[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
Yesterday, at block height 1920000, many elements of the Ethereum community coordinated a purposeful hardfork.
After several weeks of debate and just over a couple weeks of preparation, key stakeholders in the community — namely miners and exchanges — attempted to create a smooth transition from Ethereum Prime (sometimes referred to as Ethereum Classic) into Ethereum Core (Ethereum One).1
Users of exchange services such as Kraken were notified of the fork and are now being allowed to withdraw ETH to Ethereum Core, which many miners and exchanges now claim as “mainnet.”
Was the hardfork a success? To answer that question depends on which parallel universe (or chain) you resided on. And it also depends on the list of criteria for what “failure” or “success” are measured by.
For instance, if you ended up with ETH on the “unsupported” fork (Classic), who was financially responsible for this and who could attempt to file a lawsuit to rectify any loses?
Maybe no one. Why? Because public blockchains intentionally lack terms of service, EULA, and service level agreements, therefore it is difficult to say who is legally liable for mistakes or loses.
For instance, if financial instruments from a bank were sent to miners during the transition phase and are no longer accessible because the instruments were sent to the “unsupported” chain, who is to blame and bears responsibility? Which party is supposed to provide compensation and restitution?
De facto versus de jure
This whole hardfork exercise visualizes a number of issues that this blog has articulated in the past.
Perhaps the most controversial is that simply: there is no such thing as a de jure mainnet whilst using a public blockchain. The best a cryptocurrency community could inherently achieve is a de facto mainnet.2
What does that mean?
Public blockchains such as Bitcoin and Ethereum, intentionally lack any ties into the traditional legal infrastructure. The original designers made it a point to try and make public blockchains extraterritorial and sovereign to the physical world in which we live in. In other words, public blockchains are anarchic.
As a consequence, lacking ties into legal infrastructure, there is no recognized external authority that can legitimately claim which fork of Bitcoin or Ethereum is the ‘One True Chain.’ Rather it is through the proof-of-work process (or perhaps proof-of-stake in the future) that attempts to attest to which chain is supposed to be the de facto chain.3
However, even in this world there is a debate as to whether or not it is the longest chain or the chain with the most work done, that is determines which chain is the legitimate chain and which are the apostates.4 5
And this is where, fundamentally, it becomes difficult for regulated institutions to use a public blockchain for transferring regulated data and regulated financial instruments.
For instance, in March 2013 an accidental, unintended fork occurred on what many participants claimed as the Bitcoin mainnet.
To rectify this situation, over roughly four hours, operators of large mining pools, developers, and several exchanges met on IRC to coordinate and choose which chain they would support and which would be discarded. This was effectively, at the time, the largest fork-by-social-consensus attempted (e.g., proof-of-nym-on-IRC).
There were winners and losers. The losers included: OKPay, a payment processor, lost several thousand dollars and BTC Guild, a large mining pool who had expended real capital, mined some of the now discarded blocks.
In the Bitcoin world, this type of coordination event is slowly happening again with the never ending block size debate.
One team, Bitcoin Classic, is a small group of developers that supports a hardfork to relatively, quickly increase the block size from 1 MB to 2 MB and higher. Another group, dubbed Bitcoin Core, prefers a slower role out of code over a period of years that includes changes that would eventually increase the block size (e.g., segwit). 6
Yet as it lacks a formal governance structure, neither side has de jure legitimacy but instead relies on the court of public opinion to make their case. This is typically done by lobbying well-known figureheads on social media as well as mining pools directly. Thus, it is a bit ironic that a system purposefully designed for pseudonymous interactions in which participants were assumed to be Byzantine and unknown, instead now relies on known, gated, and trusted individuals and companies to operate.
Note: if the developers and miners did have de jure legitimacy, it could open up a new can of worms around FinCEN administrative requirements. 7 Furthermore, the miners are always the most important stakeholders in a proof-of-work system, if they were not, no one would host events just for them.
With this backstory it is increasingly clear that, in the legal sense, public blockchains are not actual distributed ledgers. Distributed, yes; ledgers, no.
As Robert Sams articulates:8
I think the confusion comes from thinking of cryptocurrency chains as ledgers at all. A cryptocurrency blockchain is (an attempt at) a decentralised solution to the double spending problem for a digital, extra-legal bearer asset. That’s not a ledger, that’s a log.
That was the point I was trying to make all along when I introduced the permissioned/permissionless terminology!9 Notice, I never used the phrase “permissionless ledger” — Permissionless’ness is a property of the consensus mechanism.
With a bearer asset, possession of some instrument (a private key in the cryptocurrency world) means ownership of the asset. With a registered asset, ownership is determined by valid entry in a registry mapping an off-chain identity to the asset. The bitcoin blockchain is a public log of proofs of instrument possession by anonymous parties. Calling this a ledger is the same as calling it “bearer asset ledger”, which is an oxymoron, like calling someone a “married bachelor”, because bearer assets by definition do not record their owners in a registry!
This taxonomy that includes the cryptocurrency stuff in our space (“a public blockchain is a permissionless distributed ledger of cryptocurrency”) causes so much pointless discussion.
I should also mention that the DLT space should really should be using the phrase “registry” instead of “ledger”. The latter is about accounts, and it is one ambition too far at the moment to speak of unifying everyone’s accounts on a distributed ledger.
As I have discussed previously, public blockchains intentionally lack hooks into off-chain legal identification systems.
Why? Because as Sams noted above: a KYC’ed public blockchain is effectively an oxymoron. Arguably it is self-defeating to link and tie all of the participants of the validation (mining) process and asset transfer process (users) to legal identities and gate them from using (or not using) the network services. All you have created is a massively expensive permissioned-on-permissionless platform.
But that irony probably won’t stop projects and organizations from creating a Kimberely Process for cryptocurrencies.
I cannot speak on behalf of the plethora of “private chain” or “private ledger” projects (most of which are just ill-conceived forks of cryptocurrencies), but we know from public comments that some regulators and market structures might only recognize blockchains and distributed ledgers that comply with laws (such as domestic KYC / AML regulations) by tying into the traditional legal infrastructure.10 This means tying together off-chain legal identities with on-chain addresses and activity.
There are multiple reasons, but partly due to the need to reduce settlement risks: to create definitive legal settlement finality and identifying the participants involved in that process.11
As illustrated with the purposeful Ethereum One hardfork and the accidental Bitcoin fork in 2013, public blockchains by design, can only provide probabilistic settlement finality.
Sure, the data inside the blocks itself is immutable, but the ordering and who does the ordering of the blocks is not.
What does this mean? Recall that for both Ethereum and Bitcoin, information (usually just private keys) are hashed multiple times by a SHA algorithm making the information effectively immutable.12 It is unlikely given the length of time our star is expected to live, that this hash function can be reversed by a non-quantum computer.
However, blocks can and will be reorganized, they are not immutable. Public blockchains are secured by social and economic consensus, not by math.
As a consequence, there are some fundamental problems with any fork on public blockchains: they may actually increase risks to the traditional settlement process. And coupled with the lack of hooks for off-chain identity means that public blockchains — anarchic blockchains — are not well-suited or fit-for-purpose for regulated financial institutions.
After all, who is financially, contractually, and legally responsible for the consequences of a softfork or hardfork on a public blockchain?
- If it is no one, then it might not be used by regulated organizations because they need to work with participants who can be held legally accountable for actions (or inactions).
- If it is someone specifically (e.g., a doxxed individual) then you have removed the means of pseudonymous consensus to create censorship resistance.
In other words, public blockchains, contrary to the claims of social media, are not “law” because they do not actually tie into the legal infrastructure which they were purposefully designed to skirt. By attempting to integrate the two worlds — by creating a KYC’ed public blockchain — you end up creating a strange hydra that lacks the utility of pseudonymity (and censorship resistance) yet maintains the expensive and redundant proof-of-work process.
These types of forks also open up the door for future forks: what is the criteria for forking or not in the future? Who is allowed and responsible to make those decisions? If another instance like the successful attack and counter-attack on The DAO takes place, will the community decide to fork again? If 2 MB blocks are seen as inadequate, who bears the legal and financial responsibility of a new fork that supports larger (or smaller) blocks? If any regulated institution lose assets or funds in this forking process, who bears responsibility? Members of IRC rooms?
If the answers are caveat emptor, then that level of risk may not be desirable to many market participants.
Who are you going to sue when something doesn’t go according to plan? In the case of The DAO, the attacker allegedly threatened to sue participants acting against his interests because he claimed: code is law. Does he have legal standing? At this time it is unclear what court would have accepted his lawsuit.
But irrespective of courts, it is unclear how smart contract code, built and executed on an anarchic platform, can be considered “legal.” It appears to be a self-contradiction.
As a consequence, the fundamental need to tie contract code with legal prose is one of the key motivations behind how Richard Brown’s team in London approached Corda’s design. If you cannot tie your code, chain, or ledger into the legal system, then it might be an unauthoritative ledger from the perspective of courts.13
And regulated institutions can’t simply just ignore regulations as they face real quantifiable consequences for doing so. To paraphrase George Fogg, that’s akin to putting your head in the sand.
We continue to learn from the public blockchain world, such as the consequences of forks, and the industry as a whole should try to incorporate these lessons into their systems — especially if they want anyone of weight to use them. Anarchic blockchains will continue to co-exist with their distributed ledger cousins but this dovetails into a conversation about “regtech,” which is a topic of another post.
- Rejecting Today’s Hard Fork, the Ethereum Classic Project Continues on the Original Chain: Here’s Why from Bitcoin Magazine [↩]
- This doesn’t mean that regulators and/or financial institutions won’t use public blockchains for various activities; perhaps some of them will be comfortable after quantifying the potential risks associated with them. [↩]
- Ethereum developers plan to transition Ethereum from proof-of-work to proof-of-stake within the next year. [↩]
- See Arthur Breitman’s interview on Epicenter Bitcoin and Mike Hearn’s interview on Money & Tech [↩]
- Philosophically when Bob connects to “The Bitcoin Network” — how does Bob know he is actually connected to the “real” Bitcoin network? One method is to look at the block header: it should take a specific amount of time to recreate the hash with that proof-of-work. This proves which network has the most work done. However, in the meantime, Bob might connect to other ‘pretenders’ claiming to be “The Bitcoin Network.” At this time, there does not appear to be any legal recognition of a specific anarchic chain. [↩]
- The Bitcoin Core fork, which is euphemistically called a softfork, is basically a hardfork spread over a long period of time. [↩]
- See Section 3.4 [↩]
- Personal correspondence: March 9, 2016 [↩]
- See Blockchain Finance by Robert Sams [↩]
- This is not to say that regulators, governments, and various market participants will not use public blockchains for other activity. [↩]
- See Section 3.1 [↩]
- For proof-of-work mining, Ethereum uses ethash instead of SHA256. For hashing itself, Ethereum uses SHA-3 which is part of the Keccak family (some people use the terms interchangeably but that isn’t technically correct). [↩]
- See Section 9 [↩]