Over the last few weeks a number of posts and interviews on social media have promoted the position that “you cannot separate bitcoin from the blockchain” and that only Bitcoin (and no other distributed or decentralized ledger) is the future of finance.
Others include Jerry Brito, executive director at Coin Center, who recently tweeted:
[The second myth] is that the technology is great, but the currency is not necessary. […] The reason why Bitcoin blockchain is transformative is because it’s a secure ledger and you have the ability to process large amounts of transactions.
The only reason why it is secure and it has that transaction capacity is because you have thousands of miners around the world that have been provided a financial incentive to invest resources, capital to build the facilities that is what makes the ledger secure and gives the protocol the capacity to do transactions.
So if you eliminate the financial incentive which is the currency there is no incentive for miners to mine and thereby you don’t have a secure network and you don’t have the ability to process large amounts of transactions.
Why the “only-Bitcoin” narrative is (probably) incorrect for Financial Institutions
In the other corner, Robert Sams described in detail why Bitcoin will not be the future of securities settlement, Piotr Piasecki explored a couple different attack vectors on proof-of-work blockchains (as it relates to smart contracts) and even Ryan Selkis pointed out a number of problems with the Bitcoin-for-everything approach.
So why is the Bitcoin maximalism narrative at the very top probably incorrect for financial institutions?
Because these well-meaning enthusiasts may not be fully looking at what the exact business requirements are for these institutions.
- What do financial institutions want? Cryptographically verifiable settlement and clearing systems that are globally distributed for resiliency and compliant with various reporting requirements.
- What don’t they need? Censorship resistance-as-a-service and artificially expensive anti-Sybil mechanisms.
The two lists are not mutually exclusive. I published a report (pdf) two months ago that covered this in more detail.
Bitcoin tries to be both a settlement network and a provider of a pseudonymous/anonymous censorship resistant virtual cash. This comes with a very large trade-off in the form of cost: as the network funds mining operations to the tune of $300 million this year (at current market prices) for the service of staving off Sybil attacks.1 This cost scales in direct proportion with the token value (see Appendix B).
The financial institutions that I have spoken with (and perhaps my sample size is too small) are interested in operating a distributed ledger with known, legally accountable parties. They do not need censorship resistant virtual cash or proof-of-work based systems. They do not have a network-based Sybil problem.2
If you do not need censorship resistant as a feature, then you do not need proof-of-work
Recall that one of the design assumptions in the Bitcoin whitepaper is that the validators are unknown and untrusted.
In section 1, Nakamoto wrote:
What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
And later in section 4:
To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof- of-work system similar to Adam Back’s Hashcash , rather than newspaper or Usenet posts.
Financial institutions operate under completely different conditions. They not only know the identities of their customers, staff and partners but their processing providers are also known, legally accountable entities. There is no Sybil problem to solve for them on the network. There is no need for proof-of-work or $300 million in annual mining costs.
If you don’t need proof-of-work, you don’t need necessarily a token to incentivize validation or secure the network
Instead, validation can be done by entities with contractual obligations that are legally enforced: known validators with real-world identities and reputations.
Permissioned distributed ledgers using this type of known validator, such as Hyperledger and Clearmatics (disclosure: I am an advisor to both), are not trying to be “cryptocurrencies” or even entrants in the virtual cash marketplace.
Nor are they trying to provide pseudonymous-based censorship resistant services. Instead they are attempting to provide a solution for the financial institution requirements above.
But if Bitcoin has the largest user base of pseudonymous virtual cash, wouldn’t concepts like sidechains allow systems like Hyperledger to be run on a sidechain and therefore we should all focus on Bitcoin?
Again, permissioned ledger systems like Hyperledger are not a cyrptocurrency, so sidechains (as they are currently proposed) would probably not provide any benefit to them. Bitcoin may – temporarily or permanently – have the largest mind share for cryptocurrency as whole and for censorship resistant services but this does not seem to really be a top priority for most financial institutions.
Thus, it would be comparable to saying why don’t we connect all Excel workbooks directly onto the Bitcoin blockchain?
Or akin to the Wright brothers trying to sell a biplane to modern day international air carriers. Just because you created the first proof-of-concept and own a lot of equity in the companies in the supply chain for Wright brothers wooden airplanes (because you know aeronautical vehicles is a growth industry), does not mean the first model will not be iterated on and evolved from. Even modern day dirigibles provide different utility than large wide-body air cargo planes.
There is a case to be made that you only need a token as an incentive within proof-of-work-based (and proof-of-stake) cryptocurrency networks. Yet as described elsewhere, there are other ways to build distributed networks and economic consensus mechanisms that do not need follow the Nakamoto design (see Vlad Zamfir’s forthcoming Reformalizing Consensus paper).
Thus, the authors cited at the beginning of this post are likely asking the wrong question. What these writers seem to be collectively saying is: “Hey banks, you want a better settlement method? Then you need Bitcoin.” Instead they should be asking banks, “What problems do you have? Would a censorship-resistant service like Bitcoin’s blockchain sustainably solve that problem?”
Financial institutions each face different problems and challenges but it is unlikely that proof-of-work necessarily solves them.3 Nor is it the case that banks need yet another currency to manage and hedge. Though to be even handed, perhaps other financial institutions like hedge funds will find it useful for speculation.
Blocks and miners
Not to pick on Barry Silbert (this is just an example), but his statement above is wrong: “you have the ability to process large amounts of transactions.”
Bitcoin, with the current 1MB block size, is in theory able to process about 7 transactions per second. If some of the expansion proposals under discussion are enacted, then block sizes may increase to 20 MB in the coming year. This, again in theory, would mean that the Bitcoin blockchain would be able to process about 140 transactions per second.
One bullish narrative has been that Bitcoin will one day be able to handle transaction processing rates on part with networks like Visa (which on average handles 2,000 – 3,000 transactions per second each day).4 For comparison, in 2013 PayPal had 128 million active accounts in 193 markets and 25 currencies around the world and processed more than 7.6 million payments every day.
Baring something like a full roll-out of the Lightning Network, is unlikely to occur without the use of trusted parties.
Thus it is unclear what metric Silbert is using when he references the “large amounts” being processed, because in practice the Bitcoin network only handles about 1.5 transactions per second on any given day, and most traffic is comprised of spam and long-chains transactions and not the actual commerce that Visa handles.
Above are two charts from TradeBlock which recently published some analysis on block sizes and capacity. Based on their analysis and following the current trend in block size usage, the 1 MB capacity will be reached in about 18 months, so only in December 2016 will 2.8 transactions per second be achieved. Dave Hudson ran simulations last year and came to a similar conclusion.
Further, Visa’s network — although centralized — is actually very secure (with moats and all). No one hacks Visa, they hack the edges, institutions like Target and Home Depot. This is similar to Bitcoin, where it is cheaper to hack Bitstamp, Bitfinex, Mt. Gox and countless others (which have all been hacked over the past 18 months), than it is to do a Maginot Line attack via hash rate.
In fact, if we measure adoption and usage by actual end users (i.e., where most transactions actually take place), the adoption is not with Bitcoin’s blockchain, but instead with trusted third parties like Coinbase, Circle, Xapo and dozens of other hosted wallets and exchanges. As I mentioned in my review of The Age of Cryptocurrency, one of the funnier comments I saw on reddit last month was someone saying, “You should try using Bitcoin instead of Coinbase.”
Are permissioned distributed ledgers the solution for financial institutions?
Maybe, maybe not. It depends on if they securely scale in a production environment.. It also depends on the specific business requirements. It could turn out that distributed databases like Chubby or HyperDex are a better fit for some problems.
It is also hard to say that a large enterprise can axiomatically replace its existing systems with a new distributed ledger network and save X amount of money. There are a variety of costs that have to be factored in: compliance costs, reconciliation costs, legal costs, IT costs, costs from capital tied up in slow settlement times, etc. 5 Add them all together and there is, in theory, room for large saving, but this is still unknown. It cannot be derived a priori.
Another common claim is, “Bitcoin is a larger, better supported blockchain and therefore will win out since it has market makers and market support.”
But Bitcoin, as a censorship-resistance payment rail and virtual cash, is a solution for cypherpunks, not for financial institutions who again, have known counterparties. A proof-of-work blockchain only matters for untrusted networks and pseudonymous validators.
It may seem repeitive, but if you are designing a semi-trusted/trusted networks, then the token itself is more akin to a receipt than an informational commodity. Bitcoin, in its current form, likely needs a token because it needs to pay its pseudonymous validators for the censorship-resistance service. If you operate a bank, with a state charter and KYC/AML requirements, this is probably not a must-have feature.
Either way, it is too easy to become caught up in this red herring and miss the utility of a distributed settlement system for the roller coaster ride surrounding the token.
But isn’t using known validation just centralization by any other name?
No, it could be institutionalized (which is different than centralization) in that the nodes are globally separated and controlled by different keypairs and organizations.6 In effect, distributed ledgers are a new, additional tool for financial controls — and an attempt to abuse the network would require additional compromises and collusion that the edges of a proof-of-work networks are also prone to.
Yet in the event an attack occurs on a permissioned ledger, the validators are contractually and legally accountable to a terms of service — pseudonymous validators are not and thus end users for something like Bitcoin have no recourse, legal or otherwise, and are left with options like begging mining pools on reddit.7
Bitcoin may be a solution to some market needs, but it is likely not the silver bullet that many of its promoters claim it is. This is especially true for financial institutions, particularly once the costs of mining and censorship-resistance, is added into the mix.
There is room for both types of networks in this world, just like there is room for dirigibles and jumbo jet freighters. Yet it is impossible to predict who will ultimately adopt one or the other or even both.8
But as shown in the picture below, the Bitcoin mining game (within a game) includes mining pools that are not always incentivized to include transactions.9 Which raises the question: how can you require them to since there is no terms of service?
Every day there is always one or two blocks (sometimes more) that include a lonesome transaction, the coinbase transaction. In fact, in the process of writing this post, F2Pool included no additional transactions in block 359422, this despite the fact that there are unconfirmed transactions waiting for insertion onto the communal chain.
Mining pools have differing incentives as to whether or not to include actual transactions, to them the bulk — roughly 99.5% of their revenue still comes from block rewards so sometimes they find it is not worth processing low fee transactions and instead propagate smaller blocks so as to lower orphan races and instead work on the next hash; see for instance Chun Wang’s comment related to F2Pool and large block sizes posted last week.
I reached out to Robert Sams, CEO of Clearmatics, who has written on this topic in the past. According to him:
To me the crux of the issue is that permissionless consensus cannot guarantee irreversibility, cannot even quantify the probability of a history-reversing attack (rests on economics, not tech).
It’s a curious design indeed where everyone on the Bitcoin network is now known and authenticated… except the transaction validators!
I also reached out to Dan O’Prey, CEO of Hyperledger. According to him:
It all comes down to starting assumptions. If you want the network to be censor-resistant from even governmental attacks, you need validators to be as decentralised as possible, so you need to allow anyone to join and compensate them so they do, so you need to use proof of work to prevent Sybil attacks and have a token.
If you’re dealing with legal entities that governments could shut down then you don’t get past step one. If you’re dealing with a private network between multiple participants then you don’t need to incentivise validators – it’s just a cost of doing business, just as web servers are.
Is that the type of game theoretic situation upon which to build a mission-critical, time sensitive settlement system for off-chain assets with real-world identities on top of?11 Maybe, maybe not. Both types of networks have their trade-offs but focusing on a token is probably missing the bigger picture of meeting business requirements which vary from organization to organization.
[Acknowledgements: thanks to Pinar Emirdag, Todd McDonald, Dan O’Prey, Robert Sams and John Whelan for their feedback.]
- This annualized number comes from the following calculation: money supply creation (1,312,500 bitcoins) multiplied by current market price (~$230). [↩]
- Large institutions and enterprises may have issues with authentication and identification of customers/users but that is a separate operational security issue. [↩]
- It is important to note that if the costs of mining somehow decreased then so too would the costs to successfully attack a proof-of-work network. See The myth of a cheaper Bitcoin network: a note about transaction processing, currency conversion and Bitcoinland [↩]
- Note: In the UK, Visa Europe currently settles over RTGS though Mastercard does not. See: The UK Payments landscape [↩]
- Thanks to Dan O’Prey for his thoughts on the matter. [↩]
- It bears mentioning that having 15 banks in 15 different countries operating validators is more decentralized than a few mining pools in a couple of countries, although it is not a fully direct comparison. [↩]
- In theory on-chain “identity” starts pseudonymously and later users can either fully identity themselves (via traditional KYC, or signing of coinbase transactions) or attempt to remain anonymous by not reusing addresses and through other operational security methods. Miners themselves can be both known and unknown in theory and practice. Other terminology refers to them as a dynamic- membership multi-party signature (DMMS). [↩]
- Peter Todd has argued that financial institutions can take a hash from a permissioned ledger and insert it into a proof-of-work chain as a type of “audit in depth” strategy. [↩]
- According to John Whelan who reviewed this post, “The science of incentives is far more complex than just ‘show me the money’. Indeed, workplace incentive specialists have coined the term ‘total rewards of work’ that recognizes that there are many levers other than compensation that may be pulled to motivate employees to perform at their maximum potential (e.g., workplace rewards). With distributed ledger systems there is a lot of room to gain a clearer understanding of the kinds of incentives that will motivate transaction validators or nodes that offer other services such as KYC/AML, etc. It is definitely not a one-size-fits-all.” [↩]
- For comparison, Litecoin has 245447 blocks with 1 transaction and 105765 blocks with two. [↩]
- At an event in NYC last month Peter Todd opined that perhaps some firms will take this risk and will encode a series of if/then stipulations in the event that a history-reversing attack occurs. [↩]