What has been the reaction to permissioned distributed ledgers?

About 3 weeks ago I published the “Consensus as a service” report.  What has the fallout been over it?

The specific, public comments broadly fall into 3 groups:

  • those that think Bitcoin is the only blockchain that can and does matter and everything else is a worthless unholy “Frankenstein” ledger
  • those that think cryptocurrency systems as a whole are superior to non-cryptocurrency distributed ledger networks
  • those, like Nick Williamson, who are open to building technology for specific customers and use-cases

As of this writing, the majority of views on /r/bitcoin and Twitter seem to take the maximalist, one-size-fits-all approach: that Bitcoin is the only way, the truth and the light.

In contrast, the target audience for the report are decision makers and developers within the financial services industry.  These individuals, based on months of conversations, are more interested in permissioned ledgers for their business needs because all of the parties involved in the transactions are known, have real-world reputations to maintain, have responsibilities which are expressed in a terms-of-service that is contractually binding and are ultimately legally accountable for actions (or inaction).

Cryptocurrency networks like Bitcoin, a public good that purposefully lacks a terms of service or accountable validators, were specifically designed not to interface with these organizations and institutions — and intentionally created an expensive method to route around all entities (via proof-of-work).  Thus in practice, it makes some sense that financial institutions may not be interested in Bitcoin as-is.

This may be a problem to maximalists, who have come to create and control a narrative in which Bitcoin can and will disrupt anything and everything that deals with finance and have invested accordingly.  Perhaps it will, but then again, maybe it will not.

While there were a number of interesting comments elsewhere, I think the most objective was — independently — an interview earlier this week in Institutional Investor with Blythe Masters (formerly JPMorgan, now over at DAH):

Q: Everyone talks about the enormous potential of alternative currencies and their underlying technology.  But the whold world of Bitcoin and other currencies was set up to resist centralization and intermediation.  It didn’t want to be part of the organized financial industry; it was openly scornful of it, and there’s still a strong libertarian, antibank strain to much of the sector today. Do you think these worlds want to be bridged?

Blythe Masters: I would say that your general characterization of some in the space is correct. But if you had a really good idea about how to build a better tire for an automobile, you would probably be really interested in talking to the auto companies because they are the people that ultimately are going to make use of your technology. You could think that maybe, because of the power of your tire, there might emerge a whole new brand of auto companies that supplant the General Motors of the world because the incumbents never really got the whole concept of what a good tire should be all about. But I’m not sure that would be a good move.

Why do I think this tire analogy is apt?

Because each month at conferences, Bitprophets claim that financial institutions in New York, London and other global centers where capital resides, will fall to the wayside very soon.

Perhaps this prophecy will come true, but it is unlikely for the reason Masters points out: most of the funded Bitcoin companies thus far seem to act like tire companies.

A few entrepreneurs are hoping that newer, different car companies will not only adopt their tires but simultaneously replace older car companies that already provide the same product lines.  While these startups are likely capable of providing utility and usefulness to someone, this overall narrative is probably wishful thinking.  Why would Toyota or General Motors disappear and be completely replaced by new automobile companies in the coming years because someone created a new tire?  Perhaps these existing car manufacturers will indeed disappear due to changes in consumer preferences or safety concerns but probably not because of a new tire.

Furthermore, characterizing the 8 different projects discussed in the report as Frankenstein ledgers is funny as those writing the comments seem to have forgotten how tech iteration works.

For instance, according to Gwern Branwen, the key moving parts that Bitcoin uses are actually a bit old:

  1. 2001: SHA-256 finalized
  2. 1999-present: Byzantine fault tolerance (PBFT etc.)
  3. 1999-present: P2P networks (excluding early networks like Usenet or FidoNet; MojoNation & BitTorrent, Napster, Gnutella, eDonkey, Freenet, etc.)
  4. 1998: Wei Dai, B-money5
  5. 19986: Nick Szabo, Bit Gold
  6. 1997: HashCash
  7. 1992-1993: Proof-of-work for spam7
  8. 1991: cryptographic timestamps
  9. 1980: public key cryptography8
  10. 1979: Hash tree

Would projects like git, which use a few of these parts, be considered “Frankenchains”?

The reaction that a few have had the past couple of weeks makes one wonder as to how they would initially react if alternative airplanes, automobiles and boats were invented: “But a monoplane cannot work as it is missing essential features from the original biplane!”

Taking a step back, calling one of the 8 projects in the report “Frankenledgers” would be like calling:

  • non-Mercedes vehicles, Frankencars
  • non-Wright Brothers heavier-than-air contraptions, Frankeplanes
  • any non-Unix operating system, FrankenOSes (which is ironic since Unix was itself a FrankenOS relative to Multics)
  • any non-Motorola cell phone, Frankenphones

Maybe none of the projects in the report will ultimately succeed.  Maybe in five or six years they fail to gain traction.  Maybe future ledgers and projects add additional “moving parts” to whatever they ultimately call their chain.

Yet we cannot command customer-driven technology to follow one specific narrative anymore than the previous pioneers of technology.  Just ask Alfred Nobel or other inventors over the past few centuries.  Furthermore, building ever larger quantities of a product without figuring out if there is a product-market fit seems to be how the Bitcoin community has attempted to operate over the past several years.  Perhaps this “marketing myopia” will pay-off, maybe the Kevin Costner syndrome (build it and hope they come) will be avoided.  Or maybe not.

Owning coins without disclosing they do

“It’s about the coin, you cannot downplay the coin!” was another common response.

To me the question of coins or no-coins is a red herring.  Perhaps organizations find them useful or maybe not.  Ultimately however, the target market for the report were organizations who need products that:

1) Create additional financial controls (removing the ability for one administrator to abuse the system because the information and state is distributed and shared)

2) Provide additional transparency for their risk management and capital management teams (such as reducing duplicative effort in Transaction Reporting)

Or in short, this variation of shared, replicated ledgers helps financial institutions to securely reduce costs.  That may sound mundane and unsexy, but reducing IT costs at some banks can mean tens of millions in savings.  As a result, some financial institutions (and likely other industries), are looking to take parts of the toolkit, portions of the 10 moving parts above and develop a new developer stack, just as LAMP did 15 years ago.1

How do validators fit in with this again?

The tl;dr of the report is that permissioned ledgers use known validators whereas permissionless ledgers intentionally use pseudonymous validators.  They each have different cost structures and are targeting two different groups of customers.

Why are known validators important?  Because in the event a chain forks, is censored or transactions are double-spent, there is no legal way to hold pseudonymous validators accountable because there is no terms of service or contractual obligation.  Or more to the point, as a public good, who is responsible for when a block reorg take place?  Apparently no one is.  This is problematic for financial institutions that want to be able to reliably transfer large amounts of value.

If pseudonymous validating nodes and mining pools are required to doxx themselves (or the current euphemism, “trusted transparency”), they lose the advantage of being censorship resistant.  Users might just as well use a permissioned ledger.


In the event such a fork, censored transaction or double-spending occurs with permissioned ledgers, the validator can be held legally accountable because they are known.  Proof-of-work is no longer needed and entities that are doing the validating are held accountable to specific TOS/EULA.

The main reason that block reorgs do not occur more frequently, like what happened in March 2013, is that it is just not worth the effort right now relative to the amount of value being transacted on the Bitcoin network.  Yet if there were billions or trillions USD in financial instruments like derivatives moving across the network, there would be an more incentives to attack and reverse transactions (this is one of the problems with watermarked coins as they create a disproportional reward delta).  No financial institution is going to put this type of value on a permissionless chain if they cannot claim damages in the event of censorship or reversal.

bitcoin is not useful

Source: Matt Corallo

“But you cannot have a secure ledger without coins,” is a common response.  Isn’t owning bitcoins the most important part of this equation?

Under Meher Roy’s classification chart, this is only true if hyperbitcoinization takes place, which it probably will not (recall: that which can be asserted without evidence, can be dismissed without evidence).

Then why is this continually promoted?  Probably because the company they work for or their personal portfolio includes bitcoins as part of their retirement plan and hope the demand for bitcoins by financial institutions and other organizations launches the price to the moon.  This is not to say that Bitcoin is bad or worthless as a network (or as an asset, it may even have another black swan or two upwards), but neither the UTXO or network (as-is) is a solution to a problem most banks have.

Maybe as Matt Corallo (who shared the picture above) is right: perhaps in the long-run historians will look back at these permissioned, distributed ledgers and declare them non-blockchains.  Maybe they will be called something else?  However, as it stands right now, even with cryptocurrencies, Bitcoin is not the only way to skin a cat.  The wheels (or tires) comprising Bitcoin and its nascent ecosystem can and will be interchanged and removed due to their open source nature and differing business requirements for each organization.

Keeping fees or be altruistic?

Are there any recent examples of doxxing of validators?  Yesterday a bitcoin user (someone who controls a privkey) made a mistake and accidentally sent 85 bitcoins to a miner in the form of a fee.  At ~$228 per BTC (at the time it was sent) this amounted to a $19,380 fee.  After several hours of debugging and troubleshooting, the problem was identified and fixed.

Along the way, the block maker (the pool) was also identified and notified, in this case it was Bitmain (which operates AntPool) based in China who said they would return the fee.

tx fees in USDThe chart above covers the time frame over the past two years, between April 2013 – April 2015.  It visualizes the fees paid to miners denominated in USD.

As we can see, in addition to the large fee yesterday, there are several outliers that have occurred.  One that is publicly known took place on August 28, 2013 when someone sent a 200 bitcoin fee that was collected by ASICMiner.  At the time the market value was $117.59 per BTC, which meant this was a $23,518 fee.  It is unclear who originally sent the fee.

This raises a couple of questions.

The network was originally designed in such a way that validators (block makers) were pseudonymous and identification by outside participants was unintended and difficult to do.  If users can now contact validators, known actors, why not just use a distributed ledger system that already identifies validators from the get go?  What use is proof-of-work at all?

Yet a trend that has actually occurred over the past four years is self-identification.

For instance, I reached out to Andrew Geyl from Organ of Corti and he provided two lists.

Below is a list of the first time a pool publicly claimed a block:

Pool  |  Height
1:  Slush  97838
2:  bitcoinPool 110156
3:  DeepBit 110322
4:  Eligius 120630
5:  BTC Guild 122608
6:  MTRed 123034
7:  EclipseMC 129314
8:  Polmine 131299
9:  Triplemining 134362
10: BitMinter 134500

And a list of the first time a pool signed a coinbase transaction:

Pool  |  Height
1:  Eligius 130635
2:  BitMinter 152246
3:  BTC Guild 152700
4:  Nmcbit.com 153343
5:   YourBTC 154967
6:   simplecoin.us 158291
7:   Ass Penny pool 161432
8:   btcserv.net 163672
9:   Slush 163970
10:  BitLC 166462

A little history: Slush began publicly operating at the end of November 2010.  Eligius was announced on April 27, 2011.  DeepBit publicly launched on February 26, 2011 and at one point was the most popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.

Why did they begin to identify themselves and sign coinbase transactions?  Geyl thinks they initially did so to help with miner book keeping and that community pressure towards transparency did not happen until later.  And as shown by the roughly ~20% of unknown block creators on any given day, if a block maker wants to remain unknown, it is not hard to do so.

The other question this raises is that of terms of service.  As noted above, since the Bitcoin network is a public good (no one owns it) there is no terms of service or end-user license agreement.  Coupled with a bearer instrument and pseudonomity it is unclear why pools should feel obligated to refund a fee; Bitmain did not steal it and in fact, did nothing wrong.  The user on the other hand made a mistake with a bearer instrument.

This type of altruism actually could set a nebulous precedent: once block rewards are reduced and fees begin to represent a larger percentage of miner revenue, it will no longer be an “easy” decision to “refund” the user.  If Bitmain did not send a “refund” it would serve as a powerful warning to future users to try and not make mistakes.

In addition, why do elements in the community think that 85 BTC is considered refundable but are unconcerned with any fee sent above 0.0001 BTC (0.0001 BTC is considered the “default” fee to miners)?  This seems arbitrary.

And this is a problem with public goods, there are few mechanisms besides social pressure and arbitrary decision making to ration resources.  As described by David Evans, since miners are the sole labor force, they create the economic outputs (BTC) and security it is unclear why they are under any expectation to return fees.

This is probably not the last time this will occur.


Public goods are hard to fund as they typically fall victim to tragedy of the commons.  And development, maintenance and security of Bitcoin is no exception.

While it did end up dominating the embedded systems space, despite similar rhetoric 20 years ago by passionate FOSS developers, Microsoft was not killed by Linux.2  Prophetic claims that desktop Linux would bankrupt incumbents and a GNU (and GPL “maximalism”) world order would take over the software industry never materialized: the fact of the matter is desktop Linux became a niche with no more than 1% of marketshare.  Incidentally, some vocal promoters insisted each year, that 200X would be the year of mass adoption for desktop Linux (it even saw a funding boom-bust such as the VA Linux IPO).3

Instead, many of the ideas and libraries were forked and integrated by enterprises such as IBM into other organizations and institutions, such as banks.  The only multi-billion dollar open source company that arose from this time period was Red Hat, yet even the inroads it made with Linux and FOSS is arguably overshadowed by the biggest kernel user: Android, another corporate sponsored “distro.”45

While past performance does not guarantee future results, IBM is once again back and has been looking into blockchain tech (through ADEPT), many of the major tech companies that arose in the ’90s (such as Amazon and Google) have payment solutions and customer usage of Bitcoin — like desktop Linux before it, despite enormous awareness and interest — still remains very niche, perhaps roughly 300,000 that actually control a privkey.

Maybe this will change over time.  Or maybe the buzz with this hot space will cool down in a few years and all the Young Turks will find something new to work on, leaving Bitcoin to fend for itself like Gnu Privacy Guard and many other forgotten public goods.6  Maybe they will move on to permissioned distributed ledgers which have known use-cases and customers, or maybe onto something else entirely.

Update: be sure to see some critical feedback from Peter Todd

End notes:

  1. According to L.M. Goodman, who created Tezos, a better example would be HTTP, not LAMP: “The value of distributed ledgers is in protocols and networks, not software or “stacks”.” []
  2. Linux certainly did change the infrastructure landscape.  Embedded Linux now pretty much dominates inside many devices (e.g. routers, switches), while it also dominates much of the Internet server ecosystem. The key to both of these was that it solved very specific commercial problems; the adoption was frictionless.  In embedded systems Linux was up against quite expensive proprietary RTOS and embedded OS designs.  The smaller ones were not as feature rich, while the larger ones could not compete in markets where gross margins became very tight. In the server space commercial Unix and Windows servers had expensive OS software and Linux could run on smaller, resource constrained, systems very effectively.  Early adopters could often get their hands on hardware but not the software and startups could readily tweak the software for special purposes. Now Linux dominates these spaces because it is actually really efficient for building things like network servers (they can run better on Linux in many cases).  Thanks to Dave Hudson for this insight. []
  3. Mike Hearn made a similar observation a year ago during a presentation: Mike Hearn, Bitcoin Core Developer NBC2014 from Bitcoin Congress.  See also: What Killed the Linux Desktop by Miguel de Icaza, Linus Torvalds on the Linux desktop’s popularity problems from ZDNet, Desktop Linux: The Dream Is Dead from PCWorld and Windows’ Endgame. Desktop Linux’s Failure from ZDNet []
  4. Google has purposefully avoided using almost all other Linux software and particularly GPL’d software. The entire application framework for Android is different than other distributions like Fedora. They only adopted the kernel possibly because of onerous GPL requirements. []
  5. Incidentally parts of Mac OS X are based off of FreeBSD. []
  6. I would like to thank Christopher Allen for this analogy. []
Send to Kindle

4 thoughts on “What has been the reaction to permissioned distributed ledgers?

  1. Making sure that “permissioned” ledgers are held accountable is problematic may never actually work.

    Accountability requires a working legal system. It also needs to be efficient, uncorrupted, and just. This is not the case now, in particular in countries where politicians are more corrupt. And due to treatment as a public good, undesirable influences (“stakeholders”) can affect the result and cause unjust rulings.

    TLDR; just because someone is accountable, it does not follow that you’ll be the one who they are accountable to. The accountability can end up working to your detriment. Be careful what you wish for.

  2. The main difference here is one of trusted third parties and immutability. Because of Bitcoins proof-of-work function the ledger can be independently audited and verified at any time. A Ripple style ledger requires trusted third parties (gateways) in order to operate, the trust of a gateway is never guaranteed and therefore the ledger is insecure. Ripple Labs has also begun making user identify themselves in order to use the network, another red flag which exposes the weakness of requiring permission in order to operate. Ripple may have its use cases in the legacy financial system, however what Bitcoin does is create a new financial system outside the realm of the legacy one.

  3. I think there are also plenty of moderate views that haven’t been adequately expressed here. As I see the spectrum:

    1. Cryptocurrencies are the whole point, and other blockchain applications are a bubble and will soon go die
    2. Cryptocurrencies and blockchain applications are cool, but cryptocurrencies are a critical and essential centerpiece (note: I use “cryptocurrencies” and not “bitcoin” to distinguish currency-centrism from bitcoin maximalism, which is different)
    3. Cryptocurrencies are useful in public blockchains (though currency-free private “intranet” ledgers are cool too) but their role is much more of a background facilitator for transaction fees and incentivizing security, not a primary object of interest for end users. Most people will see purchasing cryptotokens roughly like they see filling up their gas tank (though their browser will do it automatically for them, so they don’t really care what the cryptocurrency is)
    4. Private ledgers without cryptocurrencies are more useful than public blockchains with cryptocurrencies
    5. Private ledgers without cryptocurrencies are cool, public blockchains are worthless.

    FWIW, I happen to roughly support (3). Also, other people seem to see the end role for cryptoeconomic platforms as being replacing Wall Street; I would argue it’s much more likely that they’ll instead take up a role in a strange kind of new space combining many aspects of IT and finance.

  4. Great post, Tim, and I think it’s spot on. Permissionless ledgers and permissioned ledgers both have their use cases. Taking an extreme position in either direction is like saying that computer networking technology can only be applied to build a (permissionless) Internet or a (permissioned) corporate network, when clearly both are extremely useful products in the real world.

    Looking at current trends, it appears that the bitcoin blockchain will become a global ledger for all sorts of things that people want permanently and publicly recorded, and which no single entity is able to retroactively change. The evidence for this is the ongoing explosion in transaction metadata (OP_RETURNs). The economic case is clear: why spend $100 to notarize something with a lawyer if you can do it for 2c on the blockchain? Or even better, do both, i.e. use the blockchain as a backup for an extra 0.02% in cost. In this scenario, bitcoin becomes valuable as the commodity you need to hold/spend in order to bid up your transactions for inclusion in a block. Right now we’re in bitcoin economic prehistory, since there is no scarcity for transaction confirmations. Once that changes we’ll have real price discovery, and I can easily see $5-$10 in fees per transaction.

    As for the financial sector, the feedback I have universally heard is zero openness to the bitcoin blockchain, at least for the next decade. Too many unknowns in terms of scaling, long-term transaction costs, but mainly (as you say) the complete absence of control over mining. But banks *are* exploring blockchain (and other distributed ledger) technology as a way to make back-end processes more efficient and safe, by reducing data duplication and spreading control over transaction processing to a number of trusted parties rather in a single one. It’s a completely different use case to the bitcoin blockchain, but a perfectly legitimate one.

    As to whether bitcoin and its blockchain will eventually supplant banks completely, the final decision will come down to consumers. I don’t see it happening barring some kind of financial and social catastrophe. People want someone to go to, in order to mediate disputes and reverse errors, and in bitcoin they are left to fend on their own, at best reliant on the good will of miners. It doesn’t appear to be a suitable financial protocol for mainstream users.

Leave a Reply

Your email address will not be published. Required fields are marked *