[Note: The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise]
Why open/permissionless and closed/permissioned terminology has become a muddled red herring of totems
It is common to see startups, enthusiasts, and advocacy groups boast how they support “open,” “public,” and “permissionless” innovation. Their lollipops and rainbows narrative can be found on a multitude of websites, social media accounts, and on panels at conferences.
Similarly several well-to-do consultancies and buttoned-up fintech companies use stoic marketing terms like “permissioned,” “trusted,” and “private” to describe their platforms to what are assumedly monocle-wearing, high-brow clientele.
But very little long-form has been spent explaining what these actually mean beyond superficial warm feelings either side is trying to engender.
Both are at fault for taking a page from the politically charged play book of terms like “pro-choice” and “pro-life” — I mean who wants to be labeled as anti-choice or anti-life? Or in this case, who would want to be known as anti-open and anti-permissionless? Or as John Oliver might say, who wants to hang out in intranet sandboxes all day when there is a big fat thing called “The Internet” you can troll on all day instead?
Aside from the fact that “The Internet” is just a bunch of highly regulated, permissioned intranets tied together with KYC and peering agreements, let’s de-escalate and take a quick step back for a moment to focus on two diametrically polar opposites: anarchic and archic networks.1
Why? Because that’s ultimately what these two camps are fighting a war of words and hashtagged rhetoric about.
There are some general commonalities between anarchic and archic chains but before getting there, what does anarchic mean in this context?
An anarchic network — in this case an anarchic blockchain — simply means a chain that purposefully lacks any ties to legal institutions and nation-state infrastructure. That is to say, the architects of an anarchic chain set out to create an extralegal virtual-only entity that is divorced from governments and regulators; entities that could censor data transfers and on-chain activities. Currently, anarchic chains are euphemistically called “public blockchains” to have better marketing varnish at cocktail parties in DC.
There have been multiple attempts to build anarchic-types of networks in the past (such as Tor); perhaps the most popularly known anarchic blockchains in use are Bitcoin and Ethereum.
Anarchic can also mean that a chain, or a network layer, has no formal or de jure governance process for handling disputes. In this case, both Bitcoin and Ethereum (among others) are double-fisting anarchy.
I am a millennial, is there another way of saying all of this in less than 140 characters?
Not that there is an official marketing slogan but:
- Bitcoin is supposed to be an unstoppable payment processor (title and abstract of the whitepaper)
- Ethereum is supposed to be an unstoppable computer that can run and execute untrusted code (motto from Foundation’s website)
In contrast, as can be expected from its name, archic chains and networks explicitly tie into traditional legal infrastructure, into the ‘old world’ laws of physical nation-states. In addition, many archic chain creators attempt to bake-in and enable on-chain dispute mechanisms and methods for handling disputes off-chain in the event there is a problem.2
Boring laws and wet oppressive code, right?
But wait, there’s more.
I think my favorite tweet last year was along the lines of: sometimes my browser crashes, occasionally I have to restart my phone, but gosh darnit my self-driving car will always work without a hitch!
And that naïve thinking pervades a lot of the development teams in the fintech space.
Sure it’d be cool if you can automate all of the value transfer processes globally with cryptographically assured, tamper-evident mechanisms — but in case something screws up or a governance dispute occurs, you have to design for the fact that somewhere Edward Murphy is in your system with Chaos Monkey.3 And so too it will be with magic internet chains. Without explicit governance and dispute-resolution mechanisms we will just revert back to our lowest common denominator: arguing on reddit with memes.4
By their nature these two worlds are polar opposites in terms of network designs, assumptions, and goals.
With that in mind, below are three commonalities that both types of networks have but each of which is handled differently:
(1) Both have permissioning
(2) Both have cryptographic-linked data structures
(3) Both use ‘other peoples computers’
What does each of these mean?
For anarchic networks like Ethereum and Bitcoin, permissioning — that is to say, deciding who gets to change and update the log of records, or in this case digitally sign blocks, is usually handled via proof-of-work.5
Permissioning in this specific case has nothing to do with what kind of applications can be used on it, who can look at the code, who can modify the code, who can send transactions, etc. These are all tangential to the key foundational question of who gets to digitally sign and update the log of history in the first place. After all, the Bitcoin whitepaper wasn’t an exegesis on cloning software libraries and GPL versus MIT licensing maximalism now was it?6) In fact, to-date several vendors have released open-sourced versions of “private” gated chains — so you can have one without the other.7 Nor did KYCing internet access kill innovation on the internet.
While some promoters like to use terms like “dynamic” to describe the log signing / block validation process on the Bitcoin network, in practice there are roughly 15-20 ‘permissioned’ block makers / log signers on the Ethereum and Bitcoin networks at any given time.8
That is to say, the entire “membership pool” of block signers at any day of the week is fairly static. Some come and go over time but in general there is a quasi-static membership pool of block signers; and the operators of these membership pools is generally known and no longer identity-less (pseudonymous). They even sit on stage at public conferences and pose for pictures and… bring photo journalists to their actual data centers.9 There is a joke about the first two rules of Fight Club in there somewhere.
This creates some fundamental problems surrounding the goals of achieving censorship-resistance as well as the goals of routing around regulatory regimes. Recall that neither Bitcoin nor Ethereum were designed to interface with the traditional legal system which compels validators, payment processors, custodians, and financial intermediaries to comply with a bevy of identity management and consumer protection requirements.
In fact, anarchic chains were designed to do just the opposite and instead maintain a network that enables identity-less participants to move data peer-to-peer without complying with a list of external rules and governance processes. As noted above, anarchic chains set out to be their own sovereign entity, a type of virtual nation-state divorced from traditional legal infrastructure altogether.
And to achieve their objective of enabling identity-less participants to transfer data from one to another without having to be vetted by a party capable of censoring the movement of data, the network designers believed they could make their network of validators and block makers — the cloud of machines processing payments and providing digital signatures — decentralized to the extent that the overall network could maintain reliable uptime in the face of network splits as well as malicious activity from governmental and Byzantine actors.
So in summation, anarchic chains:
(1) typically achieve permissioning and log appendation by requiring (originally) identity-less participants to submit proofs-of-work that consume and irreversibly destroy real economic value (e.g., fossil fuels);
(2) the log of history and payments therein is appended via a digital signature controlled by a nominally identity-less, quasi-static participant who is able to propagate the proof-of-work first across the rest of the network;10
(3) this log of history — in both theory and practice — is propagated to other people computers in other countries in order to attempt to achieve uptime in the face of network partitions and adversaries.
In other words, checkmate statists!
So what about that cold, heartless world of closed, walled-off gardens managed by intranet builders and training wheel makers? After all, anarchic chains are supposedly too woolly for regulated institutions like banks and according to random people on social media who talk to other random people on social media about financial infrastructure in 140 characters, banks now have decided to reinvent databases… But With Blockchain™. Because banks — which collectively have built and operate the largest IT infrastructure globally — don’t understand technology and have just rebranded SQL databases to get some easy softball press releases. Right?
It’s hard to talk about archic chains in the same snarky depth as anarchic chains because there are so many different ones under development that are taking different tact’s and approaches to solving who knows what. But challenge accepted.
As Ian Grigg explains, part of the problem entrepreneurs are facing is that “permissionless” can be defined, sort of, but the opposite of permissionless is harder to define. If we accept it means “with a permission” then we could ask, what permission? How many? When, where, who, etc.
Are we talking about permission to enter (walled garden), permission to make any transaction (identified keys not pseudonyms), permission to act (approved by regulator in each instance), permission to put money in, permission to take money out? All of these permissions have regulatory, architectural, societal, and marketing success implications so it isn’t really plausible to talk about a permissioned system as a thing, it’s more an anti-thing.11
With the private/permissioned world of buzzword bingo, a lot of the platforms are ill-conceived forks of cryptocurrencies that weren’t customized at all for capital markets.
Satoshi wasn’t trying to solve for frictions in the post-trade world of clearing and settlement of regulated institutions. And Vitalik didn’t wake up 3 years ago and say, “Holy hell the $65-$80 billion in post-trade reconciliation processes could be significantly reduced tomorrow if I build an unstoppable computer program replicated across thousands of nodes!”12
So simply forking Bitcoin and gutting the PoW mining apparatus to move pre-IPO cap tables around or track airline points cannot really be called “fit for purpose” especially since it seems that you can pretty much do the same exact thing with existing off-the-shelf technology.
What can’t be done with an extant databases?
That’s a good question, and one a lot of reporters miss because they aren’t interviewing IT managers at banks — who cares what some social media app designer or Bitcoin API developer thinks about back-offices at banks, talk to actual core banking architects.
The fundamental reason that regulated financial institutions have all collectively done steeplechase into magic internet chains track & field is this: there is no such thing as an off-the-shelf system that allows them to move value from their own internal ledgers to outside of their organization without having to rely on a cornucopia of 3rd parties. There is no such thing as a global shared ledger standard designed around their operating requirements. For instance, the aggregate reconciliation process and back-office operations that exist today doesn’t make sense to those used to Gmail swiftness or HFT speeds as seen in the front-office activities of trade.
Banks (and other institutions) are looking for novel, secure solutions to reduce certain legacy costs and have been looking at an army of different technology vendors for years to do so. But as I have pointed out before, there is no such thing as a fit-for-purpose distributed ledger that can provide the type of back-office utility (yet).13
What does that mean?
Fit-for-purpose means that some team of geeks sat down with other teams of geeks at banks to talk about super unsexy things for months and years on end to solve specific issues based on a set of explicit functional and non-functional requirements at said bank.
If your team didn’t do that massively boring requirements gathering process then you’re gonna have a really bad time going to market.
If you simply just start building a blockchain app for blockchain app sake, you will likely end up like BitPay or ChangeTip. At least with anarchic chain architects themselves, to their credit, are often attempting to solve for a specific problem-set: how to enable censorship-resistant activities in the face of censorable mandates.
On the other hand: if Bitcoin or Ethereum could do the zillions of things that Bitcoin or Ethereum proponents claim it can do, then of course everyone might use it. It doesn’t, so unsurprisingly many companies and institutions don’t. And before getting all high and mighty about “not giving little poor Bitcoin a chance” — financial institutions globally have done over 200 PoCs on forks of cryptocurrencies or even cryptocurrency networks themselves. They discarded nearly all of them because — spoiler alert — anarchic chains were not built for the requirements that regulated banks have.
Archic chains are not a panacea to everything and they are certainly not the most exciting thing since the invention of the Internet: OxiClean was, and you could only originally get it by calling a 1-800 number.14
The tldr for archic chains is that they:
(1) typically achieve permissioning and log appendation by gating and white-listing the operators of the validation process; this usually involves drawing up a legal contract and service-level agreement specifying the terms of services, quality of service, and how disputes are handled. Because validators are known and legally accountable, proof-of-work is unneeded and marginal costs actually remain marginal (as opposed to MC=MV relationship in PoW networks)15
(2) the log of history and payments therein, is appended via a digital signature controlled by a known, identifiable potentially-static participant who is can propagate the transaction and block to the rest of the participants whom are permitted to interact with the transaction
(3) this log of history — in both theory and practice — is propagated to ‘other people computers.’ In the archic case, it may be a regulated cloud facility (e.g., sovereign cloud) that complies with all of the regulated data requirements of a specific jurisdiction. (This may sound like an unimportant area of interest, be sure to look at this presentation.)
Or in short, with archic chains: validation and block signing is handled by known, identifiable parties whom have the appropriate licenses to handle regulated data in the jurisdictions they operate in.
Because of laws like the General Data Protection Regulation (GDPR), replication of regulated data to everyone everywhere ends up in Bad News Bears territory pretty quickly.
I purposefully tried not to use the word “immutability” because the term has been bludgeoned by totem warriors on all sides this past year. It’s to the point where some cryptocurrency advocates sound like Luddites because they do not acknowledge that immutability is simply achieved by running data through a hashing algorithm, that’s it. It’s one-way and irreversible and has nothing to do with proof-of-work. All PoW effectively does is delegate who can append a log in an untrusted network.
As a matter of fact, there is oodles of immutable data that predates cryptocurrency networks like Bitcoin, housed on a sundry of databases worldwide. And on the other hand, you have consultancies wearing out the word “immutability” as if it about to go out of fashion and they get a year-end bonus for saying it three-times fast.
We are nearing the end of year two of the grand totem wars, of the nonsensical permissioned versus permissionless wannabe debate. There is no versus. Fundamentally Sams’ Law is empirically valid: anything that needs censorship-resistance will gravitate towards censorship-resistant systems and anything that does not will gravitate towards systems that can be censored.16
There are ironclad trade-offs: a network cannot simultaneously be censorship-resistant and tied into legal infrastructure. A chain cannot be both anarchic and archic. One set of utilities has to have a priority over the other (e.g., definitive settlement finality versus probabilistic finality) otherwise it all begins to look like the chimera that is the permissioned-on-permissionless ecosystem.17
As a consequence, anarchic chains continue to act as testnets for archic chains. That is to say, both the Bitcoin and Ethereum ecosystems are effectively providing free R&D to network designers who will learn from the mistakes and incorporate the relevant solutions into their own future systems. After all, why use an anarchic chain in which governance is handled by anonymous eggs on Twitter and (ironically) censorship-happy moderators on reddit? Perhaps things will change and the great expectations promised by anarchic chains will come to fruition. In fact, if Boltzmann brains can exist then that is always in the realm of possibilities.
In the meantime, it’s worth reflecting on what Dave Birch recently pointed out: there is no such thing as a cloud, just other people’s computers.18 And each jurisdiction regulates the activities of what can and cannot be processed and serviced on certain machines. Perhaps those laws will change, but they might not. It will be worth checking in on the Emochain and Statistchain caricatures in the coming months: maybe the State will wither and die like Zerohedge has predicted 7,934 times in the past. Or maybe Panoptichain will be built instead. Or both simultaneously as the consultants behind Schrödingerchain would have you believe.
Immutability! Immutability! Immutability!
- Archy and Anarchic Chains [↩]
- Smart Contract Templates: foundations, design landscape and research directions by Clack et al. [↩]
- Edward Murphy is the namesake of “Murphy’s Law.” See also: Netflix attacks own network with “Chaos Monkey”—and now you can too from ArsTechnica [↩]
- Code is not law [↩]
- Why does Ethereum plan to move to Proof of Stake? from StackExchange [↩]
- “We were successful exactly because we were *not* maximalists.” – Linus Torvalds (source [↩]
- See the Hyperledger github repo [↩]
- The term “dynamic-membership multi-party signature” was used in the Blockstream whitepaper [↩]
- Self-doxxing, dynamic block making and re-decentralization of mining [↩]
- It’s actually not necessarily the first — as blocks can become orphaned — but rather which block ends up being built on by other block makers [↩]
- “So maybe the debate is over comparing an apple to a citrus fruit – mandarins, tangerines, grapefruits, lemons etc, and everyone is assuming their particular flavour.” Many thanks to Ian Grigg for this passage. [↩]
- Blockchain: Back-Office Block-Buster from Autonomous Research [↩]
- Designing a Global Fabric for Finance (G3F); Blockchain, Bitcoin and the rise of banks as shared ledger providers; Explore the Blockchain, Ignore the Bitcoin Maximalists [↩]
- OxiClean [↩]
- See Some Crypto Quibbles with Threadneedle Street and Bitcoins: Made in China [↩]
- See slide 13 [↩]
- What is permissioned-on-permissionless?; Settlement Risks Involving Public Blockchains [↩]
- Dave Birch, September 20, 2016: Source [↩]