Last year, when the CME first announced that it was considering backing a Bitcoin-related futures product, it also announced the CME CF Bitcoin Reference Rate (BRR). At the time, the reference pricing data came from the following cryptocurrency exchanges: Bitfinex, Bitstamp, GDAX, itBit, Kraken and OKCoin.com (HK).
As of today, the CME has formally whittled down those six into a smaller group of four exchanges: Bitstamp, GDAX, itBit and Kraken.
They did not publicly disclose why they removed Bitfinex and OKCoin, although we can speculate:
It is likely they removed OKCoin because of the laws and regulations around cryptocurrencies in China over the past year included various types of bans. OKCoin’s mainland spot price exchange for yuan <-> cryptocurrency have been shut down. OKEX, an international subsidiary of OKCoin, replaced the China-based exchanges on its own index (including OKCoin itself).
Bitfinex’s corporate and organizational structure has been described in previous articles. Even though it has the largest trading volume and is the key player to price discovery, it has a lot of red flags around compliance and transparency (described in the links at the top) that likely made organizations such as the CME uneasy.
It bears mentioning that the proposed Winklevoss COIN ETF also went through a similar evolution in terms of how to price the instrument. The principals initially created and used the Winkdex. The Winkdex included many different cryptocurrency exchanges over time, including Mt. Gox and BTC-e. Eventually, in future amended filings to the COIN ETF, the Winkdex was completely discarded in favor of a daily auction price conducted at an exchange (Gemini) that the principals and creators of the COIN ETF owned and managed. This is chronicled in a paper I wrote last year.
So what does this have to do with the CME and how did the CME (un)intentionally weigh in on the Bitcoin block size debate?
During the recent Bitcoin Core versus SegWit2X (S2X) political battle, one of the four exchanges that constitute the CME reference rate announced which ticker symbol would be attributed to a specific chain.
GDAX (Coinbase), made the following public announcement on October 25:
In our prior blog post we indicated that at the time of the fork, the existing chain will be called Bitcoin (BTC) and the Segwit2x fork will be called Bitcoin2x (B2X).
Since then, some customers have asked us to clarify what will happen after the fork. We are going to call the chain with the most accumulated difficulty Bitcoin.
We will make a determination on this change once we believe the forks are in a stable state. We may also consider other factors such as market cap and community support to determine stability.
It’s important for us to maintain a neutral position in any fork. We believe that letting the market decide is the best way to ensure that Bitcoin remains a fair and open network.
Note: original emphasis is theirs.
There have been severalarticles that attempted to track and chronicle what all of the exchanges announced with respect to the ticker symbol and the fork. At the time of this writing, itBit, Kraken, and Bitstamp have not publicly commented on this specific fork (although they have publicly signaled specific views on other proposed forks in the past).
And this creates a challenge for any financial institution attempting to create a financial instrument that is compromised of a basket of cryptocurrency-specific prices from different, independent cryptocurrency exchanges.
Ignoring the lack of adequate market surveillance for the moment, if there is a future fork and the constituent exchanges that comprise the reference data choose different forks to be represented by the same ticker symbol, this will likely create problems for the financial product.
For instance, in a hypothetical scenario in which a fork occurs, and two of the exchanges comprising the BRR index choose one side of the fork to list as “BTC” and the other two exchanges choose the other fork to also represent “BTC,” because these forks are linked to separate different ecosystems and even economic systems the combination could impact the volatility of the product.
Or in short: there is no universal agreement or consensus from cryptocurrency exchanges comprising the BRR about what the ticker symbol, let alone the chain should be defined as.
Over the past several years the primary debate has been around scaling, specifically around block sizes. What if future forks are fought over changes to transaction fees, money supply, or KYC requirements? This isn’t idle speculation as these have been proposed in the past with both Bitcoin and other cryptocurrencies (Ethereum Classic held an event last year to focus on what the future money supply generation rate should be).
Obviously this is a situation the CME (and similar financial institutions) wants to avoid at all costs.
In order to do this, it’ll have to pick a side and either:
a) force an errant exchange on its index to fall in line or lose the free marketing; or
b) ditch it from the index
Either way, as by far the largest player in the market, in doing so it will be governing what Bitcoin is. Unlike what most Bitcoin promoters often think: traders follow liquidity not the other way around so the CME is likely to become kingmaker in Bitcoin political disputes. It is going to become a key arm in its governance. That said, as we have seen before, rather than directly get involved with the tribes and religions of development they might simply defer to the incumbent Bitcoin Core rules — so that they can remain above the politics and out of any legal liabilities.
For more detailed commentary on this topic, be sure to read the articles linked to at the top. This will be worth re-visiting once the CME and other regulated institutions fully launch their proposed products.
Acknowledgements: special thanks to Ciaran Murray for several insights articulated above.
It is early into 2017 and at fintech events we can still hear a variety of analogies used to describe what blockchains and distributed ledger technology (DLT) are and are not.
One of the more helpful ones is from Peter Shiau (formerly of Blockstack.io) who used an automobile analogy involving the Model T to describe magic internet chains:1
The Ford Motor Company is well known for its production engineering innovation that gave us the Model T. To this day, the Ford Model T is one of the best selling automobiles of all-time thanks to the sheer number produced and affordability for American middle class families. And while it was remarkable that Ford was able to sell so many cars, it is well understood Ford’s true innovation was not the Model T but in fact the modern assembly line.
It was this breakthrough that enabled Ford to build a new car every 93 minutes, far more quickly than any of its competitors. Not unlike the Model T, cryptocurrencies like Bitcaoin, are every bit the product of a similar innovative process breakthrough that today we call a “blockchain.”
Carrying the analogy a little further, what is even more powerful about this modern equivalent of the assembly line is that it is not just useful for building cars but also vans and trucks and boats and planes. In just the same way, a blockchain is not just useful for creating a cryptocurrency, but can be applied to a many different processes that multiple parties might rely on to reach agreement on the truth about something.
Less helpful, but all the same plentiful, are the many red herrings and false equivalences that conferences attendees are subjected to.
Arguably, the least accurate analogy is that public blockchains can be understood as being “like the internet” while private blockchains “are like intranets”.
Why is this one so wrong and worthy of comment?
Because it is exactly backwards.
For example, if you want to use a cryptocurrency like Bitcoin, you have to use bitcoin; and if you want to use Ethereum, you have to use ether. They are not interoperable. You have to use their proprietary token in order play in their walled garden.
As described in detail below, the internet is actually a bunch of private networks of internet service providers (ISPs) that have legal agreements with the end users, cooperate through “peering” agreements with other ISPs, and communicate via a common, standardized routing protocols such as BGP which publishes autonomous system numbers (ASNs).
In this respect, what is commonly called “the Internet” is closer to interoperable private, distributed ledger networks sharing a common or interoperable communication technology than anarchic, public cryptocurrency blockchain networks, which behave more like independent isolated networks.
Or in short: by design, cryptocurrencies are intranet islands whereas permissioned distributed ledgers — with interoperability hooks (“peering” agreements) — are more like the internet.2
Let’s do a short hands-on activity to see why the original analogy used at fintech conferences is a false equivalence with implications for how we need to frame the conversation and manage expectations in order to integrate DLT in to our reference and business architecture.
If you are using a Windows-based PC, open up a Command window. If you’re using a Mac or Android device, go to a store and buy a Windows-based PC.
Once you have your Command window open, type in a very simple command:
Wait a few seconds and count the hops as your signal traces the route through various network switches and servers until you finally land on your destination. From my abode in the SF area, it took 10 hops to land at Google and 7 hops to land at Microsoft.
If you did this exercise in most developed countries, then the switches and servers your signal zigged and zagged through were largely comprised of privately owned and operated networks called ISPs. That is to say, what is generally described as “the internet” is just a bunch of privately run networks connected to one another via several types of agreements such as: transit agreements, peering agreements, and interconnect agreements.
By far the most widely used agreement is still done via the proverbial “handshake.” In fact, according to a 2012 OECD report, 99.5% of internet traffic agreements are done via handshakes. There is also depeering, but more on that later.
What do all these agreements look like in practice?
According to the 2016 Survey of Internet Carrier Interconnection Agreements (pdf):
The Internet, or network of networks, consists of 7,557 Internet Service Provider (ISP) or carrier networks, which are interconnected in a sparse mesh. Each of the interconnecting links takes one of two forms: transit or peering. Transit agreements are commercial contracts in which, typically, a customer pays a service provider for access to the Internet; these agreements are most prevalent at the edges of the Internet, where the topology consists primarily of singly connected “leaf” networks that are principally concerned with the delivery of their own traffic. Transit agreements have been widely studied and are not the subject of this report. Peering agreements – the value-creation engine of the Internet – are the carrier interconnection agreements that allow carriers to exchange traffic bound for one another’s customers; they are most common in the core of the Internet, where the topology consists of densely interconnected networks that are principally concerned with the carriage of traffic on behalf of the networks which are their customers.
Colloquially it is a lot easier to say “I want to use the Internet” instead of saying “I want to connect with 7,557 ISPs interconnected in a sparse mesh.”
Back to topology, each ISP is able to pass along traffic that originated from other networks, even if these external networks and the traffic therein originate from foreign countries, because the physical systems can speak to one another via standardized transport protocols like TCP and UDP and route via BGP.34
Thus there is no such thing as a physical “internet rail,” only an amalgam of privately and publicly owned networks stitched together.
And each year there is inevitably tension between one more ISP and consequently depeering takes place. A research paper published in 2014 identified 26 such depeering examples and noted that while depeering exists:
Agreements are very quite affair and are not documented for, they are mostly handshake agreements where parties mutually agree without any on record documentation. This argument is supported by the fact that 141,512 Internet Interconnection Agreements out of 142,210 Internet Agreements examined till March 2011 were Handshake Agreements.
This is the main reason you do not hear of disputes and disagreements between ISPs, this also dovetails into the “net neutrality” topic which is beyond the scope of this post.
Just as the internet is an imperfect analogy for blockchains and DLT in general, so is its offspring the “intranet” is a poor analogy for a permissioned blockchains. As noted above, the internet is a cluster of several thousand ISPs that typically build business models off of a variety of service plans in both the consumer and corporate environments.
Some of these server plans target corporate environments and also includes building and maintaining “private” intranets.
What is an intranet?
An intranet is a private network accessible only to an organization’s staff. Generally a wide range of information and services from the organization’s internal IT systems are available that would not be available to the public from the Internet. (Source)
And while more and more companies migrate some portion of their operations and work flows onto public and private “clouds,” intranets are expected to be maintained given their continued utility. From an infrastructure standpoint, notwithstanding that an intranet could be maintained one or more more servers through Software Defined Networks (SDNs), it is still a subset of a mash up of ISPs and mesh networks.
What does this have to do with magic internet chains?
A private blockchain or private distributed ledger, is a nebulous term which typically means that the validation process for transactions is maintained by known, identified participants, not pseudonymous participants. Depending on the architecture, it can also achieve the level of privacy that is associated with an intranet while staying clear of the hazards associated with preserving true pseudonymity.
Why is the “intranet” analogy so misleading and harmful?
For multiple reasons.
For starters, it is not really valid to make a sweeping generalization of all identity-based blockchains and distributed ledgers, as each is architected around specific use-cases and requirements. For instance, some vendors insist on installing on-premise nodes behind the firewall of an enterprise. Some vendors setup and run a centralized blockchain, from one or two nodes, for an enterprise. Some others tap into existing operational practices such as utilizing VPN connections. And others spin up nodes on public clouds in data centers which are then operated by the enterprise.
There are likely more configurations, but as noted above: from a topological perspective in some cases these private blockchains and distributed ledgers operate within an intranet, or on an ISP, or even as an extranet.
Fundamentally the biggest difference between using an ISP (“the internet”) and using an intranet is about accessibility, who has access rights. And this is where identity comes into play: most ISPs require the account holder to provide identification materials for what is effectively KYC compliance.
Thus while you may be visit a coffee shop like Starbucks who provides “free” access, Starbucks itself is an identified account holder with an ISP and the ISP could remove Starbucks access for violating its terms of service. Similarly, most coffee shops, airports, schools, etc. require users to accept a terms of service acknowledging that their access can be revoked for violating it.
Source: FireFox 51.0.1
In short, both the internet and intranet are in effect part of identity and permission-based networks. There is no such thing as an identity-less internet, only tools to mask the users identity (e.g., Tor, Peerblock, Whisper). In the same way that, “private” intranets are a fallacy.
Anarchic chains, which were designed to operate cryptocurrencies like Bitcoin, attempt to create an identity-less network on top of an identifiable network, hence the reason people involved in illicit activities can sometimes be caught.
Interestingly, where the internet analogy does hold up is in how public, anarchic blockchains are no less challenged by the effort and complexity of truly masking identity. I mentioned this in a footnote in the previous post, but it deserves being highlighted once more. Anarchic blockchains inspired by cryptocurrencies such as Bitcoin, used blocks because Satoshi wanted identity-free consensus (e.g., pseudonymity). That implies miners can come and go at will, without any kind of registration, which eliminated the choice of using any existing consensus algorithm.
As a result, Satoshi’s solution was proof-of-work (PoW). However, PoW is susceptible to collisions (e.g., orphan blocks). When a collision occurs you have to wait longer to obtain the same level of work done on a transaction. Thus you want to minimize them, which resulted in finding a PoW on average every ten minutes. This means that in a network with one minute propagation delays, not unlikely in a very large network (BGP sees such propagation times) then you waste ~10% of total work done, which was considered an acceptable loss rate in 2008 when Satoshi was designing and tweaking the parameters of the system.
Distributed ledgers such as Corda, use a different design and exist precisely as an identified network, where members cannot just come and go at will, and do have to register. With Corda, the team also assumes relatively low propagation times between members of a notary cluster. One of the key differences between mere PoW (i.e. hashcash) and a blockchain is that in the latter, each block references the prior – thus PoWs aggregate. It can be tough to do that unless all transactions are visible to everyone and there is a single agreed upon blockchain but if you do not, you will not get enough PoW to yield any meaningful security
When fintech panels talk about the notion of “open” or “closed” networks, this is really a red herring because what is being ignored is how identity and permission work and are maintained on different types of networks.
From the standpoint of miner validation, in practice cryptocurrencies like Bitcoin are effectively permission-based: the only entity that validates a transaction is effectively 1 in 20 semi-static pools each day. And the miners/hashers within those pools almost never individually generate the appropriate/winning hash towards finding a block. Each miner generates trillions of invalid hashes each week and are rewarded with shares of a reward as the reward comes in.
And if you want to change something or possibly insert a transaction, you need hashrate to do so. Not just anyone running a validating node can effect change.
More to the point, nearly all of these pools and many of the largest miners have self-doxxed themselves. They have linked their real world identities to a pseudonymous network whose goals were to mask identities via a purposefully expensive PoW process. As a result, their energy and telecommunication access can be revoked by ISPs, energy companies, and governments. Therefore calling anarchic or public blockchains “open” is more of a marketing gimmick than anything else at this stage.
AOL and CompuServe were early, successful ISPs; not intranets.5 Conflating these terms makes it confusing for users to understand the core technology and identify the best fit use-cases. 6
Alongside the evolution of both the “cloud” and ISP markets, it will be very interesting to watch the evolution of “sovereign” networks and how they seek to address the issue of identity.
Because of national and supranational laws like General Data Protection Regulation (GDPR) that impacts all network users irrespective of origin.
For instance, Marley Gray (Principal Program Manager Blockchain at Microsoft) recently explained in an interview (above) how in order to comply with various data regulations (data custody and sovereignty), Microsoft acquired fiber links that do not interact with the “public” internet. That is to say, by moving data through physically segregated “dark” networks, Microsoft can comply with requirements of its regulated customers.
And that is what is missing from most fintech panels on this topic: at the end of the day who is the customer and end-user.
If it is cypherpunks and anarchists, then anarchic chains are built around their need for pseudonymous interactions. If it is regulated enterprises, then identity-based systems are built around the need for SLAs and so forth. The two worlds will continue to co-exist, but each network has different utility and comparative advantage.
Acknowledgements: I would like to thank Mike Hearn, Stephen Lane-Smith, Antony Lewis, Marcus Lim, Grant McDaniel, Emily Rutland, Kevin Rutter, and Peter Shiau for their constructive feedback. This was originally sent to R3 members on March 31, 2017.
From a network perspective, some of the integration and interop challenges facing DLT platforms could be similar to the harried IPv4 vs IPv6 coexistence over the past decade. Who runs the validating nodes, the bridges — the links between the chains and ledgers — still has to be sorted out. One reviewer noted that: If you equate IPv4 (TCP/UDP/ICMP) to DLTv4 where BGPv4 enables IPv4 networks to interact, we need an equivalent for BPGv4, say DLTGPv4 (DLT Gateway Protocol) for DLTv4 fabrics (ISPv4s) to interact and the same thing for IPv6 and DLTv6 where DLTv6 is a different DLT technology than DLTv4. So the basic challenge here is solving integration of like DLT networks. [↩]
Venture capitalists such as Marc Andreessen and Fred Wilson have stated at times that they would have supported or invested in something akin to TCPIPcoins or BGPcoins. That is to say, in retrospect the missing element from the “internet stack” is a cryptocurrency. This is arguably flawed on many levels and if attempted, would likely have stagnated the growth and adoption of the internet, see page 18-19. [↩]
One reviewer noted that: Because of the IPv4 address restrictions (address space has been allocated – relying on auctions etc for organizations to acquire IPv4 addresses), some sites now only have an IPv6 address. Most devices today are dual stack (support IPv4 and IPv6), but many ISPs and older devices still only support IPv4 creating issues for individuals to access IPv6 resulting in the development of various approaches for IPv4 to IPv6 (e.g. GW46 – my generic label). I think, the question with DLTGW46 is whether to go dual stack or facilitate transformation between v4 and v6. [↩]
A reviewer who previously worked at AOL in the mid ’90s noted that: “In its early days, AOL was effectively a walled garden. For example, it had its own proprietary markup language called RAINMAN for displaying content. And access to the internet was carefully managed at first because AOL wanted its members to stay inside where content was curated and cultural norms relatively safer — and also desirable for obvious business reasons.” [↩]
One reviewer commented: “In my opinion, the “internet” cannot be created by a single party. It is an emergent entity that is the product of multiple ISPs that agree to peer – thus the World Wide Web. DLT-based and blockchain-based services first need to develop into their own robust ecosystems to serve their own members. Eventually, these ecosystems will want to connect because the value of assets and processes in multiple ecosystems will increase when combined.” [↩]
Earlier today, with some help from the R3 research team (thanks for the grammar fixes!), I shipped a new paper to the consortium members. This paper discusses several issues and challenges facing a Bitcoin-based ETF that was originally proposed a couple years ago by the Winklevoss twins (commonly called the COIN ETF). It specifically looks at questions publicly raised by the SEC.
It bears mentioning that R3 itself is not in any shape or fashion involved with this ETF or in using the Bitcoin network. This (tangential) paper solely represents my views and not those of my employer or companies I advise. I worked on it in my spare time.
R3 typically makes research papers available 3-6 months after sending it to members, so check back here later next spring or summer to see if it has been posted.
Update 09/2017: many months later an egg tweeted that it has been posted online at Scribd and Docdroid (pdf)
[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
Yesterday, at block height 1920000, many elements of the Ethereum community coordinated a purposeful hardfork.
After several weeks of debate and just over a couple weeks of preparation, key stakeholders in the community — namely miners and exchanges — attempted to create a smooth transition from Ethereum Prime (sometimes referred to as Ethereum Classic) into Ethereum Core (Ethereum One).1
Users of exchange services such as Kraken were notified of the fork and are now being allowed to withdraw ETH to Ethereum Core, which many miners and exchanges now claim as “mainnet.”
Was the hardfork a success? To answer that question depends on which parallel universe (or chain) you resided on. And it also depends on the list of criteria for what “failure” or “success” are measured by.
For instance, if you ended up with ETH on the “unsupported” fork (Classic), who was financially responsible for this and who could attempt to file a lawsuit to rectify any loses?
Maybe no one. Why? Because public blockchains intentionally lack terms of service, EULA, and service level agreements, therefore it is difficult to say who is legally liable for mistakes or loses.
For instance, if financial instruments from a bank were sent to miners during the transition phase and are no longer accessible because the instruments were sent to the “unsupported” chain, who is to blame and bears responsibility? Which party is supposed to provide compensation and restitution?
De facto versus de jure
This whole hardfork exercise visualizes a number of issues that this blog has articulated in the past.
Perhaps the most controversial is that simply: there is no such thing as a de jure mainnet whilst using a public blockchain. The best a cryptocurrency community could inherently achieve is a de facto mainnet.2
What does that mean?
Public blockchains such as Bitcoin and Ethereum, intentionally lack any ties into the traditional legal infrastructure. The original designers made it a point to try and make public blockchains extraterritorial and sovereign to the physical world in which we live in. In other words, public blockchains are anarchic.
As a consequence, lacking ties into legal infrastructure, there is no recognized external authority that can legitimately claim which fork of Bitcoin or Ethereum is the ‘One True Chain.’ Rather it is through the proof-of-work process (or perhaps proof-of-stake in the future) that attempts to attest to which chain is supposed to be the de facto chain.3
However, even in this world there is a debate as to whether or not it is the longest chain or the chain with the most work done, that is determines which chain is the legitimate chain and which are the apostates.45
And this is where, fundamentally, it becomes difficult for regulated institutions to use a public blockchain for transferring regulated data and regulated financial instruments.
For instance, in March 2013 an accidental, unintended fork occurred on what many participants claimed as the Bitcoin mainnet.
To rectify this situation, over roughly four hours, operators of large mining pools, developers, and several exchanges met on IRC to coordinate and choose which chain they would support and which would be discarded. This was effectively, at the time, the largest fork-by-social-consensus attempted (e.g., proof-of-nym-on-IRC).
There were winners and losers. The losers included: OKPay, a payment processor, lost several thousand dollars and BTC Guild, a large mining pool who had expended real capital, mined some of the now discarded blocks.
In the Bitcoin world, this type of coordination event is slowly happening again with the never ending block size debate.
One team, Bitcoin Classic, is a small group of developers that supports a hardfork to relatively, quickly increase the block size from 1 MB to 2 MB and higher. Another group, dubbed Bitcoin Core, prefers a slower role out of code over a period of years that includes changes that would eventually increase the block size (e.g., segwit). 6
Yet as it lacks a formal governance structure, neither side has de jure legitimacy but instead relies on the court of public opinion to make their case. This is typically done by lobbying well-known figureheads on social media as well as mining pools directly. Thus, it is a bit ironic that a system purposefully designed for pseudonymous interactions in which participants were assumed to be Byzantine and unknown, instead now relies on known, gated, and trusted individuals and companies to operate.
Note: if the developers and miners did have de jure legitimacy, it could open up a new can of worms around FinCEN administrative requirements. 7 Furthermore, the miners are always the most important stakeholders in a proof-of-work system, if they were not, no one would host events just for them.
I think the confusion comes from thinking of cryptocurrency chains as ledgers at all. A cryptocurrency blockchain is (an attempt at) a decentralised solution to the double spending problem for a digital, extra-legal bearer asset. That’s not a ledger, that’s a log.
That was the point I was trying to make all along when I introduced the permissioned/permissionless terminology!9 Notice, I never used the phrase “permissionless ledger” — Permissionless’ness is a property of the consensus mechanism.
With a bearer asset, possession of some instrument (a private key in the cryptocurrency world) means ownership of the asset. With a registered asset, ownership is determined by valid entry in a registry mapping an off-chain identity to the asset. The bitcoin blockchain is a public log of proofs of instrument possession by anonymous parties. Calling this a ledger is the same as calling it “bearer asset ledger”, which is an oxymoron, like calling someone a “married bachelor”, because bearer assets by definition do not record their owners in a registry!
This taxonomy that includes the cryptocurrency stuff in our space (“a public blockchain is a permissionless distributed ledger of cryptocurrency”) causes so much pointless discussion.
I should also mention that the DLT space should really should be using the phrase “registry” instead of “ledger”. The latter is about accounts, and it is one ambition too far at the moment to speak of unifying everyone’s accounts on a distributed ledger.
As I have discussed previously, public blockchains intentionally lack hooks into off-chain legal identification systems.
Why? Because as Sams noted above: a KYC’ed public blockchain is effectively an oxymoron. Arguably it is self-defeating to link and tie all of the participants of the validation (mining) process and asset transfer process (users) to legal identities and gate them from using (or not using) the network services. All you have created is a massively expensive permissioned-on-permissionless platform.
But that irony probably won’t stop projects and organizations from creating a Kimberely Process for cryptocurrencies.
I cannot speak on behalf of the plethora of “private chain” or “private ledger” projects (most of which are just ill-conceived forks of cryptocurrencies), but we know from public comments that some regulators and market structures might only recognize blockchains and distributed ledgers that comply with laws (such as domestic KYC / AML regulations) by tying into the traditional legal infrastructure.10 This means tying together off-chain legal identities with on-chain addresses and activity.
There are multiple reasons, but partly due to the need to reduce settlement risks: to create definitive legal settlement finality and identifying the participants involved in that process.11
As illustrated with the purposeful Ethereum One hardfork and the accidental Bitcoin fork in 2013, public blockchains by design, can only provide probabilistic settlement finality.
Sure, the data inside the blocks itself is immutable, but the ordering and who does the ordering of the blocks is not.
What does this mean? Recall that for both Ethereum and Bitcoin, information (usually just private keys) are hashed multiple times by a SHA algorithm making the information effectively immutable.12 It is unlikely given the length of time our star is expected to live, that this hash function can be reversed by a non-quantum computer.
However, blocks can and will be reorganized, they are not immutable. Public blockchains are secured by social and economic consensus, not by math.
As a consequence, there are some fundamental problems with any fork on public blockchains: they may actually increase risks to the traditional settlement process. And coupled with the lack of hooks for off-chain identity means that public blockchains — anarchic blockchains — are not well-suited or fit-for-purpose for regulated financial institutions.
After all, who is financially, contractually, and legally responsible for the consequences of a softfork or hardfork on a public blockchain?
If it is no one, then it might not be used by regulated organizations because they need to work with participants who can be held legally accountable for actions (or inactions).
If it is someone specifically (e.g., a doxxed individual) then you have removed the means of pseudonymous consensus to create censorship resistance.
In other words, public blockchains, contrary to the claims of social media, are not “law” because they do not actually tie into the legal infrastructure which they were purposefully designed to skirt. By attempting to integrate the two worlds — by creating a KYC’ed public blockchain — you end up creating a strange hydra that lacks the utility of pseudonymity (and censorship resistance) yet maintains the expensive and redundant proof-of-work process.
These types of forks also open up the door for future forks: what is the criteria for forking or not in the future? Who is allowed and responsible to make those decisions? If another instance like the successful attack and counter-attack on The DAO takes place, will the community decide to fork again? If 2 MB blocks are seen as inadequate, who bears the legal and financial responsibility of a new fork that supports larger (or smaller) blocks? If any regulated institution lose assets or funds in this forking process, who bears responsibility? Members of IRC rooms?
If the answers are caveat emptor, then that level of risk may not be desirable to many market participants.
Who are you going to sue when something doesn’t go according to plan? In the case of The DAO, the attacker allegedly threatened to sue participants acting against his interests because he claimed: code is law. Does he have legal standing? At this time it is unclear what court would have accepted his lawsuit.
But irrespective of courts, it is unclear how smart contract code, built and executed on an anarchic platform, can be considered “legal.” It appears to be a self-contradiction.
As a consequence, the fundamental need to tie contract code with legal prose is one of the key motivations behind how Richard Brown’s team in London approached Corda’s design. If you cannot tie your code, chain, or ledger into the legal system, then it might be an unauthoritative ledger from the perspective of courts.13
And regulated institutions can’t simply just ignore regulations as they face real quantifiable consequences for doing so. To paraphrase George Fogg, that’s akin to putting your head in the sand.
We continue to learn from the public blockchain world, such as the consequences of forks, and the industry as a whole should try to incorporate these lessons into their systems — especially if they want anyone of weight to use them. Anarchic blockchains will continue to co-exist with their distributed ledger cousins but this dovetails into a conversation about “regtech,” which is a topic of another post.
This doesn’t mean that regulators and/or financial institutions won’t use public blockchains for various activities; perhaps some of them will be comfortable after quantifying the potential risks associated with them. [↩]
Ethereum developers plan to transition Ethereum from proof-of-work to proof-of-stake within the next year. [↩]
See Arthur Breitman’s interview on Epicenter Bitcoin and Mike Hearn’s interview on Money & Tech [↩]
Philosophically when Bob connects to “The Bitcoin Network” — how does Bob know he is actually connected to the “real” Bitcoin network? One method is to look at the block header: it should take a specific amount of time to recreate the hash with that proof-of-work. This proves which network has the most work done. However, in the meantime, Bob might connect to other ‘pretenders’ claiming to be “The Bitcoin Network.” At this time, there does not appear to be any legal recognition of a specific anarchic chain. [↩]
The Bitcoin Core fork, which is euphemistically called a softfork, is basically a hardfork spread over a long period of time. [↩]
For proof-of-work mining, Ethereum uses ethash instead of SHA256. For hashing itself, Ethereum uses SHA-3 which is part of the Keccak family (some people use the terms interchangeably but that isn’t technically correct). [↩]
[Disclaimer: I do not own any cryptocurrencies nor have I participated in any DAO crowdfunding.]
This post will look at the difference between a decentralized autonomous organization (DAO) and a project called The DAO.
The wikipedia entry on DAOs is not very helpful. However, Chapters 2 through 5 may be of some use (although it is dated information).
In terms of the uber hyped blockchain world, at its most basic kernel, a DAO is a bit of code — sometimes called a “smart contract” (a wretched name) — that enables a multitude of parties including other DAOs to send cryptographically verifiable instructions (such as a digitally signed vote) in order to execute the terms and conditions of the cloud-based code in a manner that is difficult to censor.
One way to think of a simple DAO: it is an automated escrow agent that lives on a decentralized cloud where it can only distribute funds (e.g., issue a dividend, disperse payroll) upon on receiving or even not receiving a digital signal that a task has been completed or is incomplete.
For instance, let us assume that a small non-profit aid organization whose staff primarily work in economically and politically unstable regions with strict capital controls, set up a DAO — an escrow agent — on a decentralized cloud to distribute payroll each month.
This cloud-based escrow agent was coded such that it would only distribute the funds once a threshold of digital signatures had signed an on-chain contract — not just by staff members — but also from independent on-the-ground individuals who observed that the staff members were indeed doing their job. Some might call these independent observers as oracles, but that is a topic for a different post.1
Once enough signatures had been used to sign an on-chain contract, the escrow agent would automatically release the funds to the appropriate individuals (or rather, to a public address that an individual controls via private key). The terms in which the agent operated could also be amended with a predetermined number of votes, just like corporate board’s and shareholder’s vote to change charters and contracts today.
The purported utility that decentralization brings to this situation is that it makes censoring transactions by third parties more difficult than if the funds flowed through a centralized rail. There are trade-offs to these logistics but that is beyond the scope of this post.
The reason the DAO acronym includes the “organization” part is that the end-goal by its promoters is for it to provide services beyond these simple escrow characteristics such as handling most if not all administrative tasks such as hiring and firing.
Watch out Zenefits, the cryptocurrency world is going to eat your lunch! Oh wait.
A short history
It is really easy to get caught up in the euphoria of a shiny new toy. And the original goal of a DAO sounds like something out of science fiction — but these undertones probably do it a disservice.
Prior to 2014 there had been several small discussions around the topic of autonomous “agents” as it related to Bitcoin.
For instance, in August 2013, Mike Hearn gave a presentation at Turing Festival (see above), describing what was effectively a series of decentralized agents that operated logistical companies such as an autonomous car service.
Several months later, Vitalik Buterin published the Ethereum white paper which dove into the details of how to build a network — in this case a public blockchain — which natively supported code that could perform complex on-chain tasks: or what he dubbed as a decentralized autonomous organization.
The impetus and timing for this post is based on an ongoing crowdsale / crowdfunding activity for the confusingly named “The DAO” that has drawn a lot of media attention.
Over the past year, a group of developers, some of whom are affiliated with the Ethereum Foundation and others affiliated with a company called Slock.it have created what is marketed as the first living and breathing DAO on the Ethereum network.
The organizers kicked off a month long token sale and at the time of this writing just over 10 million ether (the native currency of the Ethereum blockchain) — or approximately 13% of all mined ether — has been sent to The DAO. This is roughly equivalent to over $100 million based on the current market price of ether (ETH).
In return for sending ether to The DAO, users receive an asset called a DAO Token which can be used in the future to vote on projects that The DAO wants to fund.2 It is a process that Swarm failed at doing.
I would argue that, while from a technical standpoint it is possible to successfully set up a DAO in the manner that The DAO team did, that there really isn’t much utility to do so in an environment in which censorship or the theft of funds by third parties will probably not occur.
That is to say, just as I have argued before that permissioned-on-permissionless is a shortsighted idea, The DAO as it is currently set up, is probably a solution to a problem that no one really has.3
Or in short, if you “invested” in The DAO crowdsale thinking you’re going to make money back from the projects via dividends, you might be better off investing in Disney dollars.
Putting aside securities regulations and regulators such as the SEC for a moment, most of the crowdsale “investors” probably don’t realize that:
crowdfunding in general has a checkered track record of return-on-investment4
crowdfunding in the cryptocurrency world almost always relies on the future appreciation of token prices in order to break-even and not through the actual creation of new features or tools (e.g., see Mastercoin/Omni which effectively flopped)
that the funds, when dispersed to Slock.it and other “products,” could take years, if ever to return a dividend
Why would this pool of capital provide any better expected return-on-investment than others?
My sense about The DAO is that it’s a fascinating experiment that I do not want to be part of. I also do not think that a committee of over 1,000 strangers will make wise investment decisions. Most good investment decisions are taken by courageous individuals in my opinion. Anything that can get past a big committee will probably not be the next Google. Imagine this pitch: “Hi I’m Larry and this is Sergey and we want to build the world’s 35th search engine.”
While it probably wasn’t the 35thsearchengine, tor those unfamiliar with the history of Google, Larry Page and Sergey Brin are the co-founders who created a search engine in what was then though a very crowded market.
So why the excitement?
I think part of it is quite simply: if you own a bunch of ether, there really isn’t much you can do with it right now. This is a problem that plagues the entire cryptocurrency ecosystem.
Despite all the back-patting at conferences, the market is already filled with lots of different tokens. There is a glut of tokens which do not currently provide many useful things that you couldn’t already do with existing cash systems.5
Part of it also is that most probably think they will some become rich quick through dividends, but that probably won’t happen anytime soon, if at all.
With The DAO, only the development teams of projects that are voted and approved by The DAO (e.g., the thousands of users with DAO Tokens), will see any short term gains through a steady paycheck. And it is only after they build, ship and sell a product that the original investors may begin seeing some kind of return.
Or in other words: over the past several weeks, the pooling of capital has taken place for The DAO. In the future there will be various votes as to where that capital goes. Shortly thereafter, some capital is deployed and later KPI’s will be assessed in order to determine whether or not funding should continue. All the while some type of profit is sought and dividend returned.
Why, I asked another friend, would this pool of capital offer any better risk adjusted return-on-investment than other asset classes?
In his view:
The return might be high but so is the risk. Always adjust for risk. I think The DAO is better compared to a distributed venture capital firm. Whether that’s better or worse I don’t know — I mean you have the crowd deciding on investments. Or more realistically: nerds who know how to obtain ether (ETH) get to decide on investments.
Does that make them better VCs? Probably not. However, The DAO can decide to hire people with actual credentials to manage and select the investments, admitting its own weakness which would then turn into a strength. I think this can go either way but given the regulator is not prepared for any of this it will probably not work out in the short term.
Does the ‘design-by-giant-nerd-committee’ process work?
Over the past year we have already seen the thousands, probably tens-of-thousands of man-hours dropped into the gravity well that is known as the “block size debate.” In which hundreds of passionate developers have seemingly argued non-stop on Slack, Twitter, reddit, IRC, conferences and so forth without really coming to an amicable decision any one group really likes.
So if block size-design-by-committee hasn’t worked out terribly well, will the thousands of investors in The DAO take to social media to influence and lobby one another in the future? And if so, how productive is that versus alternative investment vehicles?
Redistributing the monetary base
Assuming Ethereum has an economy (which it probably doesn’t by most conventional measures), will The DAO create a deflationary effect on the Ethereum economy?
For instance, at its current rate, The DAO could absorb about 20% of the ether (ETH) monetary base.
Does that mean it permanently removes some of the monetary base? Probably not.
For example, we know that there will be some disbursements to projects such as Slock.it, so there will be some liquidity from this on-chain entity. And that future DAOs will spend their ether on expenses and development like a normal organization.
But we also know that there is a disconnect between what The DAO is, an investment fund, with what many people see it as: a large vault filled with gold laying in Challenger Deep that will somehow appreciate in value and they will be able to somehow extract that value.
Sure, we will all be able to observe that the funds exist at the bottom of the trench, but someone somewhere has to actually create value with the DAO Tokens and/or ether.
For the same reason that most incubators, accelerators and VC funds fail, that entrepreneur-reliant math doesn’t change for The DAO. Not only does The DAO need to have a large volume of deal flow, but The DAO needs to attract legitimate projects that — as my friend point out above — have a better risk adjusted return-on-investment than other asset classes.
Will the return-on-investment of the DAO as an asset class be positive in the “early days”? What happens when the operators and recipients of DAO funds eventually confront the problem of securities regulation?
So far, most of the proposals that appear to be geared up for funding are reminiscent to hype cycles we have all seen over the past couple of years.
Let’s build a product…
2014: But with Bitcoin
2015: But with Blockchain
2016: But with DAO
Maybe the funds will not all be vaporized, but if a non-trivial amount of ETH ends up being held in this DAO or others, it could be the case that with sluggish deal flow, a large portion of the funds could remain inert. And since this ether would not touching any financial flows; it would be equivalent to storing a large fraction of M0 in your basement safe, siloed off from liquid capital markets.
Since the crowdsale / crowdfund began on April 30, the market price of ETH has increased ~30%; is that a coincidence or is there new demand being generated due to The DAO crowdsale?
A small bug has been discovered in terms of the ETH to DAO Token conversion time table
The DAO surpassed the Ethereum Foundation to become the largest single holder of ether (note: the linked article is already outdated)
In terms of concentration of wealth: according to Etherscan, the top 50 DAO Token holders collectively “own” 38.49% of The DAO
The top 500 DAO Token holders collectively “own” 71.39% of The DAO
As of this writing there are over 15,000 entities (not necessarily individuals) that “own” some amount of a DAO Token
Why is “own” in quotation marks? Because it is still unclear if controlling access to these private keys is the same thing as owning them. See also: Watermarked Tokens as well as The Law of Bitcoin
Gatecoin, which facilitated the crowdsale of both The DAO and DigixDAO was recently hacked and an estimated $2 million in bitcoins and ether were stolen
Yesterday Gavin Wood, a co-founder of Ethereum, announced that he is stepping down as a “curator” for The DAO. Curators, according to him, are effectively just individuals who identify whether someone is who they say they are — and have no other duties, responsibilities or authority.
Three days ago, the Slock.it dev team — some of whom also worked on creating The DAO — did a live Q/A session that was videotaped and attempted to answer some difficult questions, like how many DAO Tokens they individually own.
About 17 months ago I put together a list of token crowdsales. It would be interesting to revisit these at some point later this year to see what the return has been for those holders and how many failed.
For instance, there hasn’t really been any qualitative analysis of crowdsales or ICOs in beyond looking at price appreciation.6 What other utility was ultimately created with the issuance of say, factoids (Factom tokens) or REP (Augur tokens)?
Similarly, no one has really probed Bitcoin mining (and all POW mining) through the lens of a crowdsale on network security. Is every 10 minutes an ICO? After all, the scratch-off contest ties up capital seeking rents on seigniorage and in the long run, assuming a competitive market, that seigniorage is bid away to what Robert Sams has pointed out to where the marginal cost equals the marginal value of a token. So you end up with this relatively large capital base — divorced from the real world — that actually doesn’t produce goods or services beyond the need to be circularly protected via capital-intensive infrastructure.
Other questions to explore in the future include:
what are the benefits, if any, of using a centralized autonomous organization (CAO) versus decentralized autonomous organization (DAO) for regulated institutions?
how can a party or parties sue a decentralized autonomous organization? 7
what are the legal implications of conducting a 51% attack on a network with legally recognized DAOs residing on a public blockchain?8
will the continued concentration of ether and/or DAO Tokens create a 51% voting problem identified in the “Curator” section?
Still don’t fully understand what The DAO is? Earlier this week CoinDesk published a pretty good overview of it.
[Special thanks to Raffael Danielli, Robert Sams and Nick Zeeb for their thoughts]
Note: for the purposes of The DAO, “curators” are effectively identity oracles. [↩]
It appears that currently, once a quorum is achieved, a relatively small proportion of token holders can vote “yes” to a proposal to trigger a large payout. [↩]
The current line-up of goods and services are not based around solving for problems in which censorship is a threat, such as those facing an aid worker in a politically unstable region. [↩]
That is not to say that they all fail. In fact according to one statistic from Kickstarter, there was a 9% failure rate on its platform. Thus, it depends on the platform and what the reward is. [↩]
[Note: opinions expressed below are solely my own and do not represent the views of my employer or any company I advise.]
Last April, May and August I wrote three posts that attempted to look at the flow of funds: where bitcoins move to throughout the ecosystem.
Thanks to the team at Chainalysis we can now have a more granular view into specific transfer corridors and movements (not necessarily holdings) between miners, exchanges, darknet markets, payment processors and coin mixers.
The first three charts are backwards looking.
Above is a simplified, color coded version of a tool that Chainalysis provides to its customers such as compliance teams at exchanges. The thickness of a band accurately represents the volume of that corridor, it is drawn to scale.
What is the method used to generate the plot?
The chord-plot shows all bitcoin transactions in 2015 traced down all the way back to a known entity. This means that the connection between the entities can be any number of hops away.
So for instance, for the exchanges it will include direct arbitrage, but also the modus operandi for bitcoin: individuals buying bitcoins at an exchange and then doing peer-to-peer transfers. Again this can be any number of hops and then perhaps later end at an exchange again where someone is cashing out.
According to Chainalysis, by hiding all the intermediate steps we can begin to learn how most of the Bitcoin ecosystem is put together (e.g., can it be split into sub systems?, is there a dark and a lit economy?, and what is bitcoin actually used for?).
Blue: virtual currency exchanges
Red: darknet markets
Pink: coin mixers
Green: mining pools
Yellow: payment processors
Altogether there are 14 major exchanges tracked in blue including (in alphabetical order): Bitfinex, Bitreserve (now Uphold), Bitstamp, BitVC (subsidiary of Huobi), BTCC (formerly BTC China), BTC-e, Circle, Coinbase (most), Huobi, itBit, Kraken, LocalBitcoins, OKCoin and Xapo.
The identity of 12 exchanges were removed with the exception of BTC-e and LocalBitcoins.
BTC-e was founded in July 2011 and is one of the oldest operating exchanges still around. It does not require users to provide KYC documentation nor has it implemented AML processes. This has made it an attractive exchange for those wanting to remain anonymous.
LocalBitcoins was founded in June 2012 and is a combination of Craigslist and Uber for bitcoin transfers. It enables users to post trade requests on its site and provides escrow and reputation services for the facilitation of those trades. Like BTC-e, it does not require users to provide KYC documentation nor has it implemented AML processes. As a result it is a popular service for those wanting to trade bitcoins anonymously.
SharedCoin (depicted in pink above) is a product / service from Blockchain.info that allows users to mix their coins together with other users. It is one of about a dozen services that attempt to — depending who you talk to — delink the history or provenance of a bitcoin.
Founded in the spring of 2013, Agora (depicted in red above) was the largest known darknet market operating in 2015.
For each of the entities labeled on the charts below there is a ‘send to self’ characteristic which in fact are the UTXOs that originate from that entity and ends in unspent funds without first hitting another service. So it can be both cold storage owned by the service or someone hoarding (“hodling”) coins using that service.
Interestingly enough, the deposits held at one VC-backed intermediary almost all stay cold.
Above is LocalBitcoins.
Above is BTC-e.
Above is SharedCoin.
Questions and Answers
I also spoke with the Chainalysis team about how their clustering algorithm worked.
Q: What about all the transactions that did not go between central parties and intermediaries? For instance, if I used my wallet and sent you some bitcoins to your wallet, how much is that in terms of total activity?
A: The analysis above is intended to isolate sub-economies, not to see who is directly trading with who. The Chainalysis team previously did a Chord of that roughly a year ago which shows the all-time history (so early days will be overrepresented) and it was based only on one hop away transactions and normalized to what the team can ascribe to a known service.
The new chord above is different as it continues searching backwards until it locates an identified entity – this means it could have passed through an other either unidentified or less perfectly described service – but as it is same for everything and we have the law of large numbers it will still give a pretty accurate picture of what subeconomies exist. It was made to identify if the Bitcoin network had a dark economy and a lit economy (e.g. if the same coins were moving in circles e.g. dark-market->btc-e->localbitcoin->dark-market and what amount of that loop would include the regulated markets too).
So, for example, the transfers going between the regulated exchanges, many will be multihop transfers, but they start and end in regulated exchanges and as such could be described as being part of the lit economy.
Q: What specific exchange activity can you actually identify?
A: It varies per service but Chainalysis (and others) have access to some “full wallets” from clients. Also newer deposits are often not known so the balance in a wallet will be underestimated due to how the current algorithms work.
Further, some services require special attention and special analytics to be well represented due to their way of transacting – this includes some of the regional dark markets and Coinbase (due to how the company splits and pools deposits, see below). By looking at all the known entities and how many addresses they contain as a percentage of all addresses ever used for bitcoin in all time, Chainalysis has significant coverage and these are responsible for more than half of all transactions ever happened.
Q: And what was the motivation behind building this?
A: The initial purpose of the plot was to identify subsystems and pain points in the ecosystem – the team was at first uncertain of the possibility that every Bitcoin user simply bought bitcoins from exchanges to buy drugs but that does not seem to be the case. Most drug buyers use LocalBitcoins and sellers cash-in via mixers on LocalBitcoins or BTC-e (for the larger amounts).
Q: How large is SharedCoin and other mixers?
A: SharedCoin is currently around 8 million addresses and Bitcoin Fog is 200,000 addresses; they are the two largest.1
Based on the charts above, what observations can be seen?
With a forward tracing graph we can see where all the unspent bitcoins come from (or are stored). One observation is that intermediaries, in this case exchanges, are holding on to large quantities of deposits. That is to say that many users (likely traders) — despite the quantifiable known risks of trusting exchanges — still prefer to store bitcoins on virtual currency exchanges. Or to look at it another way: exchanges end up with many stagnant bitcoins and what this likely means is that users are buying lots of bitcoins from that exchange and not moving them and/or the exchange itself is holding a lot of bitcoins (perhaps collected via transaction fees or forfeited accounts).2
A lot of the activity between exchanges (as depicted in blue lines) is probably based on arbitrage. Arbitrage means if Exchange A is selling bitcoins for a higher price than Exchange B, Alice will buy bitcoins on Exchange B and transfer them to Exchange A where they are sold for a profit.
Despite the amount of purported wash trading and internal bot trading that several Chinese exchanges are believed to operate, there is still a lot of on-chain flows into and out of Chinese-based exchanges, most likely due to arbitrage.
An unknown amount of users are using bitcoin for peer-to-peer transactions. This may sound like a truism (after all, that’s what the whitepaper pitches in its title), but what this looks like above is that people go to exchanges to transfer fiat currencies for virtual currencies. Then users, using the P2P mechanic of bitcoin (or other virtual currencies), transfer their coins to someone else. We can see this by counting hops between the exchanges.
A potential caveat
Because of how certain architectures obfuscate transactions — such as Coinbase and others — it can be difficult for accurate external data analysis. However with their latest clustering algorithm, Chainalysis’s coverage of Coinbase now extends to roughly the same size of the size of Mt. Gox at its height.3
Why can this be a challenge? Coinbase’s current design can make it difficult for many data analytics efforts to clearly distinguish bitcoins moving between addresses. For instance, when Bob deposits bitcoins into one Coinbase address he can withdraw the deposit from that same address up to a limit. After about two bitcoins are withdrawn, Bob then automatically begins to draw out of a central depository pool making it harder to look at the flow granularly.
Other secondary information also makes it unclear how much activity takes place internally. For instance, in a recent interview with Wired magazine, Coinbase provided the following information:
According to Coinbase, the Silicon Valley startup that operates digital bitcoin wallets for over 2.8 million people across the globe, about 20 percent of the transactions on its network involve payments or other tasks where bitcoin is used as a currency. The other 80 percent of those transactions are mere speculation, where bitcoin is traded as a commodity in search of a profit.
In a subsequent interview with New York Business Journal, Coinbase stated that it “has served 2.9 million people with $3 billion worth of bitcoin transactions.”
It is unclear at this time if all of those transactions are just an aggregation of trades taking place via the custodial wallet or if it also includes the spot exchange it launched last January.
Publishing cumulative bitcoin balances and the number of addresses for different entities such as exchanges could help compliance teams and researchers better understand the flows between specific exchanges. For instance, a chart that shows what percentage of the 15 million existing bitcoins everyone holds at a given moment over different time intervals.
This leads to the second area: rebittance, a portmanteau of remittance and bitcoin. Last year it was supposed to be the “killer app” for cryptocurrencies but has failed to materialize due in part, to some of the reasons outlined by Save on Send.4 Further research could help identify how much of the flows between exchanges and the peer-to-peer economy is related to cross-border value transfer as it relates to rebittance activity.
And as the market for data analysis grows in this market — which now includes multiple competitors including Coinalytics, Blockseer, Elliptic and Scorechain — it may be worth revisiting other topics that we have looked at before including payment processors, long-chains and darknet markets and see how their clustering algorithms and coverage are comparable.
For compliance teams it appears that the continued flow between illicit corridors (darknet markets) is largely contingent on liquidity from two specific exchanges: BTC-e and LocalBitcoins. In addition, coin mixing is still a popular activity: from this general birds-eye view it appears as if half of the known mixing is directly related to darknet market activity and the motivation behind the other half is unknown.
Based on the information above other economic activity is still dwarfed by arbitrage and peer-to-peer transactions. And lastly, based on current estimates it appears that several million bitcoins are being stored on the intermediaries above.
[Note: special thanks to Michael Gronager and the Chainalysis team for their assistance and feedback on this post.]
There are many regional smaller projects in, for example, smaller European countries whose flows may be underrepresented as they are less known in part because they do not use commonly used languages. However most are likely a part of the long tail of coin distribution. [↩]
There is a spectrum of intermediaries in which bitcoins are stagnant (or active). For instance, in an interview last May, Wences Casares, founder and CEO of Xapo stated:
Still, Casares indicated that Xapo’s customers are most often using its accounts primarily for storage and security. He noted that many of its clientele have “never made a bitcoin payment”, meaning its holdings are primarily long-term bets of high net-worth customers and family offices.
“Ninety-six percent of the coins that we hold in custody are in the hands of people who are keeping those coins as an investment,” Casares continued. [↩]
Slide 15: Field of Dreams image in reference to the model that you build it first with the hope that customers come
Slide 19: One example of this euphemism is from Adam Draper (and a similar reference point on Twitter). Each of these five companies has a couple product lines, one of which focuses on cryptocurrencies in a non-marginal manner.
Slide 21: This list could include a number of others including Tezos (DLS) and a handful of other startups including a couple in Japan
Slide 23: Collective head count for these companies is just under 100 and total funding raised (that is publicly announced) is around $10 million. There are still more companies trying to build foundational layers (some proprietary, others open) than teams building applications on top. Legend in parenthesis: E=Ethereum, R=Ripple, CP=Counterparty, OA=OpenAssets, TM=Tendermint
Slide 24: Most of the large non-bank financial institutions such as clearing houses and exchanges all have working groups focused on distributed ledger technology (e.g., CLS, SWIFT, LSEG, CME, Nasdaq, Deutsche Borse, DTCC). The Linux Foundation project is in its formative stage.
As of this writing, more than half of all VC funding to date has gone into building permissioned systems on top of a permissionless network (Bitcoin). Permissioned-on-Permissionless (PoP) systems are an odd hydra, they have all of the costs of Sybil-protected permissionless systems (e.g., high marginal costs) without the benefits of actual permissioned systems (e.g., fast confirmations, low marginal costs, direct customer service).
Thus it is curious to hear some enthusiasts and VCs on social media and at conferences claim that the infrastructure for Bitcoin is being rolled out to enable permissionless activity when the actual facts on the ground show the opposite is occurring. To extract value, maintain regulatory compliance and obtain an return-on-investment, much of the investment activity effectively recreates many of the same permission-based intermediaries and custodians that currently exist, but instead of being owned by NYC and London entities, they are owned by funds based near Palo Alto.
For example, below are a few quotes over the past 18 months.
In a February 2014 interview with Stanford Insights magazine, Balaji Srinivasan, board partner at Andreessen Horowitz and CEO of 21inc, stated:
Thus, if the Internet enabled permissionless innovation, Bitcoin allows permissionless monetization.
In July 2015, Coinbase announced the winners of its hackathon called BitHack, noting:
The BitHack is important to us because it taps into a core benefit of Bitcoin: permissionless innovation.
Also in July 2015, Alex Fowler, head of business development at Blockstream, which raised $21 million last fall, explained:
At Blockstream, our focus is building and supporting core bitcoin infrastructure that remains permissionless and trustless with all of the security and privacy benefits that flow from that architecture.
Yet despite the ‘permissionless’ exposition, to be a customer of these companies, you need to ask their permission first and get through their KYC gates.
Without limiting the foregoing, you may not use the Services if (i) you are a resident, national or agent of Cuba, North Korea, Sudan, Syria or any other country to which the United States embargoes goods (“Restricted Territories”), (ii) you are on the Table of Denial Orders, the Entity List, or the List of Specially Designated Nationals (“Restricted Persons”), or (iii) you intend to supply bitcoin or otherwise transact with any Restricted Territories or Restricted Persons.
Is there another way of looking at this phenomenon?
There have been a number of interesting posts in the past week that have helped to refine the terms and definitions of permissioned and permissionless:
Rather than rehashing these conversations, let’s look at a way to define permissionless in the first place.
A couple weeks ago I gave a presentation at the BNY Mellon innovation center and created the mental model above to describe some attributes of a permissionless blockchain. It is largely based on the characteristics described in Consensus-as-a-service.
DMMS validators are described in the Blockstream white paper. In their words:
We observe that Bitcoin’s blockheaders can be regarded as an example of a dynamic-membership multi-party signature (or DMMS ), which we consider to be of independent interest as a new type of group signature. Bitcoin provides the first embodiment of such a signature, although this has not appeared in the literature until now. A DMMS is a digital signature formed by a set of signers which has no fixed size. Bitcoin’s blockheaders are DMMSes because their proof-of-work has the property that anyone can contribute with no enrolment process. Further, contribution is weighted by computational power rather than one threshold signature contribution per party, which allows anonymous membership without risk of a Sybil attack (when one party joins many times and has disproportionate input into the signature). For this reason, the DMMS has also been described as a solution to the Byzantine Generals Problem [AJK05]
In short, there is no gating or authorizing process to enroll for creating and submitting proofs-of-work: theoretically, validating Bitcoin transactions is permissionless. “Dynamic-membership” means there is no fixed list of signatories that can sign (i.e. anyone in theory can). “Multi-party” effectively means “many entities can take part” similar to secure multi-party computation.1
Or in other permission-based terms: producing the correct proof of work, that meets the target guidelines, permits the miner (block maker) to have full authority to decide which transactions get confirmed. In other words, other than producing the proof-of-work, miners do not need any additional buy-in or vetting from any other parties to confirm transactions onto the blockchain. It also bears mentioning that the “signature” on a block is ultimately signed by one entity and does not, by itself, prove anything about how many people or organizations contributed to it.2
Censorship-resistance, while not explicitly stated as such in the original 2008 white paper, was one of the original design goals of Bitcoin and is further discussed in Brown’s post above as well as at length by Robert Sams.
The last bucket, suitable for on-chain assets, is important to recognize because those virtual bearer assets (tokens) are endogenous to the network. DMMS validators have the native ability to control them without some knob flipping by any sort of outside entity. In contrast, off-chain assets are not controllable by DMMS validators because they reside exogenous to the network. Whether or not existing legal systems (will) recognize DMMS validators as lawful entities is beyond the scope of this post.
What are some current examples of permissionless-related investments?
This past week I was in India working with a few instructors at Blockchain University including Ryan Charles. Ryan is currently working on a new project, a decentralized version of reddit that will utilize bitcoin.
In point of fact, despite the interesting feedback on the tweet, OB1 itself, the new entity that was formed after raising $1 million to build out the Open Bazaar platform, is permission-based.
How is it permission-based when the DMMS validators are still permissionless? Because OB1 has noted it will remove illicit content on-demand from regulators.
In an interview with CoinDesk, Union Square Venture managing partner, Brad Burnham stated that:
Burnham acknowledged that the protocol could be used by dark market operators, but stressed the OpenBazaar developers have no interest in supporting such use cases. “They certainly won’t be in the business of providing enhanced services to marketplaces that are selling illegal goods,” he noted.
Based on a follow-up interview with Fortune, Brian Hoffman, founder of OB1 was less specific and a bit hand-wavy on this point, perhaps we will not know until November when they officially launch (note: Tor support seems to have disappeared from Open Bazaar).
One segment of permissionless applications which have some traction but have not had much (if any) direct VC funding include some on-chain/off-chain casinos (dice and gambling games) and dark net markets (e.g., Silk Road, Agora). Analysis of this, more illicit segment will be the topic of a future post.
What are some other VC-funded startups that raised at least a Series A in funding, that could potentially be called permissionless? Based on the list maintained by Coindesk, it appears just one is — Blockchain.info ($30.5 million).
Why isn’t Coinbase, Xapo or Circle? These will be discussed below at length.
What about mining/hashing, aren’t these permissionless activities at their core?
Certain VC funded mining/hashing companies no longer offer direct retail sales to hobbyists, this includes BitFury and KnC Miner. These two, known entities, through a variety of methods, have filed information about their operations with a variety of regulators.3 To-date BitFury has raised $60 million and it runs its own pool which accounts for about 16% of the network hashrate. Similarly, KnC has raised $29 million from VCs and also runs its own pool, currently accounting for about 6% of the network hashrate.
What about other pools/block makers? It appears that in practice, some require know-your-customer (KYC), know-your-business (KYB), know-your-miner (KYM) and others do not (e.g., selling custom-made hardware anonymously can be tricky).
Spondoolies Tech is currently sold out of their hardware but require some kind of customer information to fill out shipping address and customs details. They have raised $10.5 million in VC funding.
GHash allows you to set up a pseudonymous account with throwaway email addresses (or via Facebook and Google+), but they have not published if they raised any outside funding
Most Chinese hashing and mining pools are privately financed. For instance, Bitmain has not needed to raise funding from VCs (yet). The also, currently, do not perform KYC on their users. I spoke with several mining professionals in China and they explained that none of the big pools (Antpool, F2pool, BTC China pool, BW.com) require KYM at this time. Over the past four days, these pools accounted for: 21%, 17%, 10% and 8% of the network hashrate respectively — or 56% altogether. Update 7/29/2015: a representative at BTC China explained that: “Yes, we do KYC the members of our mining pool. We verify them the same way we KYC all registered users on BTCC.”
21inc, not much more is known publicly at this time but if the idea of a “BitSplit” chip is correct, then what could happen is the following: as more chips are flipped on in devices, the higher the difficulty level rises (in direct proportion to the hashrate added). As a result, the amount of satoshi per hash declines over time in these devices. What this likely will lead to is a scenario in which the amount of satoshi mined by a consumer device will be less than “dust limit” which means a user will likely be unable to move the bitcoins off of the pool without obtaining larger amounts of bitcoin first (in order to pay the transaction fee). Consequently this could mean the users will need to rely on the services provided by the pool, which could mean that the pool will need to become compliant with KYC/AML regulations. All of this speculation at this time and is subject to changes. They have received $121 million in VC funding.
As explained above, while individual buyers of hashing equipment, Bob and Alice, do typically have to “doxx” themselves up to some level, both Bob and Alice can resell the hardware on the second-hand market without any documentation. Thus, some buyers wanting to pay a premium for hashing hardware can do so relatively anonymously through middlemen.4 This is similar to the “second-hand” market for bitcoins too: bitcoins acquired via KYC’ed gateways end up on LocalBitcoins.com and sold at a premium to those wanting to buy anonymously.
Notice a pattern? There is a direct correlation between permissionless platforms and KYC/AML compliance (i.e., regulated financial service businesses using cryptocurrencies are permissioned-on-permissionless by definition).
Blockchain.info attempts to skirt the issue by marketing themselves as a software platform and for the fact that they do not directly control or hold private keys.5
This harkens back to what Robert Sams pointed out several months ago, that Bitcoin is a curious design indeed where in practice many participants on the network are now known, gated and authenticated except the transaction validators.
What about permissioned-on-permissionless efforts from Symbiont, Chain and NASDAQ? Sams also discussed this, noting that:
Now, I am sure that the advocates of putting property titles on the bitcoin blockchain will object at this point. They will say that through meta protocols and multi-key signatures, third party authentication of transaction parties can be built-in, and we can create a registered asset system on top of bitcoin. This is true. But what’s the point of doing it that way? In one fell swoop a setup like that completely nullifies the censorship resistance offered by the bitcoin protocol, which is the whole raison d’etre of proof-of-work in the first place! These designs create a centralised transaction censoring system that imports the enormous costs of a decentralised one built for censorship-resistance, the worst of both worlds.
If you are prepared to use trusted third parties for authentication of the counterparts to a transaction, I can see no compelling reason for not also requiring identity authentication of the transaction validators as well. By doing that, you can ditch the gross inefficiencies of proof-of-work and use a consensus algorithm of the one-node-one-vote variety instead that is not only thousands of times more efficient, but also places a governance structure over the validators that is far more resistant to attackers than proof-of-work can ever be.
This phenomenon is something I originally dubbed “permissioned permissionlessness” for lack of a better term, but currently think permissioned-on-permissionless is more straightforward and less confusing.
What does this mean?
The Venn diagram above is another mental model I used at the BNY Mellon event.
As mentioned 3 months ago, in practice most block makers (DMMS validators) are actually known in the real world.
While the gating process to become a validator is still relatively permissionless (in the sense that no single entity authorizes whether or not someone can or cannot create proofs-of-work), the fact that they are self-identifying is a bit ironic considering the motivations for building this network in the first place: creating an ecosystem in which pseudonymous and anonymous interactions can take place:
The first rule of cypherpunk club is, don’t tell anyone you’re a cypherpunk. The first rule of DMMS club is, don’t tell anyone you’re a DMMS.
The second bucket, neither censorship resistant nor trade finality, refers to the fact that large VC funded companies like Coinbase or Circle not only require identification of its user base but also be censor their customers for participating in trading activity that runs afoul of their terms of service. Technically speaking, on-chain trade finality hurdles refers to bitcoin transactions not being final (due to a block reorg, a longer chain can always be found, undoing what you thought was a confirmed transaction). This has happened several times, including notably in March 2013.
For instance, in Appendix 1: Prohibited Businesses and Prohibited Use, Coinbase lays out specific services that it prohibits interaction with, including gambling. For example, about a year ago, users from Seals with Clubs and other dice/gambling sites noticed that they were unable to process funds from these sites through Coinbase and vice versa.
The tweet above is from Brian Armstrong is the CEO of Coinbase, which is the most well-funded permissioned-on-permissionless startup in the Bitcoin ecosystem. For its users, there is nothing permissionless about Bitcoin as they actively gate who can and cannot be part of their system and black list/white list certain activities, including mining (hashing) itself.6 It is not “open” based on common usage of the word.
In other words, contrary to what some Coinbase executives and investors claim, in an effort to extract value in a legally palatable manner, they must fulfill KYC/AML requirements and in doing so, effectively nullify the primary utility of a permissionless network: permissionlessness. Furthermore, Coinbase users do not actually use Bitcoin for most transactions as they do not control the privkey, Coinbase does. Coinbase users are not using Bitcoin on Coinbase, they are using an internal database.7 Or to use the marketing phrase: you are not your own bank, Coinbase is — which leads to a bevy of regulatory compliance questions beyond the scope of this post.8 However, once your bitcoins are out of Coinbase and into your own independent wallet where you control the private key, then you get the utility of the permissionless platform once more.
What are other permissioned-on-permissionless platforms? Below are twenty-seven different companies that have raised at least a Series A (figures via CoinDesk) in alphabetical order:
Altogether this amounts to around $492 million, which is more than half of the $855 million raised in the overall “Bitcoin space.”
What do these all have in common again? Most are hosted wallets and exchanges that require KYC/AML fulfillment for compliance with regulatory bodies. They require users to gain permission first before providing a service.
The chart above visualizes funding based on the schema’s explored in this post. Based on a total venture capital amount of $855 million, in just looking at startups that have received at least a Series A, 57.5% or $492 million has gone towards permissioned-on-permissionless systems. An additional $224 million, or 26.1% has gone towards mining and hashing.10
Permissionless-on-permissionless includes Blockchain.info, ShapeShift, Hive, Armory and a sundry of other seed-stage startups that collectively account for around $50 million or 5.8% altogether. The remaining 10.6% include API services such as Gem and BlockCypher; hardware wallets such as Case and Ledger; and analytic services such as Tradeblock. In all likelihood, a significant portion of the 10.6% probably is related to permissioned-on-permissionless (e.g., Elliptic, Align Commerce, Bonafide, Blockscore, Hedgy, BitPagos, BitPesa) but they have not announced a Series A (yet) so they were not included in the “blue” portion.
Why is Ripple Labs on that funding list above? While Ripple is not directly related to Bitcoin, it is aggregated on the funding list by CoinDesk.
Is it permissioned or permissionless? A few weeks ago I met with one of its developers, who said in practice, the validator network is effectively permissionless in that anyone can run a validator and that Ripple Labs validators will process transactions that include XRP.11
This past week, Thomas Kelleher tried to outline how Ripple Labs is some kind of “third way” system, that uses ‘soft permissions’ in practice. There may be a case for granular permissions on a permissionless network, but it did not coherently arise in that piece.
For example, in early May, Ripple Labs announced that it had been fined by FinCEN for not complying with the BSA requirements by failing to file suspicious activity reports (SARs), including notably, on Roger Ver (who did not want to comply with its KYC requests).
In addition to the fine, Ripple Labs also implemented a new identification gathering process for KYC compliance, stating:
The Ripple network is an open network. No one, including Ripple Labs, can prevent others from using or building on the Ripple protocol as they desire. However, when Ripple Labs provides software, such as the Ripple Trade client, Ripples Labs may impose additional requirements for the use of the software. As such, Ripple Labs will require identification of Ripple Trade account holders.
In other words, Ripple Labs was just fined by FinCEN for doing the very thing that Kelleher wants you to believe he is not required to do. All new Ripple Labs-based “wallets” (Ripple Trade wallets) require user info — this likely means they can control, suspend and block accounts.12 All eight of the main Ripple gateways are also obliged to gather customer information. The current lawsuit between Jed McCaleb and Ripple Labs, over the proceeds of $1 million of XRP on Bitstamp, will probably not be the last case surrounding the identification and control of such “wallet” activity (e.g., specific XRP flagged).
Thus, while the Ripple network started out as permissionless, it could likely become permissioned at some point due to compliance requirements. Why? If you download and install rippled, in practice you are going to use the default settings which rely on Ripple Labs core nodes. In practice, “choose your own” means “choose the default” for 99% percent of its users, ergo Ripple Labs sets the defaults.13 In a paper recently published by Peter Todd, he explained there is no game theoretic advantage to selecting non-default configurations which were not discussed in Kelleher’s essay.
Bob cannot choose his own rules if he has to follow compliance from another party, Ripple Labs. The UNL set may converge on an explicit policy as nodes benefit from not letting other nodes validate (they can prioritize traffic).14
I reached out to Justin Dombrowski, an academic who has spent the past year independently studying different ledger systems for a variety of organizations. In his view:
I have a hard time thinking of Ripple as anything but plain permissioned because I have a hard time thinking of a realistic circumstance under which an active user wouldn’t also have an account subject to KYC, or be indirectly connected to one. Sure, I can run a node for the purpose of experimenting with some Ripple app I’m developing, but at the end of the day I expect to be payed for that app. And I could mine for free—and yeah, in that case the network is permissionless for me—but that’s a atypical, trivial example I’d think. Ripple is theoretically permissionless, but practically not because incentives align only with permissioned uses.
As Dombrowski noted, things get taxonomically challenging when a company (Ripple Labs) also owns the network (Ripple) and has to begin complying with financial service regulations. This trend will likely not change overnight and until it explicitly occurs, I will probably continue to put an asterisk next to its name.
Challenges for DMMS validators in a permissioned-on-permissionless world
Over the past month, I have been asked a number of questions by managers at financial institutions about using public / communal chains as a method for transferring value of registered assets.
For instance, what happens if Bank A pays a fee to a Bitcoin or Litecoin miner/mining pool in a sanctioned country (e.g., EBA concerns in July 2014)?
In February 2015, according to a story published by Free Beacon, Coinbase was on “the hot seat” for explicitly highlighting this use-case in an older pitch deck because they stated: “Immune to country-specific sanctions (e.g. Russia-Visa)” on a slide and then went on to claim that they were compliant with US Treasury and NY DFS requirements.
Another question I have been asked is, what if the Bitcoin or Litecoin miner that processes transactions for financial institutions (e.g., watermarked tokens) also processes transactions for illicit goods and services from dark net markets? Is there any liability for a financial institution that continues to use this service provider / block maker?
Lastly, how can financial institutions identify and contact the miner/mining pool in the event something happens (e.g., slow confirmation time, accidentally sent the wrong instruction, double-spend attempt, etc.)? In their view, they would like to be able to influence upgrades, governance, maintenance, uptime (i.e., typical vendor relationship).
In the Consensus-as-a-service report I used the following chart showing trade-offs:I also used the following diagram to illustrate the buckets of a permissioned blockchain:
Recall that the term “mintette” was first used by Ben Laurie in his 2011 paper describing known, trusted validators and was most recently used in Meiklejohn (2015).
The general idea when I published the report several months ago was that permissionless-on-permissioned (what effectively what Ripple sits) is untenable in the long-run: due to regulatory pressure it is impossible to build a censorship-resistant system on top of a permissioned network.
Ryan Shea pointed this out in his recent piece, noting that:
Permission-ed blockchains are useful for certain things but they are limited in what they can do. Fully decentralized, permission-less, censorship-resistant applications CANNOT be built on them, which for many is a deal-breaker.
What does this mean for your business or organization? Before deciding what system(s) to use, it is important to look at what the organizations needs are and what the customer information requirements are.
As explored above, several startups and VC funds have unintentionally turned an expensive permissionless system into a hydra gated permissioned network without the full benefits of either. If you are running a ledger between known parties who abide by government regulations, there is no reason to pay the censorship-resistance cost. Full stop.15
[The optics of permissioned-on-permissionless]
Most efforts for “legitimizing” or “fixing” Bitcoin involves counteracting features of Bitcoin that were purposefully designed such that it enables users to bypass third parties including governmental policies and regulations. Businesses and startups have to fight to turn Bitcoin into something it isn’t, which means they are both paying to keep the “naughty” features and paying to hide them. For example, if Satoshi’s goal was to create a permissioned system that interfaces with other permissioned systems, he would likely have used different pieces — and not used proof-of-work at all.
The commercial logic of this (largely) VC-backed endgame seems to be: “privatize” Bitcoin through a dozen hard forks (the block size fork is the start of this trend that could also change the 21 million bitcoin hard-cap).16
It seems increasingly plausible that some day we may see a fork between the “permissionless-on-permissionless” chain (a non-KYC’ed chain) and the “permissioned-on-permissionless” chain (a fully KYC’ed chain) — the latter comprising VC-backed miners, hosted wallets, exchanges and maybe even financial institutions (like NASDAQ). The motivations of both are progressively disparate as the latter appears uninterested in developer consensus (as shown by the special interest groups wanting to createlargerblocks today by ignoring the feedback from the majority of active core developers and miners). At that point, there is arguably minimal-to-no need for censorship resistance because users and miners will be entirely permissioned (i.e. known by/to participating institutions and regulators).
When drilling down, some of the permissioned-on-permissionless investment appears to be a sunk cost issue: according to numerous anecdotes several of these VCs apparently are heavily invested in bitcoins themselves so they double down on projects that use the Bitcoin network with the belief that this will create additional demand on the underlying token rather than look for systems that are a better overall fit for business use-cases.17
This raises a question: is it still Bitcoin if it is forked and privatized? It seems that this new registered asset is best called Bitcoin-in-name-only, BINO, not to be confused with bitcoin, the bearer asset.18
If the end game for permissionless systems is one in which every wallet has to be signed by something KYC/KYB approved, it appears then that this means there would be a near total permissioning of the ledger. If so, why not use a permissioned ledger instead for all of the permissioned activity?
The discussion over centralized versus institutionalized will also be discussed in a future post.
[Acknowledgements: thanks to Richard Apodaca, Anton Bolotinsky, Arthur Breitman, Richard Brown, Dustin Byington, Justin Dombrowski, Thomas Kelleher, Yakov Kofner, Antony Lewis and John Whelan for their feedback.]
Are there any other non-mining projects that are VC funded projects that do not require KYC? A few notable examples include ShapeShift (which de-links provenance and does not require KYC from its users) and wallets such as Hive and Armory. All three of these are seed-stage. [↩]
Using similar forensics and heuristics from companies like Chainalysis and Coinalytics, Ripple Labs and other organizations can likely gather information and data on Ripple users prior to the April 2015 announcement due to the fact that the ledger is public. [↩]
Two years ago, David Schwartz, chief cryptographer at Ripple Labs, posted an interesting comment related to openness and decentralization on The Bitcoin Foundation forum. [↩]
Thanks to Jeremy Rubin and Roberto Capodieci for their feedback. [↩]
Three days ago several individuals within the development community (and on reddit) — in order to test to see how the network would handle (and is impacted by) a large increase in transactions — went ahead and repeatedly sent transactions (via scrypts) onto the network.
Below are multiple graphs illustrating what this traffic looked like relative to “normal” days:
Above are three charts from Blockchain.info covering the past year (365 days) activity related to: fees to miners, transactions to all addresses (including popular), transactions excluding chains longer than 10 (see Slicing datafor an explanation).
Above is a screengrab from Statoshi.info (run by @lopp). It illustrates the roughly 20 hour time period in which this stress test took place.
There were multiple reddit threads that attempted to break down the findings, below are some of their comments with slight amendments
A peak of approximately 24,000 unconfirmed Bitcoin transactions occurred
Nearly 133,000 transactions were included in blocks during one day, a new all time high
Blocks became full starting at block 358596 at 23:38 UTC
And remained consistently full until block 358609 at 03:21 UTC
The majority of mining pools cap block size at 0.75 MB instead of 1 MB
Some transactions were “mysteriously” not broadcast until 2 hours post their actual broadcast time (Broadcast between 23- 24:00 UTC, shows 02:54 UTC)
The majority of low fee/minimum fee transactions required 3-4 hours for the first confirmation
Brute force fan fiction
While not necessarily a surprise, for approximately $3,000 an individual can effectively spam the network, filling up blocks and annoying users for several hours. Because it became increasingly expensive for transactions to be included within blocks, the “attack” probably is not the most effective way to cause many transactions to be permanently slowed down.
Yet it does show that the Maginot Line narrative — that the only way to “attack” the network is to acquire hundreds of millions of dollars in hashing power to brute force the network — is just fan fiction. A well-organized and minimally financed group of savvy internet users — not even professional hackers — can create headaches for settlement systems, payment processors or anyone else running time sensitive applications reliant on a public blockchain.
Thus, as Robert Sams pointed out a couple weeks ago: it would probably be financially irresponsible for a large organization like NASDAQ to use a communal blockchain — whose pseudonymous validators are not held contractually liable or accountable for transaction processing (or attacks thereof) — to clear and settle off-chain assets (Ryan Selkis briefly touched on a similar point last week as well). Whether this kind of test convinces NASDAQ and others to rethink their pilot programs on a public blockchain is an open question.
Governance issues with “the commons”
Over the past 4-5 weeks there are probably well over a hundred reddit threads, blog posts and Bitcoin Talk forum posts related to increasing the block size.
Instead of rehashing all of the arguments here, the decision to increase block sizes seems to boil down to two things:
Conflicts in governance (e.g., politics and special interest groups)
Subjectivity in how many nodes represent “decentralization”
The first issue is much harder, perhaps impossible to solve because no one owns the network — it is a communal, public good. Chronically lacking a clear and effective governance model, decisions are typically made based on: how many retweets someone gets, how many upvotes a poster receives, or increasingly, Six Degrees of Satoshi: how often Satoshi directly responded to your comments in the past.
We see this quite frequently with the same clique of developers using a type of argument from authority. Perhaps they are correct and one person was left “in charge” by fiat — by Satoshi one spring morning in 2011. Yet it was not Satoshi’s network to “give” in the first place — he was not the bonafide owner. No one is, which presents a problem for any kind of de jure governance.1
The second issue, in terms of how many validating nodes are needed for decentralization, this is an issue that Vitalik Buterin, Jae Kwon and several others have been talking about for over six months, if not longer.
In short, as block sizes increase in size, fewer validating nodes will operate on the network due to a number of factors but largely related to the economic costs of running them (bandwidth is typically cited as the biggest consideration). We see this empirically occur over the past 18 months on the Bitcoin blockchain (with validators dropping from over 13,000 in March 2014 to just under 6,000 today).
Appealing to amorphous social contracts
Social contracts historically fall apart due to their nebulous mandate and they also — non-governmental versions specifically — typically lack explicit enforcement mechanisms.
Bitcoin suffers from both. There is no terms of service or explicit service agreement to the end user. Nor is there a way to enforce an “ethos” onto a physically decentralized userbase.
Yet ironically several key developers are now appealing to a social contract to make decisions for how block sizes should and should not evolve.
Irrespective of what is decided on social media, there will ultimately be a solution that arises in the coming months, but not everyone will be happy.
How to solve this in the future? What are other projects doing?
Tezos, if we come to believe that it is valuable or safe (because others are using it, or is scientifically verified), has a self-amending model which bakes in governance into the code itself.
Ethereum is also trying to create specific, technical ways for “explicit governance” to direct its evolution as it achieves certain milestones. For instance, its developers plan to eventually transition the proof-of-work process into a proof-of-stake network (via a poorly marketed “bomb“).
Whether either of these projects is successful is another topic, but at least the developers recognize the governance issue as paramount to the ultimate “success” of the project.
Other projects in the distributed ledger arena, such as the “permissioned” ledgers I did a report (pdf) on earlier last month, also do not have this type of governance problem due to the fact that they each have a private sponsor (sometimes in the form of an NGO, others in the form of a company) where the buck finally, explicitly stops.
There may be non-technical ways to govern (via organizational structure), but Bitcoin’s model is both ad hoc and largely devolves into unproductive shouting matches. Is this really how a financial system and series of products is best developed? Probably not.
But this is a topic for political archaeologists to pour through in the coming years.
Other experts weigh in
Chun Wang, who is a member of the F2Pool operating team (F2Pool, also known as Discus Fish, is one of the largest mining pools), made the following comment two days ago on the Bitcoin development mailing list:
Hello. I am from F2Pool. We are currently mining the biggest blocks on
the network. So far top 100 biggest bitcoin blocks are all from us. We
do support bigger blocks and sooner rather than later. But we cannot
handle 20 MB blocks right now. I know most blocks would not be 20 MB
over night. But only if a small fraction of blocks more than 10 MB, it
could dramatically increase of our orphan rate, result of higher fee
to miners. Bad miners could attack us and the network with artificial
big blocks. As yhou know, other Chinese pools, AntPool, BW, they
produces ASIC chips and mining mostly with their own machines. They do
not care about a few percent of orphan increase as much as we do. They
would continue their zero fee policy. We would be the biggest loser.
As the exchanges had taught us, zero fee is not health to the network.
Also we have to redevelop our block broadcast logic. Server bandwidth
is a lot more expensive in China. And the Internet is slow. Currently
China has more than 50% of mining power, if block size increases, I
bet European and American pools could suffer more than us. We think
the max block size should be increased, but must be increased
smoothly, 2 MB first, and then after one or two years 4 MB, then 8 MB,
and so on. Thanks.
I reached out to Andrew Geyl (Organ of Corti) to see what was on his mind. He independently concurred with LaruentMT, who suggested re-running the tests a few more times for more data:
The transaction “stress test” was well overdue. It’s impossible to understand exactly how increasing block sizes (or even reducing time between blocks) will affect transaction confirmations if we’re only using the network to capacity, and Testnet won’t be much use.
By ensuring that there were more transactions than could be confirmed, we understand a little more about the limits of the network’s transaction transmission capacity. As soon as I get access to relevant data I’ll be trying to determine what factors limited the rate of transactions per block per second.
I think this “stress test” should be run again at some point on a Sunday (when it will have least impact on network users) and – to account for variance in block making – for longer than just 8 hours. Maybe 24 hours? If we are are warned ahead of time, this might be more palatable to the bitcoin users. Think of it as preventative maintenance.
I’d really like to have time to think about the stress test some more and to look at the numbers, but it demonstrates something that I’m pretty sure a number of people have considered before: 51% attacks are not the biggest cause for concern with Bitcoin; there are dramatically easier ways to attack the system than to build 350 PH/s of hardware.
The delays resulting from large numbers of TX’s sent to the network were entirely predictable (I did the sims months ago).
I doubt this is the only problem area. Consider (and this has been raised a lot in discussions over block size increases) that a lot of miners use the relay network. Attacking that, or shutting it down via some means would certainly set things backwards, especially if we do see larger block sizes.
Other attacks would be massive-scale Sybil attacks. I know there’s the whole argument that it can’t be done, but of course it can. It would be trivial to set up malware that turned 100s of thousands of compromised systems into Bitcoin nodes (even better if this could be done against something embedded where users don’t run malware detection).
It seems to me that the fact this hasn’t happened before is because those people interested in Bitcoin at the moment are more interested in seeing it useful than in bringing it down. When cybercriminals are extorting money in Bitcoin then they want to see it succeed too, but my guess is that if they could find some other equally anonymous way to get paid then we’d have seen some large-scale assaults, not just a few thousand extra TXs done as a thought experiment.
The problem here is that most software designers can build really good working systems. They can follow secure coding rules to ensure that their software doesn’t have resource leaks and network security vulnerabilities, but then they don’t consider any part of the system that might not be under their direct control. It’s the assumed-correct behaviour of the rest of the world that tends to be where major risks come in. Constructing a Maginot Line is a waste of time and money when the attacker bypasses it instead. In fact the perceived strengths of a defence usually lead to complacence. The stress test was a great example of this; huge amounts of time have been spent analyzing 51% attacks when this was probably the least likely attack even years ago. It’s essentially back to the crypto geek cartoon where the super-strong password is not cracked technologically, but instead by threatening its owner.
Despite what some entrepreneurs and venture capitalists have proclaimed — that there is a “scalability roadmap” — this is probably not the last time we look at this.
There are certainly proposed roadmaps that scale, to a point, but there are many trade offs. And it appears that some of the hosted wallet and payment processors that have publicly stated they are in favor of Gavin Andresen’s proposal are unaware of the impact that this type of block size increase has. How it likely accelerates the reduction of nodes and how that likely creates a more centralized network (yet with the costs of decentralization). Or maybe they are and simply do not think it is a real issue. Perhaps they are correct.
One final comment — and this is tangential to the conversation above — is that by looking at the long chain exclusion chart we observe that the additional “stress test transactions” appear as normal unchained transactions.
This is interesting because it illustrates how easy it is to inflate the transaction volume metric making it less useful in measuring the health or adoption of the network. Thus it is unlikely that some (all?) Bitprophets actually know what comprises transactions when they claim the Bitcoin network has reached “an all time high.” Did they do forensics and slice the data?
Below are my answers, a few of which may be of particular interest in light of the FinCEN enforcement action related to Ripple. For instance, are cryptocurrency payment processors — which typically claim exemption from money service business (MSB) requirements — required to comply with KYC (know your customer) and also submit SARs? Will VC funded cryptocurrency mining pools and farms be required to do KYM (know your miner) and AML to establish source of funds? See also: Lowell Ness’s discussion (video) at 20Mission last summer covering MSB/MTL and altcoins.
Q: Are the size of the circles you’ve used in the diagram proportional or arbitrary?
Mostly arbitrary. They needed to be big enough to where you can see the words, but there is some proportional aspect too. For instance, in terms of on-chain transactions we know gambling transactions as a whole are likely the largest component of transaction volume. And based on clusters identified by companies such as Coinalytics, darknet markets as an aggregate likely do more transactions than payment processors do. While exchanges as a whole also process large amounts of transactions, because it occurs off-chain it is unclear what their real volume is.
Q: Are non-KYC exchanges simply matching darknet sellers (and ‘tainted coins’) with buyers, or are they buying btc from the dark markets themselves?
Mostly the former rather than the latter. Until we find out more information about who operates the non-KYC exchanges, it is not fully clear what the motives would be for buying BTC from darknet markets. For instance, there was an “old” joke: the reason BTC-e never gets hacked is that hackers would no longer have a place to launder funds through. Yet several weeks ago BTC-e allegedly prevented funds from the Evolution hack to be withdrawn from BTC-e for a short period of time before re-enabling withdrawals. The details of how this was resolved are still unclear. Similarly, in practice “virgin” coins (newly mined coins) can be sold at a premium on sites like Localbitcoins.com as they lack any history of illicit activity. Incidentally, according to an ongoing lawsuit from Syscoin, Localbitcoins is allegedly where Alex Green/Ryan Kennedy was selling bitcoins he purportedly stole from the MintPal theft (using the name “LemonadeDev”).
Q: Are ransomware victims only buying btc from non-KYC exchanges?
It may have been a little unclear from the chart but ransomware victims also purchase coins from KYC exchanges too. Which bucket has more volume is unknown at this time. Incidentally, according to a recent interview with the BBC, a security expert at IBM thinks that the criminals behind ransomware products like Cryptolocker sell their bitcoins quickly in order to reduce their exposure to price volatility. To do so, to move into and out of fiat they will use “mules,” individuals that clean the cash and charge a fee of around 20%. This ties in to your previous question about tainted coins and non-KYC exchanges.
Q: Were there any surprises for you here when compiling the diagram, or did it confirm what you had already found through previous posts?
There weren’t any real big surprises, but what probably stood out most is where the “fiat leakage” occurs — where people take bitcoins out of circulation and purchase them with dollars or euros. The fact that this is still occurring ties back into the question that Rick Falkvinge raised 18 months ago: since we know that above-board trade is relatively subdued compared with illicit trade — if the non-KYC on and off ramps were shut down, what impact would that have on the overall Bitcoin economy?
Q: You mention the non-KYC and KYC worlds, how separate are the two now? Will they drift further as we see more regulation in the sector?
I think they are both intertwined and perhaps symbiotic for at least three reasons: 1) due to how KYM (know your miner) is not 100% mandatory globally, non-KYC’ed entities create continuous non-negligible demand for a product. 2) The prevalence of “temporary” wallets. I labeled them “burner” wallets on the chart but in many cases if a user has limited operational security (e.g., does not use Tor and a VPN) therefore they do not have much added privacy and are thus not actually “burner” but rather “temporary.” Either way, the flow through these wallets, such as Blockchain.info (whose users are not KYC’ed) back into the KYC economy create demand for above-board services. The third area are non-KYC’ed bitcoins that go to merchants who unknowingly act like “mules,” sometimes exchanging above-board products for bitcoins that had previously circulated through illicit markets. Last December Carl Mullan published a paper that describes several of the methods this is done (see p. 32).
Whether or not this bifurcation will continue is an open question. One theory articulated by Jon Matonis and others is that continual adoption and implementation of KYC/AML policies by startups will create “white listed” coins and “black listed” coins and that “black listed” coins will trade at a premium over “white listed” coins. To understand why this might occur, you have to consider the universal principle of nemo dat quod non habet (one cannot give what they do not have). Several attorneys, including George Fogg, have indicated that bitcoins are treated as general intangibles under the Uniform Commercial Code. If bitcoins are general intangibles, not currency (legal tender), negotiable instruments, or security entitlements, they it is not at all clear that bitcoins would have an exemption from nemo dat quod non habet. In other words, bitcoins would transfer subject to, rather than free and clear of, associated claims and security interests and, as a result, would not be fungible (capable of mutual substitution). Whether or not that means certain bitcoins will be treated like a hot potato is also an open question. However, if all on-ramp and off-ramps for all services become KYC/AML compliant, we may be able to answer the question raised by Rick Falkvinge above as to how much of the economy is driven by illicit trade.
Q: With regards to you using word ‘scam’, do you expect a backlash?
Not really. I don’t think scammers deserve a free pass and I don’t think I am the only one describing their aggregate impact. On any given week, both Bitcoin media outlets and mainstream news organizations cover this type of activity, there is even a subreddit, sorryforyourloss, that sometimes covers it. In addition, searching the word “scam” in the CoinDesk search bar found 176 results. In January you guys reported on academic research that found at least 42 scams involving bitcoin and a number of your reporters have likewise covered the demise of Moolah, Neo & Bee and most recently PayCoin.
Q: How much of the data was available to you publicly?
The blockchain data resides on thousands of nodes. The labels of clusters started with WalletExplorer (which is public) but the graphs and further analysis comes through Coinalytics which has its own proprietary methods. There are a few other companies that are also involved in this space including Chainalysis, who also begins by using the public blockchain. Blockchain.info publishes two charts on its “My Wallet” activity which give some indication of how much activity is occurring by their users. As far as fiat leakage, mining and activity on exchanges, a lot of this comes from social media, chat groups and anecdotes from reliable sources.
Now that you have seen a snapshot of the mainland economy and have had a chance to become acquainted with a number of industries, it is time to figure out how to transform this knowledge and information into a practical business plan.
After you begin to do your due diligence by conducting market research and performing a SWOT analysis (strengths, weaknesses, opportunities and threats), the very next step you can immediately take is to set up social media accounts as described in Chapter 12. If you are unable to read Chinese, there are a number of free online tutorials that will guide you through a step-by-step process. For example, it is highly recommended that you create a Sina Weibo account because it is the 2nd largest microblog (with over 500 million accounts) and also because Twitter is currently blocked on the mainland.12 And even though it is more person-to-person (in contrast to the mass publication ability of Weibo) because of its rapid adoption, foreign firms are also encouraged to set up a WeChat (Weixin) account due to the huge penetration rate (300 million users just over 2 years).3 In addition, you can download and use the English version of QQ instant messenger.4 As I noted in Chapter 12, QQ is the world’s largest instant messaging tool, with over 700 million users.
Once you have these two tools, you can begin to communicate with an entirely new customer base about your goods and services. And as I detailed in Chapter 12 your marketing team may even be able to utilize other sites like Youku (the leading video streaming site) as well as Pinterest (and its many clones) to help promote your brand and wares.
In addition, for other perspectives, there are several resources published the China-based foreign business community, including the American Chamber of Commerce in Shanghai, the American Chamber of Commerce in Beijing and the European Union Chamber of Commerce.5 Each of these organizations publishes insights, surveys and original research that helps illustrate the market conditions – the opportunities and challenges – on the mainland.
Questions and answers
The very first question at the beginning of this book was, should you and your company come to China?
While your own perception of the mainland may be influenced by both bullish and bearish commentary, the real answer to this question differs from case to case. There is no a priori answer for entrepreneurs. In addition, there are several other questions that you should ask before you and your company make any significant decisions.
For instance, what goods or services does your company produce that someone in China would want? What is the return-on-investment of opening a hotel, restaurant or retailer on the mainland? What are the licensing requirements for foreign businesses?6 What are some of the legal risks and uncertainties that foreign firms commonly face?
And again, while I provided a number of statistics, stories and anecdotes to address these questions, I would encourage all foreign companies to also consider these Do’s and Don’ts.
– If you hire outside consultants to conduct market research on the mainland, do your own in-house-based research as well. You do not get heart surgery without a second opinion, nor should you invest capital based on one report.
– Do not invest in China just because you heard an analyst on TV or the radio tell you too. Many analysts “talk their own book” and have other interests at play (e.g., cui bono). Wishful thinking can be a powerful opiate; and those predicting absolute certain futures would be wise to pay heed to what Niels Bohr once quipped: prediction is very difficult, especially about the future.7
– If you plan to actually do anything on the mainland that involves contracts, technology transfers or corporate structures, be sure to consult with a legal expert (see Chapter 10). Do not risk losing your assets or being cut out by suppliers because you think you understand the Chinese legal system.
– Do not invest on the mainland simply because you want to diversify due to recessions in other parts of the world or merely because hope it will be better elsewhere. Your ventures and stakes are not a guaranteed success merely because the geographical location is different. Why risk your capital without doing the due diligence first?
While you may feel the urge to jump headfirst into this new marketplace, recall what the late Coach Wooden said: failing to prepare is simply preparing to fail. And if you recall the first story in Chapter 1 from Jim Chanos, even with due diligence and cultural fluency you may run into challenges that are seemingly insurmountable. While there may be any number of other cliché truisms to repeat, there are arguably no long-term downsides to being over prepared – better safe than sorry.
You and your management team can, in the space of an hour, put together a simple step-by-step guide to moving into the Chinese marketplace. Below is an example of commonly asked questions and answers that based on several chapters of this book. The numbering and order is entirely arbitrary and will change depending on each company and market segment.
There can be any number of other questions and decision trees. This is merely an illustration of the thought processes you and your colleagues can consider as you put together a China strategy.
And finally, recall the Voltaire quote at the beginning of the book, about “the best.” You and your company do not have to be the best nor do you have to create the best business model. In some cases you can just be good enough. After all, your new local competition has succeeded and they did that without – by and large – attending professional Western business schools. If they can do that, perhaps you can too.
Takeaway: With the information, cases and examples provided in the preceding chapters, the transition from knowledge to practice is now paramount. And while there any number of ways to practice and implement a plan, fully understanding you and your company’s comparative strengths, weaknesses, opportunities and threats in a new marketplace is both risky and potentially rewarding. Tempering your enthusiasm with not just statistical facts but also advice from experienced professionals should be part of the strategic plan of any firm wanting to do business in China.
Monetizing your companies fan base from social media sites like Sina Weibo is a challenge recently discussed by Ken Hong, the general manager of the Sina Weibo platform at Sina. See Turning Brand Fans into BFFs from Thoughtful China [↩]