SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
First presented on June 27, 2015 for Blockchain University hosted at PricewaterhouseCoopers in San Francisco. [Video: https://www.youtube.com/watch?v=8-OxnJip-bA ] Additional notes, references and citations are in the comments of each slide. I would like to thank Arthur Breitman, Richard Brown, Alexandre Callea, Pinar Emirdag, Andrew Geyl, Dave Hudson, Hyder Jaffrey, Yakov Kofner, Antony Lewis, Todd McDonald, Piotr Piasecki, Robert Sams and John Whelan for their feedback.
I would like to thank Arthur Breitman, Richard Brown, Alexandre Callea, Pinar Emirdag, Andrew Geyl, Dave Hudson, Hyder Jaffrey, Yakov Kofner, Antony Lewis, Todd McDonald, Piotr Piasecki, Robert Sams and John Whelan for their feedback.
Original images from Dilbert.com Derivatives: https://twitter.com/jgarzik/status/598864366272806913/photo/1 And: https://twitter.com/jackgavigan/status/584413841649491970
In theory, Ripple and Stellar would meet the criteria for “permissionless.” In practice however, they currently whitelist and blacklist validators so it is technically permissioned as are the other projects on top of it (as there is no defined KYC/KYB procedure (yet) the process is de facto because a node is only listened to if other nodes trust it, the process requires a public identity).
As one reviewer noted, Ripple and Stellar: “Are kind of a hybrid between permissioned and permissionless. In essence, they are both entirely open. Anyone can operate a node and submit transactions, although the validators are likely to be known entities. Every single wallet has the capacity to issue any asset they want into the network. But each wallet that is created comes with a set of configuration tools where the holders of its issued assets can be very tightly controlled OR not controlled at all. Nobody can stop anyone from using Ripple. Nobody. But banks will KYC all their users just like they do today.”
As far as SKUChain goes, according to Zaki Manian, it’s co-founder: “While permissioned Proof of Work is adequate, permissioned byzantine agreement protocols are an enhancement and clearly necessary for running these systems at scale. We think that adopting a BGA protocol for a permissioned ledger is probably a premature optimization relative to figuring out how to make find applications for distributed ledger technologies and then creating ledgers that are sufficiently expressive to capture them.”
Source on Codius: https://bitcoinmagazine.com/20985/ripple-discontinues-smart-contract-platform-codius-citing-small-market/ And: http://hyperledger.com/posts/2015-06-25-hyperledger-acquired-by-digital-asset-holdings.html MultiChain, see page 5: http://www.multichain.com/download/MultiChain-White-Paper.pdf
Thanks to Yakof Kofner for his feedback on this slide.
Santander report: http://santanderinnoventures.com/wp-content/uploads/2015/06/The-Fintech-2-0-Paper.pdf Deutsche Bank report: http://www.dbresearch.com/PROD/DBR_INTERNET_ENPROD/PROD0000000000299039.pdf Celente: http://www.celent.com/reports/it-spending-banking-global-perspective-2
Nakamoto was not trying to solve problems for financial institutions. In point of fact, Bitcoin was purposefully designed not to interface with trusted third parties. To enable part of this design, trade-offs were made. Maintaining a decentralization network with Sybil protection has a different cost structure than other less decentralized methods.
One reviewer had an alternate view: “I'm not really sure which is the priority at the moment. Definitely all crypto systems are against Sin of Commission - you can't forge a transaciton unless you steal someone's key. I would personally see Deletion as harder than Omission, since once something gets into a ledger and has enough confirmations, it is pretty much impossible to reverse at the moment. Omission on the other hand is fairly straightforward for pool.”
One other challenge for DLT as shared infrastructure (pipes and storage), if goal is to avoid introducing a controlling central party again, how could governance (for directional drive, Service levels, change management, etc.)?
Special thanks to Hyder Jaffrey and Alexandre Callea for their feedback.
Personal correspondence, June 25, 2015
From Ernie Teo: Miners’ Incentives and the Decentralized Network
The Distributed Ledger
Who is developing shared, replicated ledgers and why
• Characteristics of a distributed ledger
• Motivations for building non-proof-of-work ledgers / private blockchains
• Known, trusted parties versus unknown, untrusted parties
• Unclear governance
• Scalability challenges
• Disproportional rewards from metacoins
• Where has VC funding gone?
• Opportunities for professional service firms
Questions to consider this session
• What are the design assumptions and goals for using new
• What are the client business requirements?
• Are entities and actors on the network known or unknown, trusted or
• Who is allowed or not allowed to validate transactions?
• e.g., mintettes as defined by Laurie (2011) and Meiklejohn (2015)
• Are the validators spread around globally?
• Is communication between them synchronous or asynchronous?
• Are faults tolerated? How are Byzantine faults handled?
• What type of consensus is needed? Or none at all?
Why distributed ledgers?
• There are many reasons for why companies, institutions and
organizations are interested in shared, replicated ledgers and
disinterested in Bitcoin (or bitcoin) itself
• What do financial institutions want?
• Cryptographically verifiable settlement and clearing systems that are globally
distributed for resiliency and compliant with various reporting requirements.
• What don’t they need?
• Censorship resistance-as-a-service and artificially expensive anti-Sybil
Permissioned distributed ledgers / blockchains
• Blockstack (formerly CryptoCorp)
• Ldger (formerly Tillit)
• Hyperledger (acquired by DAH)
• Eris Industries
• Tembusu (TRUST)
• Guardtime (KSI)
• SKUChain* (PurchaseChain/PPOW)
• MultiChain* (Coin Sciences)
• Ripple* (discontinued Codius)
• Stellar* (potentially with their new SCP)
• Traditional tech enterprises as well (e.g., IBM)
Each is targeting different use-cases
• Syndicated loans
• Trade finance
• Supply chain provenance
• US Treasury repo
• Clearing / settling OTC derivatives and FX
• Cross-border payments
• Identity / data authentication
• Private stock / equity issuance
• Commonality: participants in these networks – including the validators
themselves – are known (via KYC or KYB) and have legal or contractual obligations
with other participants
What attracts or repels use-cases?
• Folk law: “Anything that needs censorship-resistance will gravitate
towards censorship-resistant systems.”
• Sams' law: “Anything that doesn't need censorship-resistance will
gravitate towards non censorship-resistant systems.”
• Banks are currently focused on: fulfilling compliance requirements,
reducing cost centers, downscaling branching and implementing
digital channels. None of this requires censorship-resistance.
What is one opportunity for professional service
firms that rely on consulting, accounting and
Finding ways to reduce cost centers for
• According to Deutsche Bank in 2012:
• “Measured as a percentage of revenues, financial services firms spend more on IT
than any other industry. Banks’ IT costs equal 7.3% of their revenue’s, compared to
an average of 3.7% across all other industries surveyed”
• According to a 2015 report from Celente:
• “Total bank IT spending across North America, Europe, and Asia-Pacific will grow to
US$196.7 billion in 2015, an increase of approximately 4.6% over 2014.”
• According to a 2015 report from Santander:
• “[D]istributed ledger technology could reduce banks’ infrastructure costs attributable
to cross-border payments, securities trading and regulatory compliance by between
$15-20 billion per annum by 2022”
• “One important issue for accountants: as these technologies are
implemented; settlement, records are all on a blockchain;
accountants will need to learn how to audit records on shared,
replicated (permissioned) ledgers. For financial services to implement
these technologies; auditors who already audit infrastructures like
CLS, DTCC, custodians, and banks, will need to be ready for the future.
If they can't audit, nothing can happen. So they should be prepared.”
- Pinar Emirdag, Managing Director at Hupomone Labs
What about proof-of-work-based
Blockchain does not mean Bitcoin
• Many VCs, reporters and Bitcoin entrepreneurs are ‘talking their
book’ and ‘revising history’ when they euphemistically equate a
blockchain solely with Bitcoin
• Nakamoto-style consensus is just one way to “skin a consensus cat”
• Over 30 years of academic research on Merkle roots, hash-based
storage and arriving at consensus in distributed computing
• Technology is iterative and Bitcoin may just remain a proof-of-concept
due to its limitations and primary focus on being censorship-resistant
above all else
Needing a token is likely a red herring
• Energy conversion (mining) may only be a requisite if validators are
unknown and untrusted; staking and surety bonds may be an alternative too
for a public network
• There are other methods of securely validating transactions based on
different design goals and assumptions that do not involve burning coal in
China or running a consumer device-based Tom Sawyer botnet
• In general, why don’t permissioned shared, replicated ledgers necessarily
need a token?
• Because they incentivize security through legally binding contracts with
validators whom have real-world identities and reputations
• Validation on proof-of-work networks involves actors who are – in the
design model – not contractually obligated to fulfill a terms of service (using
the network is caveat emptor); the marginal costs on a public network are
higher and thus the compensation model has to be different
Why not (re)use one communal chain for
• For the same reason organizations use different types of airplanes, boats and
automobiles – they have different needs and business requirements.
• Blockchain size is an ongoing challenge to the “one-size fits all approach” that will be
discussed later below. Impacts other chains too: Ethereum testnet is already at 30 GB,
Bitcoin mainnet is 36 GB.
• And because as more value is added to a public blockchain, the more
incentives there are to attack it without going through the fan fiction Maginot
Line narrative (brute force by hashrate).
• Because of increased block maker centralization it is much easier to use other
techniques (rubber hose cryptanalysis, denial-of-service) to disrupt
• Blatant bribery / hacking of pool
• ‘An attacker can sniff the cleartext credentials in the “mining.authorize” message, credentials may
be used elsewhere across the internet and may lead to account compromise’
• Canadian router hacked via Border Gateway Protocol fooling miners ($84,000 stolen)
Bitcoin’s lack of contracts and terms of service
(done by design)
• In the event of a block reversal or censored
transaction, there is no terms of service that mining
pools (validators) must adhere to.
• On April 25, 2015 a BitGo user, due to a software glitch,
accidentally sent 85 BTC as a mining fee to AntPool
(Bitmain’s pool operated in China)
• To resolve this problem, the user spent several days
publicly conversing with tech support (and the community)
• Eventually the glitch was fixed and AntPool – to be viewed
as a “good member of the community” yet defeating the
purpose of a proof-of-work blockchain – sent the user back
• “Who” do you call in the future? Why bother with pseudonymity?
Unintended in 2009: knowing the pseudonoymous
validators on an untrusted network?
• Below is a list of the first time a pool publicly claimed a block:
• Pool | Height
1: Slush 97838
2: bitcoinPool 110156
3: DeepBit 110322
4: Eligius 120630
5: BTC Guild 122608
And a list of the first time a pool signed a coinbase transaction:
• Pool | Height
1: Eligius 130635
2: BitMinter 152246
3: BTC Guild 152700
4: Nmcbit.com 153343
5: YourBTC 154967
A little history: Slush began publicly operating at the end of November 2010. Eligius was announced
on April 27, 2011. DeepBit publicly launched on February 26, 2011 and at one point was the most
popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.
Cryptocurrency systems prioritize mitigation of
omission (censorship-resistance) over deletion
• In contrast, any system of off-chain property titles will have to prioritize
deletion (irreversibility) over omission (censorship-resistance)
• Consequently, existing legal systems will likely never recognize a system of
property titles that can be reversed by anonymous or pseudonomyous
validators (see EBA concerns)
• “To me the crux of the issue is that permissionless consensus cannot guarantee
irreversibility, cannot even quantify the probability of a history-reversing attack (rests
on economics, not tech).”
- Robert Sams, CEO of Clearmatics
But what about sunk costs?
• One common argument from enthusiasts and
promoters is that because $800+ million in VC
funding has been invested in Bitcoin-related
startups, it makes no sense to go other places.
• This would be akin to saying, Reddit, Slashdot and 4chan are
all a distraction. GeoCities is way too far ahead and that we
should be focused on GeoCities.
• This sunk cost fallacy is also empirically
untrue. If Bitcoin was “too far ahead,” then
axiomatically no one would be working on all
these other projects as they would clearly see
this trend and focus on just one platform.
Watermarked token creators make public
networks less secure
Theory versus practice
• A number of organizations like NASDAQ, Chain.com and Gyft have
announced that they will use Open Assets (a color coin
implementation from CoinPrism) to issue assets onto the Bitcoin
• Most of these setups require identification of all parties and
additionally the organization itself typically holds one of the private
keys (for a 2-of-n or 3-of-n setup).
• Because this setup is centralized and all parties are known, there is no
real value-add in using a censorship resistant proof-of-work
• In addition, title is not transferred nor is post-trade settlement final in the
above scenario (difference between bearer and registered asset)
Only a double-spend is ineffective in this
• An attacker can still reverse an interval of “settled” transactions as the
attacker's objective is undermining confidence in the market in which
he has a short position (e.g., using Gemini), not double-spending a
metacoin, which of course he cannot get away with because the
identities of all counterparts are known to NASDAQ.
• We see this “undermining” happen with existing virtual assets:
• In the fall of 2013, Chinese traders hacked into reporters Weibo account, uploaded fake
government documents to spook the market
• Would sell bitcoins beforehand and after the Weibo account was restored, repurchase
bitcoins at a lower level.
• Since then we see enormous amount of effort by sock puppets and boosters to use social
media in the West who make up similar rumors to move the market up and down
One thought experiment
• It may be trivial to stifle any platform built on top of Bitcoin or other
• For instance, Bob could create an anonymous website that announces
it will pay X bits to every block maker that does not include various
transactions related to say, Omni or other metacoins.
• This might slow down both the platforms and networks and make
them less attractive to others as well.
• As an aside, block makers can already choose to include or exclude certain
transactions. Eligius, for example, is known for ignoring SatoshiDice
transactions, and Luke-Jr released some BitcoinQT flag to also prevent such
“spam” messages from propagating
Sams also touched on the problems for Open
Assets (and others):
“Now, I am sure that the advocates of putting property titles on the bitcoin
blockchain will object at this point. They will say that through meta protocols
and multi-key signatures, third party authentication of transaction parties can
be built-in, and we can create a registered asset system on top of bitcoin. This is
true. But what’s the point of doing it that way? In one fell swoop a setup like
that completely nullifies the censorship resistance offered by the bitcoin
protocol, which is the whole raison d’etre of proof-of-work in the first place!
These designs create a centralised transaction censoring system that imports
the enormous costs of a decentralised one built for censorship-resistance, the
worst of both worlds.”
- Robert Sams, CEO of Clearmatics
• Metaprotocols that utilize and sit on top of Bitcoin’s blockchain provide
• Counterparty, Mastercoin (Omni), Open Assets and others are effectively piggy
backing and free riding off seigniorage rewards
• Also happens on other proof-of-work chains such as Dogecoin/Dogeparty
• E.g., Apple shares (total market cap = $731 billion USD) issued as metacoin. Will
Bitcoin security suffice to keep the market in Apple shares trading secure?
• In long run, miners are probably not destroying enough capital to
ultimately secure metacoin assets, making the network less secure.
• Ceteris paribus: in the long run it costs a bitcoin to create a bitcoin, pools are not
“meta aware” and therefore are not aware of the ‘social value’ each metacoin
• Yet if a pool becomes “meta aware” it opens up new vulnerability to censorship
These metaplatforms have become popular in part
because there has been no other quick way to
enhance or add similar features to Bitcoin core
• Because Bitcoin is a public / communal good, there is no de jure entity to
fire, hire or make decisions on the direction of how its blockchain should
evolve (or not)
• This creates uncertainty for development of new features, many of which
get tested out and implemented in altcoins and alternative ledgers instead
(e.g., ring signatures in CryptoNote, group signatures in Tembusu)
• In practice lack of clear governance devolves into factionalism / tribalism
between special interest groups
• Most of the discussion degenerates into lobbying companies, organizations
and individuals with high karma on reddit, to promote one agenda over
• This alone is a reason to reconsider building a mission-critical financial
product on the Bitcoin blockchain or other public proof-of-work-based
blockchains which are economically and politically impacted by, for
example: block sizes
Most recent example is block size increase
• This challenge has been known for several years, yet anyone discussing it prior to
two months ago was labeled a “concern troll” or told to “read the Wiki” or that
“aggregate fees will increase because of reasons”
• There are economic and political trade-offs to increasing (and decreasing) the
maximum block size allowed on a proof-of-work blockchain:
• Keeping a 1 MB block size will likely require higher fees to end-users but results in a
topologically more decentralized network and less “spam” (e.g., fewer ‘long-chains’)
• With a larger 20 MB block size, mandatory fees to miners are allegedly lower for end-users
but at the cost of fewer validating nodes on the network reducing privacy; miners are still
reliant on block rewards
• There are at least three different special interest groups with their own goals
Blocksize special interest groups
• One distinct group gravitating around Gavin
Andresen and Mike Hearn:
• Support behind them includes many
Western VC-backed companies such as
Coinbase that have publicly claimed to the
public (and investors) that Bitcoin-based
companies will be able to compete with
payment incumbents (such as PayPal and
Visa) therefore they must be able to
somehow make Bitcoin achieve a similar
transaction-per-second metric and to do so,
they want to increase the block size to
potentially, 20 MB and beyond.
• Another group, some of whom work at Blockstream (Greg Maxwell, Pieter
Wuille, Adam Back):
• Support behind their vision includes a variety of companies and organizations. Some of
these developers prefer an alternative method of scaling by attempting to build a
proposed “Lightning Network” (based on payment channels) as well as off-loading a lot
of the transaction volume to sidechains (which Blockstream is building a couple varieties
of – federated pegs and two-way peg)
• There are several other contingents including a large portion of the Chinese
mining community (which collectively represents about 60% of the network
hashrate); as well as independent developers and users such as Peter Todd
and Jeff Garzik each of whom has elaborated on the trade-offs both larger
block sizes and a hard fork will have on nascent Bitcoinland
At current usage rates, blocks will be
consistently filled in 18 months
Today, for less than 2 BTC (€434) in fees, an actor
can disrupt and clog the network for hours
Timeline of 1st CoinWallet practice run
[Note: below is their write-up of the event]
• 11:57 GMT - Transaction servers initiated. Thousands of 700 kb transactions completed within the
first 20 minutes. Transactions were used to break coins into small 0.0001 outputs.
• 12:30 GMT - Servers begin sending larger 18kb transactions.
• 14:10 GMT - Mempool size increases dramatically. Blockchain.info breaks.
• 14:20 GMT - Our servers begin to crash. It becomes apparent that BitcoinD is not well suited to
crafting transactions of this size.
• 14:30 GMT - Our test transactions are halted while alternate solutions are created. The mempool
is at 12 mb.
• 17:00 GMT - Alternate transaction sending methods are started. Servers are rebooted. Mempool
has fallen to 4mb.
• 21:00 GMT - The stress test is stronger than ever. Mempool reaches 15 mb and more than 14000
transactions are backlogged. The situation is made worse by F2Pool selfishly mining two 0kb
blocks in a row.
• 23:59 GMT - 12 hours after starting, the test is concluded. Less than 2 BTC (€434) is spent on the
test in total.
But if fees increase over time, doesn’t that
reduce the inclusivity of Bitcoin?
Most of current blockchain traffic is effectively ‘spam’
(e.g., long-chains) that would not exist with higher fees
Let Bitcoin be Bitcoin and not BINO
• Contrary to the message from “Highlanders” (that there can “only be
one”), permissioned ledgers will actually help reduce clutter and bloat
on public ledgers
• At the current trajectory, the various metaplatforms attempting to
parasitically latch onto Bitcoin will likely make it them victim of their
own success – the more top heavy the network becomes, the bigger
the incentive for attacking nodes, pools, API providers, routers and
• See Heilman (2015), Gervais (2015), Miller (2015)
Fees to miners has not increased in aggregate
relative to what was predicted in WP Section 6
What is governance surrounding 21 million BTC
• Since fees are not increasing as the
popular narrative predicted, and
miners are still heavily dependent on
seigniorage to maintain security:
How could governance be impacted by
future purposeful attempts at forking the
network to maintain the existing inflation
Bitcoin has no native process for permanent hard
forks, it is not a future-proofed blockchain
• Because technology and usage are not static, there needs to be a way to clearly
upgrade and update both the software and network
• The BIP process (“Bitcoin Improvement Proposals”) is an ad hoc kludge that depends on
altruism and charity, neither of which is sustainable and as shown empirically, beholden to
special interest groups and their stakeholders
• Other networks have learned from this mistake:
• Built around version control (e.g., Peernova)
• Built-in, explicit governance:
• Tezos is a self-amending chain
• Ethereum is attempting to “bomb” the chain to switch to proof-of-stake at a later date
• Ripple, Stellar and others have clearer governance due to explicit chain-of-command, terms
of service, real-world reputations and contractual obligations.
• Different set of challenges (e.g., identity / KYC management, trying to run this in a decentralized and
• A financial network is different than an information network.
“When it comes to long term survival, adaptability is more important
than strength. Seeing distributed ledger as mere technology is
shortsighted, they are first and foremost networks and, as such, their
governance model is paramount to their success. A decentralized
network that does not internalize its governance is condemned to
stagnation or centralization.”
- L.M. Goodman, creator of Tezos
Assumptions on security
• Bitcoin mining does not “take care of itself” – it is largely based on
economic incentives which fluctuate relative to the token value
• What are the sufficient, sustainable incentives for proof-of-work
cryptocurrencies to continue providing security? $300 million?
• Lots of idle speculation from large promoters and investors of Bitcoin
companies, but very little “research” by Bitcoin companies beyond
posturing on social media and at conferences
• This is currently being modeled by a variety of academics with the
tentative conclusion that due to block reward halving and lack of
increase in aggregate fees results in a monopoly mining pool
• Agent-based modeling
results using historical
• Blue – agents that join a
• Black – non-miners
• Red – Solo miners
• In the end, agents using
pooled mining are the
According to Accenture: $9.89 billion in
fintech deals done in 2014 in the US
Where has that $800+ million gone so far?
• Buying and holding cryptocurrencies
(BitPay, several hosted wallets)
• Building get-away cars (Open Bazaar,
• Currency conversion (any mining-related
• A dozen other areas
Other cost centers for these BTC-focused startups
• Domain name(s)
• Legal fees (company formation)
• Office rent/lease/mortgage
• Utilities and internet access: particularly important for mining farms/pools
• Attending events
• Event sponsorships
• Marketing and advertising: user acquisition, lead generation, brand awareness
• Front-end design
• Advisory fees to banks
• Lobbying special interest groups / policy makers
• Acquiring board of Directors and Advisors
• Company outings and vacations
• Money transmitter licenses
• Insurance of virtual currencies that a company may hold in custody
• Acquiring and maintaining an inventory of cryptocurrencies
• Customer service and bug bounties: reimbursing customer for problems with R values/RNGs
• Denial of service (DOS) vandalism and extortion: commonly happens with mining pools
• Ransomware (FBI: $18 million last year via Cryptowall and others)
• Many of the science fair projects that passed themselves off as
cryptocurrency “startups” will likely burn out of capital leaving behind
IP, software libraries and skilled developers
• These libraries and IP, if there is any utility to them, will likely be
forked and integrated into existing institutions, organizations and
• Similarly, some skilled developers may benefit from labor arbitrage
due to their knowledge and experience which other larger firms lack
• In the end, just as PGP, OTR messaging and FOSS stacks like LAMP
were inspired in part by cypherpunks but ended up being used by a
bevy of non-ideologically oriented organizations, so too will some of
the moving pieces that comprise primordial blockchains
• There is room for both permissionless and permissioned systems to
coexist and grow
• Bitcoin-related startups have and will continue to teach the overall
fintech industry what works and what doesn’t
• These two different network designs are both specialized to handle
certain different types of activity and consequently have different cost
structures to secure their respective validation processes
• What permissionless enthusiasts probably should be cautious of:
attempts to turn their network into a permissioned, gated system which
is what has slowly happened to Bitcoin over the past six-and-a-half years
– all of the costs of both worlds without the benefits of either