While attending Blockchain East 2018, I heard several speakers, including Bob Tapscott from Blockchain Research Institute, who remarked about how Blockchain replaces trust in humans and organizations with trust in algorithms. This trust is empowered by the distribution of witness nodes that independently verify transaction validity through a consensus of a majority of those witness nodes. This is the basis of Bitcoin.
In addition to using algorithms to validate core transactions, Ethereum has added the ability to also encode agreements as Smart Contracts. These Smart Contracts enforce an agreement that results in resulting transactions between participating parties. Smart Contracts cannot currently be versioned or amended.
Problem with Node Concentration
Bitcoin and Ethereum, the largest of the two public blockchain networks, are based on Proof of Work. Proof of Work requires mining nodes to compete to be the initiator of a valid transaction for other mining nodes to agree upon.
Initially, Bitcoin mining nodes where run by individual Bitcoin enthusiasts and participants on their personal computers and then dedicated computers to earn compensation for providing witness services by writing valid transactions and blocks to the ledger. Over time, the hardware shifted to mining servers designed to optimize this type of processing. As the network grew, so did the need for witness nodes and introduced a greater incentive for economies of scale.
Today, both Bitcoin and Ethereum are mined by consortiums of mining pool members which represent blocks of organizations and individuals that work together to share in mining profits. Dedicated data centers have been built in Russia, China, Iceland and other countries, to make the power, network and cooling requirements for mining as well as increase profiting from providing a witness node.
Because of this concentration, China is currently dominating Bitcoin and Ethereum mining. In fact, China is believed to have hit 51% of Bitcoin nodes, giving it the opportunity to manipulate the Bitcoin blockchain using the its preponderance of nodes combine with the “Great Firewall of China” which can manipulate for the flow of data. These concerns are well documented by newsBTC’s article Report: China Has “Capabilities” and “Strong Move” to Destroy Bitcoin.
Problem with Security
Bitcoin was established to provide the ability to do two party transactions equivalent to the exchange of hard currency in a digital format. While the transactions are public, the only identity exposed is the wallet addresses of the two parties. Since this type of transaction only involves Bitcoins, it does not fall under any Finance regulations other than tax law.
With the expansion of Bitcoin and Ethereum networks to support tokens that represent securities and other Financial Instruments, regulations governing Financial Information protection and security apply. While Blockchain inherently include cryptography as part of their solutions, encryption alone does not meet the data protection requirements for securities and other financial transactions.
Any information stored and/or processed must be on machines that do not directly connect to the Internet. The models for launching and running mining servers for Public Blockchains do not incorporate this architecture, and with anyone being able to anonymously run a witness node, compliance cannot be guaranteed.
This places the efficacy of the ledger and nodes at risk for non-compliance of financial cybersecurity violation beyond just the running of the blockchain protocol software layer.
Problem with Compliance and Management
Financial Instruments such as securities have many needs from both regulatory and managerial areas. For example, sales of equity and debt requiring adherence to Know Your Customer (KYC), Anti-Money Laundering (AML), and other regulations. These mechanisms are not native to Public Blockchain networks.
Furthermore, there are management scenarios which require actions that are counter to the fully decentralized governance of transactions. For example, if a company is sold or closes, the tokens representing equity and debt must be taken out of circulation. Without a mechanism to enforce this activity, a company cannot perform a sale for cash or sells, or ensure that trading does not continue for these Financial Instruments.
Smart Contracts can help meet these needs. However, this requires a Smart Contract governing the sale of a token account for all eventualities, including changes in Security and other applicable regulations. This will require access to oracle (off-chain) services that represent an additional security risk. This model is risky and problematic.
Requirements for Trust
To create trust for the Finance Industry and associated activities, two things are required:
- Trustworthy Witness Nodes
- Platform Governance of Regulatory Compliance and Management Actions
Trustworthy Witness Nodes
The initial mode of creating trust among witness nodes was a concept called Proof of Work. Witness nodes that demonstrated the ability to generate valid hashes for the transactions were deemed trustworthy, along with the assumed decentralization of witness nodes. This was based on a distrust of Government and Financial Institutions due to problems with fraud and manipulation, replaced with trust in algorithms and independent witness nodes.
However, we have already seen that witness nodes are being consolidated and are at risk of being compromised. Newer concepts of Proof of Stake, Proof of Authority, and Proof of Reputation are being introduced to create a more balanced approach. First, this family of Proof algorithms do not require as many machines, reducing the number of witness nodes and cost for managing the chain. And these methodologies create transparency to who and how witness nodes are being operated, establishing trust by balancing:
- Knowing who operates the witness nodes
- How the witness nodes are being operated
- Use of algorithms to manage transaction and Smart Contract Integrity
To ensure Financial activities are compliant with regulations and support of management actions, the following platform functionality is required:
- Identification of Participants
- Base Regulatory Enforcement
- Enhance Smart Contract Management
- Support for Management Actions
First, participants in the Blockchain, whether individuals or legal entities, need to be known and have identity validated. At a minimum this is compliance with KYC and AML laws and may require establishing a participant as an Accredited Investor. The wallet address associated with actions taken by the participant must be part of all transactions and Smart Contracts, with access to information made available to parties engaging in the activity as well as regulatory. In addition, the witness nodes must comply to security architectures that comply with Financial Information regulations.
Next, regulatory rules must be built into the Blockchain platform itself. Adherence to rules surrounding Accredited Investors, Crowd Funding and other investment groups must include the ability to ensure the initial sales and follow-on transactions are compliant with who may purchase what and when. In addition, regulators and auditors will need to have access to transactions and Smart Contract activities, including the identity of participants. This is required to ensure compliance of activities on the Blockchain platform. This also allows for compliance to be updated across all future transactions.
In addition to base regulatory compliance, Smart Contracts are required to capture investment agreements such as Stock Purchase Agreements that limit how secondary market sales can occur. The Smart Contracts must include the ability to be amended and/or versioned based on agreements between parties as well as those mandated by governing authorities. Finally, Smart Contracts must have an arbitration process to handle disagreements when value has automatically been transferred.
Finally, the platform must allow for management actions required for the lifecycle of the tokenized asset. For example, management needs the ability to perform common actions such as recall shares on sale, exchange shares for a stock-based acquisition, and perform stock splits and reverse splits. This is required to provide a full lifecycle.
In summary, current Public Blockchains are not suitable for managing Financial Transactions. the concentration of witness nodes makes them vulnerable to manipulation. The use of Smart Contracts opens up organizations to risks as they govern their ownership changes. And, Public Blockchains are not guaranteed to meet Financial Information regulations.
To safely leverage Blockchain to manage investment and other regulated financial activities, a next generation Blockchain platform is required.