand it as well as I’d like: lawyers just seem to speak differently. Maybe I need a translator.

And to be clear, the part I don’t fully understand just yet is why you need a “block chain” as the underlying data structure in this model, rather than something based on more general-purpose replicated database technology. But this may turn out just to be an implementation detail: so let’s see how they get on over time.  There seems to be a lot of content, reflective of a lot of thought, on the various Eris sites.

Event 4: I looked at HyperLedger in more detail

I had reason to look at HyperLedger this week and, combined with my study of Eris, it was this event that finally convinced me that my mental model of this space was far too simplistic.

Hyperledger calls itself an “open-source, decentralized protocol for the recording and transferring anything of value”. This is a bit like how I might have described Colored Coins or Ripple to people in the past.

But what makes Hyperledger different is that they allow the creation of multiple ledgers (one per asset per issuer) and each ledger can be configured to have different consensus rules – you don’t have to make the assumption of an adversarial open public environment… so some similar assumptions to Eris here, but with a ledger designed to track assets rather than business logic/contracts.

Where is this heading?

So I spent some time this evening trying to piece all of this together in my brain.

I’m pretty sure these projects all sit in Szabo’s “Fiduciary Code” space: they only really have value or make sense if the facts they’re recording are really important!

But they make different assumptions about the threat model they face – and some of these assumptions are very different to the ones against which Bitcoin was designed.  And they’re different to the assumptions underpinning some other prominent platforms, such as Ripple, which, through its use of validators and “Unique Node Lists” has a model, whereby you trust a set of known entities who, in turn, trust some other entities, and so on.

In addition, the facts these systems are recording are very different: ownership of a real-world asset on Hyperledger is different to ownership of a bitcoin on the Bitcoin ledger; a ledger-native asset has no counterparty risk, whereas a real-world asset needs an identifiable issuer. And they’re both different to a platform that potentially executes legal contracts.

So I tried to think of dimensions along which you might be able to classify these projects… and I came up with too many.

But it’s almost Christmas and I’m not to be deterred!   Is it really too much to ask for a model with just two dimensions, that doesn’t require a 3-D screen to render?! So I kept on going. And, finally, came up with something that looks so trivial, I worry it may be content free.   But here it is anyway.

I think the two dimensions that help me think about these projects are:

  • “Who do I trust to maintain a truthful record?”; and
  • “What do I need the record to be about”?

Here is the model I came up with.   It’s obviously not complete and you could put some projects in multiple boxes… but I think it captures the key distinctions.

Who do I trust

Another way to think about the increasingly confusing cryptocurrency/Block Chain space

But this is just a view. I’d really value comments… especially if I’ve missed something really obvious.

[UPDATE 2015-01-08 DISCLOSURE: Since publishing this post, I have become an advisor to HyperLedger, in a personal capacity]

Ripple is hard to understand, but it’s worth making the effort: there’s a deep insight at its core

Ten dollars in your pocket is not the same as ten dollars in the bank and neither are the same as a ten dollar credit on your electric bill or the ten dollars your friend owes you. Ripple is simply a manifestation of this insight.

I spent a couple of hours at the Startupbootcamp Fintechathon last weekend. I was there to share ideas on what types of finance problem are a good fit for block chain solutions – and which ones might be best solved using other techniques.

When I arrived, the audience were deep in videoconference with Ryan Terribilini of Ripple Labs. I thought he did a great job of answering their questions about Ripple and I decided it was time I finally tried to get my head around it.

The conclusion I have come to is that Ripple is built on a really deep insight:

Not all dollar, euro and sterling liabilities are the same.

And Ripple is nothing more than a platform that makes this insight explicit.

Here’s how I finally wrapped my head around Ripple

I wrote a piece last year about how money moves around the banking system. I wrote:

Perhaps the most important thing we need to realise about bank deposits is that they are liabilities. When you pay money into a bank, you don’t really have a deposit… you have lent that money to the bank. They owe it to you.  It becomes one of their liabilities. That’s why we say our accounts are in credit: we have extended credit to the bank.  Similarly, if you are overdrawn and owe money to the bank, that becomes your liability and their asset.

I then explained how the payment system is really little more than a bunch of systems for transferring these obligations around.  Where Ripple encourages us to think more deeply is about whose obligations they are.

Imagine I owe my friend Bob £50 and that we are both customers of Barclays bank. When it’s time for me to pay him back, I instruct a “transfer” online. I tell the bank to reduce what they owe me by £50 and increase what they owe to Bob by £50. The bank remains flat… the only difference is to whom they owe the money.

This is the same story I told in my piece about the payments system.


Richard and Bob both trust Barclays as an issuer of pounds. So Richard can pay Bob by transferring the money inside Barclays

But think about just happened:

  • Before the transfer, I owed £50 to Bob.
  • After the transfer, the bank owes £50 to Bob.

Bob still doesn’t have the £50 in his hand… all that’s happened is that somebody else now owes him the money.   But this is just fine for Bob…. He trusted me to owe him the money and he also trusts his bank to owe it to him.


Bob previously had a £50 “asset” issued by Richard. Now he has a £50 asset issued by Barclays. Richard’s debt to Bob is settled and Bob is happy.

OK – so that’s obvious, perhaps.

But notice how it only worked because Bob trusted both me and the bank.

And also notice that he doesn’t trust us in the same way.   He’d probably be quite happy to have thousands of pounds in his bank account. I suspect he’d be very uncomfortable lending me more than £50.

Not all dollar, euro or sterling asset deposits are the same!  It matters who issues them.

It is highly likely that Bob prefers to be owed money by his bank than by me. £50 owed by me is not the same as £50 owed by the bank.

And this is the Ripple insight.

This is a really powerful observation

Imagine now that the situation is a little more complicated.  Bob and I are sitting in a café. I don’t have any cash and Bob can’t remember his account details. How am I going to pay him?  A Barclays transfer isn’t going to work.

Out of the corner of my eye, I see that the café sells prepaid debit cards. Excellent! I use my own debit card to buy a £50 prepaid debit card and hand it to Bob.   My debt is settled, right?

Not so fast….

What makes me think Bob would be happy to accept a prepaid debit card from an issuer he’s never heard of? Are they insured? What happens if they go bust before he can spend the cash?

£50 on a prepaid debit card is not the same as £50 in cash or a £50 IOU from a friend or £50 owed by Barclays bank.   And it is Bob’s choice whether to trust that card.

It turns out that Bob doesn’t trust this card… So we have a problem. I don’t have his bank account details and he won’t accept a prepaid debit card. How am I going to pay him?

Conveniently for my story, it just so happens that my friend Carol is sitting at the table next to us. Bob doesn’t know Carol so I introduce them to each other.

It turns out that Carol is trying to buy some goods online and has forgotten to bring her credit card. The goods cost £50 and she just happens to have £50 in cash in her purse. (It really is a most amazing coincidence…)

So the situation is something like the diagram below. We see that I have nothing that Bob will accept as payment but that Carol might be able to help us bridge the gap. (I’ve added some detail to show that each person might trust each issuer to different extents – it’s not a yes or no question)


How can Richard pay Bob when there are no issuers of pound sterling that Bob trusts that Richard is able to use?

Here’s what we could do: I could give Carol the prepaid debit card (she needs something she can use online and the £50 balance is well below the £1000 limit that she is willing to trust the card company for) and she can then give the £50 in cash to Bob. Bob is happy to take the cash: he also trusts the Bank of England, the issuer of the notes.

Great: Bob now has £50 issued by somebody he trusts. I’ve managed to pay Bob what I owe him by enlisting the help of a prepaid debit card provider and Carol… even though Bob didn’t trust the prepaid debit card and he doesn’t even know Carol.


Richard can pay Bob by “rippling” his transaction through multiple issuers and intermediaries, finding a route of trust that wouldn’t have been possible otherwise.

Yes, yes, I know…. It’s an utterly contrived example.  But it makes the point: not all pounds, dollars and euros are the same. It all depends on the issuer: when we open a bank account in the UK, we’re saying we trust that bank to issue GBP liabilities to us.     When we lend £50 to a friend, we’re saying we trust that friend to issue GBP IOUs. And we all trust different groups of issuers and to different extents.

So how does this relate to Ripple?

The answer is that Ripple is a general purpose ledger and payment network based on the key insight that when you try to pay somebody, it’s only going to work if they end up with an asset that was issued by an issuer they trust.

In our case, Bob trusted me, he trusted Barclays and he trusted the Bank of England. But he didn’t trust the prepaid debit provider and he doesn’t trust Carol – so a £50 balance issued by the prepaid debit card provider was never going to satisfy Bob.

But, because Carol and I both trusted the prepaid debit provider and both Carol and Bob trusted the Bank of England – and Carol actually had some notes issued by the Bank of England in her purse – I was able to settle my debt to Bob by routing it through the prepaid debit card provider and through Carol.

The lesson of all this is that if you’re going to build a system that represents real-world currency balances and make payments between them, you really need to think about who issues those balances.

And once you get this point, the point of Ripple becomes clear:  it’s a way for one person to hold funds issued by issuers he or she trusts – and to pay anybody else by transforming those funds into balances issued by issuers that the recipient trusts.

Sure – there’s more to it than that…. But once you get the idea that any individual participant will only trust balances issued by certain issuers, the whole point and design of the network becomes clear.

But this isn’t really about Richard, Bob and Carol: think about the banks themselves and major corporations

The example in this post feels contrived, because it is.  But imagine you’re a major bank.  You have precisely this problem: you have correspondent banking arrangements around the world.  You have separately capitalised and regulated subsidiaries around the world.  And you need to make payments to people and firms all over the world on behalf of yourself and on behalf of your customers.

You need to keep track of balances issued by hundreds of legal entities around the world and need to instruct transfers and exchanges thousands of times per day.

Today, you do this through correspondent banking arrangements, the SWIFT network and multiple other intermediaries and communication platforms.

If I understand the vision correctly, Ripple sees itself as a universal, distributed ledger for simplifying and rationalising this complicated landscape.

Will it work? Will the banks and major firms adopt it? Who knows. But the underlying insight is deep and it feels like they’ve figured out something that is important.

Postscript: What about Bitcoin?

It amuses me when I see Bitcoin and Ripple discussed in the same context because, for me, they’re completely different.   The core of Bitcoin is all about building a trust-free decentralized transaction ledger for tracking the ownership and transfer of scarce tokens – Bitcoins. And the whole point of Bitcoins is that they are counterparty-risk-free assets: my Bitcoin is not somebody else’s liability.

By contrast, Ripple is all about dealing with assets that are somebody else’s liability. So the focus in Ripple is on representing liabilities issued by identifiable issuers and enabling them to be transferred between individuals on a network.

They share some similarities but they’re not the same thing at all.