CTO Corner is BITS’s monthly publication covering emerging trends and technologies in the financial services industry.
CTO Corner: What is a Blockchain and why is it important?
Dan Schutzer, Senior Technology Consultant, BITS
2015 was marked by an explosion of blockchain announcements by start-ups and incumbents. Investors claim blockchain is a break-through technology that can be used to enable peer-to-peer exchange of anything of value, including assets, property, and contracts, using cryptography in lieu of trusted intermediaries. As more companies announce their future plans for blockchain, interest is reaching a tipping point, but the fear of disintermediation is also a reality.
Issue, Concerns and Vulnerabilities – In addition to being vulnerable to the ever present risk of fraud at the human social level, there are a number of other vulnerabilities, such as double spending, compromise of wallets, servers, and even the possibility of an attack against the crypto, that any blockchain application will need to address. This leaves a role for trusted third party intermediaries to assume risk and provide guarantees and insurance products.
Both a Threat and Opportunity – There are a number of ways the blockchain movement may evolve, ranging from:
• Many non-interoperable point-to-point solutions that either drive greater efficiencies in existing incumbent’s systems or lead to disintermediation of existing systems
• The realization of a single public distributed trust network for the exchange of value (run by either a few large regulated companies as the Internet is today, or by a larger population of untrusted individuals kept honest through cryptography and machine intelligence).
Take-away – Blockchain technologies could enable the automation of many of the third party trusted services now performed by banks and brokerages. It is important for financial service firms to be researching solutions, investing in R&D, or in select startups or ventures to ensure the outcomes are favorable to their business goals.
2015 was marked by an explosion of announcements by start-ups and financial incumbents noting their interest in blockchain technology. This includes a number of blockchain investments, innovation lab experiments, pilots 1, and consortiums.2 “Everybody wants to talk about blockchain, experiment with it and think about use cases” said Bipin Sahni, head of innovation and R&D at Wells Fargo.3 While many experts seem to agree that the technology will disrupt financial services, there’s no consensus as to what uses and which variants will succeed in the marketplace. This CTO Corner will discuss blockchains in depth – why it is being promoted and how it works, as well as the issues and challenges it presents.
What is a blockchain?
Blockchain generally refers to the distributed public ledger, supporting protocols and cryptographic operations developed to permit individuals to exchange Bitcoins in real time, and receive verification shortly after (about 10 minutes later). As illustrated above for Bitcoin exchanges, blockchain enables peer-to-peer decentralized transaction record-keeping, where all participants broadcast their transactions to a shared public ledger, called a blockchain. Verification of the legitimacy of the transaction is crowdsourced and performed by volunteers called “miners.” Miners are required to complete a proof of work4 in order for a block to be verified and accepted. The proof of work is intentionally made difficult (costly, time-consuming) to produce but easy for others to verify. The first miner to find the solution announces it to others on the network and the other miners then validate the solution. If enough of them grant their approval, the block is cryptographically added to the ledger and the miners move on to the next set of transactions (hence the term “blockchain”). The miner who found the solution gets 25 Bitcoins as a reward (currently Bitcoin is trading at about $365)5.
Ensuring a party actually owns the Bitcoin pledged in a transaction—or any asset being tracked by this type of system—only requires a simple query of the blockchain. To change a block requires regenerating all successors and redoing all the previous work. This protects the blockchain from tampering, and prevents any individual or subset of miners from colluding to cheat the system (such as blocking certain transactions, or replacing parts of the block chain to roll back their own spends).6 For more detail, see the Appendix – “How do blockchains work?”
Why all the interest and excitement in blockchain?
Bitcoin, of which blockchain is a core component, has been around for more than six years. While it has grown8, it remains controversial and hasn’t been fully accepted by the mainstream user (currently it represents only a small fraction of online payments).9 Many early Bitcoin investors and enthusiasts now consider non-Bitcoin blockchain applications as a better investment.10
Interest in blockchain is also being driven by the belief that eliminating the need for a trusted third party in the transfer of value will enable faster, less expensive financial transactions, with greater privacy. It is also possible that this surge in interest in blockchain may rub off on and help ignite interest in Bitcoins.11 The investor value proposition is that blockchain is a break-through technology that can be used to enable peer-to-peer exchange of anything of value, including assets, property, and contracts, using cryptography in lieu of trusted intermediaries.12
Smart Contracts – Blockchain also includes a script language to create smart contracts that can be used to enforce terms and conditions governing a transfer of funds or assets.13 This enables the automation of many of the third party trusted services now performed by banks and brokerages. To date, we have depended on servers run by corporations and governments to provide our sources of truth and to enforce contracts. Even the Internet itself uses a handful of root servers to make the domain-name system work (the addresses we use to access a website or send an email).
Triple-entry Accounting – Blockchain permits triple entry accounting, an enhancement to the traditional double entry system. All accounting entries involving outside parties (purchases of inventory and supplies, sales, tax, utility payments and other expenses) are cryptographically sealed by a third entry. Rather than occurring separately in independent sets of books, they occur in the same distributed, public ledger, creating an interlocking system of enduring accounting records. Since the entries are distributed and cryptographically sealed, falsifying them in a credible way or destroying them to conceal activity is practically impossible. Audits would still be necessary, but auditors could spend more time on higher risk areas such as internal controls, creating cost savings for companies of all sizes.
Hurdles and Concerns – There are a number of issues that can impede the growth and acceptance of blockchain applications. Besides challenges that are common to any new start-up technology product, such as the need to gain critical mass (for blockchain this equates to finding people to begin using and moving their own assets into new, unproven systems), there are a number of challenges that are unique to blockchain:
• Association with illegal activities – The fear that all this crypto-secured, pseudo-anonymous-transaction-based technology will simply power illegal enterprises and antisocial activities.
• Bootstrap issue – How can existing asset classes that are moved to a blockchain be given clean title when being moved to a new digital ledger? Where does the blockchain actually begin and what is the day zero of title ownership?
• Latency – The blockchain protocol introduces trade-offs, including a proof-of-work algorithm, and a validation scheme that adds latency and cost to a transaction, by design.
• Regulatory – There is both regulatory uncertainty and cost associated with blockchains.
o It is still unclear how smart contracts should be governed by law.
o Complying with regulations and obtaining the necessary licenses can cost millions of dollars.
• Vulnerabilities – Although blockchains go a long way to automating peer-to-peer value transfer without the need for trusted intermediaries, there will always be vulnerabilities at the human social level, where fraud through misrepresentation, impersonation, and deception can occur, leaving a role for trusted third party intermediaries to assume risk and provide guarantees and insurance products. In addition, there are several vulnerabilities that need to be addressed.
o Exposure to fraudulent double-spending14, although the risk of double spend succeeding gets less as a transaction gains confirmations, and one of the two block chain forks is chosen by consensus.15 This need for consensus adds to the latency.
o Apps, wallets, and servers that store and exchange value can be compromised.
o A newly discovered bug or security vulnerability could lead to a blockchain split (separate version), or the need for every node to upgrade in a short time period.
o A single malformed message tailored to exploit a specific vulnerability, when spread from node to node, could cause the whole network to shut down in a few hours.
o Denial of Service (DoS) attacks can be launched sending lots of data to a node to make it so busy it cannot process normal transactions. Blockchain has some denial-of-service prevention built-in, such as banning IP addresses that misbehave for a time lapse (24 hours default), but is still vulnerable to more sophisticated denial-of-service attacks.
o Clock drift against a target node can be launched to compromise the consensus process.
o A Sybil attack16, where the attacker subverts the reputation system by creating a large number of pseudonymous identities, using them to gain a disproportionately large influence, including causing users to connect to attacker nodes.
o Even the cryptography is susceptible to attack. SHA-256 cryptography is considered very strong currently but might be broken in the future. If that happens, Bitcoin can shift to a stronger algorithm but shifting introduces significant technical and operational difficulties.
• Scalability – Most people agree that as blockchain use grows the block size limit will become a problem.17 Critics point out that Bitcoin in its present form can process just seven transactions per second, while a large credit card company can comfortably take on tens of thousands of transactions. Some also argue that simply changing the block size would result in a centralization of mining operations, making it more vulnerable to manipulation.
• Difficult to change and add functionality – As blockchain use grows in number and versatility, demands to add functionality to the protocol will increase. Already there is the desire to change the block size and to enable more powerful smart contracts.18 Features have been added19, however these changes need to be agreed upon by all parties (developers, miners, merchants, users, and service providers), and introduce transition issues, which put a limit on blockchain’s ability to evolve.20
o In March of 2013, core developers inadvertently caused a fork21(split code base) when they released an update that wasn’t backward compatible. As a result, half added blocks to one version of the chain and the other half added to another version. For six hours, two blockchain networks operated at the same time, each with its own version of the transaction history.
• Potential for multiple non-interoperable versions – Blockchain projects are falling into two main camps. Those that build on Bitcoin itself, and those that leave Bitcoin behind and start their own block chains from scratch in an effort to address the concerns and issues, such as lack of scalability, and transaction cost and latency.22 This can lead to confusion and a number of non-interoperable solutions.
Will the real block chain please stand up? 23
Those building on Bitcoin itself hope to leverage its momentum using tools like sidechains24 to allow the Bitcoin blockchain to be enhanced to evolve into a public utility for distributed trust systems that supports the exchange of value, without the need for trusted intermediaries.
The other approach, to leave Bitcoin behind and start new distributed trust network designs from scratch, is based on the belief that this route is better able to address the issues and shortcomings previously discussed, such as making consensus cheaper and more scalable. Falling into the latter camp are many different companies with a variety of approaches that include:
• Ethereum25 with its own built-in programming based on an entirely new blockchain that seeks to turn the mining network into a fully operating distributed computer,
• Ripple Labs26 uses what it calls a “ledger”. Everyone using the Ripple ledger gets their own copy rather than sharing one, allowing transactions to be processed in seconds without a third party.
• Hyperledger27 does not use blockchains but a more traditional consensus method where transactions could be settled in under 400 milliseconds, and
• BitShares28 is advertised as a financial smart contract platform, using a variant of the blockchain called smartchain.
To achieve efficiencies, some of these start-ups are turning to “permissioned” distributed ledgers, where approved actors are granted permission to access the network and record trades. Whether that is still a “blockchain” or just a distributed data base with built-in crypto is another matter.
Many of these new built-from-scratch projects may experience security flaws and usability problems, or sink in the mire of large-scale software development. Certainly these newer designs can result in “walled gardens” solutions that introduce efficiencies but also confusion in the marketplace, and will likely fail to achieve the original lofty goals of an open public value-exchange network, with built-in trust.
Examples of blockchain applications relevant to the financial sector
Experimental applications such as a distributed domain-name registry, a digital notary that requires no third-party verification, services that manage financial contracts through decentralized escrow accounts, and remittance services (Abra29 and Rebit29) already exist. There are a seemingly endless number of potential applications to which blockchain is being considered. Examples relevant to the financial services sector which offer promise for achieving greater efficiencies are provided below.
• Conducting business internationally – Today, a transaction between two businesses in different countries with different banks, logistics companies, and currencies, involves a lengthy chain of interactions between a number of banks, intermediaries, and auditors, with each party maintaining its own systems of record. The result is a complex, inefficient process that’s costly and time consuming. With blockchain-like technologies the entire process could be handled by a single, transparent system shared among all parties, minimizing the potential for human error or malfeasance, completed in minutes rather than days. Examples include Ripple Labs open foreign exchange marketplace31 and real-time international money transfer network,32 Hyperledger’s distributed ledger platform,33 and Align Commerce’s trans-border invoice-to-payment offering.
• Settlement – Institutions that clear and settle trades, especially those handling cumbersome OTC instruments and proprietary derivatives, could use blockchain-like technology to replace current front and back office technology which are bloated with redundancies and laborious processes. It would enable trades to clear in less than an hour, a process that now requires three days for stocks and as many as several weeks for more complex products.
Collateral could be moved around the system faster, to meet new rules on derivatives markets implemented after the financial crisis. This is estimated as saving $15B-$20B from banks’ costs for cross-border payments, securities trading and regulatory compliance by 2022.35
Examples include Nasdaq’s Linq36 for trading private company shares,37 Medici used to issue a corporate bond in a matter of days,38 with no need for the DTCC, the New York Stock Exchange or any other middlemen, and the SETL system39 designed to move cash and assets directly between market participants, which is initially focused on FX transactions, with plans to expand to fixed income, then equities, and then derivatives.
• Internet of things – There’s also great potential for blockchain to be combined with Internet of Things technologies. For instance, a refrigerator equipped with sensors and connected to the Internet could use blockchain technology to manage automated interactions with the external world–anything from ordering and paying for food to arranging for its own software upgrades and tracking its warranty. Also, it can power a car that “knows” when you miss a payment on it and — oh joy! — won’t start till you pony up.
Concluding remarks – Interest in blockchain by the financial services sector is being driven by the belief that it will result in applications of transformative impact that offer the opportunity to reap greater efficiency in their products and services and to defend against disintermediation.
Blockchain projects fall into two main camps – build on Bitcoin itself, or leave Bitcoin behind and start new distributed-trust, shared-ledger protocols from scratch in an effort to address the concerns and issues identified with the Bitcoin blockchain. The second route is aimed at making consensus cheaper and more scalable. Some of these solutions even introduce the notion of permissioned ledgers where membership is limited to a trusted circle.
As announcements grow in number, interest is reaching a tipping point. There are a number of ways the blockchain movement may evolve, making it important for financial service firms to make resource and capital investments to ensure the outcomes are favorable to their business goals.
• Early blockchain applications will bog down, fail to gain traction, and possibly have some highly publicized failures, causing a loss of interest and investment dollars for an extended period.
• Blockchain-inspired replacements succeed in displacing existing financial services and products on a case-by-case basis, resulting in dramatic improvements in efficiency and timeliness. These replacements could be from incumbents successfully defending their market share, or from start-ups successfully disintermediating incumbents.
o If multiple non-interoperable solutions gain traction, the industry will realize greater efficiencies, but the goal of a single public distributed trust network for the exchange of value will fade.
• A true open network for value exchange evolves. This could either be implemented as Bitcoin is today, through a large number of untrusted individuals (miners) kept honest through cryptography and machine intelligence, or as the Internet is run today, by a small number of trusted organizations (some combination of telecoms, internet giants, and financial service firms) overseen by regulation.
Take-away: Blockchain technologies could enable the automation of many of the third-party trusted services now performed by banks and brokerages. It is important for financial service firms to be in the game to ensure the outcomes are favorable to their business goals.
Appendix – How do blockchains work?
Every time some Bitcoin changes hands, the individuals who transfer Bitcoins to one another announce the transaction details to the distributed public ledger (called a blockchain) where the deal is recorded, making the blockchain a little bit lengthier with each exchange.
Transactions are digitally-signed and chained into blocks, with each transaction cryptographically linked to all earlier ones by hashing paired data, the leaves, then pairing and hashing the results until a single hash remains (the merkle root40 ). When you’re using a blockchain, every new transaction carries with it an unforgeable record of the entire history of the currency and all previous transactions — like a kind of financial DNA. This tight cryptographic coupling of all past transactions makes it difficult to assume multiple identities or to modify a transaction’s details. At the same time, it enables any party to verify the transaction details are authentic and has not been tampered. A good video on how blockchain works can be found at http://spectrum.ieee.org/video/computing/networks/video-the-Bitcoin-blockchain-explained.
What is a Proof of Work and what is it good for?
Miners are required to complete a proof of work 41 42in order for a block to be verified and accepted. A proof of work is a piece of data which is difficult (costly, time-consuming) to produce but easy for others to verify. Bitcoin uses the Hashcash43 proof of work, where all the blocks in the Bitcoin block chain have a short string of meaningless data—called a nonce44 —attached to them. The mining computers are required to search for the right meaningless data string such that the SHA-256 hash45 of the block have a certain number of leading zeros. Hashes are one-way functions46, so there is no easy way to find the right nonce or to engineer a block to be correct. Changing a block requires regenerating all successors and redoing the work they contain.
The low probability of successful generation makes it unpredictable which miner computer will be able to generate the next block and consequently the more miners involved in the process the better. Overall this protects the blockchain from tampering, and prevents any individual from gaining the power to block certain transactions, or replace parts of the block chain, including making it harder for a subset of miners to collude to cheat the system.47
1. http://www.forbes.com/sites/laurashin/2015/09/14/Bitcoin-blockchain-technology-in-financial-services-how-the-disruption-will-play-out/, Forbes article Bitcoin Blockchain Technology In Financial Services: How The Disruption Will Play Out, http://www.coindesk.com/nasdaq-to-unveil-blockchain-based-platform/?utm_source=CoinDesk+subscribers&utm_campaign=4293639095-EMAIL_RSS_CAMPAIGNT2&utm_medium=email&utm_term=0_74abb9e6ab-4293639095-79096953
4. https://Bitcoin.org/en/faq#how-does-mining-help-secure-Bitcoin, https://en.Bitcoin.it/wiki/Proof_of_work, https://Bitcoin.org/en/faq#how-does-mining-help-secure-Bitcoin, https://www.Bitcoinmining.com/what-is-proof-of-work/, https://www.khanacademy.org/economics-finance-domain/core-finance/money-and-banking/Bitcoin/v/Bitcoin-proof-of-work, http://themisescircle.org/blog/2013/06/24/the-proof-of-work-concept/, https://en.Bitcoin.it/wiki/Proof_of_work
7. http://www.newyorker.com/magazine/2011/10/10/the-crypto-currency, Jan 3, 2009 Bitcoin was announced on the Internet
8. Over 100,000 merchants accept Bitcoin, including WordPress, OK Cupid, Atomic Mall, TigerDirect, Overstock.com, Expedia, Newegg, Dell and Microsoft, PayPal and Barclays, 2014 also saw a 57% increase in the volume of Bitcoin trading but a 149% increase in the number of active Bitcoin wallets, revealing that the number of Bitcoin users is increasing faster than the amount being traded, http://www.ibtimes.co.uk/Bitcoin-now-accepted-by-100000-merchants-worldwide-1486613
9. Chapter 3, Boom and Bust – at look at economic bubbles – (17th to 21st century) , Fredrick Kinnard and Addison Hanne, Jun 20, 2015, as of February 2015, fewer than 5,000 Bitcoins per day, worth roughly $1.2 million at the time, were being used for retail transactions, little if any increase from previous years https://books.google.com/books?id=KSb5CQAAQBAJ&pg=PA179&lpg=PA179&dq=as+of+February+2015,+fewer+than+5,000+Bitcoins+per+day,+worth+roughly+$1.2+million+at+the+time&
11. Bitcoin Surges, Emerging From a Lull in Interest, http://www.nytimes.com/2015/11/05/business/dealbook/value-of-Bitcoin-surges-emerging-from-a-lull-in-interest.html?emc=edit_th_20151105&nl=todaysheadlines&nlid=68589968, The recent surge in blockchain interest is causing a surge in value of Bitcoin, not necessarily translating to an increase in its usage
12. This is a solution to the so-called Byzantine Generals’ Problem (communicating attack plans through untrusted messengers who might be traitors).http://research.microsoft.com/en-us/um/people/lamport/pubs/byz.pdf. https://en.wikipedia.org/wiki/Two_Generals%27_Problem
13. first coined by cryptographer Nick Szabo – are cryptographically secured bits of code that, at their simplest, stipulate ‘if this, then that’, http://www.coindesk.com/london-law-firm-to-digitise-contracts-using-Bitcoin-technology/?utm_source=CoinDesk+subscribers&utm_campaign=06574b39fe-EMAIL_RSS_CAMPAIGN&utm_medium=email&utm_term=0_74abb9e6ab-06574b39fe-79096953
17. A new block gets added every ten minutes (on average). But each block can only contain 1 megabyte worth of transactions.
18. Blockchain uses a minimalist programming language that restricts the kinds of operations
19. For example, a feature was added in 2012 enabling multi-signature transactions
21. https://en.wikipedia.org/wiki/Bitcoin#cite_note-bitpay130916-34, https://mail.google.com/mail/u/0/?tab=wm#inbox/150dca5efe36e125, A fork happens when a patch gets incorporated into the Bitcoin software that changes the rules of the game so substantially that the new version is no longer compatible with the old version. Miners—the computers that actually do the work of managing Bitcoin—running the new version begin adding blocks to the blockchain that get rejected by anyone who is running a previous version, and vice versa. So you end up with two, new transactional records growing in tandem.
35. http://santanderinnoventures.com/wp-content/uploads/2015/06/The-Fintech-2-0-Paper.pdf, The Fintech 2.0 Paper: rebooting financial services
37. http://www.coindesk.com/nasdaq-to-unveil-blockchain-based-platform/, http://www.nasdaq.com/press-release/nasdaq-announces-inaugural-clients-for-initial-blockchainenabled-platform-nasdaq-linq-20151027-00986
40. https://Bitcoin.org/en/glossary/merkle-tree, https://www.youtube.com/watch?v=t523Q-g22xw, https://www.khanacademy.org/economics-finance-domain/core-finance/money-and-banking/Bitcoin/v/Bitcoin-transaction-records, http://www.coindesk.com/information/how-do-Bitcoin-transactions-work/
41. https://Bitcoin.org/en/faq#how-does-mining-help-secure-Bitcoin, https://en.Bitcoin.it/wiki/Proof_of_work, https://Bitcoin.org/en/faq#how-does-mining-help-secure-Bitcoin, https://www.Bitcoinmining.com/what-is-proof-of-work/, https://www.khanacademy.org/economics-finance-domain/core-finance/money-and-banking/Bitcoin/v/Bitcoin-proof-of-work, http://themisescircle.org/blog/2013/06/24/the-proof-of-work-concept/
45. https://en.wikipedia.org/wiki/Secure_Hash_Algorithm, http://www.xorbin.com/tools/sha256-hash-calculator, https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256(v=vs.110).aspx, https://www.tbs-certificates.co.uk/FAQ/en/sha256.html