Token Systems, Payment Channels, and Corporate Currencies
1. TOKEN SYSTEMS, PAYMENT CHANNELS, AND
CORPORATE CURRENCIES
Tutorial @ Austrian Financial Market Authority (FMA)
Vienna, November 13th 2019
Dr. Bernhard Haslhofer
Senior Scientist
Center for Digital Safety & Security
3. Explain and demystify recent developments in the cryptoasset space
GOALS
3
Off-Chain Payment
Channels
Token Systems
Token Systems
Token Systems
Corporate
Currencies
Token Systems
6. • Asset: an economic resource; something of
value (dt.: “Vermögenswert”)
• Cryptoasset: an exchangeable virtual asset
utilizing cryptographic primitives
• Token: jargon for some cryptoasset
(fungible or non-fungible)
• Token system: code account (smart
contract) keeping track of token ownership
and transfers
TOKEN SYSTEMS | DEFINITIONS
6
Fungible Non-Fungible
Token
7. • Second most relevant blockchain system by market valuation
• Open-Source, public, distributed, blockchain system
• Intention: build decentralized applications
• Built-in currency called Ether (ETH), subunit wei
• With Proof-of-work, approx. 14 seconds block time
• Ethereum Virtual Machine (EVM)
• Most significant feature differentiating Ethereum from other
cryptocurrencies
• Can execute programs (smart contracts) written in high-
level programming languages (e.g., solidity)
TOKEN SYSTEMS | ETHEREUM
7
8. ETHEREUM | TOKEN STANDARDS
8
Fungible Tokens (FT) Non-fungible Tokens (NFT)
Interchangeable
A token can be exchanged to any other token of the
same type.
Analogy: dollar bill
Not interchangeable
A non-fungible token cannot be replaced with another
non-fungible token of the same type. If you lend a token
to somebody else, you expect that person to return the
same token and not another of another type
Analogy: birth certificate
Uniform
All tokens of the same type are identical in specification,
each token is identical to another
Unique
Each token is unique and different to all other tokens of
the same type
Divisible
Fungible tokens are divisible in smaller units and it does
not matter which units you get as long as the value is
the same
Non-divisible
Non-fungible tokens cannot be divided. The elementary
unit is one token and one token only
ERC-20 standard
Examples: Tether, SNC, TRX….and ICO (scams)
ERC-721 standard
Examples: CryptoKitties, Crypt Baseball
Source: https://medium.com/0xcert/fungible-vs-non-fungible-tokens-on-the-blockchain-ab4b12e0181a
11. ETHEREUM | MARKET VALUATION
11
Why Are Token Systems Interesting ?
Market valuation:
Top Token Systems
e 28 billion
>
Total Ether
e 20 billion
Sources: Etherscan, coinmarketcap.com, October 9th, 2018
Symposium on Post-Bitcoin Cryptocurrencies - October 19th, 2018 10
Source: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
Sources: Etherscan, coinmarketcap.com, October 9th, 2018
12. • Balance = sum of values
assigned to public keys owned
by the holder of corresponding
private keys
• Used in Bitcoin and many other
cryptocurrencies
12
ETHEREUM | ACCOUNT MODEL
• Externally Owned account (EOA)
• “normal” account (like in banks)
• public / private key pair
• no associated code
• controlled by private keys
• Code Account (CA) aka “Smart Contract”
• Associated code
• No directly associated keys
• Controlled by code
• Activated by EOA
UTXO model Account Model
13. ETHEREUM | EXTERNALLY OWNED ACCOUNT
Adapted from: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
Balance: 6 ETH
Alice (EOA)
Alice
Transaction
From: Alice
To: Bob
Value: 1 ETH
Data:
Sign: Alice
Bob
Bob (EOA)
Balance: 3 ETH
14. ETHEREUM | EXTERNALLY OWNED ACCOUNT
Adapted from: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
Balance: 6 – 1 ETH
Transaction
From: Alice
To: Bob
Value: 1 ETH
Data:
Sign: Alice
Alice (EOA)
Alice Bob
Bob (EOA)
Balance: 3 + 1 ETH
15. ETHEREUM | CODE ACCOUNT (SMART CONTRACT)
Adapted from: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
Company
Company account (CA)
Rules:
IF
data = ’donate’
THEN
add 1 to Donations
Balance: 6 ETH
State:
Donations: 0
Alice (EOA)
Balance: 6 ETH
Alice
Transaction
From: Alice
To: Company
Value: 1 ETH
Data: donate
Sign: Alice
16. ETHEREUM | CODE ACCOUNT (SMART CONTRACT)
Adapted from: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
Alice (EOA)
Balance: 6 – 1 ETH
Company
Company account (CA)
Balance: 6 + 1 ETH
State:
Rules:
IF
data = ’donate’
THEN
add 1 to Donations
Donations: 1
Alice
Transaction
From: Alice
To: Company
Value: 1 ETH
Data: donate
Sign: Alice
A computer program that encodes
state transition rules
17. “SMART CONTRACT “ = COMPUTER PROGRAM ≠ LEGAL CONTRACT
TOKEN SYSTEMS | TAKE AWAY
17
18. ETHEREUM | TOKEN SYSTEM
Adapted from: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
My Token (CA)
Rules:
IF
data = ’send’; to; val
AND from ≥ val
THEN
sub val FROM from
add val TO to
Balance: 0 ETH
State:
Alice: 2
Bob: 0
Alice (EOA)
Balance: 3 ETH
Alice
Transaction
From: Alice
To: My Token
Value: 0 ETH
Data: send; Bob; 2
Sign: Alice
19. ETHEREUM | TOKEN SYSTEM
Adapted from: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
My Token (CA)
Rules:
IF
data = ’send’; to; val
AND from ≥ val
THEN
sub val FROM from
add val TO to
Balance: 0 ETH
State:
Alice: 2 - 2
Bob: 0 + 2
Alice (EOA)
Balance: 3 ETH
Alice
Transaction
From: Alice
To: My Token
Value: 0 ETH
Data: send; Bob; 2
Sign: Alice
20. ETHEREUM | CREATING A TOKEN SYSTEM
20
Adapted from: Fröwis: Tracking Payment Flows in Ethereum, Symposium on Post-Bitcoin Cryptocurrencies, 2018
22. • Interpretability = Human understanding of token systems
• Non-trivial / impossible if source code is not available (upload non-
mandatory in Ethereum)
• Immutability of source code ≠ immutability of control flows (trust issues)
• As smart contracts become more popular and carry more value they
become interesting targets for fraudsters and attackers
TOKEN SYSTEMS | TAKE AWAY
22
23. • Atomic Swaps:
• Allows two parties to exchange their asserts “atomically” without trusted third parties
• Decentralized Exchanges (DEXs)
• Non-custodial traders (no need to deposit money)
• 30 DEX protocols, > 250 DEXs, 4000 active traders, 50K ETH market volume
TOKEN SYSTEMS | RECENT DEVELOPMENTS
23
[Source: Han et al., 2019: “On the optionality and fairness of Atomic Swaps”]
27. PAYMENT CHANNELS | MOTIVATION
27
Blockchain
Blocksize: 1 MB
ca. 1500 - 2000 transactions
ca 10 min
Maximum throughput: ca. 7 tx / sec
Major design issue:
All transactions are stored on the blockchain and replicated among peers.
Facilitate about 2,000 tps
Peak capacity: 56,000 tps
28. • Move massive bulk of transactions off-chain
• Users
• carry out transactions off-chain between
each other
• rely on blockchain
• for settlement
• to resolve dispute in case of
disagreement
PAYMENT CHANNELS | BASIC IDEA
28
Blockchain
Off-chain transactions
Settlement
Resolve dispute
29. PAYMENT CHANNELS | PHASES
29
Inspired by R. Böhme “Prinzip von Off-Chain Zahlungskanälen”
Blockchain
Time
Funding Tx
Input Output
Input
Phase 1
“Open Payment
Channel”
Settlement Tx
Input Output
Phase 3
“Close Payment
Channel”
Output
Phase 2
“Off-Chain Transactions”
31. LIGHTNING NETWORK | EXAMPLE SETUP
32
Alice Charlie
Blockchain
[contributed by P. Holzer]
32. LIGHTNING NETWORK | EXAMPLE & DEMO
33
Alice Charlie
Blockchain
Time
Before LN Transactions:
Alice: 25.570 Satoshi
Charlie: 47.677 Satoshi
After LN Transactions:
Alice: 23.667 Satoshi
Charlie: 48.677 Satoshi
1. Alice creates Payment
Channel with Charlie and
locks 20.000 Satoshi
3. Alice pays invoice and sends Charlie 2.000 Satoshi
2. Charlie sends Alice invoice about 2.000 Satoshi
4. Alice sends Charlie invoice about 1.000 Satoshi
5. Charlie pays invoice and sends Alice 1.000 Satoshi
6. Charlie requests
Payment Channel Closing
-1903
+1000
[contributed by P. Holzer]
35. PAYMENT CHANNELS | BUSINESS CASE
37
Custodial Wallet
Users do not have access to private keys.
They are stored and managed by exchanges
or wallet providers.
Non-custodial wallets
Alice
Charlie
Users hold private keys and have full
control over their funds.
36. PAYMENT CHANNELS | BUSINESS CASE
38
Alice
Buy 1 BTC
Custodial Wallet Provider
Blockchain
Wallet Provider: 1,000 BTC
No blockchain
transaction
Instant
No fees
Alice: 1 BTC
….
Wallet Provider
Database
Alice: + 1 BTC
37. PAYMENT CHANNELS | BUSINESS CASE
39
Alice
Send 1 BTC
Custodial Wallet Provider
Charlie
Blockchain
Wallet Provider: 1,000 BTC
Receive 1 BTC
No blockchain
transaction
Instant
No fees
Alice: 0 BTC
Charlie: 1 BTC
….
Wallet Provider
Database
Alice: - 1 BTC Charlie: + 1 BTC
38. PAYMENT CHANNELS | BUSINESS CASE
40
Wallet Provider A: 999 BTC
Wallet Provider B: 1,001 BTC
Blockchain
transaction
~ 1h confirmation time
transaction costs
traceability
Custodial Wallet Provider A Custodial Wallet Provider B
Alice
Send 1 BTC Receive 1 BTC
Charlie
Blockchain
Send BTC Transaction
A à B (1 BTC)
Check ledger for
transactions assigning
values to B
39. PAYMENT CHANNELS | BUSINESS CASE
41
Blockchain
Opening + Settlement Transactions
Custodial Wallet Provider A Custodial Wallet Provider B
Payment
Channel
Minimal amount of
blockchain transactions
Instant Payments
Minimal transaction costs
Limited tracability
40. • Blockchains have scalability problems; payment channels are a possible solution
• Changing role
• Without payment channels: blockchain = transaction ledger (dt. Kontobuch)
• With payment channels: blockchain = court record (dt. Gerichtsbuch)
• Most likely not an end-user technology à business case for intermediaries
• Still in infancy, many unknowns (requires further research)
PAYMENT CHANNELS | TAKE AWAYS
42
42. CRYPTO VS. CORPORATE CURRENCIES
Financial
Transaction
Infrastructure
Money issuance
and control
Value
Governance
Permission-less Blockchain
Open P2P Network
(High degree of distribution)
Distributed Database w. blockchain-
inspired features
(Low degree of distribution)
Defined rules
BTC: 21M
ETH: no hard cap
Unlimited (market-driven)
Controlled by Libra Association
”Market”-driven
(hopes, believes, expectations, and
speculation)
Tied to basket of national currencies
and bonds
Relatively open
(core devs, miners, intermediaries)
Libra Association
(payment providers, tech companies,
venture capital)
43. Libra Transaction = State change in a distributed database
Libra Blockchain = Versioned database
LIBRA PROTOCOL | KEY CONCEPTS
45
time
𝑠$%& 𝑠$
𝑇$
A = 10 B = 10
A = 8 B = 12
44. The Libra protocol uses an account-based data model (c.f., Ethereum)
LIBRA PROTOCOL | KEY CONCEPTS
46
Account Address Account Values
0x12….
0x34….
Module
(stores program code)
Resource
(stores data values)
Addresses are
hashes over public keys
Program code (smart contracts)
is written in a
language called “Move"
46. • Corporate currencies = digital currencies and financial transaction infrastructures
controlled by corporations
• Libra “blockchain” = a centrally controlled distributed database ≠ distributed ledger
technology used in cryptocurrencies or token systems
• Libra technology is still early stage; the future is unclear
CORPORATE CURRENCIES | TAKE AWAYS
48
47. All papers are openly available via arxiv.org or ssrn.com
• Fröwis and Böhme (2017): “In Code We Trust? Measuring the Control Flow
Immutability of All Smart Contracts Deployed on Ethereum”
• Torres and Steichen (2019): “The Art of Scam: Demystifying Honeypots in
Ethereum Smart Contracts
• Daian et al., (2019): ”Flash Boys 2.0: Frontrunning, Transaction Reordering,
and Consensus Instability in Decentralized Exchanges”
• Han et al., (2019): “On the optionality and fairness of Atomic Swaps”
• Gudgeon et al. (2019): “SoK: Off The Chain Transactions”
• Schuster (2019): “Cloud Crypto Land”
REFERENCES
49