Over the last few weeks a number of posts and interviews on social media have promoted the position that “you cannot separate bitcoin from the blockchain” and that only Bitcoin (and no other distributed or decentralized ledger) is the future of finance.
In prose form this includes Adam Ludwin, CEO of Chain (here), Martin Tiller (here) and many more on reddit.
Others include Jerry Brito, executive director at Coin Center, who recently tweeted:
At the most recent Inside Bitcoins NYC event, Barry Silbert, co-founder of DCG, spoke about several myths surrounding Bitcoin (video):
[The second myth] is that the technology is great, but the currency is not necessary. […] The reason why Bitcoin blockchain is transformative is because it’s a secure ledger and you have the ability to process large amounts of transactions.
The only reason why it is secure and it has that transaction capacity is because you have thousands of miners around the world that have been provided a financial incentive to invest resources, capital to build the facilities that is what makes the ledger secure and gives the protocol the capacity to do transactions.
So if you eliminate the financial incentive which is the currency there is no incentive for miners to mine and thereby you don’t have a secure network and you don’t have the ability to process large amounts of transactions.
Why the “only-Bitcoin” narrative is (probably) incorrect for Financial Institutions
In the other corner, Robert Sams described in detail why Bitcoin will not be the future of securities settlement, Piotr Piasecki explored a couple different attack vectors on proof-of-work blockchains (as it relates to smart contracts) and even Ryan Selkis pointed out a number of problems with the Bitcoin-for-everything approach.
So why is the Bitcoin maximalism narrative at the very top probably incorrect for financial institutions?
Because these well-meaning enthusiasts may not be fully looking at what the exact business requirements are for these institutions.
- What do financial institutions want? Cryptographically verifiable settlement and clearing systems that are globally distributed for resiliency and compliant with various reporting requirements.
- What don’t they need? Censorship resistance-as-a-service and artificially expensive anti-Sybil mechanisms.
The two lists are not mutually exclusive. I published a report (pdf) two months ago that covered this in more detail.
Bitcoin tries to be both a settlement network and a provider of a pseudonymous/anonymous censorship resistant virtual cash. This comes with a very large trade-off in the form of cost: as the network funds mining operations to the tune of $300 million this year (at current market prices) for the service of staving off Sybil attacks.1 This cost scales in direct proportion with the token value (see Appendix B).
The financial institutions that I have spoken with (and perhaps my sample size is too small) are interested in operating a distributed ledger with known, legally accountable parties. They do not need censorship resistant virtual cash or proof-of-work based systems. They do not have a network-based Sybil problem.2
If you do not need censorship resistant as a feature, then you do not need proof-of-work
Recall that one of the design assumptions in the Bitcoin whitepaper is that the validators are unknown and untrusted.
In section 1, Nakamoto wrote:
What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
And later in section 4:
To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof- of-work system similar to Adam Back’s Hashcash , rather than newspaper or Usenet posts.
Financial institutions operate under completely different conditions. They not only know the identities of their customers, staff and partners but their processing providers are also known, legally accountable entities. There is no Sybil problem to solve for them on the network. There is no need for proof-of-work or $300 million in annual mining costs.
If you don’t need proof-of-work, you don’t need necessarily a token to incentivize validation or secure the network
Instead, validation can be done by entities with contractual obligations that are legally enforced: known validators with real-world identities and reputations.
Permissioned distributed ledgers using this type of known validator, such as Hyperledger and Clearmatics (disclosure: I am an advisor to both), are not trying to be “cryptocurrencies” or even entrants in the virtual cash marketplace.
Nor are they trying to provide pseudonymous-based censorship resistant services. Instead they are attempting to provide a solution for the financial institution requirements above.
But if Bitcoin has the largest user base of pseudonymous virtual cash, wouldn’t concepts like sidechains allow systems like Hyperledger to be run on a sidechain and therefore we should all focus on Bitcoin?
Again, permissioned ledger systems like Hyperledger are not a cyrptocurrency, so sidechains (as they are currently proposed) would probably not provide any benefit to them. Bitcoin may – temporarily or permanently – have the largest mind share for cryptocurrency as whole and for censorship resistant services but this does not seem to really be a top priority for most financial institutions.
Thus, it would be comparable to saying why don’t we connect all Excel workbooks directly onto the Bitcoin blockchain?
Or akin to the Wright brothers trying to sell a biplane to modern day international air carriers. Just because you created the first proof-of-concept and own a lot of equity in the companies in the supply chain for Wright brothers wooden airplanes (because you know aeronautical vehicles is a growth industry), does not mean the first model will not be iterated on and evolved from. Even modern day dirigibles provide different utility than large wide-body air cargo planes.
There is a case to be made that you only need a token as an incentive within proof-of-work-based (and proof-of-stake) cryptocurrency networks. Yet as described elsewhere, there are other ways to build distributed networks and economic consensus mechanisms that do not need follow the Nakamoto design (see Vlad Zamfir’s forthcoming Reformalizing Consensus paper).
Thus, the authors cited at the beginning of this post are likely asking the wrong question. What these writers seem to be collectively saying is: “Hey banks, you want a better settlement method? Then you need Bitcoin.” Instead they should be asking banks, “What problems do you have? Would a censorship-resistant service like Bitcoin’s blockchain sustainably solve that problem?”
Financial institutions each face different problems and challenges but it is unlikely that proof-of-work necessarily solves them.3 Nor is it the case that banks need yet another currency to manage and hedge. Though to be even handed, perhaps other financial institutions like hedge funds will find it useful for speculation.
Blocks and miners
Not to pick on Barry Silbert (this is just an example), but his statement above is wrong: “you have the ability to process large amounts of transactions.”
Bitcoin, with the current 1MB block size, is in theory able to process about 7 transactions per second. If some of the expansion proposals under discussion are enacted, then block sizes may increase to 20 MB in the coming year. This, again in theory, would mean that the Bitcoin blockchain would be able to process about 140 transactions per second.
One bullish narrative has been that Bitcoin will one day be able to handle transaction processing rates on part with networks like Visa (which on average handles 2,000 – 3,000 transactions per second each day).4 For comparison, in 2013 PayPal had 128 million active accounts in 193 markets and 25 currencies around the world and processed more than 7.6 million payments every day.
Baring something like a full roll-out of the Lightning Network, is unlikely to occur without the use of trusted parties.
Thus it is unclear what metric Silbert is using when he references the “large amounts” being processed, because in practice the Bitcoin network only handles about 1.5 transactions per second on any given day, and most traffic is comprised of spam and long-chains transactions and not the actual commerce that Visa handles.
Above are two charts from TradeBlock which recently published some analysis on block sizes and capacity. Based on their analysis and following the current trend in block size usage, the 1 MB capacity will be reached in about 18 months, so only in December 2016 will 2.8 transactions per second be achieved. Dave Hudson ran simulations last year and came to a similar conclusion.
Further, Visa’s network — although centralized — is actually very secure (with moats and all). No one hacks Visa, they hack the edges, institutions like Target and Home Depot. This is similar to Bitcoin, where it is cheaper to hack Bitstamp, Bitfinex, Mt. Gox and countless others (which have all been hacked over the past 18 months), than it is to do a Maginot Line attack via hash rate.
In fact, if we measure adoption and usage by actual end users (i.e., where most transactions actually take place), the adoption is not with Bitcoin’s blockchain, but instead with trusted third parties like Coinbase, Circle, Xapo and dozens of other hosted wallets and exchanges. As I mentioned in my review of The Age of Cryptocurrency, one of the funnier comments I saw on reddit last month was someone saying, “You should try using Bitcoin instead of Coinbase.”
Are permissioned distributed ledgers the solution for financial institutions?
Maybe, maybe not. It depends on if they securely scale in a production environment.. It also depends on the specific business requirements. It could turn out that distributed databases like Chubby or HyperDex are a better fit for some problems.
It is also hard to say that a large enterprise can axiomatically replace its existing systems with a new distributed ledger network and save X amount of money. There are a variety of costs that have to be factored in: compliance costs, reconciliation costs, legal costs, IT costs, costs from capital tied up in slow settlement times, etc. 5 Add them all together and there is, in theory, room for large saving, but this is still unknown. It cannot be derived a priori.
Another common claim is, “Bitcoin is a larger, better supported blockchain and therefore will win out since it has market makers and market support.”
But Bitcoin, as a censorship-resistance payment rail and virtual cash, is a solution for cypherpunks, not for financial institutions who again, have known counterparties. A proof-of-work blockchain only matters for untrusted networks and pseudonymous validators.
It may seem repeitive, but if you are designing a semi-trusted/trusted networks, then the token itself is more akin to a receipt than an informational commodity. Bitcoin, in its current form, likely needs a token because it needs to pay its pseudonymous validators for the censorship-resistance service. If you operate a bank, with a state charter and KYC/AML requirements, this is probably not a must-have feature.
Either way, it is too easy to become caught up in this red herring and miss the utility of a distributed settlement system for the roller coaster ride surrounding the token.
But isn’t using known validation just centralization by any other name?
No, it could be institutionalized (which is different than centralization) in that the nodes are globally separated and controlled by different keypairs and organizations.6 In effect, distributed ledgers are a new, additional tool for financial controls — and an attempt to abuse the network would require additional compromises and collusion that the edges of a proof-of-work networks are also prone to.
Yet in the event an attack occurs on a permissioned ledger, the validators are contractually and legally accountable to a terms of service — pseudonymous validators are not and thus end users for something like Bitcoin have no recourse, legal or otherwise, and are left with options like begging mining pools on reddit.7
Bitcoin may be a solution to some market needs, but it is likely not the silver bullet that many of its promoters claim it is. This is especially true for financial institutions, particularly once the costs of mining and censorship-resistance, is added into the mix.
There is room for both types of networks in this world, just like there is room for dirigibles and jumbo jet freighters. Yet it is impossible to predict who will ultimately adopt one or the other or even both.8
But as shown in the picture below, the Bitcoin mining game (within a game) includes mining pools that are not always incentivized to include transactions.9 Which raises the question: how can you require them to since there is no terms of service?
Every day there is always one or two blocks (sometimes more) that include a lonesome transaction, the coinbase transaction. In fact, in the process of writing this post, F2Pool included no additional transactions in block 359422, this despite the fact that there are unconfirmed transactions waiting for insertion onto the communal chain.
Mining pools have differing incentives as to whether or not to include actual transactions, to them the bulk — roughly 99.5% of their revenue still comes from block rewards so sometimes they find it is not worth processing low fee transactions and instead propagate smaller blocks so as to lower orphan races and instead work on the next hash; see for instance Chun Wang’s comment related to F2Pool and large block sizes posted last week.
I reached out to Robert Sams, CEO of Clearmatics, who has written on this topic in the past. According to him:
To me the crux of the issue is that permissionless consensus cannot guarantee irreversibility, cannot even quantify the probability of a history-reversing attack (rests on economics, not tech).
It’s a curious design indeed where everyone on the Bitcoin network is now known and authenticated… except the transaction validators!
I also reached out to Dan O’Prey, CEO of Hyperledger. According to him:
It all comes down to starting assumptions. If you want the network to be censor-resistant from even governmental attacks, you need validators to be as decentralised as possible, so you need to allow anyone to join and compensate them so they do, so you need to use proof of work to prevent Sybil attacks and have a token.
If you’re dealing with legal entities that governments could shut down then you don’t get past step one. If you’re dealing with a private network between multiple participants then you don’t need to incentivise validators – it’s just a cost of doing business, just as web servers are.
Fun fact: according to Blockr.io, there have been 85275 blocks with one transaction and 12438 blocks with 2 transactions (the bulk of which occurred in the first year and a half).10
Is that the type of game theoretic situation upon which to build a mission-critical, time sensitive settlement system for off-chain assets with real-world identities on top of?11 Maybe, maybe not. Both types of networks have their trade-offs but focusing on a token is probably missing the bigger picture of meeting business requirements which vary from organization to organization.
[Acknowledgements: thanks to Pinar Emirdag, Todd McDonald, Dan O’Prey, Robert Sams and John Whelan for their feedback.]
- This annualized number comes from the following calculation: money supply creation (1,312,500 bitcoins) multiplied by current market price (~$230). [↩]
- Large institutions and enterprises may have issues with authentication and identification of customers/users but that is a separate operational security issue. [↩]
- It is important to note that if the costs of mining somehow decreased then so too would the costs to successfully attack a proof-of-work network. See The myth of a cheaper Bitcoin network: a note about transaction processing, currency conversion and Bitcoinland [↩]
- Note: In the UK, Visa Europe currently settles over RTGS though Mastercard does not. See: The UK Payments landscape [↩]
- Thanks to Dan O’Prey for his thoughts on the matter. [↩]
- It bears mentioning that having 15 banks in 15 different countries operating validators is more decentralized than a few mining pools in a couple of countries, although it is not a fully direct comparison. [↩]
- In theory on-chain “identity” starts pseudonymously and later users can either fully identity themselves (via traditional KYC, or signing of coinbase transactions) or attempt to remain anonymous by not reusing addresses and through other operational security methods. Miners themselves can be both known and unknown in theory and practice. Other terminology refers to them as a dynamic- membership multi-party signature (DMMS). [↩]
- Peter Todd has argued that financial institutions can take a hash from a permissioned ledger and insert it into a proof-of-work chain as a type of “audit in depth” strategy. [↩]
- According to John Whelan who reviewed this post, “The science of incentives is far more complex than just ‘show me the money’. Indeed, workplace incentive specialists have coined the term ‘total rewards of work’ that recognizes that there are many levers other than compensation that may be pulled to motivate employees to perform at their maximum potential (e.g., workplace rewards). With distributed ledger systems there is a lot of room to gain a clearer understanding of the kinds of incentives that will motivate transaction validators or nodes that offer other services such as KYC/AML, etc. It is definitely not a one-size-fits-all.” [↩]
- For comparison, Litecoin has 245447 blocks with 1 transaction and 105765 blocks with two. [↩]
- At an event in NYC last month Peter Todd opined that perhaps some firms will take this risk and will encode a series of if/then stipulations in the event that a history-reversing attack occurs. [↩]
“It bears mentioning that having 15 banks in 15 different countries operating validators is more decentralized than a few mining pools in a couple of countries”
I disagree. What it will encourage is conspiratorial behavior between the validators that would lead to greater centralization than we have currently. If you don’t have a trust-less ledger then you don’t have the revolutionary advancement that something like bitcoin provides.
Pingback: The Weekend Read: June 4 | Todd Blog
Very good points overall. However, I would argue that proof of work is a red herring. Yes, the $300m per year computing expense and estimated $100m per year environmental damage is tragic, but from the point of view of blockchain _transactional usage_ it’s a static cost. The bitcoin network wastes $400m per year regardless of whether one transaction per day is happening on it or ten thousand. I think that the correct way to look at the issue is from an application developer standpoint. If NASDAQ starts using the bitcoin blockchain for some set of transactions (say, 1000 per day), then the marginal load that it is inflicting on the network is the need for ~50000 nodes (that’s 2000 nodes currently on the network times a generous safety factor to account for nodes that are often offline but still need to sync, future nodes, etc) to process the transaction – and that cost justifies a per-transaction cost of $0.03 (at least in theory; in practice it could be anywhere from $0.0001 to $1 and we don’t know, I have not yet seen or attempted a proper econometric analysis). That cost scales with one thing and one thing only: the number of nodes on the network.
So I think the question that _really_ needs asking is, do we need NASDAQ transactions taking place on a ledger where every transaction is processed by 50000 nodes? If you do the binomial math, you get the result that 400 nodes is basically equivalent decentralization to within probability margins that are lower than the chance that I’ll guess Satoshi’s private key tomorrow (see my scalability paper at https://github.com/vbuterin/scalability_paper/raw/master/scalability.pdf page 21 for some numbers). The place where semi-centralized ledgers will do better is that they will have lower costs and higher speed from being able to limit themselves to a much smaller number of participants in order to achieve higher speed and particularly lower latency (I was at a Huawei internal event recently, and latency was their prime concern re: blockchain IoT).
“do we need NASDAQ transactions taking place on a ledger where every transaction is processed by 50000 nodes?”
Very pertinent question. But that question could be asked for any large scale project that’s supposed to generate lots of transactions.
But does each transaction really “hit” all 50,000 nodes in reality, or just a few hundreds til the math is solved?
On your second point, are you saying that a network of 400 nodes is sufficient to provide security and efficiency, without bloat? That’s an important consideration I think.
Only capricious souls try to fit a square block in a round hole.
Bitcoin is not meant to sit among the instruments lining the toolbox of dated financial institutions, it exists above the current asset management and trade networks.
> allowing any two willing parties to transact directly with each other without the need for a trusted third party
I think you’re *absolutely* right. Bitcoin is *not* well-suited for banks.
Question: why would I, or any non-bank entity, care?
Banks are rapidly losing their customer’s trust:
Bitcoin is, at this time, the best alternative to banks. I trust it more than a bank, not because I don’t trust banks, but because it’s entirely clear that Bitcoin is massively trustworthy and a massive improvement to the banking system from a technology perspective.
Nobody cared whether the internet was well suited for media companies.
Banks will be remembered as the no-longer-necessary parties inserted between the two willing parties referenced in the paper, just as media companies will be remembered as the no-longer-necessary parties inserted between media consumers and media producers.
The future often resembles the past, but increasingly frequently, the future becomes fundamentally different than the past. Think fire, civilization, law, science, telephony, mechanical computation, and the internet.
Bitcoin may be the next transformation. If so, it’ll destroy a ton of existing business models, causing what’s known as creative destruction.
The criticism of Bitcoin, no-doubt like the criticism of every other massive change in the status-quo, is predicated on its current form and characteristics.
It’s open source software, and changes continuously. It’s not perfect, but it strives toward perfection. And it’s trustworthy because it is developed entirely in the sunshine.
It doesn’t need to be perfect to win, it simply needs to be technically superior to the existing alternatives, and developers worldwide will flock toward it.
This will take time, and I think you, and the companies that you’re advising, can save the incumbents a lot of cash and buy them time by making them more competitive.
In the long run, however, I’m with Andreessen and Draper.
The anology I use is like saying that Fortran was the only programming language needed because it was the first wildly successful one in 1956.
The reality is that we have as much to learn and innovate in the field of cryptography-based computer engineering as we did about software languages back in 1956 versus now.
That said, we need to start seeing real examples of applications based on permissioned blockchains and non-Bitcoin blockchains in order to prove your points made in this post. The validations needed are not from a few pundits, but rather from several users and the market itself who will speak a lot louder than a few voices are today.
lol, Bitcoin isn’t even censorship resistant, miners can censor transactions because its all public and traceable, you clearly have no idea how its blockchain works, so far the only crypto with censorship resistant blockchain is Monero.
Agreed, with two comments:
* Another reason financial institutions want to stay away from bitcoin is that some at least don’t want to touch the currency for regulatory reasons.
* Even in a closed permissioned distributed ledger, a token (i.e. native currency) could serve a purpose in terms of creating some scarcity for transactions, to prevent both abuse and runaway malfunctioning. It depends on the particular deployment scenario.
Pingback: Eris COO: Private and Public Blockchains Need to Co-Exist | Genesis CNC - 80% Lower Receiver - Rifle Building Begins With Genesis
Pingback: » Eris COO: Private and Public Blockchains Need to Co-Exist
I have to admit you have some very solid points here but we need to make things clear, if there will be permissioned blockchains they will be just another database, yet another distributed storage system with replica sets but nothing innovative. The real innovation here is the Bitcoin blockchain which is the technological breaktrough that solves the byzantine problem and empowers people. You called bitcoin user’s ‘cyberpunks’ and is evident how you don’t understand some needs: if you live in a government-censored country of any other type of regime, then you need Bitcoin and its censorship-resistant blockchain, not a lobby controlled blockchain.