Watermarked tokens and pseudonymity on public blockchains

As mentioned a couple weeks ago I have published a new research paper entitled: “Watermarked tokens and pseudonymity on public blockchains

In a nutshell: despite recent efforts to modify public blockchains such as Bitcoin to secure off-chain registered assets via colored coins and metacoins, due how they are designed, public blockchains are unable to provide secure legal settlement finality of off-chain assets for regulated institutions trading in global financial markets.

The initial idea behind this topic started about 18 months ago with conversations from Robert Sams, Jonathan Levin and several others that culminated into an article.

The issue surrounding top-heaviness (as described in the original article) is of particular importance today as watermarked token platforms — if widely adopted — may create new systemic risks due to a distortion of block reorg / double-spending incentives.  And because of how increasingly popular watermarked projects have recently become it seemed useful to revisit the topic in depth.

What is the takeaway for organizations looking to use watermarked tokens?

The security specifications and transaction validation process on networks such as the Bitcoin blockchain, via proof-of-work, were devised to protect unknown and untrusted participants that trade and interact in a specific environment.

Banks and other institutions trading financial products do so with known and trusted entities and operate within the existing settlement framework of global financial markets, with highly complex and rigorous regulations and obligations.  This environment has different security assumptions, goals and tradeoffs that are in some cases opposite to the designs assumptions of public blockchains.

Due to their probabilistic nature, platforms built on top of public blockchains cannot provide definitive settlement finality of off-chain assets. By design they are not able to control products other than the endogenous cryptocurrencies they were designed to support.  There may be other types of solutions, such as newer shared ledger technology that could provide legal settlement finality, but that is a topic for another paper.

This is a very important issue that has been seemingly glossed over despite millions of VC funding into companies attempting to (re)leverage public blockchains.  Hopefully this paper will help spur additional research into the security of watermarking-related initiatives.

I would like to thank Christian Decker, at ETH Zurich, for providing helpful feedback — I believe he is the only academic to actually mention that there may be challenges related to colored coins in a peer-reviewed paper.  I would like to thank Ernie Teo, at SKBI, for creating the game theory model related to the hold-up problem.  I would like to thank Arthur Breitman and his wife Kathleen for providing clarity to this topic.  Many thanks to Ayoub Naciri, Antony Lewis, Vitalik Buterin, Mike Hearn, Ian Grigg and Dave Hudson for also taking the time to discuss some of the top-heavy challenges that watermarking creates.  Thanks to the attorneys that looked over portions of the paper including (but not limited to) Jacob Farber, Ryan Straus, Amor Sexton and Peter Jensen-Haxel; as well as additional legal advice from Juan Llanos and Jared Marx.  Lastly, many thanks for the team at R3 including Jo Lang, Todd McDonald, Raja Ramachandran and Richard Brown for providing constructive feedback.

Watermarked Tokens and Pseudonymity on Public Blockchains

Send to Kindle

Creative angles of attacking proof-of-work blockchains

[Note: the following views were originally included in a new paper but needed to be removed for space and flow considerations]

While most academic literature has thus far narrowly focused under the assumption that proof-of-work miners such as those used in Bitcoin will behave according to a “goodwill” expectation, as explored in this paper, there may be incentives that creative attackers could look to exploit.

Is there another way of framing this issue as it relates to watermarked tokens such as colored coins and metacoins?

Below are comments from several thought-leaders working within the industry.

According to John Light, co-founder of Bitseed:1

When it comes to cryptocurrency, as with any other situation, an attacker has to balance the cost of attacking the network with the benefit of doing so. If an attacker spends the minimum amount required to 51% attack bitcoin, say $500 million, then the attacker needs to either be able to short $500 million or more worth of BTC for the attack to be worth it, or needs to double spend $500 million or more worth of BTC and receive some irreversible benefit and not get caught (or not have consequences for getting caught), all while taking into consideration the loss of future revenues from mining honestly. When you bring meta-coins into the equation, things get even murkier; the cost is less dependent on the price of bitcoin or future mining revenues, and depends more on the asset being attacked, whether it’s a stock sale or company merger that’s being prevented, or USD tokens being double-spent.

There’s no easy answer, but based on the economics of the situation, and depending on the asset in question, it doesn’t seem wise to put more value on chain than the market cap of BTC itself (as a rough benchmark – probably not that exact number, but something close to it).

Not a single study has been publicly published looking at this disproportionalism yet it is regularly touted at conferences and social media as a realistic, secure, legal possibility.

According to Vitalik Buterin, creator of Ethereum:2

There are actually two important points here from an economics perspective. The first is that when you are securing $1 billion on value on a system with a cryptoeconomic security margin that is very small, that opens the door to a number of financial attacks:

  1. Short the underlying asset on another exchange, then break the system
  2. Short or long some asset at ultrahigh leverage, essentially making a coin-flip bet with a huge amount of money that it will go 0.1% in one direction before the other. If the bet pays off, great. If it does not pay off, double spend.
  3. Join in and take up 60%+ of the hashrate without anyone noticing. Then, front-run everyone. Suppose that person A sends an order “I am willing to buy one unit of X for at most $31”, and person B sends an order “I am willing to sell one unit of X for at least $30”. As a front-runner, you would create an order “I am willing to sell one unit of X for at least $30.999” and “I am willing to buy one unit of X for at most $30.001”, get each order matched with the corresponding order, and earn $0.998 risk-free profit. There are also of course more exotic attacks.

In fact, I could see miners even without any attacks taking place front-running as many markets as they can; the ability to do this may well change the equilibrium market price of mining to the point where the system will, quite ironically, be “secure” without needing to pay high transaction fees or have an expensive underlying currency.

The second is that assets on a chain are in “competition” with each other: network security is a public good, and if that public good is paid for by inflation of one currency (which in my opinion, in a single-currency-chain environment, is economically optimal) then the other currencies will gain market share; if the protocol tries to tax all currencies, then someone will create a funky meta-protocol that “evades taxes by definition”: think colored coins where all demurrage is ignored by definition of the colored coin protocol. Hence, we’ll see chains secured by the combination of transaction fee revenue and miner front running.

Unsolved economics question: would it be a good thing or a bad thing if markets could secure themselves against miner frontruns? May be good because it makes exchanges more efficient, or bad because it removes a source of revenue and reduces chain security.

Cryptoeconomics is a nascent academic field studying the confluence of economics, cryptography, game theory and finance.3

Piotr Piasecki, a software developer and independent analyst explained:4

If a malicious miner sees a big buy order coming into the market that would move the price significantly, they can engage in front running – the buy order could be pushed to the back of the queue or even left out until the next block, while the miner buys up all of the current stock and re-lists it at a higher price to turn a profit. Alternatively, when they see there is a high market pressure coming in, especially in systems that are inefficient by design, they can buy the orders up one by one by using their power to include any number of their own transactions into a block for free, and similarly re-list them for people to buy up.

Or in other words, because miners have the ability to order transactions in a block this creates an opportunity to front run. If publicly traded equities are tracked as a type of colored coin on a public blockchain, miners could order transaction in such a way as to put certain on-chain transactions, or trades in this case, to execute before others.

Robert Sams, co-founder of Clearmatics, previously looked at the bearer versus registered asset challenge:5

One of the arguments against the double-spend and 51% attacks is that it needs to incorporate the effect a successful attack would have on the exchange rate. As coloured coins represent claims to assets whose value will often have no connection to the exchange rate, it potentially strengthens the attack vector of focusing a double spend on some large-value colour. But then, I’ve always thought the whole double-spend thing could be reduced significantly if both legs of the exchange were represented on a single tx (buyer’s bitcoin and seller’s coloured coin).

The other issue concerns what colour really represents. The idea is that colour acts like a bearer asset, whoever possesses it owns it, just like bitcoin. But this raises the whole blacklisted coin question that you refer to in the paper. Is the issuer of colour (say, a company floating its equity on the blockchain) going to pay dividends to the holder of a coloured coin widely believed to have been acquired through a double-spend? With services like Coin Validation, you ruin fungibility of coins that way, so all coins need to be treated the same (easy to accomplish if, say, the zerocoin protocol were incorporated). But colour? The expectations are different here, I believe.

On a practical level, I just don’t see how pseudo-anonymous colour would ever represent anything more than fringe assets. A registry of real identities mapping to the public keys would need to be kept by someone. This is certainly the case if you ever wanted these assets to be recognised by current law.

But in a purely binary world where this is not the case, I would expect that colour issuers would “de-colour” coins it believed were acquired through double-spend, or maybe a single bitcoin-vs-colour tx would make that whole attack vector irrelevant anyway. In which case, we’re back to the question of what happens when the colour value of the blockchain greatly exceeds that of the bitcoin monetary base? Who knows, really depends on the details of the colour infrastructure. Could someone sell short the crypto equity market and launch a 51% attack? I guess, but then the attacker is left with a bunch of bitcoin whose value is…

The more interesting question for me is this: what happens to colour “ownership” when the network comes under 51% control? Without a registry mapping real identities to public keys, a pseudo-anonymous network of coloured assets on a network controlled by one guy is just junk, no longer represents anything (unless the 51% hasher is benevolent of course). Nobody can make a claim on the colour issuer’s assets. So perhaps this is the real attack vector: a bunch of issuers get together (say, they’re issuers of coloured coin bonds) to launch a 51% attack to extinguish their debts. If the value of that colour is much greater than cost of hashing 51% of the network, that attack vector seems to work.

On this point, Jonathan Levin, co-founder of Chainalysis previously explained that:6

We don’t know how much proof of work is enough for the existing system and building financially valuable layers on top does not contribute any economic incentives to secure the network further. These incentives are fixed in terms of Bitcoin – which may lead to an interesting result where people who are dependent on coloured coin implementations hoard bitcoins to attempt to and increase the price of Bitcoin and thus provide incentives to miners.

It should also be noted that the engineers and those promoting extensibility such as colored coins do not see the technology as being limited in this way. If all colored coins can represent is ‘fringe assets’ then the level of interest in them would be minimal.

Time will tell whether this is the case. Yet if Bob could decolor assets, in this scenario, an issuer of a colored coin has (inadvertently) granted itself the ability to delegitimize the bearer assets as easily as it created them. And arguably, decoloring does not offer Bob any added insurance that the coin has been fully redeemed, it is just an extra transaction at the end of the round trip to the issuer.

  1. Personal correspondence, August 10, 2015. Bitseed is a startup that builds plug-and-play full nodes for the Bitcoin network. []
  2. Personal correspondence, August 13, 2015. []
  3. See What is cryptoeconomics? and Formalizing Cryptoeconomics by Vlad Zamfir []
  4. Mining versus Consensus algorithms in Crypto 2.0 systems by Piotr Piasecki []
  5. As quoted in: Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? by Tim Swanson; reused with permission. []
  6. This example originally comes from Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? by Tim Swanson; reused with permission. []
Send to Kindle

Cryptoeconomics for beginners and experts alike

This past week Koinify and the Cryptocurrency Research Group (CCRG), a new academic organization, held a 3-day event — the first of its kind called Cryptoeconomicon, an interdisciplinary private event that included a cross section of developers, entrepreneurs, academics and a few investors.  It was purposefully scheduled to coincide with O’Reilly Media’s own “Bitcoin and the Blockchain” conference which took place in the middle of it.

I attended what amounted to four days of seminars, brainstorming and networking sessions.  Below are my summarized thoughts.  Note: these are my opinions alone and do not reflect those of other participants or the companies I work with.  You can view pictures/info of the event: #cryptoecon and @cryptoecon

Rather than going through each session, I will just highlight a few areas that stood out to me and include outside relevant content.

What is cryptoeconomics?

According to Vlad Zamfir, of the Ethereum project, cryptoeconomics as a field might be defined as:

A formal discipline that studies protocols that govern the production, distribution and consumption of goods and services in a decentralized digital economy.  Cryptoeconomics is a practical science that focuses on the design and characterization of these protocols.

Zamfir discussed this at length (slides) (video) and rather than going too in-depth with what he said I wanted to reiterate his main points he gave:

Cryptoeconomic security as information security

  • Mechanisms are really programs
  • They can distribute payoffs
  • The programs have a certain behaviour in the Nash equilibrium case
  • The NE has a cryptoeconomic security
  • We can be assured that a program will run a particular way

He also argues that “cryptoeconomics” should be see as more economics for cryptography rather than cryptography for economics:

  • Economic mechanisms can give guarantees that a program will run in a particular way that cryptography alone can’t provide.
  • Incentives are forward facing, cryptography is a function of already-existing information
  • How do we provide custom cryptoeconomic guarantees?

The last part in relation to his talk that really stuck out to me was on the final day.  In his view (slides) the technical term that should be applied is, “distributed cryptoeconomic consensus” which would assuage concerns from the academic “distributed consensus” community that uses different terminology.  Under this definition, this means:

  • A cryptoeconomic mechanism with the Nash equilibrium of assuring distributed byzantine fault tolerant consensus
  • We should be able to assert and prove the cryptoeconomic assurances of any consensus mechanism
  • Distributed consensus mechanisms can create a pure cryptoeconomy. Even the execution of the mechanisms is has a measurable assurance.

Most interesting comment of the event

I think the most apt comment from the economics discussion came from Steve Waldman, a software developer and trader over at Interfluidity on the first day of the event.

While there will likely be a recording posted on Youtube (video), in essence what he said was that in the blockchain space — and specifically the developers in the room — they are creating an enormous amount of supply without looking to see what the corresponding demand is.  That is to say, there is effectively a supply glut of “blockchain tech” in part because few people are asking whether or not this tech actually has any practical consumer demand.  Where are the on-the-ground consumer behavior surveys and reports?

Again, if Bitcoin (the overall concept) is viewed as an economy, country or even a startup, it is imperative that the first question is resolved: what is the market need?  Who are the intended consumers?  So far, despite lots of attention and interest, there has been very little adoption related to blockchains in general.  Perhaps this will change, maybe it is only a temporary mismatch.  Maybe it these are the chicken-egg equivalent to computing languages like Ruby or PHP and eventually supply somehow creates the demand?  Or maybe it suffers from the Kevin Costner platform trap (e.g,. if you build it, will they come?).

To illustrate this contrarian view:

why startups fail

Source: David Norris https://twitter.com/norrisnode/status/561262588466839553

Maybe there is no real market need for these first generation concepts?  Perhaps the network will run out of block rewards (cash incentives) to the miners before these blockchains can gain mainstream traction?  Maybe the current developers are not quite right for the job?

Or maybe, blockchains such as Bitcoin simply get outcompeted in the overall marketplace.  For instance, there are currently 1,586 Payment startups listed on AngelList and 106 P2P Money Transfer startups listed on AngelList.  Most of these will likely burn out of capital and cease to exist, but there are probably at least a dozen or so of each that will (and have) gained traction and are direct competitors to these first generation blockchains.

Perhaps this will change, but then again, maybe the market is more interested in what William Mougayar (who unfortunately was not part of the event) pointed out a few days ago.  Simply put, maybe there is more room to grow in the “Blockchain Neutral Smart Services” and “Non-Blockchain Consensus” quadrants:


We cannot know for certain a priori what market participants will decide.  Perhaps Bitcoin is good enough to do everything its enthusiastic supporter claim it can.

Or maybe, as Patrick Collison, CEO of Stripe, wittily stated in Technology Review:

“Bitcoin is kind of a financial Rorschach test; everyone projects their desired monetary future onto it.”

Now, to be fair, Collison (who was not part of the event) has a horse in the race with Stellar.  Fortunately there was not much emphasis on token prices going to the moon at the Cryptoecon event.  When incentives did come up, it was largely related to how a consensus mechanism can be secure through a self-reinforcing Nash equilibrium.

Perhaps a future event could discuss what Meher Roy (who unfortunately was not in attendance either) adroitly summarized and modeled in relation to how actors are betting on crypto-finance platforms:

meher roy table

Source: https://medium.com/@Meher/a-model-to-makes-sense-of-beliefs-and-associated-crypto-finance-platforms-f761a7d782cb

Back to the show

There were a number of startups at the event, probably around a dozen or so.  In my view, the most concise overview was from Sergey Nazarov co-founder of SmartContract.  The interface was clean, the message was clear and “issuance” can be done today.  I’m not necessarily endorsing the stack he’s using, but I think he has clearly talked to end-users for ease of use feedback (note: be sure to consult a lawyer before using any ‘smart contracting’ system, perhaps they are not recognized as actual “contracts” in your jurisdiction).  Also, drones.

It would have been nice to see a little longer debate between StorJ, Maidsafe and Filecoin groups.  I think there was probably a little too much “it just works” handwaving but thought that Juan Binet-Betez from IPFS/Filecoin gave the most thorough blueprint of how his system worked (he also showed a small working demo).

It was not recorded but I think messaging for Augur (a variation of Truthcoin) was pretty poor.  Again, just my opinion but I was vocal about the particular use-case (gambling) proposed as it would simply bring more negative PR to a space smashed with bad PR.  The following day other members of the team discussed other uses including prediction markets for political events (similar to what Intrade did).  I am skeptical that in its current form it will become widely adopted because futures markets, like the CME, already do a relatively competitive job at providing this service for many industries and these decentralized markets could likely just attract marginal, illicit activities as has been the trend so far.  I could be wrong and perhaps they will flourish in emerging markets for those without access to the CME-like institutions.

Things that look less skeptical

  • There were about 10-12 people affiliated with Ethereum at the event, all of them were developers and none of them seemed to push their product as “the one chain to rule them all” (in fact, there was a healthy debate about proof-of-stake / proof-of-work within their contingent).  I’ve been fairly skeptical since last summer when their team looked gigantically bloated (too many cooks in the kitchen) but they seem to have since slimmed down, removing some of the pumpers and focusing on the core tech.  This is not to say they will succeed, but I am slightly less skeptical than I was 3-4 months ago.
  • I also had a chance to sit down with a couple members of the IBM ADEPT ‘Internet of Things’ team.  They held a ~3 hour workshop which was attended by around 20 people.  The session was led by Henning Diedrich (IBM), David Kravitz (IBM) and Patrick Deegan (Open Mustard Seed Project).  Again, even though I’ve paged through the ADEPT whitepaper, I was hesitant to believe that this was little more than marketing on the part of IBM.  But by the time the session was over, I was a little less skeptical.  Perhaps in the future, when more appliances and devices have secure proplets, they could use a method — such as a blockchain/cryptoledger — to securely bid/ask on resources like electricity.  B2B and machine-to-machine ideas were discussed and piggybacked on.  Obviously there are all sorts of funny and sad ways this could end but that is up for Michael Bay to visualize next year.
  • This also intersects with another good comment from Stefan Thomas (CTO of Ripple Labs).  In a nutshell, on a panel during the first day, he thinks there is some confusion and conflation of the terms “automation,” “decentralization,” “smart contracts” and “blockchains.”  That is to say, while blockchains are automated, that is not to mean that it is the only means to achieve automation.  Nor is decentralization necessary for automation to be achieved in every use-case.  Nor are smart contracts the only way to control automated devices.  When the video is posted I’ll be sure to link it (video).
  • Ethan Buchman, lead dev for Eris, was both witty and on top of his form, noting that in practice users don’t need a new browser every time they go to a new site, so they shouldn’t need a new client to view a different blockchain.  Let’s keep our eye on Decerver to see how this germinates.
  • Lastly, the two investors that attended the VC panel on Wednesday included Shahin Farshchi from Lux Capital and Pearl Chan of Omidyar Network.  What I liked about them is they weren’t pushing a certain binary viewpoint.  They were both upfront and honest: neither had invested in this space, not because they hated it, but because they were taking their time to see what opportunities actually fit within their mandate.  Perhaps they will at some point.  One joke that Farshchi mentioned was that back when cellular telephony was growing, “everyone and their mom” was selling base station equipment and chips.  Similarly there were over 300 companies creating thin film solar cells before bankruptcies and mergers.  So the type of euphoria we see in the Bitcoin-space is not necessarily unique.

Room for improvement

Perhaps if there is a next event it could include representatives from Blockstream, Bitfury and other Bitcoin-centered projects.  It would be nice to have some perspective from those deeply concerned about with maintaining secure consensus and the Blockstream team has some of the most experienced engineers in this space.  Hearing their views next to what Peter Todd (who attended and had some interesting calculations for the estimated costs to attack a network), could help developers build better tools.  Similarly, developers from Peernova, Square, Stripe, M-Pesa and Western Union would also likely be good resources to provide empirical feedback.

Additional clarity for what a decentralized autonomous organization (DAO) actually is and is not could be spelled out as well.  And how do these intersect with existing legal jurisprudence (can they? as Brett Scott might ask).   For anyone who has read “The Cookie Monster” by Vernor Vinge, both Matt Liston and Vitalik Buterin made some not-entirely-unreasonable points about machine-rights and whether or not machines should trust humans (e.g., humans expect bots to provide truthful information, but can the reverse be expected?  And what happens if a bot, like a DAO, is deemed too successful or broke a law in some jurisdiction — does it get “carted” away in a truck?).

Lastly, I think by the time there is another event, there will hopefully be more clarity for what a “smart contract” is.  One panel I moderated, I tried to get the participants to use the word “banana” instead because the term “banana” is overused and often conflated to mean many things it is legally not.  Primavera De Filippi from the Cryptolaw panel made some good comments too about whether or not “bananas” are actual legally binding contracts; she previously did a workshop with Aaron Wright (also in attendance) at the recent Distributed Networks and the Law event held at Harvard/MIT.  Steve Omohundro also spoke realistically about these scenarios on the final day, where does liability start and stop for developers of DAOs?

[Note: I would like to thank Kieren James-Lubin, Vitalik Buterin, Tom Ding, Sri Sriram for organizing the event, Robert Schwentker for acting as emcee/photographer, and CFLD and Omidyar Network for sponsoring the event including the delicious food.]

Send to Kindle

The Continued Existence of Altcoins, Appcoins and Commodity coins

Yesterday I gave a presentation at a Bitcoin Meetup held hosted by Plug and Play Tech Center in Sunnyvale.

I discussed the economic incentives for creating altcoins, appcoins, commodity coins and also covered several bitcoin 2.0 proposals.  The slides and video from the event are viewable below.  Download the deck for other references and citations.

Send to Kindle

A panel on smart contracts with industry developers and educators

Earlier today I participated in a virtual panel covering smart contracts called, “Let’s Talk Smart Contracts.”

The panel included: Adam Krellenstein (Counterparty), Oleg Andreev (CoreBitcoin), Pamela Morgan (Empowered Law), Stefan Thomas (Codius, Ripple Labs), Stephan Tual (Ethereum), Tim Swanson (Of Numbers), Yurii Rashkovskii (Trustatom) and it was moderated by Roman Snitko with Straight.

Below are some transcribed notes of my own statements.

Introduction starting at 09:06:

Hey guys, great to be here.  Thanks for the invite, thanks for organizing this.  So I’m here because you guys needed another white guy from Europe or something like that (that’s a joke).  So the definition I have of smart contracts, I have written a couple books in this space, and the definition I use is a smart contract is “a proposed tool to automate human interactions: it is a computer protocol – an algorithm – that can self-execute, self-enforce, self-verify, and self-constrain the performance of a contract.”  I think I got most of that definition from Nick Szabo’s work.  For those of you who are familiar with him, look up some of his past writings.  I think that the primary work he is known for is the paper, “Formalizing and Securing Relationships on Public Networks.”  And he is basically considered the [intellectual] grandfather of this space.  I’m here basically to provide education and maybe some trolling.

From 22:02 -> 24:15

I think I see eye-to-eye with Adam here.  Basically the idea of how we have a system that is open to interpretation, you do have reversibility, you do have nebulousness.   These are things that Nick Szabo actually discussed in an article of his called “Wet code and dry” back in 2008.  If you look back at some of the earlier works of these “cypherpunks” back in the ’90s, they talked about some of these core issues that Oleg talked about in terms of being able to mitigate these trusted parties.  In fact, if you look at the Bitcoin whitepaper alone, the first section has the word “reverse” or “reversibility” around 5 times and the word “trust” or “trusted” appears 11 times in the body of the work.  This was something that whoever created Bitcoin was really interested in trying to mitigate the need for any kind of centralized or third party involved in the process of transactions to reduce the mediation costs and so forth.

But I suppose my biggest criticism in this space, it is not pointed to anyone here in particular, is how we have a lot of “cryptocurrency cosplay.”  Like Mary Sue Bitcoin.  I’m not sure if you guys are familiar with who Mary Sue is: she is this archetype who is this kind of idealized type of super hero in a sense.  So what happens with Bitcoin and smart contracts is that you have this “Golden Age” [of Comics] where you had the limited ideas of what it could do.  Like Superman for example, when he first came out he could only jump over a building and later he was pushed to be able to fly because it looks better in a cartoon.  You have only a limited amount of space [time] and it takes too long to jump across the map.  So that’s kind of what I see with Bitcoin and smart contracts.  We can talk about that a little bit later, just how they have evolved to encompass these attributes that they’re probably not particularly good at.  Not because of lack of trying but just because of the mechanisms of how they work in terms of incentives for running mining equipment and so on.  So, again we can talk about that later but I think Adam and Oleg have already mentioned the things that are pretty important at this point.

40:18 -> 41:43

I’m the token cynic, huh?  So actually before I say anything, I would like to mention to the audience other projects that you might be interested in looking at: BitHalo; NotaryChains is a new project that encompasses some of these ideas of Proof of Existence created by Manuel Araoz, he is the one who did POE.  NotaryChains is a new project I think that sits on top of Mastercoin.  The issue that people should consider is that proof of existence/proof of signature: these are just really hi-tech forms of certification.  Whether or not they’re smart contracts I guess is a matter of debate.

There is another project: Pebble, Hyperledger, Tezos, Tendermint, Nimblecoin.  With Dogethereum their project is called Eris which apparently is the first DAO ever.  A DAO for the audience is a decentralized autonomous organization, it’s a thing apparently. SKUChain is a start-up in Palo Alto, I talk about them in chapter 16.  They have this interesting idea of what they call a PurchaseChain which is a real use-case for kind of updating the process from getting a Letter of Credit to a Bill of Lading and trying to cut out time and mediation costs in that process.  There are a few others in stealth mode.  So I really don’t have a whole lot to add with cynicism at this point, we can go on and come back to me in a little bit.

59:41 -> 1:02:35

The go to deficiency guy, huh?  They’re not really saying anything particularly controversial, these things are fundamentally — at least from an engineering perspective — could be done.  The problem though I think runs into is what Richard Boase discussed in — if listeners are interested — he went to Kenya and he did a podcast a few weeks ago on Let’s Talk Bitcoin #133.  I really recommend people listen to it.  In it he basically talks about all of these real world issues that run into this idealized system that the developers are building.  And as a result, he ended up seeing all of these adoption hurdles, whether it was education or for example tablets: people were taking these tablets with bitcoin, and they could just simply resell it on a market, the tablet itself was worth more than they make in a year basically; significant more money.  He talked about a few issues like P2P giving, lending and charity and how that doesn’t probably work like we think it does.

I guess the biggest issue that is facing this space, if you want issues, is just the cost benefit analysis of running these systems.  There is a cost somewhere to run this stuff on many different servers, there is different ways to come up with consensus for this: for example, Ripple, Stellar, Hyperledger, they’re all using consensus ledgers which require a lot less capital expenditures.  But when you end up building something that requires some kind of mining process itself, that costs money.  So I think fundamentally in the long-run it won’t be so much what it can do but what can it economically do.

So when you hear this mantra of let’s decentralize everything, sure that’s fine and dandy but that’s kind of like Solutionism: a solution looking for a problem.  Let’s decentralize my hair — proof of follicle — there is a certain reductio ad absurdum which you come to with this decentralization.  Do you want to actually make something that people are actually going to use in a way that is cheaper than an existing system or we just going to make it and throw it out there and think they’re going to use it because we designed [wanted] it that way.  So I think education is going to be an issue and there are some people doing that right now: Primavera De Fiillipi, she’s over at Harvard’s Berkman Center — she’s got something called the Common Accord program.  And also Mike Hearn; listeners if you’re interested he’s made about 7 or 8 use-cases using the existing Bitcoin blockchain including assurance contracts — not insurance contracts — assurance contracts.  And he’s got a program called Lighthouse which hopes to build this onto the actual chain itself.  So there are things to keep in mind, I’m sure I’ll get yelled at in a minute here.

1:23:58 -> 1:28:10

Anyone listening to this wanting to get involved with smart contracts: hire a lawyer, that’s my immediate advice.  I will preface by saying I don’t necessarily agree with policies that exist and so on; I don’t personally like the status quo but there is no reason to be a martyr for some crusade led by guys in IRC, in their little caves and stuff like that.  That’s not towards anyone here in this particular chat but you see this a lot with “we’re going to destroy The Fed” or “destroy the state” and the reality is that’s probably not going to happen.  But not because of lack of trying but because that’s not how reality works.

Cases right now are for example: DPR, Shavers with the SEC, Shrem now with the federal government, Karpeles [Mt. Gox] went bankrupt.  What’s ended up happening is in 2009, with Bitcoin for example, you started with a system that obviated the need of having trusted third parties but as users started adopting it you ended up having scams, stolen coins, people losing coins so you ended up having an organic growth of people wanting to have insurance or some way to mediate these transactions or some way to make these things more efficient.  And I think that it will probably happen — since we’re guessing, this is speculative — I think that this will kind of happen with smart contracts too.  That’s not to say smart contracts will fail or anything like that.  I’m just saying that there will probably just be a few niche cases initially especially since we don’t have much today, aside I guess from Bitcoin — if you want to call it a smart contract.

What has ironically happened, is that we have created — in order to get rid of the middlemen it looks like you’ve got to reintroduce middlemen.  I’m not saying it will always be the case.  In empirical counter-factual it looks like that’s where things are heading and again obviously not everyone will agree with me on that and they’ll call me a shill and so on.  But that’s kind of where I see things heading.

I have a whole chapter in a book, chapter 17.  I interviewed 4 or 5 lawyers including Pamela [Morgan] of different reasons why this could take place.  For example, accredited investor — for those who are unfamiliar just look up ‘accredited investor.’  If you’re in the US, in order to buy certain securities that are public, you need to have gone through certain procedure to be considered a ‘sophisticated investor.’  This is one of the reasons why people do crowdsales outside of the US — Ethereum — because you don’t want to have to interact with the current legal system in the US.  The reason I mention that is because you end up opening yourselves to lawsuit because chains — like SWARM — cannot necessarily indemnify users.  That’s legal terminology for being able to protect your users from lawsuits from third parties; they just do not have the money, the revenue to support that kind of legal defense.  Unlicensed practice of law (UPL) is another issue.  If you end up putting up contracts on a network one of the issues could be, at least in the US, are bar associations.  Bar associations want to protect their monopoly so they go after people who practice law without a license.  I’m not saying it will happen but it could happen.

My point with this is, users, anyone listening to this should definitely do your due diligence, do your education.  If you plan to get involved with this space either as an investor or developer or so on, definitely at least talk to a lawyer that has some inkling of of an idea [on this].  The ones I recommend, in addition to Pamela here are: Ryan Straus, he is a Seattle-based attorney with Riddell Williams; Austin Brister and James Duchenne they’re with a program called Satoshi Legal; and then Preston Byrne, who’s out in London and he’s with Norton Rose Fulbright.

1:52:20 -> 1:54:43

Guys look, I understand that sounds cool in theory and it’s great to have everything in the background, but the reason you have to see these “shrink wrapped” EULAs [end user license agreements] and TOSs [terms of service] is because people were hiding stuff inside those agreements.  So if you hide what’s actually taking place in the contract you end up making someone liable for something they might not actually agree to.  So I’m not sure, I think it’s completely debatable at this point.  If we’re trying to be transparent, then you’re going to have to be transparent with the terms of agreement.

I should point out by the way, check out Mintchalk.com, it’s run by guys named James and Aaron in Palo Alto, they’re doing contract building.  ACTUS is a program from the Stevens Institute, they’re trying to come with codified language for contracts.  Mark S. Miller, he’s got a program over at Google, he does something with e-rights.

I mention all of this because, we already have a form of “polycentric law” if you will in terms of internationally with 200 different jurisdictions vying for basically jurisdiction arbitrage.  Ireland and the Netherlands have a tax agreement that Facebook, Google, Pfizer they take advantage of.  It’s this Double Irish With a Dutch Sandwich.  In fact my own corporation is incorporated in Delaware because of the legal arbitrage [opportunities].  Obviously smart contracts might add some sort of new wrinkle to that, but people who are listening to this, don’t expect to be living in some Galt’s Gulch tomorrow or something like that.

For example, when you have something that is stolen, there is something called Coinprism which is a colored coin project.  They can issue dividends on stock.  The cool thing with that is, “hey, you get to decentralize that.”  The double-edged side of that is if that when that get’s stolen: people steal stuff like bitcoins and so forth, what happens to the performance of that dividend?  If the company continues paying that dividend in knowing that the person had been stolen from: if somebody stole from me and I tell the company, “hey, it was stolen” and they continue paying, then I can sue them for continuing to pay a thief.  If they stop paying then it defeats the purpose of decentralization because anonymity is given up, identity has taken place.  Obviously this moves into another area called “nemo dat” it’s another legal term talking about what can be returned to the rightful owner, that’s where the term “bona fide” comes from.  Anyways, I wanted to get that out there.  Be wary of disappearing EULAs, those have a purpose because people were being sued for hiding stuff in there.

2:10:05 -> 2:12:23

So I think everybody and all these projects are well-intentioned and have noble goals but they’re probably over-hyped in the short-run, just like the Segway was.  It eventually leads to some kind of burnout, or over-promise and under-delivering.  I’m not saying this will happen, I’m just saying it could happen.  I actually think the immediate future will be relatively mundane, such as wills and trusts kind of like Pamela was talking about.

One particular program is in Kenya there is something called Wagenitech which is run by Robin Nyaosi and he is wanting to help farmers move, manage and track produce to market to bypass the middleman.  That doesn’t seem like something really “sexy,” that doesn’t seem like the “Singularity” kind of thing that everyone likes to talk about.  But that is needed for maybe that particular area and I think we might see more of that along with PurchaseChain, NotaryChains, some of these things that we already do with a lot of the paperwork.

Again, blockchains and distributed ledgers are pretty good at certain things, but not everything.  It has real limitations that vocal adopters on the subreddit of Bitcoin like to project their own philosophical views onto it and I think that it does it a very big disservice to this technology long-term.  For example, LEGO’s can be used to make a car but you wouldn’t want to go driving around in one.  A laptop could be used as a paper weight but it’s not particularly cost effective to do that.  And so what I think we’ll end up running into a tautology with smart contracts, it’s going to be used by people who need to use them.  Just like bitcoin is.  So what we’re going to have is a divergence between what can happen, this “Superman” version of Bitcoin and smart contracts, versus the actual reality.

So for example, people say it’s [Bitcoin] going to end war.  You had the War of Spanish Succession, there was a Battle of Denain, a quarter million people fought that in 1712 and it was gold-based [financed by specie].  Everyone that says bitcoin is going to destroy fiat, if the state exists as it does today there’s always going to be these institutions and types of aggression.  I do think smart contracts do add collateral and arbitration competition and it does take away the problem of having trust in the system itself, but the edges are the kryptonite.  And always will be.  So we need to focus on education and creating solutions to real actual problems today with the actual technology and not just some hypothetical “Type 2” civilization where we are using [harvesting] the Sun for all of our energy.

Send to Kindle

Presentation covering Smart Contracts, Smart Property and Trustless Asset Management

Earlier tonight I gave a presentation at Hacker Dojo with the Ethereum project.  I would like to thank Chris Peel and Joel Dietz for organizing it.  Below is a video and accompanying slide deck.  In addition to the footnotes in the PPT, I recommend looking at the wiki on smart contracts and Nick Szabo’s writings (1 2 3).

Also, some quotes regarding synthetic assets in Szabos’ work:

Citation 1:  “Another area that might be considered in smart contract terms is synthetic assets[5]. These new securities are formed by combining securities (such as bonds) and derivatives (options and futures) in a wide variety of ways.”

Citation 2: “Creating synthetic assets or combinations that mimic the financial functionality of some other contract while avoiding its legal limitations”

Citation 3: “Reference to Perry H. Beaumont, Fixed Income Synthetic Assets”

Send to Kindle

Quick update of the DAO space involving Mastercoin and Ethereum

A couple of updates: Mastercoin has released a new schedule for its upcoming distributed exchange. Milestones will take place over the next 5 weeks and will ultimately enable users to use real MSC.

And from last weekend’s Bitcoin Miami conference, here is Vitalik Buterin’s presentation of Ethereum:

Note: Ethereum’s testnet is now up and running, the IPO has been pushed back to allow for legal clarifications.

Send to Kindle

Casual conversation with Mastercoin, Ethereum and Invictus (Bitshares/Protoshares)

A week ago, Let’s Talk Bitcoin sat down with three developers Charles Hoskinson (Ethereum), David Johnston (Mastercoin) and Daniel Larimer (Invictus/Bitshares).  Well worth your time as it covers all the hot topics in this space today: smart contract, smart property, DAX (decentralized autonomous corporation/organization/application/etc.).  Lot’s of great quotes, insights and vision.

Send to Kindle

Interview covering China, smart contracts and trustless asset management

Earlier today I was interviewed by Donald McIntyre at Newfination.  We discussed a number of topics related to cryptocurrencies and trustless asset management including smart contracts and how they can be applied in China (see video below).

My current motivation and interest stems from the lack of clear property rights and contracts in China.  While some jurisdictions are better than others (like Shanghai), no one actually owns property for more than 70 years whereupon it is automatically reverted back to the state.1  In many cases, the actual property may only have a 40 or 50 year lease left because of the different staggered stages of post-Mao liberalization.

Furthermore, at any given time these titles can be revoked or modified by a 3rd party without recourse.  As a consequence, land confiscation is very common and is actually the leading cause for social unrest.  For example, each year approximately 4 million rural Chinese are evicted from their land.2 Why?  Because, according to an HSBC report, local governments generate 70% of their income from land sales much of which are ill-gotten gains for one ore more party (e.g., state owned firms have local leaders evict farmers from land).3  And there is no property tax, not because China is some hyper libertarian utopia but because corrupt officials — some of the same ones that confiscated the land — do not want to reveal their property holdings.

Potential cryptocurrency-related solutions

In 2004 a report from the OECD found that roughly half of all urban Chinese workers, primarily migrant workers from the provinces participated in the informal sector (this is between 120-150 million people).4 Could they benefit if their payroll and compensation was managed by a Decentralized Autonomous Corporation rather than a human laoban (boss) who could change their mind or otherwise abuse the relationship (e.g., change the contract ex post)?  For instance, without an urban hukou (household registration) most of these migrant workers are left without any legal recourse in the event that their contracts are tampered or ignored.

‘Trustless asset management’ tools built on top of a cryptoledger such as Bitcoin or Ethereum (which are tamper-evident) could empower not just those in the developed world, but also those in the developing world who are more easily marginalized without political guanxi.  Even if trustless asset management networks are not deemed legitimate or valid by the government or a Party apparatus, the goals of several decentralized smart contract based systems being developed could level the playing field and allow individuals from all walks of life to actually codify and manage scarce goods that they currently own.

While books and volumes could be written on this topic, one view is that even if there are stricter capital controls and regulations on cryptocurrencies in China (or elsewhere), that by using a couple different ‘colored’ coin chains (or Ethereum contracts, etc.) Bob from Beijing could still transfer assets worth X amount of money to Anhui Alice instead of X amount of money itself.  This according to the promoters, could create a sort of advanced barter system which may not be as efficient in terms of actually using a cryptocurrency as a medium of exchange but it could help those in an informal economy qualify and quantify asset value and clear up some of the confusion around contracts and property ownership.

See also: Chinese property law and Forced evictions in China

  1. See China’s Real Estate Riddle from Patrick Chovanec, You May Own your Apartment, but who Owns the Land Underneath Your Feet? by Thomas Rippel and If Beijing is your landlord, what happens when the lease is up? from China Economic Review []
  2. See China’s Land Grab Epidemic Is Causing More Wukan-Style Protests from The Atlantic and China Tackles Land Grabs, Key Source of Rural Anger from The Wall Street Journal []
  3. See China land price fall threatens local finances from Financial Times and China’s land-seizure problem from Chicago Tribune []
  4. Internal Migration in China and the Effects on Sending Regions from OECD []
Send to Kindle

Ethereum and vunerabilities of Turing-complete progamming languages

There have been several Reddit threads and bitcointalk forum posts the past couple days regarding integrating a Turing-complete programming language with a cryptoledger.  Bitcoin currently uses a limited, non-TC language called Script.  The comments, feedback and insights revolve largely around the security risks and vulnerabilities that such a language could do.

If you are interested, I highly recommend reading through these threads right now, the first two include comments from Adam Back, creator of Hashcash which is the proof-of-work used in Bitcoin.

Turing complete language vs non-Turing complete (Ethereum vs Bitcoin)
letstalkbitcoin on committed tx, homomorphic value, fungibility, privacy
Will turing compleastness allow contracts to contain viruses and malware that could affect the network in unforeseen ways?
Adam Back about Ethereum and security risks

Send to Kindle

Mike Hearn discusses autonomous agents at Turing Festival 2013

Decentralized autonomous organizations (DAO), sometimes called decentralized autonomous corporations or autonomous agents have become a hot new topic both in social media and in software engineering, especially as they are interrelated with advances in cryptoledgers/cryptocurrencies.

Vitalik Buterin has written a three-part series (1 2 3) about software-based DAOs over at the Ethereum blog that gives a pretty good overview and capability of what a DAO is able to do.  While many more volumes will be written on this topic, last Mike Hearn gave a brief overview of what hardware applications may look like:

See also: Mike Hearn’s 2012 presentation in London (video) as well as his interview last fall with Newfination (video).

Send to Kindle

Ethereum’s potential: a cursory look

If you haven’t done so yet, I highly recommend reading Vitalik Buterin’s overview of Ethereum published earlier today.  It is very lofty, seemingly feasible and I don’t detect much hyperbole.  He is clearly aware of the short-comings of all the different 1.0/2.0 projects and is pretty much trying to make this stand out by otherwise fulfilling Newton’s, “standing on the shoulders of giants.”  I’d be interested to see what other project leaders from 2.0 initiatives have to say.

A few technical concerns I haven’t really seen addressed but I’m sure are being discussed somewhere:

1) Botnets.  While ASICs do create potential long term centralization problems, Botnets will jump all over the ability to use CPUs again to mine.  How can this be prevented/mitigated?  Can it?  Is there a way for Ethereum the org to prevent miners from participating (if so, can it be abused?)?  [Note: I have discussed mining previously in the Litecoin category.]
2) Even though the money supply is mathematically known, I’m not entirely sure the linear money supply will necessarily have the zeroing effect apriori.  It could, and probably will but obviously this is aposteriori.  For perspective, the token supply in LTC and BTC are significantly higher the first decade than Ether is.
3) While Script is not Turing-complete this also prevents viruses from being created and wreaking havoc on the blockchain.  CLL sounds great on paper in terms of robustness and utility, but how do you fight HNWI hackers who want to cause mischief?

Two other points of interest regarding the business side of this project:

1) I do think that eventually someone, somewhere will create a distributed, encrypted dropbox for global use.  How that is incentivized, or rather, how individuals pay for the resources (bandwidth & space) obviously will be another matter altogether.  Bitcloud is one project that is trying to tackle that (through proof-of-bandwidth).  Perhaps, as part of what Mike Hearn described 2 years ago, users will eventually be able to use microtransactions (e.g., 0.01 BTC) to pay random WiFi hotspots to create adhoc mesh networks — distributed encrypted dropboxes could just as easily follow similar paths in terms of payment/compensation.  Shades of Snow Crash and The Diamond Age

2) Even though I am pretty pro-alt coin/chain/ledger/etc. I do think parts of the Humint project are probably not going to work as initially planned in their press releases this week.  Assuming that Cocacolacoin is not part of the Ethereum blockchain but rather uses its own independent blockchain, it’s hard to imagine how to incentivize network hashrate (which creates network security which prevents a 51% attack).  I’m not saying it won’t work apriori, but from a business model it is difficult to believe that Bob the Miner will want to exchange hashrate for Coca-cola swag.  Obviously stranger things have happened, like the recent “success” of meme-related Dogecoin (wow! so cool! much awesome!); I do think not using the term “coin” will be a better marketing strategy as it is too loaded at this point (I prefer token or ducat).  Other obvious uses within the Ethereum blockchain are Frequentfliercoins from Alice Airlines, could probably help prevent and mitigate the risks involved in travel hacking (FYI: United Airlines frequent flier miles were downgraded effective February 1, 2014 due to rampant inflation).

For example, I think Alice Airlines could utilize the “contract” system by using some amount of Ether (0.01), creating a “contract” which defines a set amount of Mileage (which itself will likely have some predefined expatriation dates).  Assuming this is in the future and flyers are using Ether wallets (oh the 19th century irony) and provide the airline with their wallet address, the user will be able to receive the Mileage amount in their wallet (more than likely it will be an embedded URL that sends you to a screen on Airline Alice with the actual amounts + Terms of Service).  This is what colored coins are, but Ethereum seems to be both more elegant as this is native built-in functionality and in terms of transfer speed (3-30 seconds is the stated goal versus 10 minutes for 1 BTC confirmation).  This is subject to change, but just one potential use of the platform.

It will also be interesting to see how Dark Wallet and Zero Coin projects will react to this announcement (Ethereum is currently stating it is not an anonymous solution though through the “contracts” system this can be obfuscated).

Other resources to peruse:

– Ursium has a live update of publicly known tidbits.
– The Ethereum blog has some interesting info, especially about DAOs

Send to Kindle