Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Beyond Bitcoin

Beyond Bitcoin

Seventh lesson for the Bitcoin and Blockchain Technology course of Milano-Bicocca and Politecnico di Milano


2017 Video (in Italian) available at https://www.youtube.com/watch?v=ByzoYHx7eTc&list=PLrVvuryXHYTdzvtpzrj4wvYEhCwF6G82b&index=3

Ferdinando M. Ametrano

March 29, 2019

More Decks by Ferdinando M. Ametrano

Other Decks in Technology


  1. Bitcoin and Blockchain Technology Beyond Bitcoin: Timestamping and DLT v2019.04.03

    Comments, corrections, and questions: https://drive.google.com/open?id=12jGsSBY5sMwgRQwvjwlnG6J9xOxi0P0Z © 2019 Digital Gold Institute
  2. Understanding Lags Well Behind The Hype Understanding of the technology

    however lags well behind the hype, amongst practitioners, policy makers and industry commentators alike. ‘Blockchain’ technology seems to promise major change for capital markets and other financial services – some say it may ultimately prove to be as important an innovation as the internet itself – but few can say exactly how or why. Michael Mainelli, Alistair Milne (2016) The Impact and Potential of Blockchain on the Securities Transaction Lifecycle http://ssrn.com/abstract=2777404 © 2019 Digital Gold Institute 2/122
  3. Bitcoin Is Hard to Understand At the crossroads of: 1.

    Cryptography 2. Computer networking and distributed systems 3. Game theory 4. Monetary theory Mainly not a technology, a cultural paradigm shift instead © 2019 Digital Gold Institute 3/122
  4. ▪ Digital and scriptural: it only exists as validated transaction

    ▪ Asset, not liability ▪ Bearer instrument ▪ It can be transferred but not duplicated (i.e. it can be spent, but not double-spent) ▪ Scarce in digital realm, as nothing else before ▪ Mimicking gold monetary policy Bitcoin is digital gold this is the groundbreaking achievement by Satoshi Nakamoto ▪ More a crypto-commodity then a crypto-currency © 2019 Digital Gold Institute What Makes Bitcoin Special? 4/122
  5. Blockchain: A Distributed Transaction Ledger ▪ Every block contains multiple

    transactions ▪ Massively duplicated across network nodes ▪ Shared with a P2P file transfer protocol ▪ Updated by peculiar nodes, known as miners, appending new blocks of transactions © 2019 Digital Gold Institute 5/122
  6. A Distributed Back-office ▪ All network nodes validate and clear

    all transactions ▪ Mining nodes provides also the additional computational power required for settlement ▪ Without a central trusted party, how do they reach consensus on the transaction history? ▪ Consensus in a distributed network with faulty (or malicious) nodes is a very hard problem © 2019 Digital Gold Institute 6/122
  7. Mining ▪ Miners compete to validate a new block of

    transactions ▪ The winner providing proof-of-work for the finalization of a new block is rewarded with the issuance of new bitcoins in a special coinbase transaction included in that same block ▪ Miners solve the double spending problem: − transactions spending the same coins would invalidate the block − an invalid block would be rejected from the network − the bitcoin reward would be removed from transaction history − The winning miner would have wasted his work © 2019 Digital Gold Institute 7/122
  8. Nakamoto Distributed Consensus ▪ Practical Byzantine Fault Tolerant (PBFT) distributed

    consensus is achieved using (game theory) economic incentive for the mining nodes to be honest ▪ Double spending is solved without a central trusted party ▪ Bitcoin can resist attacks of malicious agents, as long as they do not control network majority ▪ Miners are compensated for their proof-of-work using seigniorage revenues, i.e. with issuance of new bitcoins ▪ Seigniorage revenues subsidize the network © 2019 Digital Gold Institute 8/122
  9. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Distributed Ledger Technology 8. Timestamping and Anchoring © 2019 Digital Gold Institute 9/122
  10. Smart Contract: Nick Szabo 1994 A smart contract is a

    computerized transaction protocol that executes the terms of a contract. ▪ The general objectives are to: ▪ satisfy common contractual conditions (such as payment terms, liens, confidentiality, and even enforcement), ▪ minimize exceptions both malicious and accidental, and ▪ minimize the need for trusted intermediaries. Related economic goals include lowering fraud loss, arbitrations and enforcement costs, and other transaction costs © 2019 Digital Gold Institute 10/122
  11. Smart Contract: Nick Szabo 1997 ▪ Smart contracts combine protocols

    with user interfaces to formalize and secure relationships over computer networks. ▪ Objectives and principles for the design of these systems are derived from legal principles, economic theory, and theories of reliable and secure protocols. ▪ By using cryptographic and other security mechanisms, they can secure many algorithmically specifiable relationships from breach by principals, and from eavesdropping or malicious interference by third parties http://firstmonday.org/ojs/index.php/fm/article/view/548/469 © 2019 Digital Gold Institute 11/122
  12. Smart Contract: The Basic Idea ▪ Math-based contracts with automated

    software settlement: no legal systems or human actions required ▪ Embed contractual clauses in hardware and software to make the contract robust against naive vandalism and sophisticated, incentive compatible (rational) breach ▪ The breach of the contract must be − economically disadvantageous (prohibitively expensive) − technically hard © 2019 Digital Gold Institute 12/122
  13. Smart Properties Digital token programmatically exchanged using smart contracts: “the

    program runs this code and at some point it automatically validates a condition and it automatically determines whether the asset should go to one person or back to the other person, or whether it should be immediately refunded to the person who sent it or some combination thereof” Vitalik Buterin © 2019 Digital Gold Institute 13/122
  14. Autonomous Agents ▪ Autonomous agents: software programs created for specific

    tasks, able to make and receive payments using cryptocurrencies ▪ Decentralized Autonomous Organization (DAO) © 2019 Digital Gold Institute 15/122
  15. The DAO ▪ The DAO: the main Ethereum project, it

    raised about $160m as leaderless Venture Capital ▪ The terms of The DAO are set forth in the smart contract code […] Nothing […] may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code ▪ Based on its self-executing nature an agent diverted about $50m from The DAO to its own child-DAO start-up ▪ Ethereum code base was changed to invalidate this single transaction © 2019 Digital Gold Institute 16/122
  16. Improved Automation: Smart Contracts ▪ If code is law, the

    DAO incident was not theft: it was just a contractual feature being applied ▪ Improved automation is OK ▪ Beware of extreme automation! © 2019 Digital Gold Institute 17/122
  17. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Finance and Blockchain 8. Distributed Ledger Technology 9. Timestamping and Anchoring © 2019 Digital Gold Institute 18/122
  18. Bitcoin 2.0 ? ▪ If the first attempt at digital

    gold will rust, no solid guarantees could be provided for a second attempt ▪ The sustainability of the digital scarcity paradigm rejects solution of continuity, must favor evolutionary paths © 2019 Digital Gold Institute 19/122
  19. Missed Boats, Pump & Dump ▪ With bitcoin, if it

    is digital gold, nobody has missed the boat yet ▪ There is no reason to invest on alternative penny stock coins ▪ Markets are heavily manipulated, with fraudsters pumping coin prices just to dump them later to latecomers © 2019 Digital Gold Institute 20/122
  20. The Insignificance of Coin Market Cap ▪ 1 billion ScroogeCoins

    are created ▪ Scrooge sells 1 coin to Goofy for 10USD ▪ ScroogeCoin capitalization is now USD10b ▪ Is ScroogeCoin really worth USD10b? Traded volume (on reputable exchanges) is a much more relevant metric © 2019 Digital Gold Institute 21/122
  21. Tether (USDT) ▪ Slow fiat currency wire transfer is the

    main obstacle for price arbitrages across different exchange ▪ Tether anchors/tethers the value of the coin to 1USD ▪ Tether is the most widely integrated digital-to-fiat currency ▪ Likely, it has been used to manipulate prices of other coins ▪ Launched by Bitfinex, it is supposedly 100% backed 1-to-1 by traditional currency held in reserves ▪ Many are skeptical about this unproved claim: professional auditors have refused to certify reserve holding ▪ Considering the fate of Liberty Dollar and eGold, Tether sustainability might be hard © 2019 Digital Gold Institute 23/122
  22. Other Stable Coins ▪ Failed: BitShares, NuBits ▪ Just launched:

    Basecoin, GeminiUSD, Coinbase/Circle stable coin, etc. ▪ USD pegging is not really “stability”: USD has lost 98% of its purchasing power since 1913 ▪ Basecoin − SEC filing shows it has raised $125 million by way of a Simple Agreement from 225 investors between March 22 and April 3 − Basecoin token aims to avoid price volatility by pegging its value to a group of other digital assets − Oracles would monitor the prices of these assets − The network's protocol would add or remove tokens to ensure that basecoin's price remains stable − It is also developing "base bonds" and "base shares," or cryptocurrencies that will serve to underpin basecoin © 2019 Digital Gold Institute 24/122
  23. Hayek Money – Dual Asser Ledger ▪ No proper implementation

    yet ▪ It is about entrepreneurial monetary engineering: investors must risk their capital and will gain if the coin is useful and successful ▪ Based on crypto reserves ▪ Fiduciary implementation are possible, DAO is probably not really feasible yet © 2019 Digital Gold Institute 25/122
  24. Alt(ernative) Coins Mostly frauds and pump&dump ▪ Ripple: the financial

    institution friendly cryptocurrency ▪ Litecoin: basically a “bitcoin testnet” ▪ Monero, Zcash: more privacy than bitcoin ▪ Bitcoin Cash: bitcoin knock-off, trying to have more on-chain transactions © 2019 Digital Gold Institute 26/122
  25. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Distributed Ledger Technology 8. Timestamping and Anchoring © 2019 Digital Gold Institute 27/122
  26. Ethereum ▪ A global computer with rich statefulness and global

    persistent memory ▪ Provides uncensorable computation: the Ether (ETH) coin is used as fuel for the computations ▪ Has a rich programming language to express smart contracts and create smart assets ▪ ETH can be cash-on-the-ledger for smart asset delivery-vs- payment © 2019 Digital Gold Institute 28/122
  27. Locked Up Funds? Parity Wallet! ▪ A vulnerability found within

    the popular wallet has frozen 513,774.16 ETH (about $169m) ▪ A user going by the handle of devopps199 accidentally created a corrupted wallet, which then had a cascading effect across Parity's user base, locking people out of recently created multi- signature collections © 2019 Digital Gold Institute 31/122
  28. Ethereum present ▪ Blockchain > 1TB ▪ Uncertain Monetary Policy

    ▪ Unreliable and unsustainable virtual machine ▪ Playground for script kiddies future ▪ Sharding ▪ Proof-of-Stake ▪ New virtual machine ▪ ? © 2019 Digital Gold Institute 33/113
  29. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Distributed Ledger Technology 8. Timestamping and Anchoring © 2019 Digital Gold Institute 34/122
  30. Ethereum Request for Comment n. 20 ▪ ERC20 is the

    technical standard used for smart contracts on the Ethereum blockchain for implementing tokens ▪ ERC20 defines a common list of rules that an Ethereum token has to implement, giving developers the ability to program how new tokens will function within the Ethereum ecosystem. ▪ These rules include how the tokens are transferred between addresses and how data within each token is accessed ▪ This token protocol became popular with crowdfunding companies working on initial coin offering © 2019 Digital Gold Institute 35/122
  31. ERC20 Token Functions: ▪ totalSupply() ▪ balanceOf(address _owner) ▪ transfer(address

    _to, amount) ▪ transferFrom(address _from, address _to, amount) ▪ approve(address _spender, amount) [Allow _spender to withdraw from your account up to the _value amount.] ▪ allowance(address *_owner*, address *_spender*) [Returns the amount which _spender is still allowed to withdraw from_owner] Events: ▪ Transfer(address indexed _from, address indexed _to, amount) ▪ Approval(address indexed _owner, address indexed _spender, amount) © 2019 Digital Gold Institute 36/122
  32. ERC223 ▪ Backward compatible with ERC20, it improves on it

    ▪ With ERC20, if someone send his/her token into a contract that has not allowed anyone to use it, the token will simply be locked and can never leave that contract. Because of this, hundreds of thousands of dollars’ worth of ERC20 token has been locked up ▪ ERC223 does not allow tokens to be transferred to a contract that does not allow tokens to be withdrawn © 2019 Digital Gold Institute 37/122
  33. Initial Coin Offering ▪ Crowdfunding using cryptocurrencies: new crowdfunded cryptocurrency

    is sold to investors in the form of "tokens", in exchange for legal tender or other cryptocurrencies such as bitcoin or ether ▪ Tokens are promoted as future functional units of currency if or when the ICO's funding goal is met and the project launches ▪ Alternative investment approach, disintermediating Venture Capital ▪ Easy and liquid secondary market for the investment © 2019 Digital Gold Institute 38/122
  34. Initial Coin Offering ▪ ICOs provide a means by which

    startups avoid costs of regulatory compliance and intermediaries, such as venture capitalists, bank and stock exchanges ▪ ICOs may fall outside existing regulations or are banned altogether in some jurisdictions (e.g. China, South Korea) ▪ Increased investors’ risk: scams and securities law violations; almost half of ICOs sold in 2017 failed by February 2018 ▪ Facebook, Twitter, Google, and MailChimp have banned advertisements for ICOs (as well as for cryptocurrencies) © 2019 Digital Gold Institute 39/122
  35. The Main ICO Platform: Ethereum ▪ Ethereum itself was an

    ICO: collected bitcoin (BTC), issued ether (ETH) ▪ ETH is the cash-on-the-ledger of the Ethereum platform ▪ Initial coin offering: collect ETH, issue coins © 2019 Digital Gold Institute 40/122
  36. Tezos ▪ 2017: $232 million ▪ Funds frozen by the

    ICO special purpose vehicle ▪ Allegations of fraud, three class actions © 2019 Digital Gold Institute 41/122
  37. Locked-up ICO Funds ▪ Unable to move funds to the

    banking system ▪ Funds unavailable, as having been collected by the ICO special purpose vehicle ▪ Merge the main company into the ICO one? © 2019 Digital Gold Institute 42/122
  38. App Coin ▪ Does the app-coin (token): − Have intrinsic

    scarcity? − Have any utility in the app? − Have any peculiarity making bitcoin or ether unfit for the task? © 2019 Digital Gold Institute 43/122
  39. Caveat Emptor ▪ If the company fails and the coin

    value goes to zero, does the entrepreneur suffer the same consequences? ▪ Extremely promising and powerful, it has been so far mostly used for frauds © 2019 Digital Gold Institute 44/122
  40. SEC ▪ ICOs can be securities offerings: in this case

    they fall under the SEC’s jurisdiction of enforcing federal securities laws. ▪ ICOs that are securities most likely need to be registered with the SEC or fall under an exemption to registration. ▪ ICOs can be called a variety of names, but merely calling a token a “utility” token or structuring it to provide some utility does not prevent it from being a security. ▪ ICOs may pose substantial risks. While some ICOs may be attempts at honest investment opportunities, many may be frauds, separating you from your hard-earned money with promises of guaranteed returns and future fortunes. They may also present substantial risks for loss or manipulation, including through hacking, with little recourse for victims after-the-fact. ▪ If you invest in these products, please ask questions and demand clear answers. © 2019 Digital Gold Institute 45/122 https://www.sec.gov/ICO
  41. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Finance and Blockchain 8. Distributed Ledger Technology 9. Timestamping and Anchoring © 2019 Digital Gold Institute 49/122
  42. Cash On The Ledger: Imperative for Delivery vs Payment ▪

    Hardly provided by Central Banks ▪ IMF sponsored blockchain tokens might replace Special Drawing Rights: unrealistic as it would severely undermine US dollar predominance ▪ absent from the agenda of prominent players promising DLT solutions ▪ A free instantaneous P2P payment network is a great opportunity for retail banks (probably worth a consortium) © 2019 Digital Gold Institute 50/122
  43. (Land, Car) Registry Titles ▪ Use blockchain transparency and immutability

    to improve registry titles (and fight corruption) ▪ What does happen if/when the possession token (i.e. the private key) is lost? © 2019 Digital Gold Institute 51/122
  44. Blockchain Exchange ▪ Bearer securities without KYC? ▪ If KYC

    is introduced, what would be the recourse system? ▪ What does happen if/when the possession token (i.e. the private key) is lost? © 2019 Digital Gold Institute 52/122
  45. Digital ID ▪ Multiple electronic digital ID are possible: a

    private key is a digital ID! ▪ If the ID has attached rights (e.g. voting, welfare) these originates from a central governance entitled in ID management ▪ What does happen if/when the ID token (i.e. the private key) is lost? © 2019 Digital Gold Institute 53/122
  46. Token and Securities Is a blockchain token a security? Howey

    test! A transaction is an investment contract if: ▪ It is an investment of money ▪ There is an expectation of profits from the investment ▪ The investment of money is in a common enterprise ▪ Any profit comes from the efforts of a promoter or third party Does the token represent rights (or even obligations)? Alternatively, is a blockchain token a utility token? © 2019 Digital Gold Institute 54/122
  47. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Distributed Ledger Technology 8. Timestamping and Anchoring © 2019 Digital Gold Institute 55/122
  48. “Blockchain – not bitcoin – will prove revolutionary in banking”

    “When a wise man points at the moon the fool examines the finger.” (Confucius) “When a wise man points at the bitcoin the fool examines the blockchain.” (Ametrano) http://www.economist.com/news/leaders/21677198-technology-behind-bitcoin-could-transform-how-economy- works-trust-machine © 2019 Digital Gold Institute 56/113
  49. “Bitcoin in 2014 Is Like Internet in 1994: Weird and

    Scary” (Marc Andreessen) American entrepreneur, investor, and software engineer; coauthor of Mosaic, cofounder of Netscape https://twitter.com/pmarca/status/67765884450 4436737 © 2019 Digital Gold Institute 57/113
  50. The Walled Garden Model ▪ Controlled access to web contents

    and services ▪ Offered in the late ‘90s and early ‘00s by Compuserve, AOL (and to some extent MSN) ▪ Corporates wanted to go online, but not in the wild unregulated internet, populated by anonymous agents ▪ They eventually realized that perceived risks, which are real, are outweighed by benefits © 2019 Digital Gold Institute 58/113
  51. What is The Blockchain? [A hash pointer linked list of

    blocks] ▪ An append-only sequential data structure ▪ New blocks can only be appended at the end of the chain ▪ To change a block in the middle of the chain, all subsequent blocks need to be changed ▪ Very inefficient compared to a relational database © 2019 Digital Gold Institute 59/122
  52. Blockchain Without Bitcoin Blockchain without an intrinsic native digital asset

    Does it make sense? ▪ No bitcoin ▪ No asset available to reward miners ▪ Appointed validator officials required Central governance is required! Why should validators use a blockchain, i.e. a subpar data structure, instead of a database? © 2019 Digital Gold Institute 60/113
  53. Why is finance fascinated with blockchain? Blockchain transactions are immediately

    validated and cleared, then settled shortly thereafter, automatically without a central authority ▪ In the financial world, cash transactions only are cleared and settled automatically without a central authority © 2019 Digital Gold Institute 62/122
  54. Consensus by reconciliation ▪ Financial transactions that take nanoseconds to

    execute, clear and settle in days ▪ Not a technological problem ▪ Consensus by reconciliation of multiple independent ledgers: a checks and balances system that allows for prescriptions, corrections, and restrictions © 2019 Digital Gold Institute 63/122
  55. Instant Settlement ▪ If it is really instant and final,

    what about the mandatory recourse mechanism and rules? ▪ It would reduce liquidity making leverage, short selling and netting almost impossible © 2019 Digital Gold Institute 64/122
  56. Central Bank Digital Currency “[… it] is appealing […] it

    would mean people have direct access to the ultimate risk-free asset [...] it could exacerbate liquidity risk by lowering the frictions involved in running to central bank money [...] it could fundamentally and perhaps abruptly re-shape banking” Mark Carney, Governor of the Bank of England, June 2016 http://www.bankofengland.co.uk/publications/Documents/speeches/2016/speech914.pdf © 2019 Digital Gold Institute 65/122
  57. Central Bank Digital Currency “Allowing the public to hold claims

    on the central bank might make their liquid assets safer, because a central bank cannot become insolvent. This is an feature which will become relevant especially in times of crisis – when there will be a strong incentive for money holders to switch bank deposits into the official digital currency simply at the push of a button. But what might be a boon for savers in search of safety might be a bane for banks, as this makes a bank run potentially even easier.” Jens Weidmann, President of Bundesbank, June 2017 https://www.ft.com/content/414072b7-0de5-3864-9493-14438eab30ae © 2019 Digital Gold Institute 66/122
  58. Cash On The Ledger: Imperative for Delivery vs Payment ▪

    Hardly provided by Central Banks ▪ IMF sponsored blockchain tokens might replace Special Drawing Rights: unrealistic as it would severely undermine US dollar predominance ▪ absent from the agenda of prominent players promising DLT solutions ▪ A free instantaneous P2P payment network is a great opportunity for retail banks (probably worth a consortium) © 2019 Digital Gold Institute 67/122
  59. DLT for Derivatives Clearing ▪ collateral amount calculation is computationally

    intensive: not clear which agent would perform it, its economic incentive, which models it should use ▪ variation margin automated payments: programmatic access to payment funds entails huge operational risks ▪ the default of counterparty would leave the other party exposed to the market risks usually covered by initial margin: i.e. initial margin are still required © 2019 Digital Gold Institute 68/122
  60. The Mirage of Low Operational Costs ▪ If one takes

    into account the seigniorage revenues invested, each transaction on the bitcoin blockchain has a cost of about 10USD ▪ Cheaper forms of consensus have not been proven yet ▪ Even in the case of basic bilateral consensus through digital signatures (something hardly innovative or disruptive...) the integration cost in the existing infrastructure is not going to be irrelevant © 2019 Digital Gold Institute 69/122
  61. Shared Ledger, Single Data Set ▪ Single data source, avoiding

    reconciliation ▪ Without a central governing node how to manage priorities between conflicting updates? Which consensus model? ▪ Bilateral consensus? Really?!?!? ▪ Central governance: back to DB admin ▪ What if the single authoritative data source is hacked? Which reference can be used to fix it? © 2019 Digital Gold Institute 70/127
  62. New Regulatory Framework? ▪ Public permissionless blockchains are not aiming

    for regulation ▪ Private permissioned DLTs are supposedly being built from the ground up according to regulatory compliance guidelines ▪ Regulators should examine DLT under the light of the existing regulatory framework ▪ To regulate in advance on the basis of vague ephemeral discussions about DLT would be problematic and might stifle innovation. ▪ The necessity for ad-hoc regulation is not evident yet, and there has not been a motivated explicit request for it. © 2019 Digital Gold Institute 71/122
  63. Cryptography, Not Blockchain ▪ In the nuclear explosion of bitcoin,

    applied cryptography is the radioactive fallout ▪ It can be used to harden existing business processes Databases on cryptographic steroids Evolutionary, non-disruptive, technology © 2019 Digital Gold Institute 72/127
  64. Disruptive Innovation ▪ Did not understand it: ▪ Have used

    it to build new business: ▪ The entertainment industry has wasted its resources fighting MP3 and illegal p2p sharing ▪ We now buy music and movies from iTunes, Google Play, and Amazon… NOT from Sony Universal © 2019 Digital Gold Institute 73/113
  65. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Distributed Ledger Technology 8. Timestamping and Anchoring © 2019 Digital Gold Institute 74/122
  66. DLT or Blockchain ▪ R3 has distanced itself from blockchain

    moving firmly in the DLT camp (posts from its CEO and Head of Research; removing blockchain reference from its Twitter account) ▪ Vitalik Buterin, the creator of Ethereum: − “pretty sure that ‘blockchain’ and ‘DLT’, as used in real life in the ‘permissioned’ space, are basically synonyms.” − “it's not about some silly ‘sequential data structure’ (as if future versions of blockchain tech will even look like that). It's about stateful decentralized applications [...] giving [...] networks global persistent memory.” https://www.reddit.com/r/ethereum/comments/5lzzfu/2017_will_prove_blockchain_was_a_bad_idea/ © 2019 Digital Gold Institute 75/122
  67. Distributed Ledger Technology ▪ private permissioned shared ledger ▪ permissioned

    access reserved only to vetted nodes ▪ observed by multiple parties ▪ without native digital asset or cryptocurrencies ▪ privacy-preserving (transactions should be transparent only to relevant parties and auditors) ▪ using cryptographic means to verify that an implicit database has reached the consensus status agreed between the parties © 2019 Digital Gold Institute 76/122
  68. Distributed Ledger Technology: The Potential ▪ Save billions of costs

    in the financial markets ▪ Enable innovation in supply chain ▪ Improve power grid management ▪ Secure nuclear weapons ▪ Preserve ownership title registry ▪ Empower digital ID Blockchain is Coming and It Could Save Lives, Davos 2017 World Economic Forum https://www.youtube.com/watch?v=AyOotqcEwSA © 2019 Digital Gold Institute 77/122
  69. Real Use Cases Are Still Missing Questions to be answered:

    ▪ Can be achieved with a database? ▪ What consensus is required? (distributed, bilateral, centralized) ▪ What kind of security is required: preventive, detective, or corrective? (ok / yes today, probably not in the future/ no) © 2019 Digital Gold Institute 78/122
  70. Blockchain and Database ▪ Blockchain can be seen as the

    log of sequential updates that have been applied to an originally empty database ▪ This ordered sequence of updates can be independently performed by anyone, achieving a database status that is considered the current shared consensus between network nodes ▪ In the bitcoin case, we are referring to the UTXO (Unspent Transaction Output) database, technically implemented using a LevelDB database © 2019 Digital Gold Institute 79/122
  71. DLT Initiatives ▪ R3 ▪ Digital Asset Holding ▪ Hyperledger

    ▪ Ethereum Enterprise Alliance ▪ Tapscott’s Research Initiative ▪ Blockchain Insurance Industry Initiative © 2019 Digital Gold Institute 80/122
  72. R3 Corda (1/3) ▪ Originally touted as “a project intended

    to bring blockchains to finance”, R3 proprietary platform is named Corda: “a distributed ledger platform […] not […] a blockchain” ▪ according to the R3 CTO, Gendal Brown, Corda is “heavily inspired by and captures the benefits of blockchain systems, without the design choices that make blockchains inappropriate for many banking scenarios” ▪ “our starting point is individual agreements between firms […] legal prose is considered from the start […] there will always be disputes and we specify how they will be resolved […] we need more than just a consensus system. We need to make it easy to write business logic and integrate with existing code; we need to focus on interoperability” © 2019 Digital Gold Institute http://r3cev.com/blog/2016/4/4/introducing-r3-corda-a-distributed-ledger-designed-for-financial-services 81/122
  73. R3 Corda (2/3) ▪ ”Corda has a really innovative design

    here, allowing multiple Consensus Services on the same network, including consensus service clusters running different consensus algorithms.” ▪ “[consensus is reached] using pluggable notaries. A single Corda network may contain multiple notaries that provide their guarantees using a variety of different algorithms. Thus Corda is not tied to any particular consensus algorithm.” Consensus algorithm is missing!! ▪ “In theory at least, Corda can happily use Bitcoin to do its coordination, if you write the appropriate notary interface.” Ian Grigg http://financialcryptography.com/mt/archives/001606.html © 2019 Digital Gold Institute 82/122
  74. R3 Corda (3/3) ▪ According to Mike Hearn, R3 Lead

    Platform Engineer: “Corda differs from other platforms in numerous ways, but one of the most visible is our usage of relational database technology […] Corda nodes are backed by a relational database” https://www.corda.net/2017/06/corda-sql-nosql/ ▪ Corda looks like the SWIFT protocol on cryptographic proof steroids ▪ Goldman Sachs, Santander, Morgan Stanley, JP Morgan, Unicredit, et al. have left R3 © 2019 Digital Gold Institute 83/122
  75. Ethereum Enterprise Alliance Ethereum technology is “viewed as being harder

    to corrupt or hack because of its reliance on many people rather than a single authority.” ▪ Major failure of the DAO hack ▪ Benevolent dictatorship of Vitalik Buterin ▪ Multiple voluntary and accidental hard forks ▪ Persistent Distributed Denial of Service attacks © 2019 Digital Gold Institute 84/122
  76. Digital Asset Holding Blythe Masters, CEO of Digital Asset Holding:

    ▪ distributed consensus is not needed when working with a central counterparty (only legitimate consensus authority allowed to provide cryptographic evidence of transactions and events) ▪ for the DAH business the main Nakamoto’s contribution is just making evident how useful a shared ledger can be © 2019 Digital Gold Institute 85/122
  77. Digital Asset Holding ▪ Distributed databases with data replication protocols

    might be a better solution, but without detailed case-by-case analysis the verdict is still out ▪ After successful proof-of-concept for financial repurchase agreement transactions using DLT, DAH and the Depository Trust & Clearing Corporation (DTCC) are progressing with leading market participants to a second phase. This is expected to be completed by June 2017 at which time DTCC will determine whether to move ahead with the actual development phase ▪ Similarly, DAH has committed to deliver a post-trade solution to the Australian Stock Exchange (ASX) by the end of this year © 2019 Digital Gold Institute 86/122
  78. Digital Asset Holding A lesson for the DLT space from

    DAH: ▪ abandon deceptive blockchain marketing ▪ assemble a solid tech team through acquisitions ▪ rely on centralized consensus ▪ focus on well defined use cases ▪ work primarily for your own investors (both DTCC and ASX invested in DAH) ▪ commit to measurable deliveries with near deadlines ▪ deliver effective databases on crypto-steroids © 2019 Digital Gold Institute 87/122
  79. Permissioned Distributed Ledgers ▪ Incremental evolution, not disruptive innovation ▪

    Small impact, if any: in the disruptive bitcoin nuclear explosion, applied cryptography is the radioactive fallout driving evolutionary database technology “A private blockchain is an intranet, and a public blockchain is the internet. The world was changed by the internet, not a bunch of intranets. Where companies will be disrupted the most is not by private blockchains, but public ones” Brian Forde, MIT, former senior adviser for mobile and data innovation at the White House https://bitcoinmagazine.com/articles/mit-s-brian-forde-companies-will-be-disrupted-the-most-by-public-blockchains-1466028606 © 2019 Digital Gold Institute 88/122
  80. Insecure Snake-Oil Sold To Bank © 2019 Digital Gold Institute

    https://twitter.com/aantonop/status/702307516739428353 89/122
  81. The Shifting Narrative ▪ 2014 bitcoin ▪ 2015 blockchain technology

    ▪ 2016 distributed ledger chimera ▪ 2017 ICO and smart contracts ▪ 2018 ICO and stable coins ▪ …. ▪ 2019 bitcoin, again! © 2019 Digital Gold Institute 90/122
  82. Table of Contents 1. Smart Contracts 2. Other Cryptocurrencies 3.

    Ethereum 4. Initial Coin Offering 5. Tokenization 6. Blockchain Without Bitcoin 7. Distributed Ledger Technology 8. Timestamping and Anchoring © 2019 Digital Gold Institute 91/122
  83. Blockchain Beyond Bitcoin There is no blockchain without bitcoin There

    is blockchain beyond bitcoin Andreas Antonopoulos © 2019 Digital Gold Institute 92/127
  84. Blockchain Graffiti © 2019 Digital Gold Institute Bitcoin Script operator

    OP_RETURN can be used to write 80 bytes of arbitrary data in the blockchain using a bitcoin transaction 93/122
  85. ▪ A timestamp proves that some data existed prior to

    some point in time, providing a relevant document with a certain sure date, e.g. postmark ▪ Law requires dates to be certified by public officials and notary services ▪ For digital documents, timestamping is based on digital signature by certification authority Timestamp © 2019 Digital Gold Institute 94/122
  86. Hash Function ▪ A function that maps input data of

    arbitrary length to a hash value, i.e. an output data of a fixed length − Non-invertible (one-way: input data can not be regenerated from the output hash value) − Collision-resistant: computationally unfeasible to find 2 inputs that produce the same output ▪ The resulting hash value is a reliably unique identifier for any input data: it can be considered its unique digital fingerprint ▪ The hash value does not reveal the input data ▪ Bitcoin uses the (Secure Hash Algorithm) SHA256 that generates a fixed size 256-bit (32-byte) output © 2019 Digital Gold Institute 95/122
  87. Blockchain as Timestamping Certification Authority ▪ A generic data file

    can be hashed to produce a short unique identifier, equivalent to its digital fingerprint ▪ Such a fingerprint can be associated to a bitcoin transaction (irrelevant amount) and hence attested on the blockchain ▪ Blockchain immutability provides time-stamping, proving the data file existence at that moment in time in that specific status BTC Transaction t3 t4 Genesis block t0 t1 t2 Hash function Hash value 610b0a4b2769898674a2624e9330fbd60bbee200db2b57514be4 9d9a8b63dc25 Timestamped at t2 © 2019 Digital Gold Institute data file 96/122
  88. Blockchain Timestamping Pros: ▪ Digital public proof, easily auditable by

    everyone ▪ The proof cannot be faked, manipulated, or removed ▪ Certification authority cannot be bribed ▪ Can be used along with regulatory timestamping prescription Cons: ▪ Not efficient (one transaction per document) ▪ Lack of standardization © 2019 Digital Gold Institute 97/122
  89. Open standard consisting in a set of operations for creating

    provable blockchain timestamps that can be independently audited and verified The OpenTimestamps Standard © 2019 Digital Gold Institute 98/122
  90. OpenTimestamps: Distributed, Trust- minimizing, Scalable, Convenient ▪ Trust Minimizing: OpenTimestamps

    uses decentralized, publicly auditable, blockchains, removing the need for trusted authorities; OpenTimestamps’s architecture is designed to support multiple, cross-checked, notarization methods ▪ Scalability: OpenTimestamps scales indefinitely, allowing timestamps to be created for free by combining an unlimited number of timestamps into one blockchain transaction by leveraging Merkle-tree ▪ Convenience: OpenTimestamps can create a third-party- verifiable timestamp in about a second; you don’t need to wait for a blockchain confirmation https://petertodd.org/2016/opentimestamps-announcement © 2019 Digital Gold Institute 99/122
  91. OpenTimestamps: Trust Minimizing ▪ Decentralized, independent, uncensorable, cross-jurisdictional ▪ Third

    party auditable (suitable for regulatory prescriptions) ▪ Blockchain agnostic Please note that a timestamp is as reliable as the used blockchain: ▪ very reliable when using Bitcoin because that blockchain is secured by huge computational power (proof-of-work) ▪ much less reliable with other public permissionless blockchain ▪ when used with private permissioned blockchain its reliability depends on the reliability of the chain governance: in that case traditional certification authorities are probably better © 2019 Digital Gold Institute 100/122
  92. OpenTimestamps: Scalability A single blockchain transaction timestamps an unlimited number

    of documents An OpenTimestamps calendar server provides “aggregation before attestation”: 1. aggregation of multiple documents in a Merkle tree data structure 2. attestation of the Merkle tree root in a single blockchain transaction, achieving implicit attestation of all documents included in the tree © 2019 Digital Gold Institute 101/122
  93. Merkle Tree: Hash Pointer Binary Tree ▪ Merkle tree can

    efficiently summarize large sets of data into one single hash 1. Hash all documents 2. Calculate the hash of the HA ||HB concatenation to obtain HAB , the next level of the tree 3. Iterate the process ▪ The membership proof is O(log N): to prove that DOCB is in the tree only 2 data are needed: HA and HCD ▪ Timestamp the tree root only © 2019 Digital Gold Institute Root H = hash(HAB ||HCD ) Merkle root DOC A DOC B DOC C DOC D HA = hash(A) HB = hash(B) HC = hash(C) HD = hash(D) HAB = hash(HA ||HB ) HCD = hash(HC ||HD ) HA = hash(A) HCD = hash(HC ||HD ) 102/122
  94. OpenTimestamps: Convenience ▪ OpenTimestamps is a public format: no vendor

    lock-in ▪ An OpenTimestamps calendar server can offer its services to multiple remote OpenTimestamps clients ▪ While anyone can timestamp with permissionless blockchain(s) by paying the transaction fees, OpenTimestamps provides free to use public servers without any registration or API key ▪ Verifiable timestamp are created in about a second ▪ Independently verifiable: no need for calendar server after timestamping © 2019 Digital Gold Institute 103/122
  95. What Timestamping is Not Good For It should be obvious,

    but it is worth mentioning that timestamping: ▪ can be selectively revealed to show convenient evidence and hiding inconvenient evidence (e.g. timestamping a bet on a given outcome and its opposite, later revealing only the realized one) ▪ does not prove authorship (that should be proved with a digital signature) ▪ can be repudiated (“it was not me…”) if not digitally signed ▪ does not ensure veracity, validity, correctness, or accuracy of the timestamped document © 2019 Digital Gold Institute 108/122
  96. The Foolish Blockchain Certification ▪ IBM Food Trust ▪ EY

    Wine Blockchain ▪ Carrefour chicken ▪ etc. just dishonest marketing gimmick, i.e. misleading advertising. © 2019 Digital Gold Institute https://www.ametrano.net/2018/10/11/Not-a-blockchain/ 109/122
  97. Use Case 1: Digital Signature without Timestamping ▪ What if

    a signing private key is stolen? ▪ The key revocation certificate is issued to signal that signatures after the theft should be considered invalid WRONG!! ▪ Every signature performed with that key should be considered invalid because the thief can backdate documents © 2019 Digital Gold Institute Time X ✓ T0 T1 X 110/122
  98. Use Case 1: Digital Signature with Timestamping ▪ Traditional timestamping

    relies on a third-party central authority signing with its private key ▪ What if the timestamper’s private key is stolen? ▪ Every timestamp created by that key must be considered invalid because the thief can backdate timestamps © 2019 Digital Gold Institute X Time X T0 T1 111/122
  99. Use Case 1: Digital Signature with Blockchain Timestamping ▪ Blockchain

    notarization is an effective hardening approach ▪ What if the traditional timestamper’s private key is stolen? Blockchain timestamps cannot be backdated! © 2019 Digital Gold Institute ✓ Time X T0 T1 112/122
  100. Use Case 1: Digital Signature Hardening Hardened digital signature Timestamping

    that cannot be backdated © 2019 Digital Gold Institute https://gist.github.com/RCasatta/6824c80e3de137f0d8d230f622e4bbaa 113/122
  101. Use Case 2: Timestamp Internet ▪ OpenTimestamps is used to

    timestamp the whole Internet Archive https://archive.org/ ▪ This has been possible thanks to the high scalability of the OpenTimestamps protocol ▪ For the first time historical archived data cannot be altered without being noticed http://nova.ilsole24ore.com/progetti/la-blockchain-da-il-tempo-al-web/ © 2019 Digital Gold Institute 114/122
  102. Use Case 3: Regulatory Compliance ▪ Broker-dealers have started using

    notarization to satisfy the regulatory prescriptions for storing required records exclusively in non-rewriteable and non-erasable electronic storage media. ▪ WORM (write once read many) optical media has been used so far, but it is quite impractical, especially for large data set ▪ Compliance can be achieved anchoring rewritable data sources to the blockchain, providing accurate and secure time-stamping resilient to manipulation http://www.coindesk.com/intesa-sanpaolo-trade-data-bitcoin-blockchain/ https://www2.deloitte.com/it/it/pages/financial-services/articles/l_integrita-dei-dati-di-trading---deloitte-italy---financial-ser.html https://drive.google.com/drive/folders/0B8tGDTaBY4-Nb3ZuRmgzRXJXOUk © 2019 Digital Gold Institute 115/122
  103. Use Case 4: Publicly Verifiable Certificates It is easy to

    verify documents: ▪ signed by the issuer ▪ timestamped on blockchain It would be easy to provide public web-portals for drag-and-drop verification © 2019 Digital Gold Institute 116/122
  104. Blockchain Certification: the Italian Law ▪ AGID will have to

    provide technical specification ▪ Let’s hope for the best… https://www.agendadigitale.eu/documenti/al-via-la-blockchain-revolution-ecco-tutte-le-novita-e-cosa-si-potra-fare/ © 2019 Digital Gold Institute 117/122
  105. Anchoring: A New Security Paradigm ▪ Bitcoin blockchain network security

    is preserved by a computation power unparalleled in human history ▪ Other networks can tap into this security via anchoring (i.e. periodic time-stamping of their network status) ▪ Any “stateful system with global memory” can outsource its security to the bitcoin network, piggybacking its resilience ▪ Bitcoin seigniorage revenues might provide security for all transactional networks ▪ Bitcoin mining as global outsourced decentralized security © 2019 Digital Gold Institute 118/122
  106. Digital Gold Jewelry What jewelry is for gold, notarization could

    be for bitcoin: not essential but effective at leveraging its beauty © 2019 Digital Gold Institute 119/122
  107. Bibliography ▪ A. Narayanan, et al., “Bitcoin and Cryptocurrency Technologies”

    http://bitcoinbook.cs.princeton.edu/ − Chapter 9 «Bitcoin as a Platform» − Chapter 10 «Altcoins and the Cryptocurrency Ecosystem» − Chapter 11 «Decentralized Institutions: The Future of Bitcoin?» ▪ Pedro Franco, “Understanding Bitcoin”, Wiley − chapter 4 «Business applications» − chapter 11 «Alt(ernative) Coins» − chapter 12 «Contracts» © 2019 Digital Gold Institute 120/122
  108. Bibliography ▪ F. Ametrano, E. Barucci, D. Marazzina, S. Zanero

    Answer to ESMA call for opinion on DLT for Securities Markets (2016) https://drive.google.com/drive/folders/0B8tGDTaBY4- Nb3ZuRmgzRXJXOUk ▪ F. Ametrano, Bitcoin, Blockchain and the DLT Chimera (2016) https://www.swiftinstitute.org/newsletters/guest-article-bitcoin- blockchain-and-the-dlt-chimera/ ▪ F. Ametrano, Missing the Point About Bitcoin (2017) http://www.coindesk.com/2017-will-prove-blockchain-bad-idea/ ▪ F. Ametrano, Bitcoin, Blockchain and Distributed Ledger Technology: Hype or Reality? (2017) https://goo.gl/Z9OeHt © 2019 Digital Gold Institute 121/122
  109. Takeaways ▪ Timestamping and anchoring are promising applications ▪ For

    the time being, better if smart contracts are not too smart ▪ Alt-coins and tokens are hardly relevant, Ethereum is mostly a geek playground, ICOs so far have been frauds ▪ Blockchain needs a native digital asset such as bitcoin ▪ Unrealistic expectations arise from distributed ledger hype ▪ Instant settlement, cash on the ledger, shared data set, and extreme automation are not easy to obtain ▪ Hardly disruptive, DLT might be evolutionary DB tech © 2019 Digital Gold Institute 122/122
  110. Ferdinando M. Ametrano Executive Director [email protected] Paolo Mazzocchi Chief Operating

    Officer [email protected] www.github.com/dginst www.facebook.com/DigitalGoldInstitute www.twitter.com/DigitalGoldInst www.dgi.org/feed.xml [email protected] www.dgi.io www.linkedin.com/company/digital-gold-institute "Scarcity in the Digital Realm"