How cryptocurrencies enable ransomware and how regtech can help counter it

Imagine for a moment that Alice, a hacker, was looking at various means for receiving payment for an illicit activity she just undertook.  She has two options to do so, which would she choose?

(1)  Bob built a payment network which was identity-free; it used pseudonyms so no legal identities were required to send transactions between its participants.  And that trying to stop or prevent payments was difficult because the computers running the payment network were widely distributed and run by multiple known and unknown participants across dozens of jurisdictions that were sometimes hard to track down.  Recourse is difficult and sometimes impossible.  Cryptocurrencies such as Bitcoin, Litecoin, and Ethereum are examples of such a network.

(2) Carol built a payment network which requires all users to provide a proof-of-identity, usually by scanning and storing of government-issued IDs or utility bills.  And that stopping, preventing, or even rolling back payments was possible because the computers running the payment network were run by legally identifiable participants who were often located in easy-to-find offices.  Recourse could be cumbersome, but almost always possible.  Wire transfer methods like ACH are examples of such a network.

Alice would probably choose number one and later try use some conversion tool or exchange to move her payment into number two.  How is this done?  See the (dated) flow-of-funds chart below.

While some cryptocurrencies, like Bitcoin, were probably not designed to serve as get-away vehicles – because of key design choices that make legal recourse difficult – they are increasingly used to shuffle ill-gotten gains around.1

For example, data kidnapping – commonly referred to as ransomware – has existed in some form for more than two decades.  But the current plight surrounding ransomware, and the white washing of the role cryptocurrencies have in this plight, have gone hand in hand over the past several years.

Why?

The core characteristics of cryptocurrencies – censorship resistance and pseudonymity – are some of the main reasons why ransomware has become increasingly commonplace.  And these cryptocurrencies need liquidity.

Liquidity into-and-out of fiat has fluctuated over time, with some exchanges being debanked and sometimes rebanked, but as an aggregate it has increased overall.  Liquidity is often done through venture-backed gateways and exchanges.

As explored in my previous post, as well as others, many of these gateways and platforms have inadequate and typically non-existent KYC and AML gathering processes.  This post won’t go into the details surrounding some of the investors and promoters of these platforms, but further research could dive deeper into that industry as well as the white washing that goes on to distract investigations.

We see this empirically: attackers do not ask for fiat or credit cards because these would be easily tracked and/or transactions would be halted.  Instead, they ask to be paid in some kind of cryptocurrency because they know the likelihood of getting caught and reprimanded is significantly lower.

This past Friday, WannaCry, a ransomware package, wreaked havoc on more than 200,000 victims across all times of organizations located in over 150 countries.  This included government services including NHS in the UK and the Interior Ministry in Russia.

Source: Twitter

The first-order of victims ranged from small startups that could quickly patch and restart their computers all the way to large hospital systems that were unable to access patient records and had to turn away patients.

This then leads to the second-order of victims: patients and customers of these institutions.  According to the Associated Press, the “cyberattack hit almost 20 percent of UK’s 248 public health trusts.”

While all of the impacted organizations already should have had a formal plan to upgrade and patch these types of vulnerabilities (e.g., create regular back-ups off-site), based on several news stories, many of them did not.

Will they all learn from this lesson?  Probably not.

Either way: none of the victims have a formal means of recourse against the hacker(s) involved in WannaCry because we do not know the identities of the hackers.  Some victims have even paid the ransom of ~$300, denominated in bitcoin, to have their files unlocked.  The hacker is using multiple (4+) bitcoin addresses to receive the ransom and as of this writing, has received more than $50,0002

Last year the FBI estimated that around $1 billion was paid to unlock ransomware and cyber extortion.  Cryptocurrencies, such as Bitcoin, were usually the preferred method of payment.

Two weeks ago, James Comey, former Director of FBI spoke before the Senate Judiciary Committee and noted that:

Some of our criminal investigators face the challenge of identifying online pedophiles who hide their crimes and identities behind layers of anonymizing technologies, or drug traffickers who use virtual currencies to obscure their transactions.

For Bitcoin, there are ways to remain fairly anonymous, like using mixers, however it requires a lot more work to.  But relatively few people are investigating, so the chance of getting caught is likely low.  Newer cryptocurrencies such as Monero and Zcash are designed to be anonymous which makes them harder to track.  Monero has been spotted in the wild alongside the Kirk Ransomware as well as research from Sophos (pdf).3  And Zcash has been used by a botnet to mine more Zcash on devices such as your phone.

And then there is Tor, a software program that enables anonymous communication by passing network traffic through various relays nodes that help conceal the location of the user.  WannaCry used Tor to preserve its “anonymity by proxying their traffic through the Tor network.”

How to bring some light into the darkness?

Solutions

I reached out to Adam Young who co-created “cryptoviral extortion” (what we call ransomware today).  In his view:4

In terms of the ransomware attack, people/organizations need to do a better job at patching and removing end-of-life systems, clearly. My larger concern is that cryptoviral extortion is the only cryptovirology attack that anyone seems to be paying attention to and there are many, many others.

I also spoke to Danny Yang, CEO of Blockseer who advised everyone to, “update your software, make sure you have latest security patches – that ransomware worked because  people didn’t update their Windows since March when that particular security vulnerability was patched.”5

My recent post looking at Bitfinex and regtech was quite popular.  It was viewed several thousand times and I received a number of calls from reporters looking to investigate some of the points raised.

Some people pointed out that the behavior by Bitfinex and other cryptocurrency exchanges is one of the reasons why a few banks in emerging markets have lost correspondent banking access: that they were de-risked because of what others perceive is a high-risk customer base.

According to research by Accuity, a global financial crime compliance, payments and KYC solutions provider:

Between 2009 and 2016, correspondent banking relationships, where one financial institution provides services on behalf of another in a different location to facilitate cross-border payments, have reduced globally by 25%.

Earlier this year, the People’s Bank of China, SAFE and other government bodies in China, investigated and froze cryptocurrency withdrawals at many, if not all, the cryptocurrency exchanges operating on the mainland.

Why?  Among other reasons: inadequate KYC and AML gathering and sharing processes.

According to Caixin, a notice of administrative punishment may be released in June that details the punishment and fines of these China-based exchange operators.

In addition to freezing and de-banking, what are some other solutions as well?

Companies such as Blockseer and Chainalysis provide tools for law enforcement, regulators, entrepreneurs and compliance teams to trace and track the flow-of-funds on cryptocurrency networks. I have written about them numerous times.

Angel List is tracking 96 startups involved in providing compliance-related software for SMB, hospitals, cloud providers, social media platforms and a handful of other verticals.  It also has job listings for 11 regulatory compliance startups.  There is an additional 2,878 startups listed under the broader category of big data analytics, some of whom who are also working in the regtech space.

While technology can help play a role in identifying participants on these types of networks (blockchains and distributed ledgers), it is also worth exploring the proposed strawman for setting up a Kimberley Process for cryptocurrencies.  Identity systems are critical to all property rights and financial networks.  Creating applications around data lineage, data provenance, KYC management, and standardized digital identities will help provide transparency into all markets.

If you’re interested in learning more about these tools and mechanisms, feel free to reach out or leave a comment below.

Endnotes

  1. In the original white paper, Nakamoto explained ways to route around trusted third parties, such as governments. []
  2. If you’re interested in learning more about how malware researchers identified and stopped it, Malware Tech has a detailed story as well as one from Brian Krebs. []
  3. AlphaBay, the largest darknet market by volume, announced that it was accepting Monero as a form of payment in August 2016. []
  4. Private correspondence, May 14, 2017.  Published with his permission. []
  5. Private conversation reused with permission.  May 13, 2017 []
Send to Kindle

Citations, interviews, and events for the final third of 2016

Presenting at Bitcoin / Ethereum Meetup in Hong Kong

I ended up traveling a lot more than I expected last year, including 9 times just to East Asia.  The level of interest in that region will probably increase this year — especially as more projects and companies are funded — though I probably won’t do the Trans-Pacific shuffle nine times again this year.

As of right now there are probably just a small handful of startups in APAC that have the capital, connections, and capability to execute and build the commercial products and applications that are discussed at the plethora of fintech events.  And almost none of them have anything to do with a cryptocurrency itself either… because cryptocurrencies weren’t designed to solve most problems financial service organizations have.

Below are the interviews, events, and presentations I participated in the last few months of 2016.

Note: according to their stats, my “Settlement Risks Involving Public Blockchains” was one of TABB Forum’s top stories of 2016.

Quoted:

Cited:

Interview:

Events:

  • Smart Cloud Show 2016 from Chosun Ilbo on September 21, 2016 in Seoul, South Korea.
    • Keynote: “Blockchain and Financial Big Bang”
    • Coverage: Naver
  • Global Blockchain Summit event held by Wanxiang Blockchain Labs on September 23, 2016 in Shanghai, China
    • Presentation: “Opportunities and Challenges for Financial Services in the Cloud: Trade-offs in digitizing and automating finance” (R3 Blurb)
  • Fujitsu Laboratories of America Technology Symposium annual event on October 11, 2016 in Santa Clara, California
    • Panel: “The Blockchain Future – Challenges and Opportunities Ahead”
  • Fórum Blockchain event jointly held by Itaú and Bradesco on October 13, 2016 in São Paulo, Brazil
    • Presentation: “Smart Contracts: cryptographically secured, automated business logic”
  • MIT Fintech Course: Future Commerce on October 18, 2016 (virtual)
    • Discussion: “Distributed Ledger Technology Landscape and Regulations”
  • GAIM OPS West Coast annual event held on October 25, 2016 in Rancho Mirage, California
    • Panel: “Blockchain: What Exactly is it disrupting? Will it Negate Counterparty Risk?” (Photo)
  • CIO Study Trip hosted by the Capgemini Applied Innovation Exchange Lab on behalf of the IT Management Association on October 26, 2016 in San Francisco
    • Presentation: “Distributed Ledger Technology” and “Legal and Regulatory Challenges”
  • Day long discussions on November 9, 2016 at Cornell University in Ithaca, New York
    • Presentation: “Code is not law” (Photos)
  • Guest lecture at the Boston Economic Club on November 16, 2016 in Boston, Massachusetts.
    • Presentation: “DLT as Financial Market Infrastructure” (Photo)
  • Global Trade Review: West Coast Trade & Working Capital Conference on November 17, 2016 in San Jose, California
    • Panel: “Fintech investment and evolution of the trade finance sector” (Photo)
  • The Future of Financial Payment Services Driven by Technology Innovation on November 22, 2016 from Korea Finance Telecommunications & Clearings Institute 30th Anniversary Seminar in Seoul, South Korea
    • Presentation: “DLT as Financial Market Infrastructure” (Photos)
    • Panel: (Photos)
  • Inside Fintech on December 8-9, 2016 in Seoul, South Korea
    • Presentation: “Why Building Financial Infrastructure is Different than Building a Social Media App” (Photos)
    • Panel: “Regulating the Unregulated: How is Regulation and Compliance Impacting the Adoption of New Technology and Innovation” (Photos)
  • Ethereum and Bitcoin joint meetup on December 12, 2016 in Hong Kong
    • Presentation:  “On Consortiums: R3’s Tim Swanson in Conversation”
  • 13th annual China International Finance Forum on December 15, 2016 in Shanghai, China
Send to Kindle

Citations, presentations, and panels

Below are a number of events, presentations, panels, and interviews I have participated in over the past three months.

Academic citation:

Quoted:

Presentations:

Interviewed:

Panels:

Cited:

Send to Kindle

Code is not law

This past Sunday I gave a new presentation at the Palo Alto Ethereum meetup — it was largely based on my previous two blog posts.

Note: all of the references and citations can be found within the notes section of the slides.  Also, I first used the term “anarchic chain” back in April 2015 based on a series of conversations with Robert Sams.  See p. 27.

Special thanks to Ian Grigg for his constructive feedback.

Slides:

Video:

Send to Kindle

Ethereum Core and Ethereum Classic for Dummies

[Note: I neither own nor have any trading position on any cryptocurrency.  The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]

If you’re bored of catching Pokemon and happen to have a lot of butter stored up, now is the time to break out the premium organic popcorn kernels and enjoy Fork Wars: Summer 2016 Edition.

As mentioned in the previous post: last week many miners, exchanges, and developers coordinated a hardfork of Ethereum.  At the time there were lots of celebrations for having done something that flew in contrast to the views prominently held by the Bitcoin Core development community: namely that a fast hardfork can’t be done safely on a public blockchain.

Well, it has been done, but there were also some consequences.  Some intended and others unintended.  The biggest consequence — which was touched on in my last post too — was that there were now parallel universes: Ethereum Core (ETH) and Ethereum Classic (ETC).

What does this mean?

If you owned a coin on pre-hardfork Ethereum, you now own not just the ETH facsimile but also the Classic coin (ETC) too.  Two for the price of one!1

This also opens up the very real possibility of replay attacks which was also a possibility when Ethereum moved from Olympic to Frontier.

A replay attack predates cryptocurrencies such as Bitcoin and Ethereum:

[I]s a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.

In this case, it is the retransmission of a transaction (not IP packet).  Or in the Ethereum world, a replay attack would be to take a transaction from one Ethereum fork and maliciously or fraudulently repeating it on another Ethereum fork.

A little confused?  Check out: Sirer, Rapp, and Vessenes.

At first most of the Ethereum community assumed that Classic would effectively become deprecated and fade away into history much like Olympic.  After all, so went the argument, who would want to use or support a network in which at least one participant owned/controlled roughly ~10% in now “hot” ether?

Sidebar: recall that the main motivating force behind the hardfork was spurred on by the successful attack on The DAO, an investment fund created by Slock.it who did not adequately test the smart contract for security vulnerabilities (among other issues).

Well, it seems that Classic will not go silent into the night, at least not yet.

From a technical integration standpoint, while all of the large exchanges initially supported ETH, one altcoin exchange based in Montana — Poloniex — began supporting both forks.2

Traders — seeing a potential arbitrage opportunity — began doing what they do best: speculating and driving up demand for ETC via posts on social media.  As a consequence of their marketing efforts, the price of ETC dramatically rose over 380% in one 24-hour period alone.  In return, some of the miners that had abandoned the original Ethereum chain (ETC) to mine on the ETH hardfork have now begun mining on both which means that the original ETC network actually has once again begun seeing an increase in its hashrate (recall that it had dramatically dropped a week ago).

This is an interesting twist because less than 3 days ago, Chandler Guo an executive at BW.com — a large mining pool — announced he would undertake a 51% attack on the ETC blockchain because of the decision by Poloniex to support it.  Chandler later announced he would not carry it out.

Incidentally, it is likely that the noise that was created from this threat actually drew more attention to the Poloniex arbitrage opportunity, creating a type of Streisand Effect.3

Visual

What does this situation look like?

ethereum classic

Source: slacknation

Above is a line graph that is auto-generated and reflects the past 48 hours of two types of ratios: the Ethereum Classic (ETC) to Ethereum Core (ETH) price; and the ETC to ETH hashrate.  Price is derived from the two largest exchanges in terms of ether liquidity (Bitfinex and Poloneix).

This is actually not surprising behavior, we empirically observe the same type of trend with other cryptocurrencies: when price increases more hashrate comes on-board and vice-versa.45

Precedence

Over the past several days there has been much guessing as to which chain will live or die, but rarely do people suggest that both will live on in the long-run.

And I think that is short-sighted.  While not a fully direct comparison, even though they’re effectively based on the same code, we have seen how Litecoin and Dogecoin have permanently conjoined at the hip via merged mining: they co-exist via the Scrypt Alliance.  In addition, we have seen for years the continued existence of multiple multipools, which automatically direct GPU-miners to the most profitable cryptocurrency usually with a payout in bitcoin.

I cannot predict who which chain outlasts the other.  Perhaps now that ethcore has said it will also support Ethereum Classic, the two (or more!) chains will both continue to exist and grow.  Either way, we do know that the maximalist thesis, that there is a “coming demise of altcoins,” continues to be empirically incorrect and I suspect that it will remain incorrect for as long as there is continued speculative demand for cryptocurrencies in general.  This includes both ETH and ETC.

Other winners and losers

Who else gains from this phenomenon?  In the short run, anyone interested in trading will probably be able to find some kind of arbitrage — assuming demand grows or at least stays at the same level.

Anyone else?

Other cryptocurrency communities that see Ethereum as a competitor could believe they now have an incentive to support multiple forks too, as it draws hashrate and potential mindshare away one chain at the expense of the other.  And the more that the Ethereum community is painted as being “chaotic” the less of a threat it is seen to other public blockchains.  But maybe this is shortsighted too and will simply enlarge the Ethereum community because they now end up as ETC holders and want it to appreciate in value.

Either way, it sounds like the makings of some kind of TV miniseries staring Jean-Luc Bilodeau as Vitalik Buterin (they’re both Canadian).

Want to read more on the topic?

Conclusions

Ignoring the above quasi-illustration of the many-worlds interpretation, surprisingly not much has been discussed regarding the analog world of when fiat currencies are created or even removed at certain exchange rates and the unintended consequences therein.

For instance, in the comedy Good Bye, Lenin! we see the repercussions for those who were unable to convert East German marks for West German marks after the fall of the Berlin Wall.

More recently we have seen multiple Iraqi dinar scams, in which individuals were deceived and conned into acquiring pre-war dinar (a deprecated fiat currency) with the fraudulent pitch that at some point in the future, the previous pre-war exchange rate would somehow be reached.

However, one of the biggest differences with the Ethereum-based chains above is that cryptocurrencies are anarchic — without terms of service or ties to the legal system. Therefore it is difficult (impossible even?) to say which chain is the de jure legitimate chain.  Consequently it is unclear if anyone has a legal claim to prevent or create additional forks in the future and because of this, it is hard to see who has liability for past, present or future forks on these chains.

Whether that is a risk organizations and regulated institutions are willing to take is a topic for another post.  Perhaps if or when this is done, there will be even more chances to consume warm buttery popcorn as we watch and learn from the trials and tribulations of anarchic blockchains.

Endnotes

  1. It is closer to a spinoff than a stock-split.  Similar to the Ebay/Paypal spinoff, where a company that once had single market capitalization (EBAY) now trades under two different symbols (EBAY/PYPL) that trade and move independently. []
  2. Note: by this I mean that the existing exchanges that had already on-boarded ether, not that all large cryptocurrency exchanges had on-boarded ether. []
  3. Guo wanted to remove something (a chain in this case) but by advertising his intention to do so, only drew more interest and activity back into the very chain he intended to remove. []
  4. See Appendix B []
  5. See also Ethereum chain state []
Send to Kindle

Archy and Anarchic Chains

[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]

Yesterday, at block height 1920000, many elements of the Ethereum community coordinated a purposeful hardfork.

After several weeks of debate and just over a couple weeks of preparation, key stakeholders in the community — namely miners and exchanges — attempted to create a smooth transition from Ethereum Prime (sometimes referred to as Ethereum Classic) into Ethereum Core (Ethereum One).1

Users of exchange services such as Kraken were notified of the fork and are now being allowed to withdraw ETH to Ethereum Core, which many miners and exchanges now claim as “mainnet.”

Was the hardfork a success?  To answer that question depends on which parallel universe (or chain) you resided on.  And it also depends on the list of criteria for what “failure” or “success” are measured by.

For instance, if you ended up with ETH on the “unsupported” fork (Classic), who was financially responsible for this and who could attempt to file a lawsuit to rectify any loses?

Maybe no one.  Why?  Because public blockchains intentionally lack terms of service, EULA, and service level agreements, therefore it is difficult to say who is legally liable for mistakes or loses.

For instance, if financial instruments from a bank were sent to miners during the transition phase and are no longer accessible because the instruments were sent to the “unsupported” chain, who is to blame and bears responsibility?  Which party is supposed to provide compensation and restitution?

De facto versus de jure

This whole hardfork exercise visualizes a number of issues that this blog has articulated in the past.

Perhaps the most controversial is that simply: there is no such thing as a de jure mainnet whilst using a public blockchain.  The best a cryptocurrency community could inherently achieve is a de facto mainnet.2

What does that mean?

Public blockchains such as Bitcoin and Ethereum, intentionally lack any ties into the traditional legal infrastructure.  The original designers made it a point to try and make public blockchains extraterritorial and sovereign to the physical world in which we live in.  In other words, public blockchains are anarchic.

As a consequence, lacking ties into legal infrastructure, there is no recognized external authority that can legitimately claim which fork of Bitcoin or Ethereum is the ‘One True Chain.’  Rather it is through the proof-of-work process (or perhaps proof-of-stake in the future) that attempts to attest to which chain is supposed to be the de facto chain.3

However, even in this world there is a debate as to whether or not it is the longest chain or the chain with the most work done, that is determines which chain is the legitimate chain and which are the apostates.4 5

And this is where, fundamentally, it becomes difficult for regulated institutions to use a public blockchain for transferring regulated data and regulated financial instruments.

For instance, in March 2013 an accidental, unintended fork occurred on what many participants claimed as the Bitcoin mainnet.

To rectify this situation, over roughly four hours, operators of large mining pools, developers, and several exchanges met on IRC to coordinate and choose which chain they would support and which would be discarded.  This was effectively, at the time, the largest fork-by-social-consensus attempted (e.g., proof-of-nym-on-IRC).

There were winners and losers.  The losers included: OKPay, a payment processor, lost several thousand dollars and BTC Guild, a large mining pool who had expended real capital, mined some of the now discarded blocks.

In the Bitcoin world, this type of coordination event is slowly happening again with the never ending block size debate.

One team, Bitcoin Classic, is a small group of developers that supports a hardfork to relatively, quickly increase the block size from 1 MB to 2 MB and higher.  Another group, dubbed Bitcoin Core, prefers a slower role out of code over a period of years that includes changes that would eventually increase the block size (e.g., segwit). 6

Yet as it lacks a formal governance structure, neither side has de jure legitimacy but instead relies on the court of public opinion to make their case.  This is typically done by lobbying well-known figureheads on social media as well as mining pools directly.  Thus, it is a bit ironic that a system purposefully designed for pseudonymous interactions in which participants were assumed to be Byzantine and unknown, instead now relies on known, gated, and trusted individuals and companies to operate.

Note: if the developers and miners did have de jure legitimacy, it could open up a new can of worms around FinCEN administrative requirements. 7  Furthermore, the miners are always the most important stakeholders in a proof-of-work system, if they were not, no one would host events just for them.

arthur twitter pow

Source: Twitter

Ledgers

With this backstory it is increasingly clear that, in the legal sense, public blockchains are not actual distributed ledgers.  Distributed, yes; ledgers, no.

As Robert Sams articulates:8

I think the confusion comes from thinking of cryptocurrency chains as ledgers at all. A cryptocurrency blockchain is (an attempt at) a decentralised solution to the double spending problem for a digital, extra-legal bearer asset. That’s not a ledger, that’s a log.

That was the point I was trying to make all along when I introduced the permissioned/permissionless terminology!9 Notice, I never used the phrase “permissionless ledger” — Permissionless’ness is a property of the consensus mechanism.

With a bearer asset, possession of some instrument (a private key in the cryptocurrency world) means ownership of the asset. With a registered asset, ownership is determined by valid entry in a registry mapping an off-chain identity to the asset. The bitcoin blockchain is a public log of proofs of instrument possession by anonymous parties. Calling this a ledger is the same as calling it “bearer asset ledger”, which is an oxymoron, like calling someone a “married bachelor”, because bearer assets by definition do not record their owners in a registry!

This taxonomy that includes the cryptocurrency stuff in our space (“a public blockchain is a permissionless distributed ledger of cryptocurrency”) causes so much pointless discussion.

I should also mention that the DLT space should really should be using the phrase “registry” instead of “ledger”. The latter is about accounts, and it is one ambition too far at the moment to speak of unifying everyone’s accounts on a distributed ledger.

As I have discussed previously, public blockchains intentionally lack hooks into off-chain legal identification systems.

Why?  Because as Sams noted above: a KYC’ed public blockchain is effectively an oxymoron.  Arguably it is self-defeating to link and tie all of the participants of the validation (mining) process and asset transfer process (users) to legal identities and gate them from using (or not using) the network services.  All you have created is a massively expensive permissioned-on-permissionless platform.

But that irony probably won’t stop projects and organizations from creating a Kimberely Process for cryptocurrencies.

I cannot speak on behalf of the plethora of “private chain” or “private ledger” projects (most of which are just ill-conceived forks of cryptocurrencies), but we know from public comments that some regulators and market structures might only recognize blockchains and distributed ledgers that comply with laws (such as domestic KYC / AML regulations) by tying into the traditional legal infrastructure.10 This means tying together off-chain legal identities with on-chain addresses and activity.

Why?

There are multiple reasons, but partly due to the need to reduce settlement risks: to create definitive legal settlement finality and identifying the participants involved in that process.11

Finality

As illustrated with the purposeful Ethereum One hardfork and the accidental Bitcoin fork in 2013, public blockchains by design, can only provide probabilistic settlement finality.

Sure, the data inside the blocks itself is immutable, but the ordering and who does the ordering of the blocks is not.

What does this mean?  Recall that for both Ethereum and Bitcoin, information (usually just private keys) are hashed multiple times by a SHA algorithm making the information effectively immutable.12 It is unlikely given the length of time our star is expected to live, that this hash function can be reversed by a non-quantum computer.

However, blocks can and will be reorganized, they are not immutable.  Public blockchains are secured by social and economic consensus, not by math.

As a consequence, there are some fundamental problems with any fork on public blockchains: they may actually increase risks to the traditional settlement process.  And coupled with the lack of hooks for off-chain identity means that public blockchains — anarchic blockchains — are not well-suited or fit-for-purpose for regulated financial institutions.

After all, who is financially, contractually, and legally responsible for the consequences of a softfork or hardfork on a public blockchain?

  • If it is no one, then it might not be used by regulated organizations because they need to work with participants who can be held legally accountable for actions (or inactions).
  • If it is someone specifically (e.g., a doxxed individual) then you have removed the means of pseudonymous consensus to create censorship resistance.

In other words, public blockchains, contrary to the claims of social media, are not “law” because they do not actually tie into the legal infrastructure which they were purposefully designed to skirt.  By attempting to integrate the two worlds — by creating a KYC’ed public blockchain — you end up creating a strange hydra that lacks the utility of pseudonymity (and censorship resistance) yet maintains the expensive and redundant proof-of-work process.

These types of forks also open up the door for future forks: what is the criteria for forking or not in the future?  Who is allowed and responsible to make those decisions?  If another instance like the successful attack and counter-attack on The DAO takes place, will the community decide to fork again?  If 2 MB blocks are seen as inadequate, who bears the legal and financial responsibility of a new fork that supports larger (or smaller) blocks?  If any regulated institution lose assets or funds in this forking process, who bears responsibility?  Members of IRC rooms?

If the answers are caveat emptor, then that level of risk may not be desirable to many market participants.

Conclusions

Who are you going to sue when something doesn’t go according to plan?  In the case of The DAO, the attacker allegedly threatened to sue participants acting against his interests because he claimed: code is law.  Does he have legal standing?  At this time it is unclear what court would have accepted his lawsuit.

But irrespective of courts, it is unclear how smart contract code, built and executed on an anarchic platform, can be considered “legal.”  It appears to be a self-contradiction.

As a consequence, the fundamental need to tie contract code with legal prose is one of the key motivations behind how Richard Brown’s team in London approached Corda’s design.  If you cannot tie your code, chain, or ledger into the legal system, then it might be an unauthoritative ledger from the perspective of courts.13

And regulated institutions can’t simply just ignore regulations as they face real quantifiable consequences for doing so.  To paraphrase George Fogg, that’s akin to putting your head in the sand.

We continue to learn from the public blockchain world, such as the consequences of forks, and the industry as a whole should try to incorporate these lessons into their systems — especially if they want anyone of weight to use them.  Anarchic blockchains will continue to co-exist with their distributed ledger cousins but this dovetails into a conversation about “regtech,” which is a topic of another post.

Endnotes

  1. Rejecting Today’s Hard Fork, the Ethereum Classic Project Continues on the Original Chain: Here’s Why from Bitcoin Magazine []
  2. This doesn’t mean that regulators and/or financial institutions won’t use public blockchains for various activities; perhaps some of them will be comfortable after quantifying the potential risks associated with them. []
  3. Ethereum developers plan to transition Ethereum from proof-of-work to proof-of-stake within the next year. []
  4. See Arthur Breitman’s interview on Epicenter Bitcoin and Mike Hearn’s interview on Money & Tech []
  5. Philosophically when Bob connects to “The Bitcoin Network” — how does Bob know he is actually connected to the “real” Bitcoin network?  One method is to look at the block header: it should take a specific amount of time to recreate the hash with that proof-of-work. This proves which network has the most work done.  However, in the meantime, Bob might connect to other ‘pretenders’ claiming to be “The Bitcoin Network.”  At this time, there does not appear to be any legal recognition of a specific anarchic chain. []
  6. The Bitcoin Core fork, which is euphemistically called a softfork, is basically a hardfork spread over a long period of time. []
  7. See Section 3.4 []
  8. Personal correspondence: March 9, 2016 []
  9. See Blockchain Finance by Robert Sams []
  10. This is not to say that regulators, governments, and various market participants will not use public blockchains for other activity. []
  11. See Section 3.1 []
  12. For proof-of-work mining, Ethereum uses ethash instead of SHA256.  For hashing itself, Ethereum uses SHA-3 which is part of the Keccak family (some people use the terms interchangeably but that isn’t technically correct). []
  13. See Section 9 []
Send to Kindle

Looking at public information for quarterly usage

[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]

It’s the beginning of a new quarter so that means its time to look at the last quarter and find out where public blockchain traction and usage is taking place, or not.  After all, we are continually bombarded by cryptocurrency enthusiasts each day telling us that exponential growth is occurring.  Or as GIF party posters like to say, “It’s Happening!” — so in theory it should be easy to find.

For more background, see previous posts from January and April.

Softballs

P2SH Q2

Source: P2SH.info

  • P2SH usage: above are two charts from P2SH.info which illustrates the movement of bitcoins into what most assume are multi-sig wallets of some kind.  There has been a visible increase over the past quarter, with about 200,000 or so more bitcoins moving into P2SH addresses.  Year-on-year, bitcoins held in P2SH addresses has increased from 8% to 13%.
total transactions over time blockstack

Source: Opreturn.org

  • OP_RETURN: above is a line chart from Opreturn.org which illustrates various 3rd party applications that typically use the OP_RETURN field in Bitcoin as a type of datastore (e.g., watermarked tokens).  It is hard to see it on this time scale but the average transactions during Q1 were roughly 1,500-2,500 per day whereas in Q2 it was a bit higher, between 2,500 to 3,500 per day.
percentage of transactions by each protocol opreturn

Source: Opreturn.org

  • Above is another chart looking at the percent of OP_RETURN transactions used by different watermarked token platforms.
  • Compared to Q1, the top 5 have shifted:
    • Blockstack 142,754 transactions (24.9%)
    • Colu 106,489 (18.6%)
    • Open Assets  82,696 (14.4%)
    • Monegraph 54,914 (9.6%)
    • Factom 47,328 (8.3%)
  • While Blockstack (Onename) still rules the roost, Colu has jumped ahead of the other users.  This is slightly interesting because the Colu team has publicly stated it will connect private chains that they are developing, with the Bitcoin network.  The term for this is “anchoring” and there are multiple companies that are doing it, including other Bitcoin/colored coin companies like Colu.  It is probably gimmicky but that’s a topic for a different post.
  • Incidentally the 5 largest OP_RETURN users account in Q2 for 75.8% of all OP_RETURN transactions which is roughly the same as Q1 (76%).
localbitcoins volume

Source: LocalBitcoins.com / Coin Dance

Above is a weekly volume chart denominated in USD beginning from March 2013 for LocalBitcoins.com.  As discussed in previous posts, LocalBitcoins is a site that facilitates the person-to-person transfer of bitcoins to cash and vice versa.

While there is a lot of boasting about how it may be potentially used in developing countries, most of the volume still takes place in developed countries and as shown in other posts, it is commonly used to gain access to illicit channels because there is no KYC, KYCC, or AML involved.  Basically Uber for cash, without any legal identification.

Over the past 6 months, volumes have increased from $10 million and now past $13 million per week. For comparison, most VC-backed exchanges do several multiples more in volume during the same time frame.1

Hardballs

bitcoin volatility 6 months

Source: Btcvol.info

In April, several Bitcoin promoters were crowing about how “stable” Bitcoin was.  Not mentioned: cryptocurrencies can’t simultaneously be stable and also go to the moon.  People that like volatility include: traders, speculators, GIF artisans, pump & dumpers. And people who don’t like volatility: consumers and everyday users.

What articles and reporters should do in the future is actually talk to consumers and everyday users to balance out the hype and euphoria of analysts who do not disclose their holdings (or their firms holdings) of cryptocurrencies.2

As we can see above, volatility measured relative to both USD and EUR hit a five month high this past quarter.  The average user probably would not be very happy about having to hedge that type of volatility, largely because there are few practical ways to do so.  Consumers want boring currencies, not something they have to pay attention to every 10 minutes.

And ether (ETH) was even more volatile during the same time frame: doubling relative to USD during the first half of the quarter then dropping more than 50% from its all-time high by mid-June.

Counterparty all time

Source: Blockscan

Counterparty is a watermarked token platform that, as shown in previous quarters, has hit a plateau and typically just sees a few hundred transactions a day.  Part of this is due to the fact that the core development team has been focused on other commercial opportunities (e.g., building commercial products instead of public goods).3

Another reason is that most of the public interest in “smart contract” prototyping and testing has moved over to Ethereum.

etherscan ethereum transactions

Source: Etherscan

As shown in the chart above, on any given day in Q2 the Ethereum blockchain processed roughly 40,000 transactions.  In Q1 that hovered between 15,000-30,000 transactions.  Note: the large fluctuations in network transactions during the spring may coincide with issues around The DAO (e.g., users were encouraged to actively ‘spam’ the network during one incident).

In addition, according to CoinGecko, Counterparty has lost some popularity — falling to 14th from 10th in its tables from last quarter.  Ethereum remained in 2nd overall.

Another trend observed in the last quarterly review remains constant: Ethereum has significantly more meetups than Counterparty and is 2nd only to Bitcoin in that measure as well.

long chain transactions q2

Source: Organ of Corti — Time period:  January 1, 2014 – June 27, 2016

We’ve discussed “long chain” transactions ad nausem at this point but I have noticed on social media people still talk about the nominal all-time high’s in daily transactions as if it is prima facie evidence that mega super traction is occurring, that everyday users are swarming the Bitcoin network with commercial activity.  Very few (anyone?) digs into what those transactions are.  Perhaps there is genuine growth, but what is the break down?

As we can see from the chart above, while non-long chain transactions have indeed grown over the past quarter, they are still far outpaced by long chain transactions which as discussed in multiple articles, can be comprised of unspendable faucet rewards (dust), gambling bets and a laundry list of other non-commercial activity.

Furthermore, and not to wade into the massive black hole that is the block size debate: even with segwit, there will be an upperbound limit on-chain transactions under the current Core implementation.  As a consequence some have asked if fee pressure would incentivize moving activity off-chain and onto other services and even onto other blockchains.

This may be worth looking into as the block size reaches its max limit in the future.  As far as we can tell right now, it doesn’t appear users are moving over to Litecoin, perhaps they are moving to Ethereum instead?  Or maybe they just pack up and leave the space entirely?

Wallets

We have looked at wallets here multiple times.  They’re a virtually meaningless metric because of how easy it is to inflate the number.  What researchers want to know is Monthly Active Users (MAU).  To my knowledge no one is willing to publicly discuss their monthly or daily user number.

For instance, two weeks ago Coinbase reached 4 million “users.”  But it is almost certain that they do not actually have 4 million daily or monthly active users.  This number is likely tied to the amount of email-based registrations they have had over the past four years (circa May 12, 2012).

Similarly, Blockchain.info has seen its “users” grow to just over 7.8 million at the time of this writing.  But this is a measure of wallets that have been created on the site, not actual users.

Any other way to gauge usage or traction?

Let’s look in the Google Play Store and Apple App Store.

abra downloads

Source: GoAbra / Google Play

Last October Abra launched its GoAbra app and initially rolled it out in The Philippines.  This past May, when CoinDesk ran a story about the company, I looked in the Google Play Store and it says the app had been downloaded 5,000 times.  Last week, Abra announced it was officially launching its app into the US.  As of this writing, it was still at 5,000 downloads.

“Wait,” you might be thinking to yourself, “Filipinos may prefer the iOS app instead.”

Perhaps that is the case, but according to data as of October 2015, Android has a ~81.4% market share in The Philippines.  Furthermore, the iOS version for some reason doesn’t appear on App Annie.  So it is unlikely that Abra has seen traction that isn’t reflected in these download numbers yet, perhaps it will in the future.

Anything else happening in the stores?

As of this writing, the top 5 Bitcoin wallets in the Google Play Store in order of appearance are:

  • Andreas Schildbach’s Bitcoin Wallet (1 million downloads)
  • Mycelium Bitcoin Wallet (100,000 downloads)
  • Coinbase (500,000 downloads)
  • Blockchain.info (100,000 downloads)
  • Airbitz (10,000 downloads)

The Apple App Store does not publicly state how many times an application has been downloaded.  It does rank apps based on a combination of user ratings and downloads. The top 6 on the iPhone in order of appearance:

  • Coinbase
  • Blockchain.info
  • Sollico (bitWallet)
  • breadwallet
  • Xapo
  • Airbitz

Interestingly however, the order is slightly different in the App Store on an iPad.  The top 6 are:

  • Coinbase
  • Blockchain.info
  • Sollico (bitWallet)
  • breadwallet
  • Airbitz
  • BitPay (Copay)

It may be worth revisiting these again next quarter.  If you want to burn some time, readers may be interested in looking at specific rank and activity via App Annie.

Incubators

Most new cohorts and batches at startup accelerators and incubators usually only stay 3-4 months.  A typical intake may see 10-15 companies each get a little bit of seed funding in exchange for a percentage of the equity.  During the incubation period the startup is usually provided mentorship, legal advice, office space, access to social networks and so forth.  It is common place to hear people of all stripes in Silicon Valley state that 9 out of 10 of these startups will burn out within a couple years — that the incubator relies on one of them having a big exit in order to fund the other duds.4

500 Startups, Boost.VC, Plug and Play, YCombinator and other incubators have added and removed startups from their websites and marketing material based on the traction startups have had.  And cryptocurrency startups are not too different from this circle of life. 5

For instance, at YCombinator, Bitcoin-specific mentions on applications has declined by 61% over the past year.

Based on pubic information, as of this writing, it appears that out of the roughly 100 Bitcoin-related startups that have collectively come and gone through the incubators listed above, just a handful have gone on to raise additional funding and/or purportedly have active users and customers.  Unfortunately, no one has consistently published user numbers, so it is unclear what the connection between funding and growth is as this time.

In fact, in an odd twist, instead of measuring success by monthly active users, customers, or revenue, many Silicon Valley-based companies are measuring success based on how much money they raised.  That’s probably only a good idea if the business model itself is to always be raising.

For example, 21inc regularly boasts at being the “best funded company in Bitcoin” — but has not stated what traction four separate rounds of funding have created.  How many bitcoins did it mine prior to its pivot into consumer hardware?  How many 21 computers were sold?  How many users have installed 21?  And what are its key differences relative to what Jeremy Rubin created in 2014 (Tidbit)?

Again, this is not to single out 21inc, but rather to point out if companies in the public blockchain space were seeing the traction that they generally claim to on social media and conferences — then as discussed in previous posts, they would probably advertise those wins and successes.

Hiring

With funding comes hiring.  Since it is very difficult to find public numbers, there is another way to gauge how fast companies are growing: who and how many people they are publicly hiring.

The last Bitcoin Job Fair was last held in April 2015.  Of its 20 sponsors, 6 are now dead and ~7 are either zombies and/or have have done major pivots.  It is unclear how many people that were hired during that event still work for the companies they worked for.

Where else can we look?

Launched in 2014, Coinality is a job matching website that connects employers with prospective employees with the idea that they’d be compensated in cryptocurrencies such as bitcoin and dogecoin.  Fun fact: Coinality is one of the few companies I interviewed for Great Chain of Numbers that is still alive today and hasn’t pivoted (not that pivoting in and of itself is a bad thing).

It currently lists 116 jobs, 105 of which were posted in the past 2 months.

A number of VC-backed companies and large enterprises (or head hunters recruiting on their behalf) have listed openings in the past month.  For example: WellsFargo, Blockchain.info, Circle, Fidelity, IBM, KeepKey, itBit, BNYMellon and SAP logos pop up on the first couple pages of listings.

Among the 67 job listed in June, twenty-six of the positions were freelance positions cross-listed on Upwork (formerly known as Elance / oDesk).

Notable startups that are missing altogether: many cryptocurrency-centered companies whose executives are very vocal and active on social media.  Perhaps they use LinkedIn instead?

Other stats

  • According to CoinATMRadar there are now 690 Bitcoin ATMs installed globally.  That is an increase of 78 ATMs since Q1.  That comes to around 0.86 ATM installations per day in Q2 which is a tick higher than Q1 (0.84).
  • Bitwage launched in July 2014 starting out with zero signups and zero payroll.
    • Fast-forward to January 2016: Bitwage had 3,389 cumulative user signups and cumulative payroll volumes of $2,456,916
    • Through June 2016 it has now reached 5,617 cumulative signups and cumulative payroll volumes of $5,130,971
    • While growing a little faster than ATM installations, this is linear not exponential growth.
  • Open Bazaar is a peer-to-peer marketplace that officially launched on April 4, 2016.  It had been in beta throughout the past year.  The VC-backed team operates a companion website called BazaarBay which has a stats page.
    • It may be worth looking at the “New Nodes” and “New Listings” sections over the coming quarters as they are both currently declining.6

Conclusion

It is unclear what the root cause(s) of the volatility were above.  According to social media it can be one of two dozen things ranging from Brexit to the upcoming “halvening.”  Because we have no optics into exchanges and their customer behavior, speculation surrounding the waxing and waning will remain for the foreseeable future.

Based on process of elimination and the stats in this post, the likely answer does not appear to be consumer usage (e.g., average Joe purchasing alpaca socks with bitcoins).  After all, both BitPay and Coinbase have stopped posting consumer-related stats and they are purportedly the largest merchant processors in the ecosystem.

Most importantly, just because market prices increase (or decreases), it cannot be inferred that “mass adoption” is happening or not.  Extraordinary claims requires extraordinary evidence: there should be ample evidence of mass adoption somewhere if it were genuinely happening.

For instance, the price of ether (ETH) has increased 10x over the past 6 months but there is virtually no economy surrounding its young ecosystem.  Mass consumer adoption is not happening as GIF artisans might says.  Rather it is likely all speculation based — which is probably the same for all other cryptocurrencies, including Bitcoin.

About a year ago we began seeing a big noticeable pivot away from cryptocurrencies to non-cryptocurrency-based distributed ledgers.  That was largely fueled by a lack of commercial traction in the space and it doesn’t appear as if any new incentive has arisen to coax those same businesses to come back.  After all, why continue building products that are not monetizable or profitable for a market that remains diminutive?

Let’s look again next quarter to see if that trend changes.

Endnotes

  1. For more granularity see also BNC’s Liquid index. []
  2. Speaking of interest and hype, CB Insights has some new charts based on keyword searches over time. []
  3. Several members of the development team also co-founded Symbiont. []
  4. Many of these incubators are too young to have a track record that proves or disproves this “conventional” wisdom.  See also Venture Capitalists Get Paid Well to Lose Money from HBR. []
  5. For instance, Mirror closed its Series A round 18 months ago, but was removed from Boost’s website because it no longer is involved in Bitcoin-related activities.  Boost currently lists the following companies out of the 50+ Bitcoin-companies it has previously incubated: BlockCypher, BitPagos, Abra, Stampery, Fluent, SnapCard, Verse.  500 Startups has removed a number of startups as well and currently lists the following on its website: HelloBit, Melotic, Coinalytics, BTCJam, Bonafide, CoinPip. []
  6. Since it has only been “launched” for a quarter, it is probably a little unfair to pass judgement at this time.  But that hasn’t stopped me before.  OpenBazaar has a lot of growing pains that its developers are well aware of including UX/UI issues.  But beyond that, it is unclear that the average consumer is actually interested in using peer-to-peer marketplaces + cryptocurrencies versus existing incumbents like Alibaba, Amazon and eBay — all of whom have customer service, EULAs, insurance policies and accept traditional currencies. I had a chance to speak with one of their investors at Consensus in May and do not think their assumptions about network operating costs were remotely accurate.  Furthermore, where is the market research to support their thesis that consumers will leave incumbents for a platform that lacks insurance policies and live customer service?  Note: OB1 developers and investors insist that their reputation management and arbitration system will increase consumer confidence and customer protection. []
Send to Kindle

A Kimberley Process for Cryptocurrencies

[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]

I have spent the past few weeks in East Asia, primarily in China visiting friends and relatives. Because the connection to the outside world was limited, the upside was that the cacophonous noise of perma cryptocurrency pumpers was relatively muted. I have had a chance to reflect on a number of ideas that are currently being discussed at conferences and on social media.

The first idea is not new or even unique to this blog as other companies, organizations and individuals have proposed a type of digital signature analytics + KYC tracking process for cryptocurrencies. A type of Kimberley Process but for cryptocurrencies.1

For instance, the short lived startup CoinValidation comes to mind as having the first-to-market product but was notably skewered in the media.  Yet its modus operandi continues on in about 10 other companies.2

A Formal Kimberley Process

For those unfamiliar with the actual Kimberley Process, it is a scheme enacted in 2003 to certify where diamonds originated from in order to help prevent conflict diamonds from entering into the broader mainstream diamond market.

The general idea behind proving the provenance of diamonds is that by removing “blood diamonds” from the market, it can cut off a source of funding of insurgencies and warlord activity.3

What does this have to do with cryptocurrencies? Isn’t their core competency allowing non-KYC’ed, pseudonymous participants to send bearer assets to one another without having to provide documentation or proof of where those assets came from? Why would anyone be interested in enabling this?

Some may not like it, but a de facto Kimberley Process is already in place.

For instance, in many countries, most of the on-ramps and off-ramps of venture-backed cryptocurrency exchanges are actively monitored by law enforcement, compliance teams and data analytic providers who in turn look at the provenance of these assets as they move across the globe.4

On the fiat side, while many jurisdictions in North America and Western Europe currently require domiciled cryptocurrency exchanges and wallets to enforce KYC and AML compliance requirements, several areas of Asia are less strict because the local governments have not defined or decided what buckets cryptocurrencies fall into.5

There are some other noticeable gaps in this system involving crypto-to-crypto exchanges.  Irrespective of regions: implementing harmonized KYC/AML standards on the non-fiat side of exchanges appears to be missing altogether.  That is to say that very few, if any, exchange does any kind of KYC/AML on crypto-to-crypto.6

What are some examples of why a Kimberley Process would be helpful to both consumers and compliance teams?

Below are three examples:

(1) During my multi-country travel I learned that there are several regional companies that sell debit cards with pre-loaded amounts of cryptocurrency on them. Allegedly two of of the popular use-cases for these cards is: bribery and money laundering. The example I was provided was that it is logistically easier to move $1 million via a thin stack of debit cards than it is to carry and disperse bags of cash with.7

Attaching uniform KYC and legal identities to each asset would aid compliance teams in monitoring where the flow of funds originated and terminated with cryptocurrencies.  And it would help consumers shy away from assets that could be encumbered or were proceeds of crime.

(2) Affinity fraud, specifically housewives (家庭主妇), are common targets of predators. This has been the case for long before the existence of computers let alone cryptocurrencies, but it came up several times in conversations with friends. According to my sources, their acquaintances are repeatedly approached and some actually took part in Ponzi schemes that were presented as wealth management products.

The new twist and fuel to these schemes was that there is some kind of altcoin or even Bitcoin itself were used as payout and/or as rails between parties. We have already seen this with MMM Global — which is still an active user of East Asia’s virtual currency exchanges — but two questionable projects that I was specifically shown were OctaCoin and ShellCoin.8

Note: in January 2016 multiple Chinese governmental bodies issued warnings about MMM Global and other Ponzi schemes.

[Video of MMM Global operations in The Philippines. Is that really Manny Pacqiauo?]

Victims who were not tech savvy and lied to, have no recourse because there is no universal KYC / KYCC / AML process to identify the culprits in these regions.  Similarly, when these illicit virtual assets are re-sold to exchanges, customers of those exchanges such as Alice and Bob, may receive potentially encumbered assets that are then resold to others who are unaware of the assets lineage (much like a stolen motorcycle being resold multiple times).  This creates a massive lien problem.

But property theft is not a new or unknown problem, why is it worth highlighting for cryptocurrencies?

Many of the original victims in East Asia are not affluent, so these scams have a material impact on their well being. The average working adult in many provinces is still less than $500 per month. Thus not only do they lack a cushion from scams but any price volatility — such as the kind we continue to see in cryptocurrencies as a whole, can wipe out their savings.

(3) Due to continual usage of botnets and stolen electricity — which is still a problem in places like China — the lack of identification from coin generation onward results in a environment in which ‘virgin coins’ sell at a premium because many exchanges don’t investigate where machines are located, who owns them, who paid for the opex and capex of those operations (e.g., documentation of electric bills).9

Unfortunately, the solutions proposed by many cryptocurrency enthusiasts isn’t to create more transparency and identification standards enabling better optics on coin provenance but rather to make it even harder to track assets via proposals like Confidential Transactions.10

Heists, thefts and encumbered coins

I am frequently asked how is it possible to know who received potentially encumbered cryptocurrencies?  For amateur sleuths, there is a long forum thread which lists out some of the major heists and thefts that occurred early on in Bitcoinland.

Above is a video recording of a specific coin lineage: transactions that came from the Bitcoinica Theft that ended up in the hands of Michael Marquardt (“theymos”) who is a moderator of /r/bitcoin and owner of Bitcoin Talk.11

Recall that in July 2012, approximately 40,000 bitcoins were stolen from the Bitcoinica exchange.12 Where did those end up?  Perhaps we will never know, but several users sued Bitcoinica in August 2012 for compensation from the thefts and hacks.

How are consumer protections handled on public blockchains?

In short, they do not exist by design. Public blockchains intentionally lack any kind of native consumer protections because an overarching goal was to delink off-chain legal identities from the pseudonymous interactions taking place on the network.

Thus, stolen cryptocurrencies often recirculate, even without being mixed and laundered.13

Consequently a fundamental problem for all current cryptocurrencies is that they aren’t exempt from nemo dat and have no real fungibility because they purposefully were not designed to integrate with the legal system (such as UCC 8 and 9).14 Using mixers like SharedCoin and features like Confidential Transactions does not fundamentally solve that legal problem of who actually has legal title to those assets.1516

Why should this matter to the average cryptocurrency enthusiast?

If market prices are being partially driven by predators and Ponzi schemes, wouldn’t it be in the best interest of the community to identity and remove those?17

Perversely the short answer to that is no. If Bob owns a bunch of the a cryptocurrency that is benefiting from this price appreciation, then he may be less than willing to remove the culprits involved of driving the prices upward.

For example, one purported reason Trendon Shavers (“pirateat40”) was not immediately rooted out and was able to last as long as he did — over a year — is that his Ponzi activity (“Bitcoin Savings & Trust”) coincided with an upswing in market prices of bitcoin.18  Recall over time, BS&T raised more than 700,000 bitcoins.  Why remove someone whose activity created new demand for bitcoins? 19

But this incentive is short-sighted.

If the end goal of market participants and enthusiasts is to enable a market where the average, non-savvy user can use and trust, then giving them tools for provenance could be empowering.  Ironically however, by integrating KYC and provenance into a public blockchain, it removes the core — and very costly — characteristic of pseudonymous, censorship-resistant interaction.

Thus there will likely be push back for implementing a Kimberley Process: doxxing every step of provenance back to genesis (coin generation) with real world identities removes pseudonmity and consequently public blockchains would no longer be censorship-resistant.  And if you end up gating all of the on-ramps and off-ramps to a public chain, you end up just creating an overpriced permissioned-on-permissionless platform.

Despite this, Michael Gronager, CEO of Chainalysis, notes that:

Public ledgers are probably here to stay – difficult KYC/AML processes or not.  I probably see this as a Nash equilibrium – like in the ideal world all trees would be low and of equal height but there is no path to that otherwise optimal equilibrium.   We believe that fighting crime on Blockchains will both build trust and increase their use and value.

One way some market participants are trying to help law enforcement fight crime is through self-regulating organizations (SRO).

For instance, because we have seen time and time again that the market is not removing these bad actors from the market, several companies have created SROs to help stem the tide.  However, as of right now, efforts like the US-based “Blockchain Alliance” — a gimmicky name for a group of venture-backed Bitcoin companies — has limited capabilities.20 They have monthly calls to discuss education with one another in the West (e.g., what is coin mixing and how does it work?) but currently lack the teeth to plug the KYC/AML gaps in Asia.  Perhaps that will change over time.

And as one source explained: consider this, has any Bitcoin thief been caught?  Even when there is decent evidence, we are not aware of a Bitcoin thief that was actually found guilt of stealing bitcoin, yet.21  Thus an open to question to people who argue that cryptocurrencies are great because of transparency: a lot of bitcoin has been stolen, and no one has been found guilty for that crime.  Why not?

Process of elimination

Over the past six weeks, there has been very little deep research on why market prices have risen and fallen. Usually it is the same unfounded narratives: emerging market adoption; hedge against inflation; hedge against collapse of country X, Y or Z; hedge against Brexit; etc.  But no one provides any actual data, least of all the investors financing the startups that make the claims.

Perhaps the research that has been done on the matter was from Fran Strajnar’s team at BNC.  For instance, on June 1st they noted that:

brave new coinI reached out to Fran and according to him, in early June, “Somebody dropped many many millions ($) across 4 different Chinese Exchanges in a 2 hour period, without moving price – 4 days before the price rise started last week. Because it was over multiple exchanges and these trades were filled, we are digging into it further.”

If there was a standardized Kimberley Process used by all of these exchanges, it would be much easier to tell who is involved in this process and if those funds were based on proceeds of illicit activity.

Furthermore, barring such a Process, we can only speculate why journalists haven’t looked into this story:

(1) many of them do not have reliable contacts in East Asia
(2) those that do have contacts with exchange operators may not be getting the full story due to exchanges lacking KYC / KYCC / AML standards themselves
(3) some reporters and exchange operators own a bunch of cryptocurrencies and thus do not want to draw any negative attention that could diminish their net worth

Third parties such as Wedbush Securities and Needham have also published reports on price action, but these are relatively superficial in their analysis as they lack robust stats needed to fully quantify and explain the behavior we have seen.

Strangely enough, for all the pronouncements at conferences about how public blockchains can be useful for data analysis, very few organizations, trade media or analysts are publishing bonafide stats.

After all, who are the customers of these virtual currency exchanges?  Because of reporting requirement we know who uses Nasdaq and ICE, why don’t we know who uses virtual currency exchanges still?

Stopping predators

Two months ago I had a chance to speak with Marcus Swanepoel, CEO of BitX, about his experiences in Africa.  BitX coordinates with a variety of compliance teams to help block transactions tied to scams and Ponzi schemes. In the past, BitX has managed to help kill off two ponzi schemes and has tried to block MMM Global which has spread to Africa.

Earlier this spring, some MMM users that were blocked by BitX just moved to another competing local exchange that didn’t block such transactions. As a result, over the course of 8 weeks this exchange did more than 3x volume than BitX during same time frame.22 BitX has subsequently regained part of this market share partly due to MMM fading in popularity.

Why is MMM so successful?  Users are asked to upload videos onto Youtube of why MMM Global is great and why you should join and are then paid by MMM as a reward.  This becomes self-reinforcing in large part because of the unsavvy victims who are targeted.

But MMM isn’t to blame for everything.

For instance, in China there have been a variety of get-rich-quick Ponzi schemes that rose and blew up, such as an ant farm scheme in 2007.  And earlier this year, Ezubao, the largest P2P lending platform in China fell apart as a $7.6 billion Ponzi scam.23 No cryptocurrency was involved in either case.

Yet as Emin Gün Sirer pointed out, some of the activities such as The DAO, basically act as a naturally arising Ponzi.

In fact, one allegation over the past couple weeks is that The DAO attacker placed a short of 3,000 bitcoin on Bitfinex prior to attacking The DAO (which was denominated in ether).24  If there was a Kimberley Process in which all traders on all exchanges had to comply with a universal KYC / KYCC / AML standard, it would be much easier to identify the attackers as well as compensate the victims.

Similarly, because ransomware remains a “killer app” of cryptocurrencies such that companies, police stations, hospitals, elementary schools and even universities are now setting up Coinbase accounts and stockpiling cryptocurrencies to pay off hackers.  What is the aggregate demand of all of this activity?  If it is large, does it impact the market price?  And how would a Kimberley Process help provide restitution to the victims of this ransom activity?

A strawman Kimberley Process

How can you or your organization get involved in creating a Kimberley Process for cryptocurrencies?

Right now there is no global, industry standard for “best practices” in mutualizing, implementing, or carrying out KYC / AML provisions for cryptocurrencies.25

In writing this post, several sources suggested the following process to kick-start an effort:

(1) organize an industry-level event(s) which brings together:

(a) AML analytics companies
(b) representatives from regulatory bodies and law enforcement (e.g., FATF, FinCEN)
(c) KYC/AML practitioners
(d) existing market structures and utilities such as SIFMA, ROC, Swift (e.g., KYC registry, LEI)
(e) compliance teams from cryptocurrency exchanges and wallets

(2) at the event(s) propose a list of baseline standards that exchanges and wallets can try to implement and harmonize:

(a) what documentation is required for KYC / KYCC / AML
(b) other financial controls and accountability standards that can assist exchange operators (e.g., remove the ability for an operator to naked short against its own customer base)

(3) tying these standards together with a uniform digital identity management system could be the next step in this process.

On that last point, Fabio Federici, CEO of Skry (formerly Coinalytics), explained:

In general I believe the biggest unsolved problem is still identity and information sharing. Obviously you don’t want all your PII and transaction meta data on a public blockchain, as this information could not only be leveraged by profit seeking organizations, but also malicious actors. So the question becomes what’s the right framework for sharing the right amount of information with only the people that need access to it (maybe even only temporarily).

PII stands for personal identifying information.  In theory, Zcash (or something like it) has the potential to solve some of Fabio’s concerns: relevant info can be encoded in the transaction, and only the relevant parties can read it.  But this delves into “regulated data” which is a topic for another post.26

Similarly, Ryan Straus, an attorney at Riddell Williams and adjunct professor at Seattle University School of Law explained that:

Identity is central to the legal concept of property. Property systems are information systems: they associate identified entities with identified rights.  With the sole exception of real currency, possession or control is not conclusive indicia of ownership.

Factual fungibility simply makes it harder to prove that you have a better claim to a specific thing than the person who now possesses or controls it.  The hard part about what you have written about is that it is difficult to avoid conflating KYC (which involves identity of people) and the Kimberley Process (which involves identifying things).

In order to enable participants to share information without being unduly hounded by social media, it was also suggested that the presence of: investors, cryptocurrency press and cryptocurrency lobbying groups should kept to a minimum for the initial phase.

Conclusions

In addition to implementing additional financial controls and external audits, cryptocurrency exchanges and wallets adopting a Kimberley Process would help provide transparency for all market participants.

While it is probably impossible to remove all the bad actors from any system, reducing the amount of shadows they have to hide could provide assurances and reduce risks to market participants of all shapes and sizes.

However, the trade-off of implementing such a Process is that it negates the core utility that public blockchains provide, turning them into expensive permissioned gateways.  And if you are permissioning activity from the get-go, you might as well use a permissioned blockchain which are cheaper to manage and operate and also natively bake-in the KYC, KYCC and AML requirements.  But that is a topic for another post as well.

End notes

  1. One reviewer argued that analytics may be superior to KYC.  In the event of a compromised account — so goes the argument — analytics can help provide linkage between the flow of funds whereas KYC of compromised accounts would be “illusory.” []
  2. This includes but is not limited to: Chainalysis, Blockseer, Skry, Elliptic, Netki and ScoreChain. []
  3. Incidentally there is a UK-based startup called Everledger which works with insurance companies and tracks a catalogue of diamonds vis-à-vis a blockchain. []
  4. See: Flow of Funds; KYSF; KYSF part 2; and bitcoin movements. To actively monitoring transactions at these entry and exit points, based on anecdotes, up to 20% of all nodes on the Bitcoin network may be managed and operated by these same set of participants as well. []
  5. Note: it bears mentioning that as of this writing, no country has recognized cryptocurrencies as actual legal tender and consequently cryptocurrencies are not exempt from nemo dat. This is important as it means the provenance of the cryptocurrencies actually does matter because those assets could be encumbered. []
  6. I asked around and my sources do not know of a single exchange that does KYC/AML on cryptocurrencies that are directly exchanged for other cryptocurrencies (e.g., Shapeshift).  Furthermore, as highlighted in the past, there are gaps in compliance when it comes to certain fiat-to-cryptocurrency exchanges such as BTC-e and LocalBitcoins. []
  7. This is in USD equivalence, usually not in USD itself. []
  8. OctaCoin is interesting in that the operators behind it claim that it is financed from revenue streams of 3 online casinos who purportedly payout users on a regular basis. Note: gambling in China is a bit like golf in China: it’s illegal but everywhere. It is only legal in a few internal jurisdictions such as Hainan and Macau and elsewhere on the mainland only a couple of state-run lotteries are given legal status. []
  9. Note: stealing electricity to mine bitcoins has occurred in other areas of the world too, including in The Netherlands. []
  10. The official motivation for developing Confidential Transactions is to enable more user privacy which then leads to more fungibility. As one source pointed out: “At the end of the day it’s a balance between privacy and security. Basically the story goes ‘just because I don’t what anyone to know what I’m buying, doesn’t mean I’m a drug dealer.'” []
  11. Marquardt also allegedly co-owns both Bitcoin.org and Blockexplorer.com, and co-manages the Bitcoin Wiki. []
  12. Here’s another video showing some of those transactions. []
  13. The Craig Wright / Satoshi saga is interesting because in a recent interview Craig admittedly used Liberty Reserve which was an illicit exchange based in Costa Rica shut down by the US government.  According to the interview he also had ties to Ross Ulbricht, the convicted operator of Silk Road. []
  14. See The Law of Bitcoin, Section 1.5 in the United States chapter from Ryan Straus.  There are exceptions, see UCC Article 2 – sale of goods. []
  15. See also: Learning from the past to build an improved future of fintech []
  16. Interestingly, SharedCoin.com (sometimes referred to as Shared Send) used to be a mixer run by Blockchain.info, a venture-backed startup.  It was recently shutdown without any notice and the domain now redirects to the CoinJoin wiki entry.  They also pulled the SharedCoin github repo and any material that links it back to Blockchain.info. []
  17. One reviewer mentioned that: “Ponzi schemes will always exist and should probably be fought not just in the crypto space but where in other industries too; requiring continuous education.  It would be way simpler and more effective to shut down domains owned by MMM than it would to be to do anything else, but here you actually meet the pseudonymity feature of the Internet.  Try to do that internationally – it is not easy!” []
  18. From between September 2011 to September 2012 market prices more than doubled.  See SEC vs. Trendon Shavers []
  19. Note: this is a similar argument that Rick Falkvinge made three years ago. []
  20. There are probably several dozen advocacy groups and non-profit working groups scattered across the world.  Each has different goals.  For instance, ACCESS in Singapore works with some regulators in SEA.  While others are merely trying to create technical standards. []
  21. Most of the criminals that are convicted are found guilty of money laundering and interaction with illicit trade, not theft of bitcoins themselves. []
  22. Two months ago, the Financial Times briefly covered this story and Marcus wrote about some of it in March as well. []
  23. There were some early warning signs for that industry.  For instance, according to a Bloomberg story in February 2015: “The value of China’s peer-to-peer lending transactions surged almost 13-fold since 2012 to $41 billion last year, according to Yingcan Group, which tracks the data,” notes Bloomberg. However, 275 of the more than 1,500 lending went bankrupt or had trouble repaying money in 2014, an increase from 76 just a year earlier, according to Yingcan. []
  24. No one has proven this allegation.  Furthermore, there are multiple exchanges to short cryptocurrencies. []
  25. Much of the technology needed to implement these type of processes, such as PKI anchored by certificate authorities. []
  26. For example, see HIPAA and EU-US Privacy Shield []
Send to Kindle

Reading the tea leaves

Three years since the current wave began and $1 billion later, cryptocurrency / public blockchain ecosystem is experiencing such a level of “fast growth” that no one is able to publish any real usage numbers.1

Sarcasm aside, despite copious amounts of news coverage, interviews and conferences, very few VC-backed cryptocurrency-related startups are divulging any non-gamable numbers.

I had hoped to do a regular quarterly update (see previous January post regarding usage numbers) but there just isn’t much public data to go on.  In fact, there is less data today than 3 months ago.

For instance, at some point in the past couple of months, Coinbase removed its wallet transaction volume chart from its chart site.  This coincides with a public announcement made in February that ‘Coinbase is not a wallet.’  As Brian Armstrong, CEO of Coinbase stated:

Over the next year or so, you’ll see the Coinbase brand shift from being a hybrid wallet/exchange to focusing on purely being a retail and institutional exchange. It will take some time to update, but the transition will happen.

Interestingly, this somewhat conflicts with another statement made in a Forbes piece this past week covering Coinbase and Blockchain.info, stating:

Currently, 80% of Coinbase’s customers buy bitcoin as an investment, and 20% transact with it, though that balance is currently shifting more toward transactions.

Perhaps transaction volume overall is increasing, but if so, why remove the wallet transaction volume chart?  Or is it solely related to transaction volume on the exchange?

The same Forbes article also mentioned another specific aggregate number:

“Startups play a pretty integral role in the sense that we represent most of the end. If you look at users of Bitcoin on the network, most of them are represented by one of the major Bitcoin companies,” says Peter Smith, chief executive of Blockchain, adding that five or six companies, including Coinbase and Blockchain, represent about 80% of transaction volume on the network. Numerous startups are also using Bitcoin to enable their users to more easily send remittances, cross-border payments and peer-to-peer payments, as well as make mobile in-app purchases.

Maybe this is true, maybe there are 5 or 6 companies that represent the lionshare of volume on the Bitcoin network itself.  If so, we should be able to see that.

chainalysis

This is a simplified, color coded version of a tool that Chainalysis provides to its customers such as compliance teams at exchanges. The thickness of a band accurately represents the volume of that corridor, it is drawn to scale.  The names of certain entities are redacted.

The image is based on data for the first quarter of 2016 and is an update to the chart I published in an article back in January.

Based on the chart above, there are in fact 5-6 organizations that represent 80% of the volume; both Coinbase and Blockchain.info are among them (Blockchain.info also operates SharedCoin).

In fact, Chainalysis recently updated their methodology and found that Coinbase transactions represent every 6th or 7th transaction on the Bitcoin blockchain. 2 This specific area of data science is continuously undergoing refinement and should be looked at once again in the coming months.

The same Forbes article says that Coinbase has 3.5 million users and Blockchain.info has 6.5 million wallet holders.

But as we have looked at before, what does that even mean?  Few companies publicly define what a user or wallet actually represents.  I have looked at this twice in the past:

The bottom line is that “monthly active users” (MAU) — which is one of the standard methods for measuring real growth (and success) of an application, is still largely unreported by any cryptocurrency-related company that has raised a Series A or higher.3

Other public data

Where can we find data that is still be published and could reflect usage numbers of public blockchains?

P2SH addresses

Source: P2SH.info

As shown above, over the past month, the amount of bitcoins stored using P2SH addresses increased from 9.99% to 11.7%.

A large noticeable pop took place two weeks ago and some speculated that it could be a Liquid-related multi-sig movement.

opreturn total transactions

Source: opreturn.org

OP_RETURN has also seen increased usage.  Above is a chart measuring the past 15 months of usage.

As described in Watermarked Tokens, OP_RETURN is an opcode in Bitcoin’s scripting language that is commonly used by colored coin projects.

At the time of this writing, in terms of percentages, the top 5 projects that have used OP_RETURN the most are:

  • Blockstack: 107254 transactions (28.4%)4
  • Open Assets: 68069 (18%)5
  • Monegraph: 51601 (13.7%)6
  • Factom: 34007 (9%)7
  • Coinspark: 25223 (6.7%)8

Two of the five are colored coin-specific projects and all five cumulatively account for about 76% of all OP_RETURN usage.

Any other numbers?

  • Looking at the previous charts from January, the ‘Bitcoin Distribution by Address at Block 400,000‘ looks roughly the same as the distribution at a block height of 390,000.
  • According to CoinATMRadar, the ‘number of Bitcoin ATMs installed by Bitcoin machine type’ increased from 536 at the beginning of January to 612 at the end of March. This comes to roughly 0.84 ATMs installed per day or a rate slightly higher than the past 2 years (it is on pace for 308.2 installations altogether this year compared with 275 per year for 2014 and 2015).
  • In terms of market prices, there were some relatively big swings in volatility (about $100 from peak to trough) in the first quarter due in part to the continued block size debate which still remains unresolved.9
  • And activity on both BitWage and Blockchain.info wallets looks roughly the same as they did in January.

Funding

Some venture funding bounced back from the dearth in Q4 2015.

According to the venture capital aggregation at CoinDesk there was $148 million of publicly announced rounds for both Bitcoin-related and Blockchain-related startups spread among 14 deals in Q1 2016.  Though two investments alone (DAH and Blockstream) accounted for more than two-thirds of that funding tranche.

However, the list is probably not complete as two investments into Kraken’s Japanese subsidiary were for undisclosed amounts (first from SBI in January and then by Money Partners Group in March).  Similarly, Ripple also received capital from SBI in January (for a reported 3 billion yen or ~$25 million).

In addition, last week, CB Insights (a venture tracking firm) held a webinar that covered the “Bitcoin / Blockchain” ecosystem (deck) (recording).

While providing a good general overview, I think it lacks a number of recent developments in the overall “Blockchain” capital markets world.10

For instance, Tradeblock recently launched Axoni (a private / permissioned blockchain) and Peernova isn’t really a “Blockchain” company now. 11 The webinar is a little outdated on the cryptocurrency side of things too.  For example, Mirror is completely out of the ecosystem altogether, 21inc is basically a software company at this point, Buttercoin is bankrupt and Blockscore shouldn’t be included in either bucket.

Any other charts?

Counterparty Transaction History

Source: Blockscan

I would be remiss to not include Counterparty, a platform has effectively plateaued (see image above) and has now been eclipsed by Ethereum based on multiple measurements including transaction growth (which actually may be eventually be gamed via “long chains” just like some Bitcoin transactions are).

What kind of other metrics are available?

Counterparty compared to Ethereum

Source: Coingecko

Ignoring the liquidity and market cap sections (basically all cryptocurrencies are illiquid and easily manipulable) there is a marked difference in terms of terms of social media engagement and interest between the two platforms.  For example, in terms of public interest, one measure that could be added to the Coingecko list is the amount of organized Meetup’s: Ethereum has roughly a hundred globally and Counterparty has about 10.

As an aside, I attended two Ethereum meetup’s last month: one hosted by Coinbase in San Francisco and another one hosted by IFTF in Palo Alto.  Both were well-attended with roughly 120 people showing up for the latter.

[Note: I do not own, control or hold any cryptocurrency nor do I have any trading position on them either.]

Why is no one actively publishing numbers?

It could be the case that some of the startups feel that any user / usage number is commercially important and therefore treat it like a trade secret.

Is there really less transparency in this market compared to other tech markets?

Maybe, maybe not.  What about public markets?

Last spring, Blizzard Entertainment announced it would no longer publish World of Warcraft subscription numbers.  This was done because of the continual decline in subscriptions (more than halving from its 12 million peak).  Similarly, last fall, Microsoft said it would no longer publish Xbox One unit sales and would instead share Xbox Live usership. ((Disclosure: I own an Xbox One))  At the time this move was seen as a way to downplay the growing gap in sales between Sony’s PS4 and the Xbox One.

zynga

Source: Statista / Zynga

An exception to this rule is Zynga — the mobile / social gaming company — which has seen continual drop offs in monthly active users for over three years, but still publishes numbers. 12

Back to the public blockchain sphere: why would 40+ companies that have closed a Series A or higher as a whole decide not to publish user / usage numbers in a market that claims to always be growing by leaps and bounds?

One of the problems appears to be that when you raise a lot of money, $50+ million for B2C applications your charts are expected to look a bit like other high-growth companies.

slack growth

Source: TechCrunch

For instance, above is a two-year chart displaying two types of users: daily active and paid for Slack.  With 3.5x daily user growth over the past year, Slack announced last week that it has closed its new round, raising $200 million at $3.8 billion post-money valuation.  About a third of its daily users which are paid users, a relatively high conversion rate.

Obviously social media commenters will point out that “cryptocurrencies” are not the same thing as communication tools, but the point remains that eventually the aspirations of investors will re-calibrate with the actual growth trajectories of a platform.  And as of right now, based on public data it is unclear where that traction is in the cryptocurrency world — perhaps it does exist somewhere but no one is publicly revealing those stats.

It bears mentioning, based on anecdotes there are several cryptocurrency-related startups that have gained relatively large customer bases in certain corridors focused on cross-border payments and remittances involving The Philippines.13 There are also several cash-flow positive companies in this space that have flown under the radar.  On the flipside, based on similar anecdotes, multi-level marketing scams like MMM Global also have seen continued traction.14

Conclusion

Where is the growth, where are the numbers?  Those are the two questions that continue to drive blog posts on this site.  Perhaps startups in the public blockchain ecosystem will be more forthcoming later this year as more capital is deployed.  We will try to revisit this topic once more information is publicly available.

It will also be interesting to see how many more cryptocurrency-related companies rebrand or pivot into the “private blockchain” sphere without actually changing how they interact with cryptocurrencies.  Thus, my older October post on the Great Pivot should be revisited at some point as well.  In addition, if “private blockchain” platforms are eventually flipped on into production mode, they may begin to yield usage numbers worth looking at in a year or so.

  1. For a concise explanation of “fast growth” in this context see the recent interview with Chamath Palihapitiya: Top V.C. on “Mostly Crap” Start-Ups, Mark Zuckerberg, and Early Facebook’s Grim Lunches by Vanity Fair. []
  2. And according to other data science companies I have spoken to in the recent past, several confirm this as well. []
  3. A notable exception was in December 2015 when BitPay provided a transaction chart to Forbes.  Additionally, BitGo has published numbers from time to time.  And while it hasn’t raised a Series A, Blockstack is also fairly open about its userbase. []
  4. Blockstack.org is not the same thing as Blockstack.io — two different groups. []
  5. Flavien Charlon, creator of Open Assets, also maintains Openchain. []
  6. Monegraph is a platform for managing digital artwork. []
  7. During its crowdsale last year, Factom sold about 4.4 million factoid (tokens) for 2,278 bitcoins. []
  8. CoinSciences, the team behind Coinspark, also has another product called MultiChain. []
  9. See: What is the blockchain hard fork “missile crisis?” and also Appendix B []
  10. One interesting stat they mentioned was in terms of ratios: in 2015 there was about $15 billion invested in “fintech” overall and about $450 million in the entire umbrella of “cryptocurrency / blockchain” ecosystem.  That amounts to about 3%. []
  11. Peernova has transitioned from being a Bitcoin mining company to creating “Blockchain-inspired” tools for other industries. []
  12. See Zynga quarterly earnings reports and Statista []
  13. This includes: Align Commerce, BitX and Coins.ph []
  14. This is based on actual data I have been shown. []
Send to Kindle

Watermarked tokens and pseudonymity on public blockchains

As mentioned a couple weeks ago I have published a new research paper entitled: “Watermarked tokens and pseudonymity on public blockchains

In a nutshell: despite recent efforts to modify public blockchains such as Bitcoin to secure off-chain registered assets via colored coins and metacoins, due how they are designed, public blockchains are unable to provide secure legal settlement finality of off-chain assets for regulated institutions trading in global financial markets.

The initial idea behind this topic started about 18 months ago with conversations from Robert Sams, Jonathan Levin and several others that culminated into an article.

The issue surrounding top-heaviness (as described in the original article) is of particular importance today as watermarked token platforms — if widely adopted — may create new systemic risks due to a distortion of block reorg / double-spending incentives.  And because of how increasingly popular watermarked projects have recently become it seemed useful to revisit the topic in depth.

What is the takeaway for organizations looking to use watermarked tokens?

The security specifications and transaction validation process on networks such as the Bitcoin blockchain, via proof-of-work, were devised to protect unknown and untrusted participants that trade and interact in a specific environment.

Banks and other institutions trading financial products do so with known and trusted entities and operate within the existing settlement framework of global financial markets, with highly complex and rigorous regulations and obligations.  This environment has different security assumptions, goals and tradeoffs that are in some cases opposite to the designs assumptions of public blockchains.

Due to their probabilistic nature, platforms built on top of public blockchains cannot provide definitive settlement finality of off-chain assets. By design they are not able to control products other than the endogenous cryptocurrencies they were designed to support.  There may be other types of solutions, such as newer shared ledger technology that could provide legal settlement finality, but that is a topic for another paper.

This is a very important issue that has been seemingly glossed over despite millions of VC funding into companies attempting to (re)leverage public blockchains.  Hopefully this paper will help spur additional research into the security of watermarking-related initiatives.

I would like to thank Christian Decker, at ETH Zurich, for providing helpful feedback — I believe he is the only academic to actually mention that there may be challenges related to colored coins in a peer-reviewed paper.  I would like to thank Ernie Teo, at SKBI, for creating the game theory model related to the hold-up problem.  I would like to thank Arthur Breitman and his wife Kathleen for providing clarity to this topic.  Many thanks to Ayoub Naciri, Antony Lewis, Vitalik Buterin, Mike Hearn, Ian Grigg and Dave Hudson for also taking the time to discuss some of the top-heavy challenges that watermarking creates.  Thanks to the attorneys that looked over portions of the paper including (but not limited to) Jacob Farber, Ryan Straus, Amor Sexton and Peter Jensen-Haxel; as well as additional legal advice from Juan Llanos and Jared Marx.  Lastly, many thanks for the team at R3 including Jo Lang, Todd McDonald, Raja Ramachandran and Richard Brown for providing constructive feedback.

Watermarked Tokens and Pseudonymity on Public Blockchains

Send to Kindle

Creative angles of attacking proof-of-work blockchains

[Note: the following views were originally included in a new paper but needed to be removed for space and flow considerations]

While most academic literature has thus far narrowly focused under the assumption that proof-of-work miners such as those used in Bitcoin will behave according to a “goodwill” expectation, as explored in this paper, there may be incentives that creative attackers could look to exploit.

Is there another way of framing this issue as it relates to watermarked tokens such as colored coins and metacoins?

Below are comments from several thought-leaders working within the industry.

According to John Light, co-founder of Bitseed:1

When it comes to cryptocurrency, as with any other situation, an attacker has to balance the cost of attacking the network with the benefit of doing so. If an attacker spends the minimum amount required to 51% attack bitcoin, say $500 million, then the attacker needs to either be able to short $500 million or more worth of BTC for the attack to be worth it, or needs to double spend $500 million or more worth of BTC and receive some irreversible benefit and not get caught (or not have consequences for getting caught), all while taking into consideration the loss of future revenues from mining honestly. When you bring meta-coins into the equation, things get even murkier; the cost is less dependent on the price of bitcoin or future mining revenues, and depends more on the asset being attacked, whether it’s a stock sale or company merger that’s being prevented, or USD tokens being double-spent.

There’s no easy answer, but based on the economics of the situation, and depending on the asset in question, it doesn’t seem wise to put more value on chain than the market cap of BTC itself (as a rough benchmark – probably not that exact number, but something close to it).

Not a single study has been publicly published looking at this disproportionalism yet it is regularly touted at conferences and social media as a realistic, secure, legal possibility.

According to Vitalik Buterin, creator of Ethereum:2

There are actually two important points here from an economics perspective. The first is that when you are securing $1 billion on value on a system with a cryptoeconomic security margin that is very small, that opens the door to a number of financial attacks:

  1. Short the underlying asset on another exchange, then break the system
  2. Short or long some asset at ultrahigh leverage, essentially making a coin-flip bet with a huge amount of money that it will go 0.1% in one direction before the other. If the bet pays off, great. If it does not pay off, double spend.
  3. Join in and take up 60%+ of the hashrate without anyone noticing. Then, front-run everyone. Suppose that person A sends an order “I am willing to buy one unit of X for at most $31”, and person B sends an order “I am willing to sell one unit of X for at least $30”. As a front-runner, you would create an order “I am willing to sell one unit of X for at least $30.999” and “I am willing to buy one unit of X for at most $30.001”, get each order matched with the corresponding order, and earn $0.998 risk-free profit. There are also of course more exotic attacks.

In fact, I could see miners even without any attacks taking place front-running as many markets as they can; the ability to do this may well change the equilibrium market price of mining to the point where the system will, quite ironically, be “secure” without needing to pay high transaction fees or have an expensive underlying currency.

The second is that assets on a chain are in “competition” with each other: network security is a public good, and if that public good is paid for by inflation of one currency (which in my opinion, in a single-currency-chain environment, is economically optimal) then the other currencies will gain market share; if the protocol tries to tax all currencies, then someone will create a funky meta-protocol that “evades taxes by definition”: think colored coins where all demurrage is ignored by definition of the colored coin protocol. Hence, we’ll see chains secured by the combination of transaction fee revenue and miner front running.

Unsolved economics question: would it be a good thing or a bad thing if markets could secure themselves against miner frontruns? May be good because it makes exchanges more efficient, or bad because it removes a source of revenue and reduces chain security.

Cryptoeconomics is a nascent academic field studying the confluence of economics, cryptography, game theory and finance.3

Piotr Piasecki, a software developer and independent analyst explained:4

If a malicious miner sees a big buy order coming into the market that would move the price significantly, they can engage in front running – the buy order could be pushed to the back of the queue or even left out until the next block, while the miner buys up all of the current stock and re-lists it at a higher price to turn a profit. Alternatively, when they see there is a high market pressure coming in, especially in systems that are inefficient by design, they can buy the orders up one by one by using their power to include any number of their own transactions into a block for free, and similarly re-list them for people to buy up.

Or in other words, because miners have the ability to order transactions in a block this creates an opportunity to front run. If publicly traded equities are tracked as a type of colored coin on a public blockchain, miners could order transaction in such a way as to put certain on-chain transactions, or trades in this case, to execute before others.

Robert Sams, co-founder of Clearmatics, previously looked at the bearer versus registered asset challenge:5

One of the arguments against the double-spend and 51% attacks is that it needs to incorporate the effect a successful attack would have on the exchange rate. As coloured coins represent claims to assets whose value will often have no connection to the exchange rate, it potentially strengthens the attack vector of focusing a double spend on some large-value colour. But then, I’ve always thought the whole double-spend thing could be reduced significantly if both legs of the exchange were represented on a single tx (buyer’s bitcoin and seller’s coloured coin).

The other issue concerns what colour really represents. The idea is that colour acts like a bearer asset, whoever possesses it owns it, just like bitcoin. But this raises the whole blacklisted coin question that you refer to in the paper. Is the issuer of colour (say, a company floating its equity on the blockchain) going to pay dividends to the holder of a coloured coin widely believed to have been acquired through a double-spend? With services like Coin Validation, you ruin fungibility of coins that way, so all coins need to be treated the same (easy to accomplish if, say, the zerocoin protocol were incorporated). But colour? The expectations are different here, I believe.

On a practical level, I just don’t see how pseudo-anonymous colour would ever represent anything more than fringe assets. A registry of real identities mapping to the public keys would need to be kept by someone. This is certainly the case if you ever wanted these assets to be recognised by current law.

But in a purely binary world where this is not the case, I would expect that colour issuers would “de-colour” coins it believed were acquired through double-spend, or maybe a single bitcoin-vs-colour tx would make that whole attack vector irrelevant anyway. In which case, we’re back to the question of what happens when the colour value of the blockchain greatly exceeds that of the bitcoin monetary base? Who knows, really depends on the details of the colour infrastructure. Could someone sell short the crypto equity market and launch a 51% attack? I guess, but then the attacker is left with a bunch of bitcoin whose value is…

The more interesting question for me is this: what happens to colour “ownership” when the network comes under 51% control? Without a registry mapping real identities to public keys, a pseudo-anonymous network of coloured assets on a network controlled by one guy is just junk, no longer represents anything (unless the 51% hasher is benevolent of course). Nobody can make a claim on the colour issuer’s assets. So perhaps this is the real attack vector: a bunch of issuers get together (say, they’re issuers of coloured coin bonds) to launch a 51% attack to extinguish their debts. If the value of that colour is much greater than cost of hashing 51% of the network, that attack vector seems to work.

On this point, Jonathan Levin, co-founder of Chainalysis previously explained that:6

We don’t know how much proof of work is enough for the existing system and building financially valuable layers on top does not contribute any economic incentives to secure the network further. These incentives are fixed in terms of Bitcoin – which may lead to an interesting result where people who are dependent on coloured coin implementations hoard bitcoins to attempt to and increase the price of Bitcoin and thus provide incentives to miners.

It should also be noted that the engineers and those promoting extensibility such as colored coins do not see the technology as being limited in this way. If all colored coins can represent is ‘fringe assets’ then the level of interest in them would be minimal.

Time will tell whether this is the case. Yet if Bob could decolor assets, in this scenario, an issuer of a colored coin has (inadvertently) granted itself the ability to delegitimize the bearer assets as easily as it created them. And arguably, decoloring does not offer Bob any added insurance that the coin has been fully redeemed, it is just an extra transaction at the end of the round trip to the issuer.

  1. Personal correspondence, August 10, 2015. Bitseed is a startup that builds plug-and-play full nodes for the Bitcoin network. []
  2. Personal correspondence, August 13, 2015. []
  3. See What is cryptoeconomics? and Formalizing Cryptoeconomics by Vlad Zamfir []
  4. Mining versus Consensus algorithms in Crypto 2.0 systems by Piotr Piasecki []
  5. As quoted in: Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? by Tim Swanson; reused with permission. []
  6. This example originally comes from Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? by Tim Swanson; reused with permission. []
Send to Kindle

Cryptoeconomics for beginners and experts alike

This past week Koinify and the Cryptocurrency Research Group (CCRG), a new academic organization, held a 3-day event — the first of its kind called Cryptoeconomicon, an interdisciplinary private event that included a cross section of developers, entrepreneurs, academics and a few investors.  It was purposefully scheduled to coincide with O’Reilly Media’s own “Bitcoin and the Blockchain” conference which took place in the middle of it.

I attended what amounted to four days of seminars, brainstorming and networking sessions.  Below are my summarized thoughts.  Note: these are my opinions alone and do not reflect those of other participants or the companies I work with.  You can view pictures/info of the event: #cryptoecon and @cryptoecon

Rather than going through each session, I will just highlight a few areas that stood out to me and include outside relevant content.

What is cryptoeconomics?

According to Vlad Zamfir, of the Ethereum project, cryptoeconomics as a field might be defined as:

A formal discipline that studies protocols that govern the production, distribution and consumption of goods and services in a decentralized digital economy.  Cryptoeconomics is a practical science that focuses on the design and characterization of these protocols.

Zamfir discussed this at length (slides) (video) and rather than going too in-depth with what he said I wanted to reiterate his main points he gave:

Cryptoeconomic security as information security

  • Mechanisms are really programs
  • They can distribute payoffs
  • The programs have a certain behaviour in the Nash equilibrium case
  • The NE has a cryptoeconomic security
  • We can be assured that a program will run a particular way

He also argues that “cryptoeconomics” should be see as more economics for cryptography rather than cryptography for economics:

  • Economic mechanisms can give guarantees that a program will run in a particular way that cryptography alone can’t provide.
  • Incentives are forward facing, cryptography is a function of already-existing information
  • How do we provide custom cryptoeconomic guarantees?

The last part in relation to his talk that really stuck out to me was on the final day.  In his view (slides) the technical term that should be applied is, “distributed cryptoeconomic consensus” which would assuage concerns from the academic “distributed consensus” community that uses different terminology.  Under this definition, this means:

  • A cryptoeconomic mechanism with the Nash equilibrium of assuring distributed byzantine fault tolerant consensus
  • We should be able to assert and prove the cryptoeconomic assurances of any consensus mechanism
  • Distributed consensus mechanisms can create a pure cryptoeconomy. Even the execution of the mechanisms is has a measurable assurance.

Most interesting comment of the event

I think the most apt comment from the economics discussion came from Steve Waldman, a software developer and trader over at Interfluidity on the first day of the event.

While there will likely be a recording posted on Youtube (video), in essence what he said was that in the blockchain space — and specifically the developers in the room — they are creating an enormous amount of supply without looking to see what the corresponding demand is.  That is to say, there is effectively a supply glut of “blockchain tech” in part because few people are asking whether or not this tech actually has any practical consumer demand.  Where are the on-the-ground consumer behavior surveys and reports?

Again, if Bitcoin (the overall concept) is viewed as an economy, country or even a startup, it is imperative that the first question is resolved: what is the market need?  Who are the intended consumers?  So far, despite lots of attention and interest, there has been very little adoption related to blockchains in general.  Perhaps this will change, maybe it is only a temporary mismatch.  Maybe it these are the chicken-egg equivalent to computing languages like Ruby or PHP and eventually supply somehow creates the demand?  Or maybe it suffers from the Kevin Costner platform trap (e.g,. if you build it, will they come?).

To illustrate this contrarian view:

why startups fail

Source: David Norris https://twitter.com/norrisnode/status/561262588466839553

Maybe there is no real market need for these first generation concepts?  Perhaps the network will run out of block rewards (cash incentives) to the miners before these blockchains can gain mainstream traction?  Maybe the current developers are not quite right for the job?

Or maybe, blockchains such as Bitcoin simply get outcompeted in the overall marketplace.  For instance, there are currently 1,586 Payment startups listed on AngelList and 106 P2P Money Transfer startups listed on AngelList.  Most of these will likely burn out of capital and cease to exist, but there are probably at least a dozen or so of each that will (and have) gained traction and are direct competitors to these first generation blockchains.

Perhaps this will change, but then again, maybe the market is more interested in what William Mougayar (who unfortunately was not part of the event) pointed out a few days ago.  Simply put, maybe there is more room to grow in the “Blockchain Neutral Smart Services” and “Non-Blockchain Consensus” quadrants:

Crypto_Tech

We cannot know for certain a priori what market participants will decide.  Perhaps Bitcoin is good enough to do everything its enthusiastic supporter claim it can.

Or maybe, as Patrick Collison, CEO of Stripe, wittily stated in Technology Review:

“Bitcoin is kind of a financial Rorschach test; everyone projects their desired monetary future onto it.”

Now, to be fair, Collison (who was not part of the event) has a horse in the race with Stellar.  Fortunately there was not much emphasis on token prices going to the moon at the Cryptoecon event.  When incentives did come up, it was largely related to how a consensus mechanism can be secure through a self-reinforcing Nash equilibrium.

Perhaps a future event could discuss what Meher Roy (who unfortunately was not in attendance either) adroitly summarized and modeled in relation to how actors are betting on crypto-finance platforms:

meher roy table

Source: https://medium.com/@Meher/a-model-to-makes-sense-of-beliefs-and-associated-crypto-finance-platforms-f761a7d782cb

Back to the show

There were a number of startups at the event, probably around a dozen or so.  In my view, the most concise overview was from Sergey Nazarov co-founder of SmartContract.  The interface was clean, the message was clear and “issuance” can be done today.  I’m not necessarily endorsing the stack he’s using, but I think he has clearly talked to end-users for ease of use feedback (note: be sure to consult a lawyer before using any ‘smart contracting’ system, perhaps they are not recognized as actual “contracts” in your jurisdiction).  Also, drones.

It would have been nice to see a little longer debate between StorJ, Maidsafe and Filecoin groups.  I think there was probably a little too much “it just works” handwaving but thought that Juan Binet-Betez from IPFS/Filecoin gave the most thorough blueprint of how his system worked (he also showed a small working demo).

It was not recorded but I think messaging for Augur (a variation of Truthcoin) was pretty poor.  Again, just my opinion but I was vocal about the particular use-case (gambling) proposed as it would simply bring more negative PR to a space smashed with bad PR.  The following day other members of the team discussed other uses including prediction markets for political events (similar to what Intrade did).  I am skeptical that in its current form it will become widely adopted because futures markets, like the CME, already do a relatively competitive job at providing this service for many industries and these decentralized markets could likely just attract marginal, illicit activities as has been the trend so far.  I could be wrong and perhaps they will flourish in emerging markets for those without access to the CME-like institutions.

Things that look less skeptical

  • There were about 10-12 people affiliated with Ethereum at the event, all of them were developers and none of them seemed to push their product as “the one chain to rule them all” (in fact, there was a healthy debate about proof-of-stake / proof-of-work within their contingent).  I’ve been fairly skeptical since last summer when their team looked gigantically bloated (too many cooks in the kitchen) but they seem to have since slimmed down, removing some of the pumpers and focusing on the core tech.  This is not to say they will succeed, but I am slightly less skeptical than I was 3-4 months ago.
  • I also had a chance to sit down with a couple members of the IBM ADEPT ‘Internet of Things’ team.  They held a ~3 hour workshop which was attended by around 20 people.  The session was led by Henning Diedrich (IBM), David Kravitz (IBM) and Patrick Deegan (Open Mustard Seed Project).  Again, even though I’ve paged through the ADEPT whitepaper, I was hesitant to believe that this was little more than marketing on the part of IBM.  But by the time the session was over, I was a little less skeptical.  Perhaps in the future, when more appliances and devices have secure proplets, they could use a method — such as a blockchain/cryptoledger — to securely bid/ask on resources like electricity.  B2B and machine-to-machine ideas were discussed and piggybacked on.  Obviously there are all sorts of funny and sad ways this could end but that is up for Michael Bay to visualize next year.
  • This also intersects with another good comment from Stefan Thomas (CTO of Ripple Labs).  In a nutshell, on a panel during the first day, he thinks there is some confusion and conflation of the terms “automation,” “decentralization,” “smart contracts” and “blockchains.”  That is to say, while blockchains are automated, that is not to mean that it is the only means to achieve automation.  Nor is decentralization necessary for automation to be achieved in every use-case.  Nor are smart contracts the only way to control automated devices.  When the video is posted I’ll be sure to link it (video).
  • Ethan Buchman, lead dev for Eris, was both witty and on top of his form, noting that in practice users don’t need a new browser every time they go to a new site, so they shouldn’t need a new client to view a different blockchain.  Let’s keep our eye on Decerver to see how this germinates.
  • Lastly, the two investors that attended the VC panel on Wednesday included Shahin Farshchi from Lux Capital and Pearl Chan of Omidyar Network.  What I liked about them is they weren’t pushing a certain binary viewpoint.  They were both upfront and honest: neither had invested in this space, not because they hated it, but because they were taking their time to see what opportunities actually fit within their mandate.  Perhaps they will at some point.  One joke that Farshchi mentioned was that back when cellular telephony was growing, “everyone and their mom” was selling base station equipment and chips.  Similarly there were over 300 companies creating thin film solar cells before bankruptcies and mergers.  So the type of euphoria we see in the Bitcoin-space is not necessarily unique.

Room for improvement

Perhaps if there is a next event it could include representatives from Blockstream, Bitfury and other Bitcoin-centered projects.  It would be nice to have some perspective from those deeply concerned about with maintaining secure consensus and the Blockstream team has some of the most experienced engineers in this space.  Hearing their views next to what Peter Todd (who attended and had some interesting calculations for the estimated costs to attack a network), could help developers build better tools.  Similarly, developers from Peernova, Square, Stripe, M-Pesa and Western Union would also likely be good resources to provide empirical feedback.

Additional clarity for what a decentralized autonomous organization (DAO) actually is and is not could be spelled out as well.  And how do these intersect with existing legal jurisprudence (can they? as Brett Scott might ask).   For anyone who has read “The Cookie Monster” by Vernor Vinge, both Matt Liston and Vitalik Buterin made some not-entirely-unreasonable points about machine-rights and whether or not machines should trust humans (e.g., humans expect bots to provide truthful information, but can the reverse be expected?  And what happens if a bot, like a DAO, is deemed too successful or broke a law in some jurisdiction — does it get “carted” away in a truck?).

Lastly, I think by the time there is another event, there will hopefully be more clarity for what a “smart contract” is.  One panel I moderated, I tried to get the participants to use the word “banana” instead because the term “banana” is overused and often conflated to mean many things it is legally not.  Primavera De Filippi from the Cryptolaw panel made some good comments too about whether or not “bananas” are actual legally binding contracts; she previously did a workshop with Aaron Wright (also in attendance) at the recent Distributed Networks and the Law event held at Harvard/MIT.  Steve Omohundro also spoke realistically about these scenarios on the final day, where does liability start and stop for developers of DAOs?

[Note: I would like to thank Kieren James-Lubin, Vitalik Buterin, Tom Ding, Sri Sriram for organizing the event, Robert Schwentker for acting as emcee/photographer, and CFLD and Omidyar Network for sponsoring the event including the delicious food.]

Send to Kindle

The Continued Existence of Altcoins, Appcoins and Commodity coins

Yesterday I gave a presentation at a Bitcoin Meetup held hosted by Plug and Play Tech Center in Sunnyvale.

I discussed the economic incentives for creating altcoins, appcoins, commodity coins and also covered several bitcoin 2.0 proposals.  The slides and video from the event are viewable below.  Download the deck for other references and citations.

Send to Kindle

A panel on smart contracts with industry developers and educators

Earlier today I participated in a virtual panel covering smart contracts called, “Let’s Talk Smart Contracts.”

The panel included: Adam Krellenstein (Counterparty), Oleg Andreev (CoreBitcoin), Pamela Morgan (Empowered Law), Stefan Thomas (Codius, Ripple Labs), Stephan Tual (Ethereum), Tim Swanson (Of Numbers), Yurii Rashkovskii (Trustatom) and it was moderated by Roman Snitko with Straight.

Below are some transcribed notes of my own statements.

Introduction starting at 09:06:

Hey guys, great to be here.  Thanks for the invite, thanks for organizing this.  So I’m here because you guys needed another white guy from Europe or something like that (that’s a joke).  So the definition I have of smart contracts, I have written a couple books in this space, and the definition I use is a smart contract is “a proposed tool to automate human interactions: it is a computer protocol – an algorithm – that can self-execute, self-enforce, self-verify, and self-constrain the performance of a contract.”  I think I got most of that definition from Nick Szabo’s work.  For those of you who are familiar with him, look up some of his past writings.  I think that the primary work he is known for is the paper, “Formalizing and Securing Relationships on Public Networks.”  And he is basically considered the [intellectual] grandfather of this space.  I’m here basically to provide education and maybe some trolling.

From 22:02 -> 24:15

I think I see eye-to-eye with Adam here.  Basically the idea of how we have a system that is open to interpretation, you do have reversibility, you do have nebulousness.   These are things that Nick Szabo actually discussed in an article of his called “Wet code and dry” back in 2008.  If you look back at some of the earlier works of these “cypherpunks” back in the ’90s, they talked about some of these core issues that Oleg talked about in terms of being able to mitigate these trusted parties.  In fact, if you look at the Bitcoin whitepaper alone, the first section has the word “reverse” or “reversibility” around 5 times and the word “trust” or “trusted” appears 11 times in the body of the work.  This was something that whoever created Bitcoin was really interested in trying to mitigate the need for any kind of centralized or third party involved in the process of transactions to reduce the mediation costs and so forth.

But I suppose my biggest criticism in this space, it is not pointed to anyone here in particular, is how we have a lot of “cryptocurrency cosplay.”  Like Mary Sue Bitcoin.  I’m not sure if you guys are familiar with who Mary Sue is: she is this archetype who is this kind of idealized type of super hero in a sense.  So what happens with Bitcoin and smart contracts is that you have this “Golden Age” [of Comics] where you had the limited ideas of what it could do.  Like Superman for example, when he first came out he could only jump over a building and later he was pushed to be able to fly because it looks better in a cartoon.  You have only a limited amount of space [time] and it takes too long to jump across the map.  So that’s kind of what I see with Bitcoin and smart contracts.  We can talk about that a little bit later, just how they have evolved to encompass these attributes that they’re probably not particularly good at.  Not because of lack of trying but just because of the mechanisms of how they work in terms of incentives for running mining equipment and so on.  So, again we can talk about that later but I think Adam and Oleg have already mentioned the things that are pretty important at this point.

40:18 -> 41:43

I’m the token cynic, huh?  So actually before I say anything, I would like to mention to the audience other projects that you might be interested in looking at: BitHalo; NotaryChains is a new project that encompasses some of these ideas of Proof of Existence created by Manuel Araoz, he is the one who did POE.  NotaryChains is a new project I think that sits on top of Mastercoin.  The issue that people should consider is that proof of existence/proof of signature: these are just really hi-tech forms of certification.  Whether or not they’re smart contracts I guess is a matter of debate.

There is another project: Pebble, Hyperledger, Tezos, Tendermint, Nimblecoin.  With Dogethereum their project is called Eris which apparently is the first DAO ever.  A DAO for the audience is a decentralized autonomous organization, it’s a thing apparently. SKUChain is a start-up in Palo Alto, I talk about them in chapter 16.  They have this interesting idea of what they call a PurchaseChain which is a real use-case for kind of updating the process from getting a Letter of Credit to a Bill of Lading and trying to cut out time and mediation costs in that process.  There are a few others in stealth mode.  So I really don’t have a whole lot to add with cynicism at this point, we can go on and come back to me in a little bit.

59:41 -> 1:02:35

The go to deficiency guy, huh?  They’re not really saying anything particularly controversial, these things are fundamentally — at least from an engineering perspective — could be done.  The problem though I think runs into is what Richard Boase discussed in — if listeners are interested — he went to Kenya and he did a podcast a few weeks ago on Let’s Talk Bitcoin #133.  I really recommend people listen to it.  In it he basically talks about all of these real world issues that run into this idealized system that the developers are building.  And as a result, he ended up seeing all of these adoption hurdles, whether it was education or for example tablets: people were taking these tablets with bitcoin, and they could just simply resell it on a market, the tablet itself was worth more than they make in a year basically; significant more money.  He talked about a few issues like P2P giving, lending and charity and how that doesn’t probably work like we think it does.

I guess the biggest issue that is facing this space, if you want issues, is just the cost benefit analysis of running these systems.  There is a cost somewhere to run this stuff on many different servers, there is different ways to come up with consensus for this: for example, Ripple, Stellar, Hyperledger, they’re all using consensus ledgers which require a lot less capital expenditures.  But when you end up building something that requires some kind of mining process itself, that costs money.  So I think fundamentally in the long-run it won’t be so much what it can do but what can it economically do.

So when you hear this mantra of let’s decentralize everything, sure that’s fine and dandy but that’s kind of like Solutionism: a solution looking for a problem.  Let’s decentralize my hair — proof of follicle — there is a certain reductio ad absurdum which you come to with this decentralization.  Do you want to actually make something that people are actually going to use in a way that is cheaper than an existing system or we just going to make it and throw it out there and think they’re going to use it because we designed [wanted] it that way.  So I think education is going to be an issue and there are some people doing that right now: Primavera De Fiillipi, she’s over at Harvard’s Berkman Center — she’s got something called the Common Accord program.  And also Mike Hearn; listeners if you’re interested he’s made about 7 or 8 use-cases using the existing Bitcoin blockchain including assurance contracts — not insurance contracts — assurance contracts.  And he’s got a program called Lighthouse which hopes to build this onto the actual chain itself.  So there are things to keep in mind, I’m sure I’ll get yelled at in a minute here.

1:23:58 -> 1:28:10

Anyone listening to this wanting to get involved with smart contracts: hire a lawyer, that’s my immediate advice.  I will preface by saying I don’t necessarily agree with policies that exist and so on; I don’t personally like the status quo but there is no reason to be a martyr for some crusade led by guys in IRC, in their little caves and stuff like that.  That’s not towards anyone here in this particular chat but you see this a lot with “we’re going to destroy The Fed” or “destroy the state” and the reality is that’s probably not going to happen.  But not because of lack of trying but because that’s not how reality works.

Cases right now are for example: DPR, Shavers with the SEC, Shrem now with the federal government, Karpeles [Mt. Gox] went bankrupt.  What’s ended up happening is in 2009, with Bitcoin for example, you started with a system that obviated the need of having trusted third parties but as users started adopting it you ended up having scams, stolen coins, people losing coins so you ended up having an organic growth of people wanting to have insurance or some way to mediate these transactions or some way to make these things more efficient.  And I think that it will probably happen — since we’re guessing, this is speculative — I think that this will kind of happen with smart contracts too.  That’s not to say smart contracts will fail or anything like that.  I’m just saying that there will probably just be a few niche cases initially especially since we don’t have much today, aside I guess from Bitcoin — if you want to call it a smart contract.

What has ironically happened, is that we have created — in order to get rid of the middlemen it looks like you’ve got to reintroduce middlemen.  I’m not saying it will always be the case.  In empirical counter-factual it looks like that’s where things are heading and again obviously not everyone will agree with me on that and they’ll call me a shill and so on.  But that’s kind of where I see things heading.

I have a whole chapter in a book, chapter 17.  I interviewed 4 or 5 lawyers including Pamela [Morgan] of different reasons why this could take place.  For example, accredited investor — for those who are unfamiliar just look up ‘accredited investor.’  If you’re in the US, in order to buy certain securities that are public, you need to have gone through certain procedure to be considered a ‘sophisticated investor.’  This is one of the reasons why people do crowdsales outside of the US — Ethereum — because you don’t want to have to interact with the current legal system in the US.  The reason I mention that is because you end up opening yourselves to lawsuit because chains — like SWARM — cannot necessarily indemnify users.  That’s legal terminology for being able to protect your users from lawsuits from third parties; they just do not have the money, the revenue to support that kind of legal defense.  Unlicensed practice of law (UPL) is another issue.  If you end up putting up contracts on a network one of the issues could be, at least in the US, are bar associations.  Bar associations want to protect their monopoly so they go after people who practice law without a license.  I’m not saying it will happen but it could happen.

My point with this is, users, anyone listening to this should definitely do your due diligence, do your education.  If you plan to get involved with this space either as an investor or developer or so on, definitely at least talk to a lawyer that has some inkling of of an idea [on this].  The ones I recommend, in addition to Pamela here are: Ryan Straus, he is a Seattle-based attorney with Riddell Williams; Austin Brister and James Duchenne they’re with a program called Satoshi Legal; and then Preston Byrne, who’s out in London and he’s with Norton Rose Fulbright.

1:52:20 -> 1:54:43

Guys look, I understand that sounds cool in theory and it’s great to have everything in the background, but the reason you have to see these “shrink wrapped” EULAs [end user license agreements] and TOSs [terms of service] is because people were hiding stuff inside those agreements.  So if you hide what’s actually taking place in the contract you end up making someone liable for something they might not actually agree to.  So I’m not sure, I think it’s completely debatable at this point.  If we’re trying to be transparent, then you’re going to have to be transparent with the terms of agreement.

I should point out by the way, check out Mintchalk.com, it’s run by guys named James and Aaron in Palo Alto, they’re doing contract building.  ACTUS is a program from the Stevens Institute, they’re trying to come with codified language for contracts.  Mark S. Miller, he’s got a program over at Google, he does something with e-rights.

I mention all of this because, we already have a form of “polycentric law” if you will in terms of internationally with 200 different jurisdictions vying for basically jurisdiction arbitrage.  Ireland and the Netherlands have a tax agreement that Facebook, Google, Pfizer they take advantage of.  It’s this Double Irish With a Dutch Sandwich.  In fact my own corporation is incorporated in Delaware because of the legal arbitrage [opportunities].  Obviously smart contracts might add some sort of new wrinkle to that, but people who are listening to this, don’t expect to be living in some Galt’s Gulch tomorrow or something like that.

For example, when you have something that is stolen, there is something called Coinprism which is a colored coin project.  They can issue dividends on stock.  The cool thing with that is, “hey, you get to decentralize that.”  The double-edged side of that is if that when that get’s stolen: people steal stuff like bitcoins and so forth, what happens to the performance of that dividend?  If the company continues paying that dividend in knowing that the person had been stolen from: if somebody stole from me and I tell the company, “hey, it was stolen” and they continue paying, then I can sue them for continuing to pay a thief.  If they stop paying then it defeats the purpose of decentralization because anonymity is given up, identity has taken place.  Obviously this moves into another area called “nemo dat” it’s another legal term talking about what can be returned to the rightful owner, that’s where the term “bona fide” comes from.  Anyways, I wanted to get that out there.  Be wary of disappearing EULAs, those have a purpose because people were being sued for hiding stuff in there.

2:10:05 -> 2:12:23

So I think everybody and all these projects are well-intentioned and have noble goals but they’re probably over-hyped in the short-run, just like the Segway was.  It eventually leads to some kind of burnout, or over-promise and under-delivering.  I’m not saying this will happen, I’m just saying it could happen.  I actually think the immediate future will be relatively mundane, such as wills and trusts kind of like Pamela was talking about.

One particular program is in Kenya there is something called Wagenitech which is run by Robin Nyaosi and he is wanting to help farmers move, manage and track produce to market to bypass the middleman.  That doesn’t seem like something really “sexy,” that doesn’t seem like the “Singularity” kind of thing that everyone likes to talk about.  But that is needed for maybe that particular area and I think we might see more of that along with PurchaseChain, NotaryChains, some of these things that we already do with a lot of the paperwork.

Again, blockchains and distributed ledgers are pretty good at certain things, but not everything.  It has real limitations that vocal adopters on the subreddit of Bitcoin like to project their own philosophical views onto it and I think that it does it a very big disservice to this technology long-term.  For example, LEGO’s can be used to make a car but you wouldn’t want to go driving around in one.  A laptop could be used as a paper weight but it’s not particularly cost effective to do that.  And so what I think we’ll end up running into a tautology with smart contracts, it’s going to be used by people who need to use them.  Just like bitcoin is.  So what we’re going to have is a divergence between what can happen, this “Superman” version of Bitcoin and smart contracts, versus the actual reality.

So for example, people say it’s [Bitcoin] going to end war.  You had the War of Spanish Succession, there was a Battle of Denain, a quarter million people fought that in 1712 and it was gold-based [financed by specie].  Everyone that says bitcoin is going to destroy fiat, if the state exists as it does today there’s always going to be these institutions and types of aggression.  I do think smart contracts do add collateral and arbitration competition and it does take away the problem of having trust in the system itself, but the edges are the kryptonite.  And always will be.  So we need to focus on education and creating solutions to real actual problems today with the actual technology and not just some hypothetical “Type 2” civilization where we are using [harvesting] the Sun for all of our energy.

Send to Kindle

Presentation covering Smart Contracts, Smart Property and Trustless Asset Management

Earlier tonight I gave a presentation at Hacker Dojo with the Ethereum project.  I would like to thank Chris Peel and Joel Dietz for organizing it.  Below is a video and accompanying slide deck.  In addition to the footnotes in the PPT, I recommend looking at the wiki on smart contracts and Nick Szabo’s writings (1 2 3).

Also, some quotes regarding synthetic assets in Szabos’ work:

Citation 1:  “Another area that might be considered in smart contract terms is synthetic assets[5]. These new securities are formed by combining securities (such as bonds) and derivatives (options and futures) in a wide variety of ways.”

Citation 2: “Creating synthetic assets or combinations that mimic the financial functionality of some other contract while avoiding its legal limitations”

Citation 3: “Reference to Perry H. Beaumont, Fixed Income Synthetic Assets”

Send to Kindle

Quick update of the DAO space involving Mastercoin and Ethereum

A couple of updates: Mastercoin has released a new schedule for its upcoming distributed exchange. Milestones will take place over the next 5 weeks and will ultimately enable users to use real MSC.

And from last weekend’s Bitcoin Miami conference, here is Vitalik Buterin’s presentation of Ethereum:

Note: Ethereum’s testnet is now up and running, the IPO has been pushed back to allow for legal clarifications.

Send to Kindle

Casual conversation with Mastercoin, Ethereum and Invictus (Bitshares/Protoshares)

A week ago, Let’s Talk Bitcoin sat down with three developers Charles Hoskinson (Ethereum), David Johnston (Mastercoin) and Daniel Larimer (Invictus/Bitshares).  Well worth your time as it covers all the hot topics in this space today: smart contract, smart property, DAX (decentralized autonomous corporation/organization/application/etc.).  Lot’s of great quotes, insights and vision.

Send to Kindle

Interview covering China, smart contracts and trustless asset management

Earlier today I was interviewed by Donald McIntyre at Newfination.  We discussed a number of topics related to cryptocurrencies and trustless asset management including smart contracts and how they can be applied in China (see video below).

My current motivation and interest stems from the lack of clear property rights and contracts in China.  While some jurisdictions are better than others (like Shanghai), no one actually owns property for more than 70 years whereupon it is automatically reverted back to the state.1  In many cases, the actual property may only have a 40 or 50 year lease left because of the different staggered stages of post-Mao liberalization.

Furthermore, at any given time these titles can be revoked or modified by a 3rd party without recourse.  As a consequence, land confiscation is very common and is actually the leading cause for social unrest.  For example, each year approximately 4 million rural Chinese are evicted from their land.2 Why?  Because, according to an HSBC report, local governments generate 70% of their income from land sales much of which are ill-gotten gains for one ore more party (e.g., state owned firms have local leaders evict farmers from land).3  And there is no property tax, not because China is some hyper libertarian utopia but because corrupt officials — some of the same ones that confiscated the land — do not want to reveal their property holdings.

Crypto solutions

In 2004 a report from the OECD found that roughly half of all urban Chinese workers, primarily migrant workers from the provinces participated in the informal sector (this is between 120-150 million people).4 They would benefit if their payroll and compensation was managed by a Decentralized Autonomous Corporation rather than a human laoban (boss) who could change their mind or otherwise abuse the relationship (e.g., change the contract ex post).  For instance, without an urban hukou (household registration) most of these migrant workers are left without any legal recourse in the event that their contracts are tampered or ignored.

Trustless asset management tools built on top of a cryptoledger such as Bitcoin or Ethereum (which are tamper-proof) would empower not just those in the developed world, but also those in the developing world who are more easily marginalized without political guanxi.  Even if trustless asset management networks are not deemed legitimate or valid by the government or a Party apparatus, a decentralized smart contract based system would level the playing field and allow individuals from all walks of life to actually codify and manage scarce goods that they currently own.

While books and volumes could be written on this topic, even if there are stricter capital controls and regulations on cryptocurrencies in China (or elsewhere), that by using a couple different ‘colored’ coin chains (or Ethereum contracts, etc.) Bob from Beijing could still transfer assets worth X amount of money to Anhui Alice instead of X amount of money itself.  This would create a sort of advanced barter system which may not be as efficient in terms of actually using a cryptocurrency as a medium of exchange but it could help those in an informal economy qualify and quantify asset value and clear up some of the confusion around contracts and property ownership.

See also: Chinese property law and Forced evictions in China

  1. See China’s Real Estate Riddle from Patrick Chovanec, You May Own your Apartment, but who Owns the Land Underneath Your Feet? by Thomas Rippel and If Beijing is your landlord, what happens when the lease is up? from China Economic Review []
  2. See China’s Land Grab Epidemic Is Causing More Wukan-Style Protests from The Atlantic and China Tackles Land Grabs, Key Source of Rural Anger from The Wall Street Journal []
  3. See China land price fall threatens local finances from Financial Times and China’s land-seizure problem from Chicago Tribune []
  4. Internal Migration in China and the Effects on Sending Regions from OECD []
Send to Kindle

Ethereum and vunerabilities of Turing-complete progamming languages

There have been several Reddit threads and bitcointalk forum posts the past couple days regarding integrating a Turing-complete programming language with a cryptoledger.  Bitcoin currently uses a limited, non-TC language called Script.  The comments, feedback and insights revolve largely around the security risks and vulnerabilities that such a language could do.

If you are interested, I highly recommend reading through these threads right now, the first two include comments from Adam Back, creator of Hashcash which is the proof-of-work used in Bitcoin.

Turing complete language vs non-Turing complete (Ethereum vs Bitcoin)
letstalkbitcoin on committed tx, homomorphic value, fungibility, privacy
Will turing compleastness allow contracts to contain viruses and malware that could affect the network in unforeseen ways?
Adam Back about Ethereum and security risks

Send to Kindle

Mike Hearn discusses autonomous agents at Turing Festival 2013

Decentralized autonomous organizations (DAO), sometimes called decentralized autonomous corporations or autonomous agents have become a hot new topic both in social media and in software engineering, especially as they are interrelated with advances in cryptoledgers/cryptocurrencies.

Vitalik Buterin has written a three-part series (1 2 3) about software-based DAOs over at the Ethereum blog that gives a pretty good overview and capability of what a DAO is able to do.  While many more volumes will be written on this topic, last Mike Hearn gave a brief overview of what hardware applications may look like:

See also: Mike Hearn’s 2012 presentation in London (video) as well as his interview last fall with Newfination (video).

Send to Kindle

Ethereum’s potential: a cursory look

If you haven’t done so yet, I highly recommend reading Vitalik Buterin’s overview of Ethereum published earlier today.  It is very lofty, seemingly feasible and I don’t detect much hyperbole.  He is clearly aware of the short-comings of all the different 1.0/2.0 projects and is pretty much trying to make this stand out by otherwise fulfilling Newton’s, “standing on the shoulders of giants.”  I’d be interested to see what other project leaders from 2.0 initiatives have to say.

A few technical concerns I haven’t really seen addressed but I’m sure are being discussed somewhere:

1) Botnets.  While ASICs do create potential long term centralization problems, Botnets will jump all over the ability to use CPUs again to mine.  How can this be prevented/mitigated?  Can it?  Is there a way for Ethereum the org to prevent miners from participating (if so, can it be abused?)?  [Note: I have discussed mining previously in the Litecoin category.]
2) Even though the money supply is mathematically known, I’m not entirely sure the linear money supply will necessarily have the zeroing effect apriori.  It could, and probably will but obviously this is aposteriori.  For perspective, the token supply in LTC and BTC are significantly higher the first decade than Ether is.
3) While Script is not Turing-complete this also prevents viruses from being created and wreaking havoc on the blockchain.  CLL sounds great on paper in terms of robustness and utility, but how do you fight HNWI hackers who want to cause mischief?

Two other points of interest regarding the business side of this project:

1) I do think that eventually someone, somewhere will create a distributed, encrypted dropbox for global use.  How that is incentivized, or rather, how individuals pay for the resources (bandwidth & space) obviously will be another matter altogether.  Bitcloud is one project that is trying to tackle that (through proof-of-bandwidth).  Perhaps, as part of what Mike Hearn described 2 years ago, users will eventually be able to use microtransactions (e.g., 0.01 BTC) to pay random WiFi hotspots to create adhoc mesh networks — distributed encrypted dropboxes could just as easily follow similar paths in terms of payment/compensation.  Shades of Snow Crash and The Diamond Age

2) Even though I am pretty pro-alt coin/chain/ledger/etc. I do think parts of the Humint project are probably not going to work as initially planned in their press releases this week.  Assuming that Cocacolacoin is not part of the Ethereum blockchain but rather uses its own independent blockchain, it’s hard to imagine how to incentivize network hashrate (which creates network security which prevents a 51% attack).  I’m not saying it won’t work apriori, but from a business model it is difficult to believe that Bob the Miner will want to exchange hashrate for Coca-cola swag.  Obviously stranger things have happened, like the recent “success” of meme-related Dogecoin (wow! so cool! much awesome!); I do think not using the term “coin” will be a better marketing strategy as it is too loaded at this point (I prefer token or ducat).  Other obvious uses within the Ethereum blockchain are Frequentfliercoins from Alice Airlines, could probably help prevent and mitigate the risks involved in travel hacking (FYI: United Airlines frequent flier miles were downgraded effective February 1, 2014 due to rampant inflation).

For example, I think Alice Airlines could utilize the “contract” system by using some amount of Ether (0.01), creating a “contract” which defines a set amount of Mileage (which itself will likely have some predefined expatriation dates).  Assuming this is in the future and flyers are using Ether wallets (oh the 19th century irony) and provide the airline with their wallet address, the user will be able to receive the Mileage amount in their wallet (more than likely it will be an embedded URL that sends you to a screen on Airline Alice with the actual amounts + Terms of Service).  This is what colored coins are, but Ethereum seems to be both more elegant as this is native built-in functionality and in terms of transfer speed (3-30 seconds is the stated goal versus 10 minutes for 1 BTC confirmation).  This is subject to change, but just one potential use of the platform.

It will also be interesting to see how Dark Wallet and Zero Coin projects will react to this announcement (Ethereum is currently stating it is not an anonymous solution though through the “contracts” system this can be obfuscated).

Other resources to peruse:

– Ursium has a live update of publicly known tidbits.
– The Ethereum blog has some interesting info, especially about DAOs

Send to Kindle