The protocol for financial web
Pavel Kravchenko, PhD
Why banks are interested in
• fast settlement
• easy audit
• standard set of protocols
• finality of settlement and undeniability
Why Bitcoin/Ripple/Ethereum is not
• Poor scalability of a single ledger
• Low speed of transaction validation
• High trust to anonymous validators
• Absence of KYC/AML mechanisms
• Low privacy of trading positions
• Built-in coin is undesirable
What is Infra?
Infra is software with such functionality:
- database that stores balances
- transaction engine
- decentralized exchange
- communication protocol
Current implementation is based on open-source
1) each entity has its own ledger(s)
2) no global shared ledger
3) no global consensus
4) no designated validators (financial institution = validator)
5) consensus only between parties involved in a transaction
6) identification/KYC is decentralized
7) no coin!
Infra architecture principles
Everybody has own ledger. Users’ ledgers
are shared with their bank
1. User naturally share their ledgers with the bank (the
same as having an account)
2. User can be a customer of different banks
3. Banks share their ledger (disclosing only required
information) with regulators
4. Some banks can create shared ledger between them
in order to set-up a decentralized exchange
Sharing ledger is a flexible process
Transaction execution steps
1. Alice signs transactions to send money to Bob
2. Citi resolves Bob’s identity via federation protocol
3. Citi signs transaction (after 2FA if needed)
4. DBS signs incoming transaction, updates Bob’s ledger
and sends signed transaction back to Citi.
5. Bob will update his ledger when he is online
6. Citi updates Alice’s ledger
Case when central/correspondent banks
Balances are asynchronously netted after
Transactions are distributed inside trusted p2p network
between banks (gateways). Each bank decides which
other banks to trust.
Technically trust means mutual exchange of public
keys in order to recognize signatures of each other and
establishing encrypted channel of communication.
Money can be sent only through chain of banks
that trust each other
1. Users are registered by their banks, so there is no global
2. Keys are stored on users’ devices (hosted wallets or
multisig can be used)
3. Banks maintain databases of users’ identities and
providing access to them via federation protocol
4. Requests and responses to such databases are signed
5. Level of privacy is defined by each bank itself
Identity management principles
Who should validate transactions of a user?
Only gateway/bank of the user. If payment crosses border
between banks, both banks have to validate it.
Correspondent banks sign transaction as well (if needed).
Who can become a validator?
Validator is equal to a gateway. Everybody is able to become
a gateway, and issue own currency, but it is useless until some
users trust it. Validator validates only transactions of its users.
Why validators are needed at all?
They implement certain functionality:
2. Two-factor authentication / daily limits
3. Holding physical assets for the user and issue IOU
4. Verification that user transacts with assets he/she possess
5. Managing trust relationships with other validators
Why should some bank trust signatures of the other bank?
Establishment of mutual trust is beyond system functionality.
But as soon as trust is established in a real world, digital
signature produced by the bank is considered legally binding.
Where is the blockchain?
There is no need in blocks. Transactions can be
confirmed one-by-one, or by batches to increase speed.
What does ledger of a user contain?
It contains only Alice’s balances in different currencies/assets
and corresponding signed receipts (transaction) from its
How Bob will know that Alice updated her ledger
When there is a trade both (all) ledgers store
transaction signed by all involved parties (Alice and
Bob). So there is always an ultimate proof that Bob is
right if Alice wants to cheat.
How do you prevent double spending?
1. You can’t prevent it, but you always know who has done it.
2. Banks share ledgers with regulators so it is monitored real time.
3. It’s up to the user to trust unregulated gateways
How do you know that certain asset/ledger/username is original?
Each asset and ledger are uniquely addressed by unique
identifiers (UAI and ULI) that signed by their issuer/creator.
Obviously user has to know valid public key of the issuer.
Usernames are tied to public keys by digital signature of bank
How it is different from what we have now in banking industry?
It is very similar. The goal is to create uniform protocol that uses
cryptography & blockchain allows to speed up transaction
settlement, improve transparency and audibility. Decentralized trade
and currency exchange becomes possible. This protocol operates
under certain assumptions that applicable to banking system - KYC is
done by banks, and conflicts are managed by legal system.
It seems that decentralized trading won’t be efficient, if you need to wait
for confirmations from other banks…
This is true. But certain set of banks are able to establish “virtual Ripple”
instance with shared ledger for order book. Since you don’t need formal
consensus, validation of transaction will be limited only by network
bandwidth. There could be unlimited amount of such decentralized
exchanges at the same time.
Who controls connections between banks?
Nobody. Infra is just a protocol of
communication between them.
How many participants are needed to run the system?
One. In a simplest case it is just open-source internet
banking system that works completely independently.
But if trust is established between some banks,
exchange and trading works out of the box.