1.
Buckets of Permissioned,
Permissionless, and Permissioned
Permissionlessness Ledgers
Who is developing shared, replicated ledgers and why

2.
Brief outline
• Characteristics of a distributed ledger
• Motivations for building non-proof-of-work ledgers / private blockchains
• Known, trusted parties versus unknown, untrusted parties
• Unclear governance
• Scalability challenges
• Disproportional rewards from metacoins
• Where has VC funding gone?
• Opportunities for professional service firms

3.
Questions to consider this session
• What are the design assumptions and goals for using new
technology?
• What are the client business requirements?
• Are entities and actors on the network known or unknown, trusted or
untrusted?
• Who is allowed or not allowed to validate transactions?
• e.g., mintettes as defined by Laurie (2011) and Meiklejohn (2015)
• Are the validators spread around globally?
• Is communication between them synchronous or asynchronous?
• Are faults tolerated? How are Byzantine faults handled?
• What type of consensus is needed? Or none at all?

4.
Why distributed ledgers?
• There are many reasons for why companies, institutions and organizations
are interested in shared, replicated ledgers and disinterested in existing
networks or systems.
• What do financial institutions want?
• Cryptographically verifiable settlement and clearing systems that are globally
distributed for resiliency and compliant with various reporting requirements. And
the governance / versioning changes of both the network and software is clear and
explicit.
• What don’t certain organizations always need?
• Censorship resistance-as-a-service and artificially expensive anti-Sybil mechanisms.

5.
What is a “block chain” anyways?
• Neither the term “block chain” nor “blockchain” were used in the
original Satoshi whitepaper
• Many projects, both permissioned and permissionless, use the
following tech pieces:
• Public key cryptography
• Cryptographic signatures
• Cryptographic hash functions
• Hash tree
• Cryptographic time-stamps
• Resilient peer-to-peer networks

6.
What cont’d
• Some projects (both permissioned and permissionless) use a type of
consensus algorithm that works by using blocks of transactions organized
in a chain
• Permissionless ledgers attempt to do so via pseudonymous/anonymous consensus
(validation); permissioned via known/trusted validators
• Some permissioned ledgers do not chain blocks as there are no blocks at all
(such as Hyperledger)
• Fun fact: Hyperledger was originally called “Mintet.com” named after Ben Laurie’s
term (mintettes) coined in 2011
• Some permissioned ledgers are explicitly “decentralized” not “distributed”
as the pieces of the ledger are not actually distributed but instead wholly
replicated

7.
“Who defines a term? The community, the creator, the market? The
market knows 'blockchain' as a catch-all term and that's how language
evolves, by common usage.”
- Dan O’Prey, co-founder of Hyperledger (now part of DA)

8.
Three Bucket Mental Model

9.
Types
of
ledgers
Permissioned
ledgers
Permissionless
ledgers
Permissioned
permissionlessness
hydrabinocoin

10.
What comprises a permissioned blockchain?

11.
Permissioned
blockchain
Legally
accountable
validators
(mintettes)
Settlement
finality
(irreversible)
Suitable for
off-chain
assets
(securities,
fiat, titles)

12.
What are the characteristics of a distributed
ledger?

13.
Distributed
Ledger
Independent
permissioned
blockchain
Distributed
virtual
machine
(Turing-
complete)
Smart
contracts
govern off-
chain assets
Network
achieves
settlement
finality

14.
Permissioned distributed ledgers / blockchains
• Blockstack (formerly CryptoCorp)
• Ldger (formerly Tillit)
• Clearmatics
• Hyperledger (acquired by DAH)
• Eris Industries
• Tezos
• Tembusu (TRUST)
• DAH
• Guardtime (KSI)
• PeerNova
• SKUChain* (PurchaseChain/PPOW)
• MultiChain* (Coin Sciences)
• Ripple* (discontinued Codius)
• Stellar* (potentially with their new SCP)
• Traditional tech enterprises as well (e.g., IBM)

15.
Each is targeting different use-cases
• Syndicated loans
• Trade finance
• Supply chain provenance
• US Treasury repo
• Clearing / settling OTC derivatives and FX
• Cross-border payments
• Identity / data authentication
• Private stock / equity issuance
• Commonality: participants in these networks – including the validators
themselves – are known (via KYC or KYB) and have legal or contractual obligations
with other participants

16.
What attracts or repels use-cases?
• Folk law: “Anything that needs censorship-resistance will gravitate
towards censorship-resistant systems.”
• Sams' law: “Anything that doesn't need censorship-resistance will
gravitate towards non censorship-resistant systems.”
• Banks are currently focused on: fulfilling compliance requirements,
reducing cost (centers), downscaling branching and implementing
digital channels. None of this requires censorship-resistance.

17.
What cont’d
• In conversations with decision makers at financial institutions, three common questions
that have arisen regarding potentially using a public chain:
• What happens if you pay a fee to a Bitcoin or Litecoin miner/mining pool in a sanctioned
country (e.g., EBA concerns in July 2014)?
• In February 2015 according to Free Beacon, Coinbase was on “the hot seat” for explicitly
highlighting this use-case in an older pitch deck
• “Immune to country-specific sanctions (e.g. Russia-Visa)”
• What if the Bitcoin or Litecoin miner that processes transactions for financial institutions
(e.g., watermarked tokens) also processes transactions for illicit goods and services from
dark net markets? Any liability?
• How to identify and contact the miner/mining pool in the event something happens
(e.g., slow confirmation time, accidentally sent the wrong instruction, double-spend
attempt, etc.)?
• Need to be able to influence upgrades, maintenance, uptime (i.e., typical vendor relationship)

18.
What is one opportunity for professional service
firms that build core banking infrastructure?

19.
Finding ways to reduce cost centers for
financial institutions
• According to Deutsche Bank in 2012:
• “Measured as a percentage of revenues, financial services firms spend more on IT
than any other industry. Banks’ IT costs equal 7.3% of their revenue’s, compared to
an average of 3.7% across all other industries surveyed”
• According to a 2015 report from Celent:
• “Total bank IT spending across North America, Europe, and Asia-Pacific will grow to
US$196.7 billion in 2015, an increase of approximately 4.6% over 2014.”
• According to a 2015 report from Oliver Wyman / Santander:
• “[D]istributed ledger technology could reduce banks’ infrastructure costs attributable
to cross-border payments, securities trading and regulatory compliance by between
$15-20 billion per annum by 2022”

20.
What are opportunities for Finacle?
“Finacle relies on a system of traditional accounting ledgers to serve as core banking
systems. If they want to jump into the next field of vision around innovating back end
banking system then it is an urgent imperative they understand and lead the effort to
understand this technology. Capital markets, traditional lending, trade finance, loan sales
and syndication, asset-backed finance, to loan processing and servicing using singular back
end systems for the whole of processing will see its full sunset in 10-15 years utilizing
Blockchain and ledger technology. It could effectively put them out of business.
The other advantage by utilizing Blockchain ledger technologies is that allows Finacle a
significant competitive advantage in that it allows Finacle bank customer implementations
to examine and offer new digital wallet based solutions for its retail base. It also allows for
partnership opportunities with companies in the "Internet of Things" space to help
revolutionize supply chain finance, letters of credit, factoring, export import finance and
bankers acceptance business to one of vitality to match the third world’s smaller
companies thirst to operate on scale resulting from the ledgers ability to enable a
synchronous just-in-time financing model matched to their often challenged logistics
operations and documentation to meet complicated and ever competitive global customer
demand for hard to get goods and supply.”
- Raja Ramachandran, founder of eFXPath and R3 advisor

21.
Importance of data integrity for Finacle
“Once every generation we reach a point in which hardware capabilities evolve to make
practical, things that were previously unthinkable. When that happens the challenge is to
recognise these new possibilities, and to see that they can fundamentally change the way
we think about the world. New models of computation arise that redefine the way in
which ever-more complex systems can be constructed; they don't solve the problems of
the previous generations so much as make them irrelevant.
The last 25 years have seen a sea change in our lives, as first the Internet, and then mobile
devices, have provided us with the mechanisms to access and share information. What's
remarkable is that all this has been achieved with a model for computational information
that has barely evolved in 70 years. Fundamentally we have to trust that the data we have,
and the data held by everyone else that affects us, is correct. Our information seemingly
floats through servers, routers and switches like driftwood in a stormy sea until it
eventually reaches us. We have little or no hope of verifying its accuracy or veracity (*).
This then is the opportunity now afforded by blockchain or other crypto-ledger technology.
We can establish a new model for the way we manage our data, one that can make
information integrity and trustworthiness checking the norm rather than a questionable
afterthought.
(*) You might ask how in the current informational world that you can be confident you're
reading my original quote?”
- Dave Hudson, VP of Software Development at Peernova

22.
What financial institutions are looking into
distributed ledgers?
• Based on public news releases, there are at least 17 different FIs independently looking at ways to use a blockchain / distributed ledger. Note: it bears
mentioning that these are all pilot programs and does not necessarily mean any of the tech will ultimately be used. According to CoinGecko:
• CBW Bank
• ANZ
• Westpac
• Commonwealth Bank of Australia
• BNY Mellon
• LHV Bank
• Barclays
• UBS
• Goldman Sachs
• ABN Amro
• ING
• Rabobank
• Santander
• DBS
• USAA
• BBVA
• Citibank

23.
What about proof-of-work-based
permissionless networks?
What comprises a permissionless
blockchain?

24.
Permissionless
blockchain
DMMS
validators
Censorship
resistant
(anonymous
consensus)
Suitable for
on-chain
assets
(virtual
bearer asset)

25.
Distributed databases / key value / hash table
• BigTable
• Druid
• Dynamo
• HyperDex
• Voldemort
• HBase (Hadoop/Chubby)
• Redis
• Cassandra
• MongoDB
• CouchDB
• MemCache
• IPFS

26.
Check boxes
• One common rejoinder in social media is that all organizations need is a
simple database but…
• Does anything currently in existence provide the necessary set of
cryptographic features all in one system?
• Currently, no.
• For instance, financial institutions already operate in a environment where they send
value between trusted/known participants (e.g., interbank ‘trust’ is not a core issue).
In such a private network with 15 participants each sharing and replicating the
ledger, participants cryptographically sign transactions (and/or blocks); thus ordering
and timestamps verifiable by all 15 participants.
• In the case of contracts, all code will be executed by all nodes and will be visible to
participants based on granular permissions
• (Git does not provide consensus, is a specialized Merkle tree, involves only a chain (no blocks) that
provides signing, history and distribution. Forking results in new repo.)

27.
Blockchain does not mean Bitcoin
• Many VCs, reporters and Bitcoin entrepreneurs are ‘talking their
book’ and ‘revising history’ when they euphemistically equate a
blockchain solely with Bitcoin
• Nakamoto-style consensus is just one way to “skin a consensus cat”
• Over 30 years of academic research on Merkle trees, hash tables and
arriving at consensus in distributed computing
• Technology is iterative and Bitcoin may just remain a proof-of-concept
due to its limitations and primary focus on being censorship-resistant
above all else

28.
Needing a token is likely a red herring
• Energy conversion (mining) may only be a requisite if validators are
unknown and untrusted; staking and surety bonds may be an alternative too
for a public network
• There are other methods of securely validating transactions based on
different design goals and assumptions that do not involve burning coal in
China or running a consumer device-based Tom Sawyer botnet
• In general, why don’t permissioned shared, replicated ledgers necessarily
need a token?
• Because they incentivize security through legally binding contracts with
validators whom have real-world identities and reputations
• Validation on proof-of-work networks involves actors who are – in the
design model – not contractually obligated to fulfill a terms of service (using
the network is caveat emptor); the marginal costs on a public network are
higher and thus the compensation model has to be different

29.
Why not (re)use one communal chain for
everything?

30.
Trying to turn a communal chain into a “one-
size fits all” buffet is like using a clown car

31.
Because these are (economic) networks, not
just software
• For the same reason organizations use different types of airplanes, boats
and automobiles – they have different needs and business requirements.
• Blockchain size is an ongoing challenge to the “one-size fits all approach” that will be
discussed later below. Impacts other chains too: Ethereum testnet is already at 30
GB, Bitcoin mainnet is 36 GB.
• And because as more value is added to a public blockchain, the more
incentives there are to attack it without going through the fan fiction
Maginot Line narrative (brute force by hashrate).
• Because of increased block maker centralization it is much easier to use
other techniques (rubber hose cryptanalysis, denial-of-service) to disrupt
participation
• Blatant bribery / hacking of pool
• ‘An attacker can sniff the cleartext credentials in the “mining.authorize” message, credentials
may be used elsewhere across the internet and may lead to account compromise’
• Canadian router hacked via Border Gateway Protocol fooling miners ($84,000 stolen)

32.
Block makers, by design, lack terms of service
• In the event of a block reversal or censored
transaction, there is no terms of service that mining
pools (validators) must adhere to.
• On April 25, 2015 a BitGo user, due to a software glitch,
accidentally sent 85 BTC as a mining fee to AntPool
(Bitmain’s pool operated in China)
• To resolve this problem, the user spent several days
publicly conversing with tech support (and the community)
on Reddit.
• Eventually the glitch was fixed and AntPool – to be viewed
as a “good member of the community” yet defeating the
purpose of a proof-of-work blockchain – sent the user back
85 BTC
• “Who” do you call in the future? Why bother with pseudonymity?

33.
Unintended in 2009: knowing the pseudonoymous
validators on an untrusted network?
• Below is a list of the first time a pool publicly claimed a block:
• Pool | Height
1: Slush 97838
2: bitcoinPool 110156
3: DeepBit 110322
4: Eligius 120630
5: BTC Guild 122608
And a list of the first time a pool signed a coinbase transaction:
• Pool | Height
1: Eligius 130635
2: BitMinter 152246
3: BTC Guild 152700
4: Nmcbit.com 153343
5: YourBTC 154967
A little history: Slush began publicly operating at the end of November 2010. Eligius was announced
on April 27, 2011. DeepBit publicly launched on February 26, 2011 and at one point was the most
popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.

34.
Permissioned
permissionlessness
blockchain
Mostly
known
DMMS
validators
Neither
censorship
resistant nor
trade finality
Bearer asset
becomes a
registered
asset

35.
Permissioned Permissionlessness, BINO-style
• One innovation in Bitcoin was anonymous/pseudonymous consensus
which comes with two large requirements: mining costs and block
reorganization risk
• Mining costs fluctuate in direct proportion to token value; more “energy efficient”
proofs-of-work is a contradiction in terms
• It was designed with anonymous consensus to resist censorship by trusted
third parties
• Today several startups and VC funds have (un)intentionally turned an
expensive permissionless system into a hydra gated permissioned network
without the full benefits of either
• Also turned a bearer asset into a registered asset with full costs of both
• Result: Bitcoin in name only (BINO)

36.
Permissioned Permissionlessness cont’d
• If you are running a ledger between known parties who abide by
government regulations, there is no reason to pay that censorship-
resistance cost. Full stop.
• The commercial logic of this (largely) VC-backed endgame seems to be:
“privatize” Bitcoin through a dozen hard forks (the block size fork is the
start of a trend)
• Is it still Bitcoin if it is forked and privatized? It is BINO.
• All of the costs of Sybil-protected permissionlessness without the benefits
(e.g., speed, lower marginal costs) of actual permissioned

37.
Permissioned Permissionlessness cont’d
• Nearly all of the startups creating hosted wallets (e.g., euphemism for
a “depository institution”), exchanges and ‘universal’ require users to
gain permission first before providing a service
• Similarly “middleware” projects like Symbiont and Chain/NASDAQ
appear to fit into the ‘permissioned permissionlessness’ bucket due
to identification / key holding requirements
• All told, more than half of all VC funding to date has gone into
building permissioned systems on top of a permissionless network

38.
Raising funds for permissioned
permissionlessness
• Notable companies providing such ‘permissioned permissionlessness’ services include:
• Chain: ($13.7 million)
• Bitgo: ($14 million)
• Coinbase: ($106 million)
• Circle: ($76 million)
• Xapo: ($40 million)
• itBit: ($28.25 million)
• Bitstamp: ($10 million)
• Kraken: ($6.5 million)
• OKCoin : ($11 million)
• Mirror : ($12.8 million)
• Bitreserve: ($14.6 million)
• Coinplug: ($3.3 million)

39.
Three “sins” with trade-offs

40.
Sin of
Commission
(forgery of
transaction)
Sin of
Omission
(censorship of
transaction)
Sin of
Deletion
(reversal of
transaction)

41.
Cryptocurrency systems prioritize mitigation of
omission (censorship-resistance) over deletion
(irreversibility)
• In contrast, any system of off-chain property titles will have to
prioritize deletion (irreversibility) over omission (censorship-
resistance)
• Consequently, existing legal systems will likely never recognize a
system of property titles that can be reversed by anonymous or
pseudonomyous validators (see EBA concerns)

42.
Future-proofing hard forks
• Because technology and usage are not static, there needs to be a way to clearly
upgrade and update both the software and network
• The BIP process (“Bitcoin Improvement Proposals”) still largely depends on altruism and
charity, neither of which is necessarily sustainable and as shown empirically, beholden to
special interest groups and their stakeholders
• Devolves into “fork by social media,” “fork by populism,” “fork by upvotes”
• Other networks have learned from this situation:
• Built around version control (e.g., Peernova)
• Built-in, explicit governance:
• Tezos is a self-amending chain
• Ethereum is attempting to “bomb” the chain to switch to proof-of-stake at a later date
• Ripple, Stellar and others have clearer governance due to explicit chain-of-command, terms
of service, real-world reputations and contractual obligations.
• Different set of challenges (e.g., identity / KYC management, trying to run this in a decentralized and
secure way).
• A financial network is different than an information network.

43.
“When it comes to long term survival, adaptability is more important
than strength. Seeing distributed ledger as mere technology is
shortsighted, they are first and foremost networks and, as such, their
governance model is paramount to their success. A decentralized
network that does not internalize its governance is condemned to
stagnation or centralization.”
- L.M. Goodman, creator of Tezos

44.
The right tool for the right
job
There are trade-offs of using different types of networks

45.
One short-term reason to hold hydrabinocoin
• Some of the stated use-cases make it self-defeating to use Xapo (e.g., using a DNM)
• But in the short-run, there are probably niche cases
• Why pay for a censorship resistant network and not use the utility?
• Because you are betting others will and you aren't personally concerned with censorship
• Example: a large US hedge fund wants to hold BTC because it believes its use will grow
on the Argentinian black market
• The hedge fund isn't particularly concerned with censorship, but they have no expertise
handling keys, so they use Xapo
• The Argentinian black marketeers are concerned with censorship, they use regular
bitcoin clients (Armory, Electrum, Breadwallet, etc.)
• Both uses make sense in this scenario
• Bearer assets are incredibly risky, that's why there's a whole industry of custodians that
tie them to identity

46.
What about fintech funding and investments?

47.
VS: Bitcoin-related funding as of 2015/04

48.
VS: Fintech funding overall as of 2015/04

49.
According to Accenture: $9.89 billion in
fintech deals done in 2014 in the US

50.
Where has that $800+ million gone so far?
• Buying and holding cryptocurrencies (BitPay,
several hosted wallets)
• Currency conversion (any mining-related
company)
• Turning the on-and-off ramps into
permissioned-based entries and exits
• A dozen other areas that are typical cost
centers for most startups
• Very little has been spent on actual
decentralized, permissionless interactions
(e.g., OB1)

51.
Other cost centers for these BTC-focused startups
• Domain name(s)
• Legal fees (company formation)
• Office rent/lease/mortgage
• Utilities and internet access: particularly important for mining farms/pools
• Attending events
• Event sponsorships
• Marketing and advertising: user acquisition, lead generation, brand awareness
• Front-end design
• Advisory fees to banks
• Lobbying special interest groups / policy makers
• Acquiring board of Directors and Advisors
• Company outings and vacations
• Money transmitter licenses
• Insurance of virtual currencies that a company may hold in custody
• Acquiring and maintaining an inventory of cryptocurrencies
• Customer service and bug bounties: reimbursing customer for problems with R values/RNGs
• Denial of service (DOS) vandalism and extortion: commonly happens with mining pools
• Ransomware (FBI: $18 million last year via Cryptowall and others)

52.
Conclusions
• Many of the science fair projects that passed themselves off as
cryptocurrency “startups” will likely burn out of capital leaving behind
IP, software libraries and skilled developers
• These libraries and IP, if there is any utility to them, will likely be
forked and integrated into existing institutions, organizations and
enterprises
• Similarly, some skilled developers may benefit from labor arbitrage
due to their knowledge and experience which other larger firms lack
• In the end, just as PGP, OTR messaging and FOSS stacks like LAMP
were inspired in part by cypherpunks but ended up being used by a
bevy of non-ideologically oriented organizations, so too will some of
the moving pieces that comprise primordial blockchains

53.
Conclusions cont’d
• There is room for both permissionless and permissioned systems to
coexist and grow
• Bitcoin-related startups have and will continue to teach the overall
fintech industry what works and what doesn’t
• These two different network designs are both specialized to handle
certain different types of activity and consequently have different cost
structures to secure their respective validation processes
• What permissionless enthusiasts probably should be cautious of:
attempts to turn their network into a permissioned, gated system which
is what has slowly happened to Bitcoin over the past six-and-a-half years
– all of the costs of both worlds without the benefits of either

54.
• tswanson@gmail.com
• Follow: @ofnumbers
• Visit: OfNumbers.com
Contact

55.
Appendix

56.
“Long-chains”

57.
• Agent-based modeling
results using historical
data
• Blue – agents that join a
pool
• Black – non-miners
(though potential)
• Red – Solo miners
• In the end, agents using
pooled mining are the
last remaining
participants

58.
At current usage rates, blocks will be
consistently filled in 18 months