The Distributed Ledger Landscape

1. The Distributed Ledger Landscape Who is developing shared, replicated ledgers and why

2. Brief outline • Characteristics of a distributed ledger • Motivations for building non-proof-of-work ledgers / private blockchains • Known, trusted parties versus unknown, untrusted parties • Unclear governance • Scalability challenges • Disproportional rewards from metacoins • Where has VC funding gone? • Opportunities for professional service firms

3. Questions to consider this session • What are the design assumptions and goals for using new technology? • What are the client business requirements? • Are entities and actors on the network known or unknown, trusted or untrusted? • Who is allowed or not allowed to validate transactions? • e.g., mintettes as defined by Laurie (2011) and Meiklejohn (2015) • Are the validators spread around globally? • Is communication between them synchronous or asynchronous? • Are faults tolerated? How are Byzantine faults handled? • What type of consensus is needed? Or none at all?

4. Why distributed ledgers? • There are many reasons for why companies, institutions and organizations are interested in shared, replicated ledgers and disinterested in Bitcoin (or bitcoin) itself • What do financial institutions want? • Cryptographically verifiable settlement and clearing systems that are globally distributed for resiliency and compliant with various reporting requirements. • What don’t they need? • Censorship resistance-as-a-service and artificially expensive anti-Sybil mechanisms.

5. What comprises a permissioned blockchain?

6. Permissioned blockchain Legally accountable validators Settlement finality (irreversible) Suitable for off-chain assets (securities, fiat, titles)

7. What are the characteristics of a distributed ledger?

8. Distributed Ledger Independent permissioned blockchain Distributed virtual machine (Turing- complete) Smart contracts govern off- chain assets Network achieves settlement finality

9. Permissioned distributed ledgers / blockchains • Blockstack (formerly CryptoCorp) • Ldger (formerly Tillit) • Clearmatics • Hyperledger (acquired by DAH) • Eris Industries • Tezos • Tembusu (TRUST) • DAH • Guardtime (KSI) • PeerNova • SKUChain* (PurchaseChain/PPOW) • MultiChain* (Coin Sciences) • Ripple* (discontinued Codius) • Stellar* (potentially with their new SCP) • Traditional tech enterprises as well (e.g., IBM)

10. Each is targeting different use-cases • Syndicated loans • Trade finance • Supply chain provenance • US Treasury repo • Clearing / settling OTC derivatives and FX • Cross-border payments • Identity / data authentication • Private stock / equity issuance • Commonality: participants in these networks – including the validators themselves – are known (via KYC or KYB) and have legal or contractual obligations with other participants

11. What attracts or repels use-cases? • Folk law: “Anything that needs censorship-resistance will gravitate towards censorship-resistant systems.” • Sams' law: “Anything that doesn't need censorship-resistance will gravitate towards non censorship-resistant systems.” • Banks are currently focused on: fulfilling compliance requirements, reducing cost centers, downscaling branching and implementing digital channels. None of this requires censorship-resistance.

12. What is one opportunity for professional service firms that rely on consulting, accounting and auditing?

13. Finding ways to reduce cost centers for financial institutions • According to Deutsche Bank in 2012: • “Measured as a percentage of revenues, financial services firms spend more on IT than any other industry. Banks’ IT costs equal 7.3% of their revenue’s, compared to an average of 3.7% across all other industries surveyed” • According to a 2015 report from Celente: • “Total bank IT spending across North America, Europe, and Asia-Pacific will grow to US$196.7 billion in 2015, an increase of approximately 4.6% over 2014.” • According to a 2015 report from Santander: • “[D]istributed ledger technology could reduce banks’ infrastructure costs attributable to cross-border payments, securities trading and regulatory compliance by between $15-20 billion per annum by 2022”

14. For accountants • “One important issue for accountants: as these technologies are implemented; settlement, records are all on a blockchain; accountants will need to learn how to audit records on shared, replicated (permissioned) ledgers. For financial services to implement these technologies; auditors who already audit infrastructures like CLS, DTCC, custodians, and banks, will need to be ready for the future. If they can't audit, nothing can happen. So they should be prepared.” - Pinar Emirdag, Managing Director at Hupomone Labs

15. What about proof-of-work-based permissionless networks?

16. Distributed databases / key value / hash table • BigTable • Druid • Dynamo • HyperDex • Voldemort • HBase (Hadoop/Chubby) • Redis • Cassandra • MongoDB • CouchDB • MemCache • IPFS

17. Blockchain does not mean Bitcoin • Many VCs, reporters and Bitcoin entrepreneurs are ‘talking their book’ and ‘revising history’ when they euphemistically equate a blockchain solely with Bitcoin • Nakamoto-style consensus is just one way to “skin a consensus cat” • Over 30 years of academic research on Merkle roots, hash-based storage and arriving at consensus in distributed computing • Technology is iterative and Bitcoin may just remain a proof-of-concept due to its limitations and primary focus on being censorship-resistant above all else

18. Needing a token is likely a red herring • Energy conversion (mining) may only be a requisite if validators are unknown and untrusted; staking and surety bonds may be an alternative too for a public network • There are other methods of securely validating transactions based on different design goals and assumptions that do not involve burning coal in China or running a consumer device-based Tom Sawyer botnet • In general, why don’t permissioned shared, replicated ledgers necessarily need a token? • Because they incentivize security through legally binding contracts with validators whom have real-world identities and reputations • Validation on proof-of-work networks involves actors who are – in the design model – not contractually obligated to fulfill a terms of service (using the network is caveat emptor); the marginal costs on a public network are higher and thus the compensation model has to be different

19. Why not (re)use one communal chain for everything? • For the same reason organizations use different types of airplanes, boats and automobiles – they have different needs and business requirements. • Blockchain size is an ongoing challenge to the “one-size fits all approach” that will be discussed later below. Impacts other chains too: Ethereum testnet is already at 30 GB, Bitcoin mainnet is 36 GB. • And because as more value is added to a public blockchain, the more incentives there are to attack it without going through the fan fiction Maginot Line narrative (brute force by hashrate). • Because of increased block maker centralization it is much easier to use other techniques (rubber hose cryptanalysis, denial-of-service) to disrupt participation • Blatant bribery / hacking of pool • ‘An attacker can sniff the cleartext credentials in the “mining.authorize” message, credentials may be used elsewhere across the internet and may lead to account compromise’ • Canadian router hacked via Border Gateway Protocol fooling miners ($84,000 stolen)

20. Bitcoin’s lack of contracts and terms of service (done by design) • In the event of a block reversal or censored transaction, there is no terms of service that mining pools (validators) must adhere to. • On April 25, 2015 a BitGo user, due to a software glitch, accidentally sent 85 BTC as a mining fee to AntPool (Bitmain’s pool operated in China) • To resolve this problem, the user spent several days publicly conversing with tech support (and the community) on Reddit. • Eventually the glitch was fixed and AntPool – to be viewed as a “good member of the community” yet defeating the purpose of a proof-of-work blockchain – sent the user back 85 BTC • “Who” do you call in the future? Why bother with pseudonymity?

21. Unintended in 2009: knowing the pseudonoymous validators on an untrusted network? • Below is a list of the first time a pool publicly claimed a block: • Pool | Height 1: Slush 97838 2: bitcoinPool 110156 3: DeepBit 110322 4: Eligius 120630 5: BTC Guild 122608 And a list of the first time a pool signed a coinbase transaction: • Pool | Height 1: Eligius 130635 2: BitMinter 152246 3: BTC Guild 152700 4: Nmcbit.com 153343 5: YourBTC 154967 A little history: Slush began publicly operating at the end of November 2010. Eligius was announced on April 27, 2011. DeepBit publicly launched on February 26, 2011 and at one point was the most popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.

22. Three sins with trade-offs

23. Sin of Commission (forgery of transaction) Sin of Omission (censorship of transaction) Sin of Deletion (reversal of transaction)

24. Cryptocurrency systems prioritize mitigation of omission (censorship-resistance) over deletion (irreversibility) • In contrast, any system of off-chain property titles will have to prioritize deletion (irreversibility) over omission (censorship-resistance) • Consequently, existing legal systems will likely never recognize a system of property titles that can be reversed by anonymous or pseudonomyous validators (see EBA concerns) • “To me the crux of the issue is that permissionless consensus cannot guarantee irreversibility, cannot even quantify the probability of a history-reversing attack (rests on economics, not tech).” - Robert Sams, CEO of Clearmatics

25. But what about sunk costs? • One common argument from enthusiasts and promoters is that because $800+ million in VC funding has been invested in Bitcoin-related startups, it makes no sense to go other places. • This would be akin to saying, Reddit, Slashdot and 4chan are all a distraction. GeoCities is way too far ahead and that we should be focused on GeoCities. • This sunk cost fallacy is also empirically untrue. If Bitcoin was “too far ahead,” then axiomatically no one would be working on all these other projects as they would clearly see this trend and focus on just one platform.

26. Watermarked token creators make public networks less secure

27. Theory versus practice • A number of organizations like NASDAQ, Chain.com and Gyft have announced that they will use Open Assets (a color coin implementation from CoinPrism) to issue assets onto the Bitcoin blockchain. • Most of these setups require identification of all parties and additionally the organization itself typically holds one of the private keys (for a 2-of-n or 3-of-n setup). • Because this setup is centralized and all parties are known, there is no real value-add in using a censorship resistant proof-of-work blockchain. • In addition, title is not transferred nor is post-trade settlement final in the above scenario (difference between bearer and registered asset)

28. Only a double-spend is ineffective in this setup • An attacker can still reverse an interval of “settled” transactions as the attacker's objective is undermining confidence in the market in which he has a short position (e.g., using Gemini), not double-spending a metacoin, which of course he cannot get away with because the identities of all counterparts are known to NASDAQ. • We see this “undermining” happen with existing virtual assets: • In the fall of 2013, Chinese traders hacked into reporters Weibo account, uploaded fake government documents to spook the market • Would sell bitcoins beforehand and after the Weibo account was restored, repurchase bitcoins at a lower level. • Since then we see enormous amount of effort by sock puppets and boosters to use social media in the West who make up similar rumors to move the market up and down

29. One thought experiment • It may be trivial to stifle any platform built on top of Bitcoin or other permissionless networks. • For instance, Bob could create an anonymous website that announces it will pay X bits to every block maker that does not include various transactions related to say, Omni or other metacoins. • This might slow down both the platforms and networks and make them less attractive to others as well. • As an aside, block makers can already choose to include or exclude certain transactions. Eligius, for example, is known for ignoring SatoshiDice transactions, and Luke-Jr released some BitcoinQT flag to also prevent such “spam” messages from propagating

30. Sams also touched on the problems for Open Assets (and others): “Now, I am sure that the advocates of putting property titles on the bitcoin blockchain will object at this point. They will say that through meta protocols and multi-key signatures, third party authentication of transaction parties can be built-in, and we can create a registered asset system on top of bitcoin. This is true. But what’s the point of doing it that way? In one fell swoop a setup like that completely nullifies the censorship resistance offered by the bitcoin protocol, which is the whole raison d’etre of proof-of-work in the first place! These designs create a centralised transaction censoring system that imports the enormous costs of a decentralised one built for censorship-resistance, the worst of both worlds.” - Robert Sams, CEO of Clearmatics

31. Top heavy • Metaprotocols that utilize and sit on top of Bitcoin’s blockchain provide disproportional rewards • Counterparty, Mastercoin (Omni), Open Assets and others are effectively piggy backing and free riding off seigniorage rewards • Also happens on other proof-of-work chains such as Dogecoin/Dogeparty • E.g., Apple shares (total market cap = $731 billion USD) issued as metacoin. Will Bitcoin security suffice to keep the market in Apple shares trading secure? • In long run, miners are probably not destroying enough capital to ultimately secure metacoin assets, making the network less secure. • Ceteris paribus: in the long run it costs a bitcoin to create a bitcoin, pools are not “meta aware” and therefore are not aware of the ‘social value’ each metacoin actually represents • Yet if a pool becomes “meta aware” it opens up new vulnerability to censorship

32. These metaplatforms have become popular in part because there has been no other quick way to enhance or add similar features to Bitcoin core itself

33. Why is that?

34. Nebulous governance • Because Bitcoin is a public / communal good, there is no de jure entity to fire, hire or make decisions on the direction of how its blockchain should evolve (or not) • This creates uncertainty for development of new features, many of which get tested out and implemented in altcoins and alternative ledgers instead (e.g., ring signatures in CryptoNote, group signatures in Tembusu) • In practice lack of clear governance devolves into factionalism / tribalism between special interest groups • Most of the discussion degenerates into lobbying companies, organizations and individuals with high karma on reddit, to promote one agenda over another • This alone is a reason to reconsider building a mission-critical financial product on the Bitcoin blockchain or other public proof-of-work-based blockchains which are economically and politically impacted by, for example: block sizes

35. Most recent example is block size increase • This challenge has been known for several years, yet anyone discussing it prior to two months ago was labeled a “concern troll” or told to “read the Wiki” or that “aggregate fees will increase because of reasons” • There are economic and political trade-offs to increasing (and decreasing) the maximum block size allowed on a proof-of-work blockchain: • Keeping a 1 MB block size will likely require higher fees to end-users but results in a topologically more decentralized network and less “spam” (e.g., fewer ‘long-chains’) • With a larger 20 MB block size, mandatory fees to miners are allegedly lower for end-users but at the cost of fewer validating nodes on the network reducing privacy; miners are still reliant on block rewards • There are at least three different special interest groups with their own goals

36. Blocksize special interest groups • One distinct group gravitating around Gavin Andresen and Mike Hearn: • Support behind them includes many Western VC-backed companies such as Coinbase that have publicly claimed to the public (and investors) that Bitcoin-based companies will be able to compete with payment incumbents (such as PayPal and Visa) therefore they must be able to somehow make Bitcoin achieve a similar transaction-per-second metric and to do so, they want to increase the block size to potentially, 20 MB and beyond.

37. Other SIGs • Another group, some of whom work at Blockstream (Greg Maxwell, Pieter Wuille, Adam Back): • Support behind their vision includes a variety of companies and organizations. Some of these developers prefer an alternative method of scaling by attempting to build a proposed “Lightning Network” (based on payment channels) as well as off-loading a lot of the transaction volume to sidechains (which Blockstream is building a couple varieties of – federated pegs and two-way peg) • There are several other contingents including a large portion of the Chinese mining community (which collectively represents about 60% of the network hashrate); as well as independent developers and users such as Peter Todd and Jeff Garzik each of whom has elaborated on the trade-offs both larger block sizes and a hard fork will have on nascent Bitcoinland

38. At current usage rates, blocks will be consistently filled in 18 months

39. Today, for less than 2 BTC (€434) in fees, an actor can disrupt and clog the network for hours

40. Timeline of 1st CoinWallet practice run [Note: below is their write-up of the event] • 11:57 GMT - Transaction servers initiated. Thousands of 700 kb transactions completed within the first 20 minutes. Transactions were used to break coins into small 0.0001 outputs. • 12:30 GMT - Servers begin sending larger 18kb transactions. • 14:10 GMT - Mempool size increases dramatically. Blockchain.info breaks. • 14:20 GMT - Our servers begin to crash. It becomes apparent that BitcoinD is not well suited to crafting transactions of this size. • 14:30 GMT - Our test transactions are halted while alternate solutions are created. The mempool is at 12 mb. • 17:00 GMT - Alternate transaction sending methods are started. Servers are rebooted. Mempool has fallen to 4mb. • 21:00 GMT - The stress test is stronger than ever. Mempool reaches 15 mb and more than 14000 transactions are backlogged. The situation is made worse by F2Pool selfishly mining two 0kb blocks in a row. • 23:59 GMT - 12 hours after starting, the test is concluded. Less than 2 BTC (€434) is spent on the test in total.

41. But if fees increase over time, doesn’t that reduce the inclusivity of Bitcoin?

42. Most of current blockchain traffic is effectively ‘spam’ (e.g., long-chains) that would not exist with higher fees

43. Let Bitcoin be Bitcoin and not BINO • Contrary to the message from “Highlanders” (that there can “only be one”), permissioned ledgers will actually help reduce clutter and bloat on public ledgers • Why? • At the current trajectory, the various metaplatforms attempting to parasitically latch onto Bitcoin will likely make it them victim of their own success – the more top heavy the network becomes, the bigger the incentive for attacking nodes, pools, API providers, routers and other infrastructure • See Heilman (2015), Gervais (2015), Miller (2015)

44. Fees to miners has not increased in aggregate relative to what was predicted in WP Section 6

45. What is governance surrounding 21 million BTC hard cap? • Since fees are not increasing as the popular narrative predicted, and miners are still heavily dependent on seigniorage to maintain security: How could governance be impacted by future purposeful attempts at forking the network to maintain the existing inflation rate?

46. Bitcoin has no native process for permanent hard forks, it is not a future-proofed blockchain • Because technology and usage are not static, there needs to be a way to clearly upgrade and update both the software and network • The BIP process (“Bitcoin Improvement Proposals”) is an ad hoc kludge that depends on altruism and charity, neither of which is sustainable and as shown empirically, beholden to special interest groups and their stakeholders • Other networks have learned from this mistake: • Built around version control (e.g., Peernova) • Built-in, explicit governance: • Tezos is a self-amending chain • Ethereum is attempting to “bomb” the chain to switch to proof-of-stake at a later date • Ripple, Stellar and others have clearer governance due to explicit chain-of-command, terms of service, real-world reputations and contractual obligations. • Different set of challenges (e.g., identity / KYC management, trying to run this in a decentralized and secure way). • A financial network is different than an information network.

47. “When it comes to long term survival, adaptability is more important than strength. Seeing distributed ledger as mere technology is shortsighted, they are first and foremost networks and, as such, their governance model is paramount to their success. A decentralized network that does not internalize its governance is condemned to stagnation or centralization.” - L.M. Goodman, creator of Tezos

48. Assumptions on security • Bitcoin mining does not “take care of itself” – it is largely based on economic incentives which fluctuate relative to the token value • What are the sufficient, sustainable incentives for proof-of-work cryptocurrencies to continue providing security? $300 million? • Lots of idle speculation from large promoters and investors of Bitcoin companies, but very little “research” by Bitcoin companies beyond posturing on social media and at conferences • This is currently being modeled by a variety of academics with the tentative conclusion that due to block reward halving and lack of increase in aggregate fees results in a monopoly mining pool

49. • Agent-based modeling results using historical data • Blue – agents that join a pool • Black – non-miners (though potential) • Red – Solo miners • In the end, agents using pooled mining are the last remaining participants

50. What about funding and investments?

51. VS: Bitcoin-related funding as of 2015/04

52. VS: Fintech funding overall as of 2015/04

53. According to Accenture: $9.89 billion in fintech deals done in 2014 in the US

54. Where has that $800+ million gone so far? • Buying and holding cryptocurrencies (BitPay, several hosted wallets) • Building get-away cars (Open Bazaar, ShapeShift) • Currency conversion (any mining-related company) • A dozen other areas

55. Other cost centers for these BTC-focused startups • Domain name(s) • Legal fees (company formation) • Office rent/lease/mortgage • Utilities and internet access: particularly important for mining farms/pools • Attending events • Event sponsorships • Marketing and advertising: user acquisition, lead generation, brand awareness • Front-end design • Advisory fees to banks • Lobbying special interest groups / policy makers • Acquiring board of Directors and Advisors • Company outings and vacations • Money transmitter licenses • Insurance of virtual currencies that a company may hold in custody • Acquiring and maintaining an inventory of cryptocurrencies • Customer service and bug bounties: reimbursing customer for problems with R values/RNGs • Denial of service (DOS) vandalism and extortion: commonly happens with mining pools • Ransomware (FBI: $18 million last year via Cryptowall and others)

56. Conclusions • Many of the science fair projects that passed themselves off as cryptocurrency “startups” will likely burn out of capital leaving behind IP, software libraries and skilled developers • These libraries and IP, if there is any utility to them, will likely be forked and integrated into existing institutions, organizations and enterprises • Similarly, some skilled developers may benefit from labor arbitrage due to their knowledge and experience which other larger firms lack • In the end, just as PGP, OTR messaging and FOSS stacks like LAMP were inspired in part by cypherpunks but ended up being used by a bevy of non-ideologically oriented organizations, so too will some of the moving pieces that comprise primordial blockchains

57. Conclusions cont’d • There is room for both permissionless and permissioned systems to coexist and grow • Bitcoin-related startups have and will continue to teach the overall fintech industry what works and what doesn’t • These two different network designs are both specialized to handle certain different types of activity and consequently have different cost structures to secure their respective validation processes • What permissionless enthusiasts probably should be cautious of: attempts to turn their network into a permissioned, gated system which is what has slowly happened to Bitcoin over the past six-and-a-half years – all of the costs of both worlds without the benefits of either

58. • tswanson@gmail.com • @ofnumbers • OfNumbers.com Contact

59. Appendix I

60. Appendix II

61. Appendix III

The Distributed Ledger Landscape

Tim Swanson

The Distributed Ledger Landscape