O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
Buckets of Permissioned, Permissionless, and Permissioned Permissionlessness Ledgers
This was first presented on July 20, 2015 at Infosys in Mysore, India with the Blockchain University team. It is a heavily modified version of a previous presentation covering the distributed ledger landscape. All citations and references can be found in the notes.
This was first presented on July 20, 2015 at Infosys in Mysore, India with the Blockchain University team. It is a heavily modified version of a previous presentation covering the distributed ledger landscape presented on June 27, 2015 for Blockchain University hosted at Pricewaterhouse Coopers in San Francisco.
I would like to thank Arthur Breitman, Richard Brown, Alexandre Callea, Pinar Emirdag, Andrew Geyl, Dave Hudson, Hyder Jaffrey, Yakov Kofner, Antony Lewis, Todd McDonald, Piotr Piasecki, Robert Sams and John Whelan for their feedback.
Original images from Dilbert.com Derivatives: https://twitter.com/jgarzik/status/598864366272806913/photo/1 And: https://twitter.com/jackgavigan/status/584413841649491970
Original whitepaper: https://bitcoin.org/bitcoin.pdf Types of tech used by ledgers: http://www.gwern.net/Bitcoin%20is%20Worse%20is%20Better Dan O’Prey quote, correspondence July 13, 2015 Sourece on mintettes: http://www.links.org/files/distributed-currency.pdf
In theory, Ripple and Stellar would meet the criteria for “permissionless.” In practice however, they currently whitelist and blacklist validators so it is technically permissioned as are the other projects on top of it (as there is no defined KYC/KYB procedure (yet) the process is de facto because a node is only listened to if other nodes trust it, the process requires a public identity).
As one reviewer noted, Ripple and Stellar: “Are kind of a hybrid between permissioned and permissionless. In essence, they are both entirely open. Anyone can operate a node and submit transactions, although the validators are likely to be known entities. Every single wallet has the capacity to issue any asset they want into the network. But each wallet that is created comes with a set of configuration tools where the holders of its issued assets can be very tightly controlled OR not controlled at all. Nobody can stop anyone from using Ripple. Nobody. But banks will KYC all their users just like they do today.”
As far as SKUChain goes, according to Zaki Manian, it’s co-founder: “While permissioned Proof of Work is adequate, permissioned byzantine agreement protocols are an enhancement and clearly necessary for running these systems at scale. We think that adopting a BGA protocol for a permissioned ledger is probably a premature optimization relative to figuring out how to make find applications for distributed ledger technologies and then creating ledgers that are sufficiently expressive to capture them.”
Source on Codius: https://bitcoinmagazine.com/20985/ripple-discontinues-smart-contract-platform-codius-citing-small-market/ And: http://hyperledger.com/posts/2015-06-25-hyperledger-acquired-by-digital-asset-holdings.html MultiChain, see page 5: http://www.multichain.com/download/MultiChain-White-Paper.pdf
Thanks to Yakov Kofner for his feedback on this slide.
Santander report: http://santanderinnoventures.com/wp-content/uploads/2015/06/The-Fintech-2-0-Paper.pdf Deutsche Bank report: http://www.dbresearch.com/PROD/DBR_INTERNET_ENPROD/PROD0000000000299039.pdf Celente: http://www.celent.com/reports/it-spending-banking-global-perspective-2
More comparisons between git and a “block chain” https://news.ycombinator.com/item?id=9436847 Other relevant comments from user ‘notreddingit’ https://www.reddit.com/r/Bitcoin/comments/3dtyvh/the_no_hands_syndrome/ct8s24q
There may be a couple exceptions to having a token on a private blockchain / distributed ledger: spam mitigation and representation of a receipt.
Nakamoto was not trying to solve problems for financial institutions. In point of fact, Bitcoin was purposefully designed not to interface with trusted third parties. To enable part of this design, trade-offs were made. Maintaining a decentralization network with Sybil protection has a different cost structure than other less decentralized methods.
One reviewer had an alternate view: “I'm not really sure which is the priority at the moment. Definitely all crypto systems are against Sin of Commission - you can't forge a transaciton unless you steal someone's key. I would personally see Deletion as harder than Omission, since once something gets into a ledger and has enough confirmations, it is pretty much impossible to reverse at the moment. Omission on the other hand is fairly straightforward for pool.”
EBA source: EBA Opinion on ‘virtual currencies’
One other challenge for DLT as shared infrastructure (pipes and storage), if goal is to avoid introducing a controlling central party again, how could governance (for directional drive, Service levels, change management, etc.)?
Special thanks to Hyder Jaffrey and Alexandre Callea for their feedback.
Personal correspondence, June 25, 2015
Special thanks to Arthur Breitman for his feedback.
Special thanks to Arthur Breitman for his insights on this slide.
Buckets of Permissioned, Permissionless, and Permissioned Permissionlessness Ledgers
Buckets of Permissioned,
Permissionless, and Permissioned
Who is developing shared, replicated ledgers and why
• Characteristics of a distributed ledger
• Motivations for building non-proof-of-work ledgers / private blockchains
• Known, trusted parties versus unknown, untrusted parties
• Unclear governance
• Scalability challenges
• Disproportional rewards from metacoins
• Where has VC funding gone?
• Opportunities for professional service firms
Questions to consider this session
• What are the design assumptions and goals for using new
• What are the client business requirements?
• Are entities and actors on the network known or unknown, trusted or
• Who is allowed or not allowed to validate transactions?
• e.g., mintettes as defined by Laurie (2011) and Meiklejohn (2015)
• Are the validators spread around globally?
• Is communication between them synchronous or asynchronous?
• Are faults tolerated? How are Byzantine faults handled?
• What type of consensus is needed? Or none at all?
Why distributed ledgers?
• There are many reasons for why companies, institutions and organizations
are interested in shared, replicated ledgers and disinterested in existing
networks or systems.
• What do financial institutions want?
• Cryptographically verifiable settlement and clearing systems that are globally
distributed for resiliency and compliant with various reporting requirements. And
the governance / versioning changes of both the network and software is clear and
• What don’t certain organizations always need?
• Censorship resistance-as-a-service and artificially expensive anti-Sybil mechanisms.
What is a “block chain” anyways?
• Neither the term “block chain” nor “blockchain” were used in the
original Satoshi whitepaper
• Many projects, both permissioned and permissionless, use the
following tech pieces:
• Public key cryptography
• Cryptographic signatures
• Cryptographic hash functions
• Hash tree
• Cryptographic time-stamps
• Resilient peer-to-peer networks
• Some projects (both permissioned and permissionless) use a type of
consensus algorithm that works by using blocks of transactions organized
in a chain
• Permissionless ledgers attempt to do so via pseudonymous/anonymous consensus
(validation); permissioned via known/trusted validators
• Some permissioned ledgers do not chain blocks as there are no blocks at all
(such as Hyperledger)
• Fun fact: Hyperledger was originally called “Mintet.com” named after Ben Laurie’s
term (mintettes) coined in 2011
• Some permissioned ledgers are explicitly “decentralized” not “distributed”
as the pieces of the ledger are not actually distributed but instead wholly
“Who defines a term? The community, the creator, the market? The
market knows 'blockchain' as a catch-all term and that's how language
evolves, by common usage.”
- Dan O’Prey, co-founder of Hyperledger (now part of DA)
Permissioned distributed ledgers / blockchains
• Blockstack (formerly CryptoCorp)
• Ldger (formerly Tillit)
• Hyperledger (acquired by DAH)
• Eris Industries
• Tembusu (TRUST)
• Guardtime (KSI)
• SKUChain* (PurchaseChain/PPOW)
• MultiChain* (Coin Sciences)
• Ripple* (discontinued Codius)
• Stellar* (potentially with their new SCP)
• Traditional tech enterprises as well (e.g., IBM)
Each is targeting different use-cases
• Syndicated loans
• Trade finance
• Supply chain provenance
• US Treasury repo
• Clearing / settling OTC derivatives and FX
• Cross-border payments
• Identity / data authentication
• Private stock / equity issuance
• Commonality: participants in these networks – including the validators
themselves – are known (via KYC or KYB) and have legal or contractual obligations
with other participants
What attracts or repels use-cases?
• Folk law: “Anything that needs censorship-resistance will gravitate
towards censorship-resistant systems.”
• Sams' law: “Anything that doesn't need censorship-resistance will
gravitate towards non censorship-resistant systems.”
• Banks are currently focused on: fulfilling compliance requirements,
reducing cost (centers), downscaling branching and implementing
digital channels. None of this requires censorship-resistance.
• In conversations with decision makers at financial institutions, three common questions
that have arisen regarding potentially using a public chain:
• What happens if you pay a fee to a Bitcoin or Litecoin miner/mining pool in a sanctioned
country (e.g., EBA concerns in July 2014)?
• In February 2015 according to Free Beacon, Coinbase was on “the hot seat” for explicitly
highlighting this use-case in an older pitch deck
• “Immune to country-specific sanctions (e.g. Russia-Visa)”
• What if the Bitcoin or Litecoin miner that processes transactions for financial institutions
(e.g., watermarked tokens) also processes transactions for illicit goods and services from
dark net markets? Any liability?
• How to identify and contact the miner/mining pool in the event something happens
(e.g., slow confirmation time, accidentally sent the wrong instruction, double-spend
• Need to be able to influence upgrades, maintenance, uptime (i.e., typical vendor relationship)
What is one opportunity for professional service
firms that build core banking infrastructure?
Finding ways to reduce cost centers for
• According to Deutsche Bank in 2012:
• “Measured as a percentage of revenues, financial services firms spend more on IT
than any other industry. Banks’ IT costs equal 7.3% of their revenue’s, compared to
an average of 3.7% across all other industries surveyed”
• According to a 2015 report from Celent:
• “Total bank IT spending across North America, Europe, and Asia-Pacific will grow to
US$196.7 billion in 2015, an increase of approximately 4.6% over 2014.”
• According to a 2015 report from Oliver Wyman / Santander:
• “[D]istributed ledger technology could reduce banks’ infrastructure costs attributable
to cross-border payments, securities trading and regulatory compliance by between
$15-20 billion per annum by 2022”
What are opportunities for Finacle?
“Finacle relies on a system of traditional accounting ledgers to serve as core banking
systems. If they want to jump into the next field of vision around innovating back end
banking system then it is an urgent imperative they understand and lead the effort to
understand this technology. Capital markets, traditional lending, trade finance, loan sales
and syndication, asset-backed finance, to loan processing and servicing using singular back
end systems for the whole of processing will see its full sunset in 10-15 years utilizing
Blockchain and ledger technology. It could effectively put them out of business.
The other advantage by utilizing Blockchain ledger technologies is that allows Finacle a
significant competitive advantage in that it allows Finacle bank customer implementations
to examine and offer new digital wallet based solutions for its retail base. It also allows for
partnership opportunities with companies in the "Internet of Things" space to help
revolutionize supply chain finance, letters of credit, factoring, export import finance and
bankers acceptance business to one of vitality to match the third world’s smaller
companies thirst to operate on scale resulting from the ledgers ability to enable a
synchronous just-in-time financing model matched to their often challenged logistics
operations and documentation to meet complicated and ever competitive global customer
demand for hard to get goods and supply.”
- Raja Ramachandran, founder of eFXPath and R3 advisor
Importance of data integrity for Finacle
“Once every generation we reach a point in which hardware capabilities evolve to make
practical, things that were previously unthinkable. When that happens the challenge is to
recognise these new possibilities, and to see that they can fundamentally change the way
we think about the world. New models of computation arise that redefine the way in
which ever-more complex systems can be constructed; they don't solve the problems of
the previous generations so much as make them irrelevant.
The last 25 years have seen a sea change in our lives, as first the Internet, and then mobile
devices, have provided us with the mechanisms to access and share information. What's
remarkable is that all this has been achieved with a model for computational information
that has barely evolved in 70 years. Fundamentally we have to trust that the data we have,
and the data held by everyone else that affects us, is correct. Our information seemingly
floats through servers, routers and switches like driftwood in a stormy sea until it
eventually reaches us. We have little or no hope of verifying its accuracy or veracity (*).
This then is the opportunity now afforded by blockchain or other crypto-ledger technology.
We can establish a new model for the way we manage our data, one that can make
information integrity and trustworthiness checking the norm rather than a questionable
(*) You might ask how in the current informational world that you can be confident you're
reading my original quote?”
- Dave Hudson, VP of Software Development at Peernova
What financial institutions are looking into
• Based on public news releases, there are at least 17 different FIs independently looking at ways to use a blockchain / distributed ledger. Note: it bears
mentioning that these are all pilot programs and does not necessarily mean any of the tech will ultimately be used. According to CoinGecko:
• CBW Bank
• Commonwealth Bank of Australia
• BNY Mellon
• LHV Bank
• Goldman Sachs
• ABN Amro
What about proof-of-work-based
What comprises a permissionless
• One common rejoinder in social media is that all organizations need is a
simple database but…
• Does anything currently in existence provide the necessary set of
cryptographic features all in one system?
• Currently, no.
• For instance, financial institutions already operate in a environment where they send
value between trusted/known participants (e.g., interbank ‘trust’ is not a core issue).
In such a private network with 15 participants each sharing and replicating the
ledger, participants cryptographically sign transactions (and/or blocks); thus ordering
and timestamps verifiable by all 15 participants.
• In the case of contracts, all code will be executed by all nodes and will be visible to
participants based on granular permissions
• (Git does not provide consensus, is a specialized Merkle tree, involves only a chain (no blocks) that
provides signing, history and distribution. Forking results in new repo.)
Blockchain does not mean Bitcoin
• Many VCs, reporters and Bitcoin entrepreneurs are ‘talking their
book’ and ‘revising history’ when they euphemistically equate a
blockchain solely with Bitcoin
• Nakamoto-style consensus is just one way to “skin a consensus cat”
• Over 30 years of academic research on Merkle trees, hash tables and
arriving at consensus in distributed computing
• Technology is iterative and Bitcoin may just remain a proof-of-concept
due to its limitations and primary focus on being censorship-resistant
above all else
Needing a token is likely a red herring
• Energy conversion (mining) may only be a requisite if validators are
unknown and untrusted; staking and surety bonds may be an alternative too
for a public network
• There are other methods of securely validating transactions based on
different design goals and assumptions that do not involve burning coal in
China or running a consumer device-based Tom Sawyer botnet
• In general, why don’t permissioned shared, replicated ledgers necessarily
need a token?
• Because they incentivize security through legally binding contracts with
validators whom have real-world identities and reputations
• Validation on proof-of-work networks involves actors who are – in the
design model – not contractually obligated to fulfill a terms of service (using
the network is caveat emptor); the marginal costs on a public network are
higher and thus the compensation model has to be different
Why not (re)use one communal chain for
Trying to turn a communal chain into a “one-
size fits all” buffet is like using a clown car
Because these are (economic) networks, not
• For the same reason organizations use different types of airplanes, boats
and automobiles – they have different needs and business requirements.
• Blockchain size is an ongoing challenge to the “one-size fits all approach” that will be
discussed later below. Impacts other chains too: Ethereum testnet is already at 30
GB, Bitcoin mainnet is 36 GB.
• And because as more value is added to a public blockchain, the more
incentives there are to attack it without going through the fan fiction
Maginot Line narrative (brute force by hashrate).
• Because of increased block maker centralization it is much easier to use
other techniques (rubber hose cryptanalysis, denial-of-service) to disrupt
• Blatant bribery / hacking of pool
• ‘An attacker can sniff the cleartext credentials in the “mining.authorize” message, credentials
may be used elsewhere across the internet and may lead to account compromise’
• Canadian router hacked via Border Gateway Protocol fooling miners ($84,000 stolen)
Block makers, by design, lack terms of service
• In the event of a block reversal or censored
transaction, there is no terms of service that mining
pools (validators) must adhere to.
• On April 25, 2015 a BitGo user, due to a software glitch,
accidentally sent 85 BTC as a mining fee to AntPool
(Bitmain’s pool operated in China)
• To resolve this problem, the user spent several days
publicly conversing with tech support (and the community)
• Eventually the glitch was fixed and AntPool – to be viewed
as a “good member of the community” yet defeating the
purpose of a proof-of-work blockchain – sent the user back
• “Who” do you call in the future? Why bother with pseudonymity?
Unintended in 2009: knowing the pseudonoymous
validators on an untrusted network?
• Below is a list of the first time a pool publicly claimed a block:
• Pool | Height
1: Slush 97838
2: bitcoinPool 110156
3: DeepBit 110322
4: Eligius 120630
5: BTC Guild 122608
And a list of the first time a pool signed a coinbase transaction:
• Pool | Height
1: Eligius 130635
2: BitMinter 152246
3: BTC Guild 152700
4: Nmcbit.com 153343
5: YourBTC 154967
A little history: Slush began publicly operating at the end of November 2010. Eligius was announced
on April 27, 2011. DeepBit publicly launched on February 26, 2011 and at one point was the most
popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.
Permissioned Permissionlessness, BINO-style
• One innovation in Bitcoin was anonymous/pseudonymous consensus
which comes with two large requirements: mining costs and block
• Mining costs fluctuate in direct proportion to token value; more “energy efficient”
proofs-of-work is a contradiction in terms
• It was designed with anonymous consensus to resist censorship by trusted
• Today several startups and VC funds have (un)intentionally turned an
expensive permissionless system into a hydra gated permissioned network
without the full benefits of either
• Also turned a bearer asset into a registered asset with full costs of both
• Result: Bitcoin in name only (BINO)
Permissioned Permissionlessness cont’d
• If you are running a ledger between known parties who abide by
government regulations, there is no reason to pay that censorship-
resistance cost. Full stop.
• The commercial logic of this (largely) VC-backed endgame seems to be:
“privatize” Bitcoin through a dozen hard forks (the block size fork is the
start of a trend)
• Is it still Bitcoin if it is forked and privatized? It is BINO.
• All of the costs of Sybil-protected permissionlessness without the benefits
(e.g., speed, lower marginal costs) of actual permissioned
Permissioned Permissionlessness cont’d
• Nearly all of the startups creating hosted wallets (e.g., euphemism for
a “depository institution”), exchanges and ‘universal’ require users to
gain permission first before providing a service
• Similarly “middleware” projects like Symbiont and Chain/NASDAQ
appear to fit into the ‘permissioned permissionlessness’ bucket due
to identification / key holding requirements
• All told, more than half of all VC funding to date has gone into
building permissioned systems on top of a permissionless network
Cryptocurrency systems prioritize mitigation of
omission (censorship-resistance) over deletion
• In contrast, any system of off-chain property titles will have to
prioritize deletion (irreversibility) over omission (censorship-
• Consequently, existing legal systems will likely never recognize a
system of property titles that can be reversed by anonymous or
pseudonomyous validators (see EBA concerns)
Future-proofing hard forks
• Because technology and usage are not static, there needs to be a way to clearly
upgrade and update both the software and network
• The BIP process (“Bitcoin Improvement Proposals”) still largely depends on altruism and
charity, neither of which is necessarily sustainable and as shown empirically, beholden to
special interest groups and their stakeholders
• Devolves into “fork by social media,” “fork by populism,” “fork by upvotes”
• Other networks have learned from this situation:
• Built around version control (e.g., Peernova)
• Built-in, explicit governance:
• Tezos is a self-amending chain
• Ethereum is attempting to “bomb” the chain to switch to proof-of-stake at a later date
• Ripple, Stellar and others have clearer governance due to explicit chain-of-command, terms
of service, real-world reputations and contractual obligations.
• Different set of challenges (e.g., identity / KYC management, trying to run this in a decentralized and
• A financial network is different than an information network.
“When it comes to long term survival, adaptability is more important
than strength. Seeing distributed ledger as mere technology is
shortsighted, they are first and foremost networks and, as such, their
governance model is paramount to their success. A decentralized
network that does not internalize its governance is condemned to
stagnation or centralization.”
- L.M. Goodman, creator of Tezos
The right tool for the right
There are trade-offs of using different types of networks
One short-term reason to hold hydrabinocoin
• Some of the stated use-cases make it self-defeating to use Xapo (e.g., using a DNM)
• But in the short-run, there are probably niche cases
• Why pay for a censorship resistant network and not use the utility?
• Because you are betting others will and you aren't personally concerned with censorship
• Example: a large US hedge fund wants to hold BTC because it believes its use will grow
on the Argentinian black market
• The hedge fund isn't particularly concerned with censorship, but they have no expertise
handling keys, so they use Xapo
• The Argentinian black marketeers are concerned with censorship, they use regular
bitcoin clients (Armory, Electrum, Breadwallet, etc.)
• Both uses make sense in this scenario
• Bearer assets are incredibly risky, that's why there's a whole industry of custodians that
tie them to identity
According to Accenture: $9.89 billion in
fintech deals done in 2014 in the US
Where has that $800+ million gone so far?
• Buying and holding cryptocurrencies (BitPay,
several hosted wallets)
• Currency conversion (any mining-related
• Turning the on-and-off ramps into
permissioned-based entries and exits
• A dozen other areas that are typical cost
centers for most startups
• Very little has been spent on actual
decentralized, permissionless interactions
Other cost centers for these BTC-focused startups
• Domain name(s)
• Legal fees (company formation)
• Office rent/lease/mortgage
• Utilities and internet access: particularly important for mining farms/pools
• Attending events
• Event sponsorships
• Marketing and advertising: user acquisition, lead generation, brand awareness
• Front-end design
• Advisory fees to banks
• Lobbying special interest groups / policy makers
• Acquiring board of Directors and Advisors
• Company outings and vacations
• Money transmitter licenses
• Insurance of virtual currencies that a company may hold in custody
• Acquiring and maintaining an inventory of cryptocurrencies
• Customer service and bug bounties: reimbursing customer for problems with R values/RNGs
• Denial of service (DOS) vandalism and extortion: commonly happens with mining pools
• Ransomware (FBI: $18 million last year via Cryptowall and others)
• Many of the science fair projects that passed themselves off as
cryptocurrency “startups” will likely burn out of capital leaving behind
IP, software libraries and skilled developers
• These libraries and IP, if there is any utility to them, will likely be
forked and integrated into existing institutions, organizations and
• Similarly, some skilled developers may benefit from labor arbitrage
due to their knowledge and experience which other larger firms lack
• In the end, just as PGP, OTR messaging and FOSS stacks like LAMP
were inspired in part by cypherpunks but ended up being used by a
bevy of non-ideologically oriented organizations, so too will some of
the moving pieces that comprise primordial blockchains
• There is room for both permissionless and permissioned systems to
coexist and grow
• Bitcoin-related startups have and will continue to teach the overall
fintech industry what works and what doesn’t
• These two different network designs are both specialized to handle
certain different types of activity and consequently have different cost
structures to secure their respective validation processes
• What permissionless enthusiasts probably should be cautious of:
attempts to turn their network into a permissioned, gated system which
is what has slowly happened to Bitcoin over the past six-and-a-half years
– all of the costs of both worlds without the benefits of either
• Agent-based modeling
results using historical
• Blue – agents that join a
• Black – non-miners
• Red – Solo miners
• In the end, agents using
pooled mining are the
At current usage rates, blocks will be
consistently filled in 18 months