Embed Size (px)
Citation preview
Blockchain 101
You've heard all the buzz and hype, but you're still not sure what's the big deal with Bitcoin and
blockchains? This one page has all the resources you need to get up to speed on the technology
and begin to learn why it matters for policy and regulation.
What's Bitcoin and the blockchain?
Bitcoin is the world's first completely decentralized digital currency, also
known as a cryptocurrency. Bitcoin introduced a technology called a
blockchain, which is a peer-to-peer distributed ledger of timestamped
transactions.
Before the invention of Bitcoin, ledgers had to be maintained by central
authorities like banks, which kept a single authoritative copy of the
ledger. This meant that users that relied on a ledger had to trust the central authority.
Bitcoin's use of a blockchain eliminates the need for central authorities and the need to trust
them. It does this by allowing each user of the system to maintain their own copy of the ledger
and keeping all copies of the ledger verifiably synchronized through a consensus algorithm.
Bitcoin explained: https://www.youtube.com/watch?time_continue=35&v=s4g1XFU8Gto
Bitcoin is designed to allow its users to hold, send, and receive money online, but
distributed ledgers can be used to do much more, including clearing and settlement
of digital asset trading, provisining of identity, and distributed computing—all
without the need for central intermediaries. The 10-minute video that follows
presents plain English explanation of these concepts and why they have the
potential to change the world.
How Blockchain Could Change Everything:
https://www.youtube.com/watch?v=maW_2QvAXzk
And this short plain-English backgrounder explains the basic concepts in simple to
understand terms.
SOME ADVANCED CONCEPTS
Now that you have the basics, you can delve a bit more in-depth into how the
technology works and what it can do. Below are links to short, plain-language
explainers covering some of the key concepts you'll need to know before you can
understand the policy implications. And BTW, we have many more plain-language
explainers on host of related concepts.
If you want to take a deep dive on the technology and what it means for the world,
we recommend a great book by two Wall Street Journal reporters, The Age of
Cryptocurrency: How Bitcoin and the Blockchain Are Challenging the Global
Economic Order by Paul Vigna & Michael J. Casey. And for an even deeper dive
into the distinction between open and closed blockchain technologies and why
open networks are essential for several exciting use cases, read our report, Open
Matters.
HOW DOES POLICY AND REGULATION FIT IN?
Traditional ledgers have centralized ledger-keepers (like banks), so it's clear who
are the responsible and regulated parties. But because open and decentralized
blockchains like Bitcoin have no central operators (just like the internet itself),
figuring out who is regulated, if anyone, requires deeper analysis. And because
traditional concepts like "custody of funds" take on new meaning given
technologies like multi-sig, what the technology allows us to do has outpaced what
the law has anticipated, so new policy thinking is in order.
Here are two resources that we recommend to get you up to speed on the
technology and the policy questions it raises:
Is Bitcoin Regulated?
This short backgrounder explains that while the technology itself can't really
be regulated, its users are certainly subject to many different kinds of
regulation.
Bitcoin: A Primer for Policymakers
This monograph by Jerry Brito & Andrea Castillo presents a high-level
overview of the technology and the regulations its use implicates.
WHAT ARE THE REGULATORY ISSUES?
The top areas of concern for regulators are:
Consumer protection
Financial surveillance and anti-money-laundering
Securities and commodities regulation
Tax compliance
Privacy and identity
Coin Center has published dozens of plain-language explainers, research reports,
and regulatory and legislative frameworks addressing each of these and other
policy areas. To learn more about each of these specific issues, please visit an
overview of our work.
What is Bitcoin Mining, and
Why is it Necessary? A plain English explanation of Bitcoin mining. From “hash” to “chain” to
“nonce,” learn the terms and become comfortable with the fundamental
process that undergirds a cryptocurrency.
BY PETER VAN VALKENBURGH / December 15, 2014
Why does Bitcoin have “Miners?”
Gold has miners because people want gold and it just so happens, unfortunately,
that most gold is deep in the earth. Bitcoin has miners because people want
bitcoins, but something here seems silly: how did a bunch of bitcoins, the tokens
of a man made invention, end up locked up in circumstances demanding mining?
What’s the point of that?
Not the Best Name
The truth is, bitcoin “mining” is a misnomer. When gold is mined, nothing is
achieved beyond the discovery of new gold. When bitcoins are mined, however, a
valuable service is provided to the Bitcoin network: decentralized transaction
recordation and validation.
Double Spending
Bitcoin relies on miners to record and validate transactions because of a particular
problem inherent in any system of digital currency: double spending. Double
spending is the high-tech incarnation of counterfeiting. Say, for example, that a
currency user, Alice, has a $5 note and she gives it to Bob. Can Bob be sure that
he’s received $5 rather than a forgery? In the physical world, probably. In the
digital world, probably not.
In the physical world, Alice would have to find paper, ink, and machines capable
of making a convincing duplicate of her $5. The cost of that activity, alongside
moral scruples and the threat of arrest, keeps counterfeiting in check.
In the digital world, however, a computer file version of a $5 note, like an MP3 file
or an MS Word document, can be copied perfectly at effectively no cost. There’s
no way to tell which file is the original, and the ease of copying means counterfeit
currency could rapidly overrun the economy.
To fix this, the inventors of Bitcoin designed a system of network interactions, a
protocol, that checks each putative Bitcoin transfer against a public ledger called
the blockchain. A crook can try and resend already spent bitcoins until they’re blue
in the face; if those transactions don’t check out, however, miners won’t record
them and the community ignores the attempt at fraud.
How Does Mining Work?
Listening for Transactions
Bitcoin miners connect to the Bitcoin network like telephone operators. Miners use
their computers to listen for transaction requests across the entire network and
assemble a list of valid transactions.
Bitcoins are not sent and received like file attachments in an email. There are no
files at all, only assignments of bitcoins made to various public addresses. Each
public address has a matching private key and only the holder of that key is
capable of digitally signing a new transaction request. Additionally, the request
must have inputs. Inputs are the previous transactions that the sender is using to
fund the new transaction. If you previously received five bitcoins from Alice and
four from Bob, you can list these inputs to fund a new transaction to Cynthia of up
to nine bitcoins in value.
Miners check two things when they hear your request. First they check to make
sure that your digital signature proves that you were actually the recipient of those
inputs. Second, they check to make sure that you’ve not already spent those inputs.
To perform this second check, miners peak at a public database of all valid past
transactions, called the blockchain, to see if those inputs were already used in a
transaction or if they are still available. Copies of this blockchain are stored on the
computers of all Bitcoin users that connect to the network.
Thus, miners are playing the role of bank tellers: inspecting checks, making sure
all the appropriate signatures and account numbers are there, checking the
customer’s ID, and looking for proof that the customer has enough cash-on-hand to
fund the transaction.
Completing a “Block”
If everything checks out, the miner will add the transaction to their personal list of
all valid transactions over the last few minutes. Every few minutes, one miner will
be selected to add their personal list, a block, to the official blockchain, thus
keeping the public record up to date.
To prevent miner’s from fraudulently corrupting the blockchain, the Bitcoin
protocol makes miners compete. A different miner is empowered to write each
block, roughly every 10 minutes, and only valid blocks will be accepted by the rest
of the mining community. Here’s how that works:
Guess and Check the “Nonce”
A miner’s block will become a part of the chain whenever a majority of the
community of miners agree (A) that the transactions listed by the miner are valid—
no signatures from impersonators and no double spending—and (B) that the miner
correctly guessed a special number, the nonce, that solves a particular math
problem. Miners perform this check by looking at the proposed block’s
particular digital signature. This signature is a computer generated product of
three inputs, (1) the signature of the predecessor block, (2) a list of valid
transactions since that predecessor, and (3) a particular random number, called a
nonce.
To understand it all, we need a bit more information about digital signatures.
Signatures operate by using “hash” functions. At their simplest, hash functions are
math equations that take any given input and create a seemingly random output
that will always correspond to that particular input.
The hash function used by Bitcoin is called SHA256. Using that function, the input
text:
“This is a hash!”
will always output this string of characters:
“dcc67309a9c5c4a6d5434de87dbd4162f745f32b2a6aedf89c89d31d863b022b”
You can try it yourself by visiting an online hash calculator; if you type in “This is
a hash!” without the quotes you’ll get the same specific string of numbers and
letters.
If a hash function is well written, any change to the inputs will drastically change
the output string, and different inputs would never output the same string. By that
standard, SHA256 is very well written. For example, changing our input “This is a
hash!” even slightly results in entirely different outputs:
“This is a hash!” =
“dcc67309a9c5c4a6d5434de87dbd4162f745f32b2a6aedf89c89d31d863b022b”
“This is a hash?” =
“d43edbde4b15a97e780c1a9e1392b2c4601750fe03db543b3c4c44624d277641”
“This is a hash brown.” =
“5692e888b50c526f7eb95342a6fd56760b2ff95a766414562daa4083bab8bcfc”
Therefore, if the inputs for a new block’s signature are the signature of the
predecessor block and a list of recent transactions, the output will be a unique
string that could only have been made from that exact data. Because it is the
unique product of those inputs, that signature can be used to prove that the
transactions therein described happened in a given order: within the current block
or some previous block. Try and change the order by making up phony past blocks
and the signature will no longer match. This allows the particular beneficiary of a
transfer to prove that they were the first to receive the coins; any subsequent
double spending of those coins is fraud.
All miners, however, are capable of writing a signature composed of the previous
block’s signature and the new transaction list very quickly using their powerful
computers. How do we pick a winner at regular intervals to make them compete?
The solution is to ask for a string that will be difficult to generate quickly,
a specific sort of output string, one that starts with a certain number of zeros, like
this:
“0000000000000xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
That long line of zeros at the start of the hash is statistically improbable, like
flipping a coin and getting heads thirteen times in a row. Nonetheless, there is a
particular combination of inputs that will result in a hash output that starts with all
those zeros. The combination will involve a particular random number called the
“nonce” that miners will have to guess.
The miners repeatedly hash their two known inputs (the previous block signature
and the list of new transactions), along with guesses at the random nonce.
Eventually, one miner will happen upon a nonce that will give them a signature
with the requested number of zeros at the start.
Miners that use more powerful computers can make guesses faster, and, like
buying more lottery tickets, these miners will be more likely to win the race to find
a particular hash. This is why miners can compete with each other by investing in
more powerful computers. More tries at the hash equals more blocks written to the
blockchain over time. To prevent blocks from being written too quickly or too
slowly as more or less computing power is used by miners, the protocol is adjusted
every two weeks to demand a longer, harder to guess, or shorter, easier to guess,
string of zeros at the front of the hash. The target for those adjustments is
generation of a new block every ten minutes.
Whenever a miner solves a block by writing a signature with enough zeros, they
broadcast it and the other miners validate the solution and check to make sure that
the transactions listed are all valid. If it all checks out, miners will begin competing
to solve a new block using the last block’s signature as an input.
Rewards
That brings us, at last, to the question of why miners mine. This answer is actually
simple, miners mine because the writer of a new block in the blockchain has
permission from the protocol to give herself a reward of brand new bitcoins, called
a coinbase transaction. That reward started at 50 bitcoins per block. Every four
years the protocol is adjusted, reducing the reward by half. One day the reward will
be very small, but miners can also be rewarded by collecting fees volunteered by
users that request transactions.
Summary
We’ve discussed why mining is necessary: to stop double spending by creating a
ledger of all transactions, the blockchain. We’ve also learned, in simplified terms,
how mining actually works. In future, we’ll discuss what happens when miners
collaborate to mine blocks, forming mining pools, and discuss the cryptography
involved more thoroughly.
Peter Van Valkenburgh is Director of Research at Coin Center.
What is Multi-Sig, and What Can It
Do?
Multi-sig holds enormous potential: trustless escrow, trustless margin, and robust security for
consumers, businesses, and anyone who holds or wants to hold bitcoins.
BY BEN DAVENPORT / January 1, 2015
Introduction
Bitcoin is stored in “addresses” which are based on public/private ECDSA key
pairs. For most of Bitcoin’s history, each address was based on a single private
key. Even at the time of writing (November 2014), 97% of Bitcoin is stored using
single-key addresses. These addresses (aka “standard addresses”), can be
recognized by the fact that they always start with a “1.” Anyone who knows the
one private key corresponding to a given single-key Bitcoin address can move
those funds — period. It’s often said that possession is nine-tenths of the law, but
with Bitcoin, possession of the private key is the law, since transfers are effectively
irreversible. As far as the Bitcoin network is concerned, if you possess the private
key for an address, you are authorized to move funds. This black-or-white
nature of single-key storage has led to a number of critical problems for Bitcoin.
Problem: Security
At the simplest level, a single-key Bitcoin wallet is little more than a collection of
private keys which allow the user to spend his or her bitcoin, while attempting to
keep those keys safe from theft. Keys for a single-key wallet are typically
generated and stored on a single machine, using encryption to secure them while
on disk. However, despite taking best practices for securing keys, any machine
which stores a single-key wallet represents a single point of failure. If the wallet
file can be stolen, the encryption can be attacked offline, or the hacker or malware
can simply lie in wait and key-log the user’s password. As Bitcoin has grown more
valuable, existing malware has been re-engineered to specifically target Bitcoin
wallets. It is this fundamental security risk of single-key storage that has led to the
development of elaborate protocols for generating and storing keys completely
offline, in physical vaults (generally referred to as “cold storage” in the industry.)
However, cold storage has its own risks and weaknesses. If the random number
generator (RNG) on the single machine used to generate the key had weaknesses,
funds may be at risk even without any breach of the machine itself. Offline cold
storage solutions do alleviate some security concerns, but at the expense of
introducing significant operational burdens.
Problem: Access Control
How can businesses effectively use Bitcoin? Businesses usually delegate
responsibility for technology integration to their IT staff. But offloading
responsibility for a Bitcoin wallet to the IT department is like leaving a pile of
$100 bills on a table in the middle of the office. Since anyone with access to the
keys can move the money without leaving a trace, if multiple people have access to
the keys, there is no real way to achieve accountability or prevent insider theft.
Bitcoin’s history is littered with insider thefts which are publicly claimed to be
external hacks. The Bitcoin businesses which have successfully avoided theft have
tightly controlled the number of people who have access to the keys. They have
relied on the principals of the businesses to be the ultimate gatekeepers, as well as
using physical safeguards and key-splitting techniques to ensure a single person
cannot transact on his own. But for larger businesses to embrace Bitcoin, it is not a
tenable solution to require the CEO and CFO to be involved in every transaction.
Organizations need to be able to define their own internal policies on who can
transact, for how much, and with whose approval. They need the type of
controls that they would be able to have with standard corporate treasury banking
software. One way to achieve such controls is to delegate complete custody of the
business’s Bitcoin to another entity, essentially a Bitcoin bank. But there is also
another way.
The Solution: Multi-sig
Since early 2012, Bitcoin has had an alternative to single-key addresses. Around
that time, a new type of address called pay-to-script-hash (P2SH) was defined and
standardized. P2SH addresses can be recognized by the fact that they begin with a
“3” instead of a “1.” Among the functionality supported by P2SH addresses is the
ability to require multiple private keys in order to transact, known as multi--
signature, or more commonly, multi-sig. A P2SH address can support arbitrary sets
of N keys, any M of which are required to transact — this is commonly referred to
as “M-of-N.” In practice, the blockchain does enforce some limits as to the size of
N, and by far the most typical multi-sig implementations are of the form 2-of-2 or
2-of-3. (Note that using this terminology, a single-key address would be considered
1-of-1.) The easiest real-world analogy for explaining multi-sig is a safe deposit
box with 2 keys, one held by the customer, the other held by the bank. In order to
open the box, both keys are required, making a safe deposit box analogous to a 2--
of-2 multi-sig address.
There are some immediate advantages that can be gained from using multi-sig
technology. First, we can completely eliminate single points of failure by ensuring
that the keys for an address are generated and stored on completely separate
devices. For instance, one key might be generated on the user’s laptop, while the
other is generated on the phone, making it necessary to have both devices in order
to transact. Malware which infects the laptop cannot steal any funds, because it
does not have the key stored on the phone. Secondly, we can achieve redundancy.
In the previous scenario, what happens if the user loses their phone?
If a third key were kept offline in a vault, and a 2-of-3 scheme were used, then the
user could tolerate losing either device, and still manage to recover his funds using
the remaining device in conjunction with the offline key. Third, we can begin to
address the access control problem. A husband and wife can construct a multi-sig
wallet which requires both of them to transact, while a 3-person partnership can
create a wallet which requires at least 2 of them to be in agreement. Additionally,
entirely new possibilities can be unlocked by multi-sig technologies — consider
the following scenarios.
Trustless Escrow
Alice wants to send Bitcoin to Bob, but only if Bob delivers the merchandise he
has promised. Bob wants to ensure he is paid for his merchandise. They both trust
Trent to adjudicate a dispute but do not wish to trust him with the funds. They
create a 2-of-3 multi-sig address with one key each from Alice, Bob and Trent. If
the transaction goes smoothly, Alice and Bob can jointly release the funds without
Trent’s involvement. If there is a dispute, Trent can adjudicate, and can move the
funds in conjunction with either Alice or Bob. During the course of the transaction,
the Bitcoin is effectively in a kind of limbo, since no one person can move the
funds on his own.
Organizational Limits
A company desires to set up a Bitcoin wallet accessible by 3 of its employees, but
require 2 of them to be involved on any transaction exceeding $5,000. In order to
do so, it creates a 2-of-2 multi-sig address where it holds one key, and an outside
policy-enforcement service holds the other key.
When one of the three employees wishes to transact, he signs the transaction with
the company’s key, authenticates to the service, and requests a co-signature. The
policy service uses the pre-arranged spending limit to determine whether to co-sign
the transaction or to request a secondary approval from one of the other two
employees. The service cannot steal funds, but it can block the company’s ability
to transact. If that is not desirable, the company can instead use a 2-of-3
configuration in which another employee or security officer retains an additional
backup key which allows the company to recover the funds in the case the policy
service becomes uncooperative.
Trustless Margin
A user wishes to trade on an exchange, but does not wish to entrust full custody to
the exchange, since he does not fully trust their security measures. He establishes a
2-of-2 wallet in which he and the exchange share a single key, and an outside
policy-enforcement service holds the other key. He deposits Bitcoin into the wallet
which the exchange allows him to use as margin for trading, loans or other
purposes. The role of the policy enforcer in this case is to ensure that the customer
cannot withdraw funds while he has outstanding ordersor unsettled trades, while
assuring the customer that the exchange cannot unilaterally steal or lose all funds.
As the above scenarios demonstrate, multi-sig can strongly benefit both individuals
and organizations in improving security, establishing access controls, and enabling
the delegation of partial trust. As exchanges and other businesses begin to enable
customers to deposit without fear of loss, there will be increased consumer
pressure on other businesses to adopt similar technology. And if the risk of loss can
be minimized, there should be substantial benefits to transparency and liquidity
across the entire ecosystem. For these reasons, it is anticipated that the majority of
Bitcoin will, over time, be moved to P2SH multi-sig addresses.
In the traditional world of finance, a custodian is a trusted third party who holds
assets on behalf of another. It’s important to note that with Bitcoin, there is no
longer always a clear custodian of funds. In a 3-of-3 multi-sig wallet where Bank
of America, JP Morgan and State Street each hold 1 key, who is the custodian?
With Bitcoin, final custody lies only with the blockchain, which is, of course,
decentralized itself. As a consequence, lawmakers and regulators will need to
understand this new paradigm as they best determine how to adapt existing
regulations and create new ones.
Ben Davenport is co-founder and chief product officer of BitGo, a leading multi--
sig Bitcoin security company.
What are Forks, Alt-coins, Meta-
coins, and Sidechains?
Peter Van Valkenburgh, Coin Center’s Director of Research, clarifies some terminology and
explains some technical concepts from the ever-changing universe of Bitcoin-derived
innovations.
BY PETER VAN VALKENBURGH / December 8, 2015
Perhaps the most exciting aspect of cryptocurrency technology is that it is entirely
open for experimentation—there’s no patent or copyright to license, no university
or corporation from which to seek a job, no exclusive membership fee to pay.
Anyone with a computer and an Internet connection can develop and share her own
currency, her own vision of the future. The openness of this system makes it
vibrant but it also can make it confusing. Forks, alt-coins, meta-tokens, sidechains.
. . what does it all mean? This backgrounder is designed to clarify some
terminology and explain some technical concepts from the ever-changing universe
of Bitcoin-derived innovations.
Forks
Fundamentally, Bitcoin is merely software running across a network of peers that
creates and maintains a shared ledger accounting for holdings of a scarce token.
Bitcoin’s network software is open source, so it can be duplicated and modified.
These modifications can result in software that remains compatible with the
Bitcoin network or that ceases to be compatible. Changes that do not break
compatibility are sometimes referred to as changes to the software’s policy rules.
Changes that do break compatibility will necessarily be changes to the
software’s consensus rules—referring to the rules upon which the entire network
must agree.
An example of a policy rule could be: refuse to relay transactions with fees below
a certain amount. Some examples of the Bitcoin consensus rules are:
Miners of new blocks may only create a certain number of new bitcoins;
currently 25.
Transactions must have correct ECDSA signatures for the bitcoins being
spent.
Transactions/blocks must be in the correct data format.
Within a single blockchain, a transaction output cannot be double-spent.
Creating any custom modification of the core software is called “forking” the
code. The term “forking” is tricky in the context of cryptocurrencies because it is
also used to refer to a split in the network’s shared ledger—a “fork in the
blockchain.” These are two distinct concepts that can be easily confused.
Running forked software that does not alter the consensus rules does not “fork” the
blockchain; users of such forked software will still agree with the existing Bitcoin
network over the state of transactions on the ledger. By contrast, running forked
software that does alter the consensus rules will result in either a brand new
blockchain or a fork of the Bitcoin blockchain (depending on whether the software
recognizes previously mined blocks in the Bitcoin blockchain as authoritative).
Peers running such new software will recognize an alternative set of confirmed
transactions (as compared with the list of Bitcoin transactions on the Bitcoin
blockchain) on their own network as authoritative.
Alt-coins
Whenever a group of networked peers persist in running a forked version of
Bitcoin with alternative consensus rules, and—therefore—a new alternative
blockchain, these peers will effectively be running a new cryptocurrency. This new
blockchain will account for holdings of a new scarce token often called an “alt-
coin.” Some notable examples of alt-coins forked from Bitcoin’s original code
include Litecoin, Dogecoin, and Peercoin.
Rather than fork a version of Bitcoin software, a developer may also start from
scratch in order to create a new cryptocurrency, selectively borrowing elements of
prior cryptocurrency software or writing the code anew. These cryptocurrencies
will also often be referred to as alt-coins. A notable example of a recent from-
scratch alt-coin is Ethereum.
Meta-coins
Finally, in order to provide some specific consumer or enterprise service that
would benefit from an open, shared, and irreversible ledger—a blockchain—a
developer could create a protocol that is built on top of an existing cryptocurrency.
By way of example, the Counterparty system is built on top of Bitcoin’s
blockchain. These second-layer systems may also utilize their own provably scarce
token—in the case of Counterparty, XCP—and they may also allow individual
users to create new varieties of that scarce token for his or her own particular
purposes.
Using Counterparty, for example, a person could create tickets to her own concert,
sell those tickets online as unique tokens on the Counterparty protocol, allow
buyers to further sell and resell the ticket-tokens, and then admit to the
performance only those who can verifiably show that they are the final holder of a
ticket-token according to records kept in the Bitcoin blockchain and interpreted by
the Counterparty protocol. This simple use-case (digital ticketing) seems
unextraordinary until one realizes that it is accomplished without a centralized
entity or company, like Telecharge or Ticketmaster, keeping the books and
charging a fee.
In theory, Bitcoins themselves (or tiny fractions thereof) could be used to represent
these hypothetical tickets. Such representative bitcoins are sometimes referred to as
“colored-coins,” because they can be likened to real coins that are painted red and
passed about the room to represent something beyond their nominal value (say,
permission to speak at the meeting). The Bitcoin protocol, however, does not make
it easy to add verifiable notes or rights to a particular bitcoin as it travels across the
blockchain. Instead, it is designed to do one thing well: transmit simple value,
transmit unmarked bitcoins. So, if a ticket seller wanted the ticket to only be
transferable once, or only by authorized resellers (i.e. to prevent scalping), or if the
seller wanted the ticket to be provably scarce, or recallable in the event of some
malfeasance on the part of the holder, then a colored coin use of Bitcoin would be
a poor solution. Counterparty and other such meta-tokens or meta-platforms can
make it easier to create these blockchain-based assets alongside verifiable rights
and limitations, by allowing the user to “color” the meta-token rather than a bitcoin
itself.
You don’t need a meta-platform to build these tools. Plenty of stand-alone alt-
coins—most notably, Ethereum—have these beyond-Bitcoin features built-in, but
some argue that network effects make building on top of Bitcoin—the original and
still most-used blockchain—a safer bet.
In order to create the initial meta-tokens (XCP) that would travel on the
Counterparty protocol atop the bitcoin blockchain, the protocol’s developers did
something interesting: they enabled any existing bitcoin user to obtain XCP by
provably “burning” or destroying some amount of bitcoin, this is referred to as a
proof-of-burn. The purpose of this setup was to create a fair initial distribution of
XCP tokens, and avoid a situation where Counterparty developers (by selling
XCP) would be enriched—perhaps unfairly—before the platform bore any real
fruit.
Many technologists have praised Counterparty’s use of proof-of-burn as superior
to the typical alt-coin model. In previous alt-coin offerings, a new protocol for
scarce digital assets is unveiled, and the initial tokens are auctioned off to the
highest bidders, much to the profit of developers, and, potentially much to the
detriment of the buyers should the platform not succeed and the value of the tokens
ultimately go to zero. Basing the initial distribution on a proof-of-burn system, by
contrast, does not carry the same promise of quick profits for developers.
Some, however, have felt that the destruction of bitcoins created a dangerous
precedent that could lead to deflation or further abusive mis-uses of Bitcoin.
Additionally, even in a proof-of-burn arrangement the early investors and users can
still lose their entire holdings should the platform fail to materialize. Ultimately,
the desire to allow for new blockchain-based services, a fair initial distribution of
new tokens, and reticence to substantially increasing the functionality of the
bitcoin blockchain culminated in the development of sidechains.
Sidechains
A sidechain is effectively an alt-coin (i.e. a different blockchain keeping track of
the movements of a different batch of scarce tokens), but it has a pegged exchange
rate with Bitcoin. To use the sidechain, a user sends her bitcoins to a special
address on the Bitcoin blockchain, at which point that bitcoin will be immobilized
and a token on the sidechain will be released to a sidechain address that is
controlled by the same person. The same happens in reverse. A user of the
sidechain can send the sidechain token to a special address that will immobilize the
token and release the corresponding bitcoin on the bitcoin blockchain back into her
control. This “conversion” occurs without trusted intermediaries because it relies
solely on mathematically provable statements (x bitcoins have been sent to y
bitcoin address; x sidechain tokens have been released from y sidechain address).
These are referred to as Simple Payment Verification (SPV) proofs on the two
(bitcoin and sidechain) decentralized networks. Given the fixed conversion rate,
and the automated/deterministic process for conversion, it may be more
appropriate to think of sidechains as new blockchains that the user can simply
move her bitcoins into and out of at will.
The primary downsides to the sidechain approach are technical challenges.
Ensuring that pegged bitcoins can be recovered by honest sidechain users, and
never dishonestly recovered by interlopers, requires a sophisticated technical
arrangement and, for the most secure implementation, minor adjustments to the
Bitcoin protocol itself—something that will ultimately require the political will of
the community to enact.
At least for the present, this describes the full landscape of cryptocurrencies.
Where we go next is uncertain, but that’s the price we pay for permissionless
innovation.
Peter Van Valkenburgh is Director of Research at Coin Center.
Is Blockchain Different than Bitcoin?
Richard Gendal Brown, Chief Technology Officer at R3 CEV, discusses different types of
blockchain innovation.
BY RICHARD GENDAL BROWN / January 20, 2016
To understand this question, it’d be helpful to first think about a much older
revolution in payments technology. . . cash.
Super-Cash!
Cash has an obvious, yet extraordinary super-power. I can hand it to anybody near
me and value will be transferred instantly, directly, peer-to-peer, person-to-person.
Settlement, with finality, using central bank money. And nobody else need know.
And nobody can stop me.
But this super-power only works at close distance. If I want to transfer value to
somebody in a different town or in a different country, I need to trust other people.
Sure: I could put the cash in an envelope and post it. But even then I’d have to trust
the postal service.
Or I could use a bank. But I’d be trusting them to be good for the money. And I’d
have handed over control: if my name’s on the wrong list, the bank would be
obligated to seize my funds. And if you’re on the wrong list, the bank will refuse to
transfer the money to you…
This is because “digital” money is not the same as physical cash.
And the world’s financial plumbing—payments systems, correspondent banking,
SWIFT, etc.—is a direct consequence of this observation: physical cash really is
fundamentally different to every other form of money: only physical cash is a
bearer instrument. And only physical cash can be transferred without permission –
censorship-resistant.
Or so we thought until Bitcoin. A curious email to an obscure cryptography
mailing list at the end of 2008 said something quite audacious. The email, from the
hitherto unknown Satoshi Nakamoto heralded the arrival of Bitcoin and the advent
of “purely peer-to-peer electronic cash”.
We all know the story of what happened next.
Except… what many people have missed is that the choice of the word “cash” in
that email was absolutely critical and absolutely deliberate. What this email
announced was the arrival of a digital bearer asset that is censorship resistant.
Digital cash. A digital asset that you can hold outright, with no risk of confiscation,
and which you can transfer to anybody you choose without permission from
anybody else.
And the funny thing is: the architecture of Bitcoin flows almost trivially
(almost…!) from this requirement. Proof-of-work, the peer-to-peer network,
mining, the mining reward, the blockchain. The lot. It’s as if the genius of Bitcoin
was to ask the question.
But why say this in 2016? This exact same thing could have been said at any point
from 2009 until now. There’s nothing new here. Except, nobody asks the obvious
question:
Who actually wants a censorship resistant digital bearer asset? Well… some people
do, of course. But none of them are banks or corporates. At least, I’ve not yet met a
bank that wants this. So why are so many banks, corporates, VCs and startups
spending so much money in this space?
I think there are two completely distinct reasons and that the world of “blockchain
technology” is actually two completely different worlds—the world of bitcoin and
the world of banks. Each has different opportunities and different likely winners,
and those who don’t realise this might be about to lose a great deal of money. So
let’s look at these two worlds one at a time.
The World of Bitcoin.
We should probably be realistic here. Bitcoin is not the solution to Greece’s crisis
and it won’t immediately bring finance to the world’s poor. But it turns out that
censorship resistance is extremely valuable, even for people who don’t think they
need it.
Because censorship resistance implies openness, it implies permissionless
innovation not just permissionless use. Anybody or anything can connect to an
open network like Bitcoin to own and transfer value. And anything that is open,
standardized, owned by nobody, and useful smells very much like a platform.
And, as with the PC or the Internet, we’ve seen how those stories about open
platforms tend to play out: without a gatekeeper even the scruffiest of garage-based
inventors gets a chance to share their idea with the world. And even if only one in
a million scruffy inventors ever has the genius and the luck to be a Jobs, Gates, or
Musk, we can all expect to benefit massively from the freedom that an open
platform provides.
But notice something else: Bitcoin is worse than existing solutions for all the use-
cases that banks care about. Openness has a cost. It’s expensive. It’s slow. And it’s
“regulatorily difficult.” And this is by design.
So this makes it doubly interesting. Because it means Bitcoin is probably worse
than existing solutions for all the things most firms care about but vastly better for
one single use-case (open access to value transfer) that could be very useful for
some people–especially innovators.
Isn’t that pretty much the definition of a disruptive innovation? Something that’s
worse for existing use-cases but solves a niche use-case very well? So, if this is
true, we should expect to see adoption of Bitcoin come from the margins, solving
marginal problems for marginal users.
But disruptive innovations have a habit of learning fast and growing. They don’t
stop at the margins and they work their way in and up. So this is why I think so
many of the big-name VCs are so excited about it.
So the incumbents should be keeping a very close eye on what’s going on. If
anything in this space is going to disrupt them, it will probably come from this
world. But it’s perfectly understandable that vanishingly few of them are actually
engaging deeply in this world.
So if Bitcoin isn’t why banks are looking at this space, what are they looking at?
How have so many people convinced themselves that there is something of interest
here that is “separate” to Bitcoin or systems like it?
At this point, it’s customary to observe sagely that “of course, the real genius of
bitcoin was the blockchain; that’s where the value is”. But I’ve discovered
something rather amusing. If you push the people who say this, and ask them what
they actually mean, most of them can’t! And yet… whether they understand why
or not, they are actually on to something.
It comes down to how bitcoin delivers on the design goal of “censorship resistant”
cash. Imagine Bitcoin didn’t already exist and you were asked to design a system
of censorship-resistant digital cash. How would you do it? Well… you couldn’t
build it around a central database: it could be shut down. That doesn’t sound very
censorship resistant. And you couldn’t rely on a network of trusted people around
the globe since they could collaborate to block your transactions. And in any case,
who would control the identity system that helped you be sure these people were
who you thought they were in any case?
It turns out that the answer is quite unexpected… and it’s something I’d bet almost
all engineers would consider completely mad. The answer is that you get
everybody who fully participates in the system to maintain a full copy of the
ledger. And every time somebody, anywhere in the world, spends some bitcoin,
we’re going to inform everybody who’s maintaining this ledger and they’re going
to store a copy of that transaction too.
Bitcoin essentially runs on a massively replicated, shared ledger. (The trick is in
keeping it consistent, of course…) It sounds insanely inefficient and expensive,
and perhaps it is. But we also have to ask ourselves: inefficient and expensive as
compared to what?
And this leads us to the other world.
The World of Banks
Just look at the state of banking technology today—payments, securities,
derivatives… pick any one. They all follow the same pattern: every bank has built
or bought at least one, usually several, systems to track positions and manage the
lifecycle of trades: core banking systems, securities settlement systems, multiple
derivatives systems and so on. Each of these systems cost money to build and each
of them costs even more to maintain. And each bank uses these systems to build
and maintain its view of the world. And they have to be connected to each other
and kept in sync, usually through reconciliation.
Take even the simplest OTC derivative contract: it is recorded by both sides of the
deal and those two systems have to agree on everything for years. Very costly to
operate.
But what if these firms—that don’t quite trust each other—used a shared system to
record and manage their positions? Now we’d only need one system for an entire
industry… not one per firm. It would be more expensive and complicated to run
than any given bank-specific systems but the industry-level cost and complexity
would be at least an order of magnitude less. One might argue that this is why
industry utilities have been so successful.
But a centralized utility also brings issues: Who owns it? Who controls it? How do
the users ensure it stays responsive to their needs and remains cost-effective?
The tantalizing prospect of the blockchain revolution is that perhaps it offers a
third way: a system with the benefits of a centralized, shared infrastructure but
without the centralized point of control: if the data and business logic is shared and
replicated, no one firm can assert control, or so the argument goes.
Now, there are lots of unsolved problems: privacy, performance, scalability, does
the technology actually work, might we be walking away from a redundant
(antifragile?) existing model? Who will build these platforms if they can’t easily
charge a fee because of their mutualised nature? Difficult questions.
But see: this has nothing to do with funny internet money, bitcoin or censorship-
resistant digital cash. It’s a completely different world.
Two Revolutions for the Price of One
The blockchain revolution is so fascinating because it could actually be two
completely different revolutions… both profound in their implications:
Censorship-resistant digital cash providing a new platform for open,
permissionless innovation driven from the margins. And industry-level systems of
record driving efficiencies for incumbents.
Neither of these are “sure things”… they are both high risk speculative bets… but
they’re also very different bets.
Richard Gendal Brown is Chief Technology Officer at R3 CEV. The views shared
here don’t necessarily represent R3’s positions, strategies or opinions.
What is Ethereum?
Vitalik Buterin, creator of Ethereum, explains what this new technology is and what the
vision of a shared world computing platform could one day make possible.
BY VITALIK BUTERIN / March 9, 2016
In a nutshell, Ethereum is a new innovation in computing built from technologies
and concepts originally pioneered in Bitcoin. Bitcoin is widely understood as a
system for generating a shared world ledger that securely records bitcoin balances.
Ethereum uses many of the same systems (such as blockchains and peer-to-peer
networking) in order to generate a shared world computing platform that can
flexibly but securely run any application users want to code (shared ledgers like
Bitcoin included). To better understand what that means, let’s first go back to the
beginning.
Satoshi Nakamoto’s development of Bitcoin in 2009 has often been hailed as a
radical development in money and currency, being the first example of a digital
asset that simultaneously has no backing or “intrinsic value” and no centralized
issuer or controller. However, another, arguably more important, part of the
Bitcoin experiment is the underlying blockchain technology as a tool of distributed
consensus, and attention has already greatly shifted to this piece of the puzzle.
Commonly cited alternative applications of blockchain technology include using
on-blockchain digital assets to represent custom currencies and financial
instruments (“colored coins”), the ownership of an underlying physical device
(“smart property”), non-fungible assets such as domain names (“Namecoin”), as
well as more complex applications involving having digital assets being directly
controlled by a piece of code implementing arbitrary rules (“smart contracts”) or
even blockchain-based “decentralized autonomous organizations” (DAOs).
Prior to Ethereum, there were already many projects that were trying to use
blockchain technology for some of these applications. However, they were all very
limited, restricting themselves to supporting only one or a few specific
applications. The core idea behind Ethereum that allowed it to get past those
limitations was this: instead of having many blockchain protocols, each supporting
a few applications, or even one blockchain protocol supporting a large list of
applications, we can have a blockchain protocol with a built-in programming
language, allowing any application to be written on top, and its rules enforced by
the blockchain. This way, the protocol can not only support all of the applications
that have been developed so far, but also newer ones that will be created in the
future that we have not yet imagined – allowing developers to innovate on top of
blockchain technology with far less effort and far more speed than was possible
before.
Whereas Bitcoin is sometimes described as a “world wide ledger”, albeit restricted
to recording the balances of one specific currency, Ethereum can be viewed as a
“world computer”: a place where anyone can upload and run programs that are
guaranteed to be executed exactly as written on a highly robust and decentralized
consensus network consisting of thousands of computers around the world. The
same blockchain technology as in Bitcoin and other systems is used as the base,
and the security of the computation is guaranteed by the same kinds of
cryptography and economic incentives, but the ability to execute code opens to
developers a much larger world of possibilities.
To give a specific example, consider the case of someone using Slock, an
Ethereum-enabled internet-of-things platform, in order to rent their bicycle. The
owner would put a Slock (“smart lock”) on their bicycle, and register a smart
contract (a kind of computer program) to the Ethereum blockchain. After that
point, anyone could send some amount of cryptocurrency to the contract, and the
contract would automatically forward the coins to the owner and register a record
stating that the sender is allowed to access the lock for, say, three hours. The user
would then be able to send a cryptographically signed message to the lock with
their smartphone, opening the lock—at least for the duration for which the record
on the blockchain remains valid. This is all done without involving any centralized
payment processors, servers or other third parties, including the Slock company
itself. So, someone using such a lock can be confident that it will keep working
even if the manufacturer shuts down, that it will not suddenly start charging very
high fees, and that their private transaction details are not all in the hands of one
party.
Other applications include financial contracts of various kinds, ranging from
simple digitization of real world assets (gold, stocks, etc.) to various forms of
derivatives, more secure replacements for internet infrastructure (such as DNS and
certificate authorities), methods for managing one’s online identity without relying
on a centralized provider that effectively has the “backdoor keys” to your online
life, and much more. Alongside over 100 applications in all of these areas that are
being built by startups around the world, Ethereum technology is also being
actively explored by financial institutions, banking consortia such as R3, as well as
firms such as Samsung, Deloitte, RWE and IBM, with applications ranging from
simplifying and automating trade finance to tracking merchant loyalty points and
gift cards to creating decentralized markets for electricity trading in mind.
Effectively, Ethereum aims to take the promise of decentralization, openness and
security that is at the core of blockchain technology and bring it to almost anything
that can be computed.
Vitalik Buterin is the creator of Ethereum, co-founder of Bitcoin Magazine, and
longstanding developer and researcher of cryptocurrencies and blockchain
technologies.
