Showing posts with label Blockchain. Show all posts
Showing posts with label Blockchain. Show all posts

Tuesday, September 22, 2015

Bitcoin, is not suitable, for securities settlement.


I normally don't blog about technologies or systems which I have not personally designed and involved in the development ,and hence have an in-depth understanding, so if anything in this blog is not technically accurate, please contact me and I will correct.
Here goes..

I keep hearing that "blockchain" and other distributed consensus technology can revolutionise the payments, clearing and settlement infrastructure of the financial system and that, no, the existing bitcoin blockchain just won’t do. (which suits bankers fine, as few were ever anything  to gain from bitcoin the world’s most popular crypto currency, outside of the control of any bank).

Then enter the marketing and media guys and almost every day, there is yet another committee, seminar, or incubator announcement, using the bitcoin blockchain?


What’s going on!?
 My conclusion is that most of the people discussing bitcoin haven’t actually looked under the hood, and have very little knowledge about how bitcoin actually works. It reminds me of the whole "Digital Signature" exercise all over again, people with vested interests push technologies they don't understand.

 I've also noticed that enthusiasm for bitcoin tends to be inversely related to one’s understanding of it, and of course that famous "white paper" by yes an faceless, anonymous person, so lets start there.

A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers.

Hmm a system in which anonymous, programmers and crypto geeks are required to always act honestly for the sole good of the bitcoin community. Yep in the sense of securities settlement it is all built on a house of cards, but lets dig a bit deeper, so we can understand why..

It has been known for a long time, at least two decades from my memory, that cryptographic signatures and public keys can be chain-linked to form a set of unforgeable records (its known as a X.509 certificate chain, and in use by almost everyone daily via SSL)).  This same cryptographic chain of signatures can be applied to any records or set of transactions for, say, digital cash (or any ledger record for that matter). Counterfeiting ledger assets is impossible, and theft or misappropriation cannot happen without gaining access to the asset owner’s private key.

If I give you crypto-proof that some asset belongs to me and that I just transferred it to you, you have no way of knowing that I haven’t already done that with someone else, unless we can both refer to a definitive ledger of timestamped and crypto-signed transactions. Let’s say this ledger is maintained and hosted by some trusted third-party. The third-party cannot forge any ledger entries, as each entry is signed by each party, so what’s the problem with this setup?

There are three problems:
  • The third party could delete a transaction, reversing history
  • The third party could censor a transaction, refuse to enter it into the ledger
  • The third party could forge a transaction, create or alter a transaction.
And it’s not just the third party itself who has this power, it’s also the government who regulates the third party, or the hacker who infiltrates the third party. For bitcoin, using a trusted third party for this task loses some of the “main benefits” of the crypto framework as real world third parties have a real-world identity (a registered business, an IP address, etc) and if known, these third parties can be censored by governments, shut-down, fined or imprisoned. One of the key design goals behind bitcoin is censorship resistant digital cash.

First, bitcoin is a peer-to-peer network. It is architecturally decentralised or P2P, it is not distributed (it seems like no-one has actually read, or understands, Paul Baran 1964 paper) . It is a fact that there is no single "bitcoin server" where those chain-linked blocks of transactions (transactions that are themselves also chain-linked via crypto signature) are stored. Instead, the transaction record is stored (well distributed, replicated) across all of the P2P nodes on the network. There is still only a "single" bitcoin block chain in existence, which is a shared resource of the P2P network. Over an extended period of time, currently about six block counts from any transaction. Anyone can be a node on the P2P network anonymously. This is what’s meant when people say that bitcoin is a “permission-less” network. This single blockchain resource "replicated"across potentially an unlimited number of P2P nodes is also an architecture defect, what is required for any scalable solution is a fully distributed architecture, just like the internet, where "data and processing" is fully distributed; but lets leave this discussion for another day..


Most people understand a timestamp to mean something generated by an accurate clock. But this, is a peer-to-peer network, so it doesn't have a "clock". The nodes on the network have clocks, but since these nodes could be anyone, you can hardly trust the timestamp of any given node. So how does exactly does the bitcoin network “timestamp transactions”?

What bitcoin means by ‘timestamp’ is in fact the ordering of blocks of transactions. This block of transactions came immediately after that block of transactions. It is in this sense that the “network timestamps transactions”. And it does this in a very cleaver way, “by hashing them into an ongoing chain of hash-based proof-of-work.”

This is the point where many people get lost. Before moving on, lets trash all mention of any link between bitcoin and Gold mining they are simply not relevant concepts within bitcoin and simply trend the discussion down rat holes. Done...lets move on..

The basics are quite simple, we just need to first agree a few concepts firstly. A “hash-based proof-of-work” is a solution to a problem, a hash problem. The “hash” refers to a branch of mathematical functions called “cryptographic hash functions”. They have a neat feature that whatever data you put into one of these functions, they effectively return a pseudo-random number of the same bit size. You can’t really predict what value the function will return given a certain input, without actually computing the function. Between inputs and outputs, there is no easily predictable correlation or pattern, The SHA256 bit function chosen by bitcoin is good at this, sometime simply watch the outputs change, a single bit input change will typically produce a full 256 bit output change, very cool... I digress, sometimes technology is just cool.

In bitcoin the hash problem is like “input into the hash function a (1) bunch of transactions along with (2) the hash of the previous block of transactions and (3) an arbitrary number N; if the hash function returns a value below some number D, problem solved, if not, increment N and repeat.” There’s no way to solve this problem except through iteration. So you set your computer to the background task of running billions of hash computations until it solves the hash problem. No rocket science here...

And that’s why it’s called “proof-of-work”. The problem is hard to solve, it requires work (consuming MIPS, and electricity). But once it’s solved, you can prove to someone else that you did the work to solve it. Just show them the data (a bunch of transactions plus the hash of the last block) and that winning number N and let them calculate the hash. If the hash value is the same below-D number that you say it is, they have proved that you solved the problem. The problem is hard-to-solve but the solution is easy for others to verify.

So this is how the bitcoin network timestamps transactions. The nodes on the network (“miners”) , actually "hashers", but not nearly as cool a name, collect transactions that bitcoin senders broadcast and each hasher, works at solving the hash problem over a set of transactions. Whenever a node solves the hash problem, it broadcasts the block of transactions along with the proof-of-work. The other nodes verify the work and start hashing on top of that block (i.e., including its hash in the input of the hash problem).

And this is what bitcoin means by “forming a record that cannot be changed without redoing the proof-of-work.” Nodes on the network build on top of the “longest chain” of blocks. If an attacker wanted to reverse the history, say, 5 blocks back, he would have to redo the proof-of-work of those 5 blocks before other nodes would start accepting that his version of history is the version (because it’s the longest chain). And that’s no mean feat. We will simply forget the issues with forks and how a single blockchain is generated, also a separate topic sometime, but for now a single blockchain is being built, typically 6 blocks ahead of an actually confirmed transaction..

This is a neat result. If every node follows the rule that the chain-linked set of blocks with the most work behind it is the blockchain, then every node’s local copy of the blockchain will be exactly the same. And if an attacker wished to maliciously replace part of the “sequence of events witnessed” by the network (eg, one where he made a big payment to someone) with an alternative version of history (eg, one where he didn't make that payment), he would have to redo the latest work of the longest chain, and do this work at a faster rate than the rest of the network combined. Hence, he needs to control in excess of 30% of the network’s total MIPS power. Of coucs there is an obvious defect in the above logic, as the block chain must grow, it becomes computationally infeasible (time taken) for any independent observer to actually download its own copy of the "total" block chain and verify all of the blocks and transactions from the "genesis" block, to the current transaction, but also a topic for another day.. let stick to the main thread of this blog..

And that, in a nutshell, is bitcoin’s security guarantee. If you’re comfortable believing that an attacker is unlikely to ever pull together more than a third of the network’s total computing power, you can trust in the blockchain’s record of transactions. Unlike with the case of a database hosted by a third-party, there’s no easy way for record entries to get “deleted” from the blockchain. As you can see there is no fancy maths behind the security of bitcoin at all. The only reason that a cryptographic hash function is used is that a hash-based proof-of-work problem has the property of being hard-to-solve-but-easy-to-verify. Any function which has asymmetry in solution/proof would do just as well. Without this asymmetry the network would grind to a halt if everyone had to redo everyone else’s work. But with a hash problem you can easily prove that you did the computational work to solve it, even though the solution is utterly useless maths. Hence it is now obvious that the the security behind proof-of-work is not “based on maths” at all.

If one takes nothing else from this blog, it should be that "bitcoin" is NOT backed by maths...


This is an economic model of security, not a cryptographic one. Proof-of-work requires an attacker to make a substantial capital outlay to have any chance of pulling it off. You have to buy the computing MIPS, pay the electric bill ect. In fact today, bitcoin mining is in more like a computing oligarchy than a computing democracy.  Sorry.. bitcoin "hashing", there is absolutely no Gold anywhere in bitcoin.

In bitcoin you have no way of authenticating the real-world identity of any node, this allows a single attacker to masquerade as a bunch of different identities and gain control of the network, no-one can tell whether 1000 nodes are really 1000 different people/entities or just one guy behind them all pulling the strings. Computing power alone equals voting rights in bitcoin. Now in the original bitcoin world, authentication wasn't an option, because if the real identities of the nodes are known to all, governments or criminals could compel those nodes to censor transactions and KYC/AML transaction senders.. or just criminalise the whole thing and arrest the operators behind the nodes.

Hence the bitcoin protocol is not only architecturally decentralised, it is also politically decentralised. The network has no gatekeepers, you don’t need permission to join. The only admission criterion to contributing to the network’s consensus is access to computational power. One could discuss the whole concept of the  Global "decentralised collaborative organisation" which bitcoin has effectively created, yes there lots of cool "social engineering" stuff within bitcoin, but also a topic for a another day.

As long as a majority of CPU MIPS power is controlled by nodes that are not cooperating to attack the bitcoin network, they’ll generate the longest chain and outpace all attackers.” But if an attacker has access to more than 30% of the network’s computing power, all bets are off!.

As at May 5, 2015, there were four major bitcoin pools each controlling at least 10% of the mining mining power. Together, they control 58% of the mining power. That means that if the four individuals operating these pools decided to work together, they could rewrite the bitcoin blockchain! And this assumes that each address is an independent group, which may not be a factual assumption.

Note there are some alternative to bitcoin systems proposing a "proof-of-stake" and slight modifications to this, as an alternative to "hashing power, but these all have the same underlying issue, its simply a matter of the point they all become "centralised".

Hence we are back at my opening remark, "bitcoin is a system in which the total security is based upon anonymous, programmers and crypto geeks, or anyone who has CPU MIPS, to always act honestly for the sole good of the bitcoin community".

The main protecting force of bitcoin today has been people's good will and lack of sophistication, and the fact that there is no real risk/reward in attacking the bitcoin mining network. We are still seeing the "early" adopter skewed rewards which still make mining disproportionally attractive. Some 80% of all mined bitcoins todate are still being hoarded. Where bitcoin value is "concentrated" and the rewards of a successful attack are higher, such as Mt Gox, millions were lost; bitcoins response, do nothing. I have seen posts where, the position is, any loss has nothing to do with bitcoin. Perhaps a valid comment for a group of crypto geeks, but not for mums and pops using bitcoin.
This is security 101, where risk is proportional to "one time loss",  threat source capability and probability of success. The greater than 30% of network computing power threat is actually directly related to the probability of success. Additionally the poor bitcoin tps is forcing lower block chain counts to confirm transactions, which increases this risk, as does the proposal to increase the bitcoin blockchain header size,and reduce the rate at which "hashing" is successfully.

If billions of dollars worth of securities are represented through meta protocols on the bitcoin blockchain, as some are eagerly trying to push..will result that attackers will have a way of constructing a scalable payoff for attacking the network. Acquiring a substantial portion of the network’s hashing power is not an insurmountable goal. What’s required is a sufficiently large monetary incentive to execute the attack. Putting billions of dollars worth of financial assets on the bitcoin blockchain materially changes an attacker’s incentives. Basically it increases the Risk of a loss. Managing risks is a fundamental part of any payment or securities exchange, they have teams of people that do nothing else, there is zero risk management within bitcoin.

As an example, in real world commercial applications, consider that many, single mainstream finance deals routinely outsize the entire market cap of all of the cryptocurrency currently in existence; this begs the question of how to properly incentivise transaction verification in the “trustless” model when a particular deal has more value than the entire market cap of the system.

Bitcoin transactions can then be reversed if the attacker is willing to make the capital outlay to acquire the hardware and expertise and pay the electricity bill required to pull it off (bribing a couple of large mining pools is probably the path of least resistance). For all we know, criminals may already be in the bitcoin mining community. If the attacker is successful, the attack in theory costs nothing, as the attacker collects the mining award of the blocks he solved that “replaced” the original transaction history, blocks that he made into a fork that is now the chain with the most work behind it.

It might seem crazy to the uninitiated that this “append-only” distributed ledger which is the bitcoin blockchain, by design, contains an avenue for deleting history. After all, everyone saw those blocks of transactions before they were overtaken by the attacker’s fork. Nobody will be fooled that the protocol’s “network timestamp” corresponds to the ordering of transactions that actually occurred. But that’s how the protocol works: the bitcoin blockchain is the chain of blocks with the most work behind it, this is bit coin voting in action. This is the price you pay for the censorship-resistant design.

Indeed, in the case of bitcoin, crypto-geekery offers nothing like an escape from the power dynamics within our society. One merely escapes to a different set of rules, not one controlled by ‘politicians’ or large corporates, but one in the hands of programmers and those in control of computing power. In fact there is no need for any real entity to be associated with any mining operation, it can simply be spawned MIPS based upon a set of "evolutionary" programming rules.

It is only when we think in these terms that we start to see bitcoin not as a realm ‘lacking the rules imposed by the state’, but as a realm imposing its own rules. It offers a form of protection, but guarantees nothing like ‘empowerment’ or ‘escape’. The concept of truly anonymous transactions are also not a fact within bitcoin.

When disassociated from the programmers who design them, trust-less MIPS based block chains floating above human affairs contains the spectre of "rule by algorithms".  end soapbox.


The Facts
To serve as a replacement for the legacy technology implementing book-entry assets, a distributed ledger of financial assets will have to ensure a tight correspondence between what the ledger and the law say is the state of who-owns-what. This is obviously incompatible with a protocol based on anonymous transaction validators; the law will not treat a ledger record as authoritative if everyone knows that the current longest chain contains blocks generated by an anonymous attacker who replaced a bit of history that was chronologically prior. But the bitcoin protocol has no mechanism for dealing with this scenario, no mechanism for bringing ledger state and legal state back into alignment. How could it…remember bitcoin’s design goal.

The financial system and its regulators go to great lengths to ensure that something called settlement finality takes place. There is a point in time in which a trade brings about the transfer of ownership–definitively. At some point settlement instructions are irrevocable and transactions are irreversible. This is a core design principle of the financial system because ambiguity about settlement finality is a systemic risk. Imagine if the line items of financial institution’s balance sheet were only probabilistic. You own X shares of Y with 97.5% probability. That is, effectively, what a proof-of-work based distributed ledger gives you. Except that you don’t know what the probabilities are because the attack vectors are based not on provable results from computers science but economic models. Do you want to build a settlement system on that premise?

Of course not. And you don’t have to because there are many ways to design distributed, shared ledgers, depending on your goals. And I’ll venture to guess that censorship resistant securities transactions is not the reason why financial institutions are looking at distributed consensus technologies. Their goals are rather different from bitcoins’s. Increased transparency is one, largely driven by the belief that regulators will grant concessions on capital charges for trades cleared through settlement systems that offer this. Efficiency through automating the back office is another. But probably the main goal is increasing the speed of trade settlement.

Now a few more facts, bitcoin is currently globally processing ~ 4.8 tps over the last six months I looked for this blog, and has a theoretical maximum of 7 tps. Yes this is less than 10 tps to run a global securities settlement system on, so why is there any discussion linking bitcoin and securities settlements? Do these proponents actually understand what they are suggesting, or is it the "dot com" boom/bust cycle all over again.?

Nothing in what I have said here is meant to take away from the inspired, solution that bitcoin implemented for censorship resistant digital cash. There is no reason why society should not have a digital cash that replicates the same anonymous and permission less properties that we already enjoy with physical currency, be it with higher risks. The point of this blog is to demonstrate why bitcoin is not suitable for assets with significant value and hence one time loss i.e Risk.. and in particular is not suitable to "anchor" any of these transactions, via abstraction.

The ongoing proposition that security interests and other property titles should also be cast in the same bearer asset needs to stop. Few actually want this, and, anyway, few jurisdictions will actually allow it. (In fact, it’s looking increasingly likely that few jurisdictions will even grant bitcoins bearer asset status.) This is not a serious idea.

If you are prepared to use trusted third parties for authentication of the counterparts to a transaction, I can see no compelling reason for not also requiring identity authentication of the transaction validators as well. By doing that, you can ditch the gross inefficiencies of proof-of-work solution that is not only tens of thousands of times more efficient, but also places a governance structure over the validators that is far more resistant to attackers than proof-of-work can ever be.

Scalability, Consensus and bitcoin blockchain stuff...
Scalability is now at the forefront of the technical discussion in the bitcoin scene, and it has not yet being used, in a "commercial" sense. This is one fundamental issue with all bitcoin derived or variants designs that needs to be addressed. Out of all of the various proof of work, proof of stake and reputational consensus-based blockchain designs that have been proposed, not a single one has managed to overcome the same core problem: that every single full node must process every single transaction. Having nodes that can process every transaction, even up to a level of thousands of transactions per second, is possible; centralized systems like Paypal, Mastercard and banking servers do it just fine. However, the problem is that it takes a large quantity of resources to set up such a server, and so there is no incentive for anyone except a few large businesses to do it. In bitcoin all of the resources are being focused on useless "hashing". Should this happen, then those few nodes are potentially vulnerable to profit motive and regulatory pressure, and may start making theoretically unauthorized changes to the state, like giving themselves free money. All other users, which are dependent on those centralized nodes for security, would have no way of proving that the block is invalid since they do not have the resources to process the entire block.
Additionally a simple analysis of these approaches will easily show they, they all deprecate to a "centralised" solution at some point, the concept of distributed consensus is an illusion, and cannot be relied upon to form the basis for any block chain security.

Risks
Below is just a quick set of risks, I considered after a couple of hour looking into bitcoin; these are not meant to be a definitive, or complete set of residual risks within bitcoin, they simply illustrate the lack of basic "commercial, and security considerations" which existing security settlement solutions have gone though over the last 20 years.  Some of them can be ready addressed in future evolution of bitcoin, others not so sure.. the point is they were not considered, and potentially many more exist today, which can be exploited, leave that task to the "bitcoin" experts.

Some are fundamental security policy issues, others are just basic design defects, and yet others are normal commercial considerations, which any bank or market participant or exchange would traditionally consider, as part of any due diligence on any new protocol.

Transaction Ids and Transaction malleability risk?
Due to a basic design flaw in the bitcoin network.. a lone programmer with nothing else to do,  decided in the first week of October to attack the bitcoin network, by exploiting the transaction malleability defect.
"Whether amaclin is telling the truth is hard to verify. But the fact that he could be telling the truth, the fact that a networkwide attack on the Bitcoin network could be carried out by a bored individual with some coding skills, is probably quite telling in itself."
Gosh, one cannot "trust" every programmer in the world, who would have thought?

"Additionally, amaclin argues that Bitcoin is fundamentally broken. He specifically points out that the incentive structures of Bitcoin’s development process do not align well, as users are not incentivized to reward developers for their work building and maintaining Bitcoin. By attacking the network, amaclin believes he is revealing that only a small number of developers can fix the issue, while most Bitcoin users expect them to do so for free. That is an unsustainable proposition, amaclin says."
Probably the truth?

Front Running?
If a malicious miner sees a big buy order coming into the market that would move the price significantly, they can engage in front running - the buy order could be pushed to the back of the queue or even left out until the next block, while the miner buys up all of the current stock and re-lists it at a higher price to turn a profit. Remember typical security exchanges operate at light speed compared to bit-coin. Alternatively, when they see there is a high market pressure coming in,  they can buy the orders up one by one by using their power to include any number of their own transactions into a block for free, and similarly re-list them for people to buy up.

Smart Contracts?
The miners could also try to influence some time-sensitive contracts - maybe some contract deadline is about to come up and the miner stalls the transaction by one block? That could change the outcome of the contract.

All in all, there is a lot more a malicious miner can skew in their favour within an asset system than they could do in a traditional currency system like bitcoin.

Terms of Service?
There is no terms or service, which "hasher's" follow?
Who are you going to call when that "fat finger" moment occurs, well no-one!, as everyone is anonymous..

Legal Risk?
Any existing legal system will likely never recognise a system of property titles that can be reversed by anonymous or pseudo anonymous "validators". In a number of proposals I have looked at it is impossible to quantify  the probability of a history-reversing attack ( as it is economics based security, not technical).

Regulatory Risk?
An unregulated payments and currency system with no AML, why is it still operational?
The real answer is straight forward, as shown below, this may all change when bitcoin moves from the too-small-to-care into the too-large-to-ignore space?

Sacrificing safety over liveness and fault tolerance
The Fischer Lynch Paterson impossibility result (FLP) states that a deterministic asynchronous consensus system can have at most two of the following three properties: safety (results are valid and identical at all nodes), guaranteed termination or liveness (nodes that don’t fail always produce a result), and fault tolerance (the system can survive the failure of one node at any point). This is a proven result. Any distributed consensus system on the Internet must sacrifice one of these features.

What happens when consensus is not reached: A fork in the ledger.


Security
Any security professional knows that crypto is != to security. Trust (security) is only as good as its weakest link, in the case of bitcoin there is no security policy at all, anyone can do anything including storing "keys" on insecure Operating Systems, the very first real crypto currency Mondex, back in 2001 understood this basic fact, yet some how in the intervening years this fact have been  forgotten. Existing cash, which bitcoin is trying to replace always has had minimal security mechanisms, yet none exist in bitcoin. Like every existing payments system today, at a minimum all keys must be protected within a HSM, pretty basic stuff.

Algorithm Agility, have we not learned anything from the 20 years of electronic payments experience? The cost associated with the DES->3DES->AES changes were enormous as no thought went in originally to the longevity of crypto.. Any block chain ledger must from day one be Algorithm Agile, not only to future proof the system, but also to support different "risk" profiles.
This is the same issue with the payments block chain as well as any secure block chain..

Hash Codes 
I keep seeing people confuse "hash" with encryption in almost every bitcoin discussion; but the more worrying usage is the growing use of hash chains as security enforcing functions. There is a reason why digital signatures are used, and not just hash chains alone. This usage is becoming wide spread in "side chains" and other applications linking to the bitcoin block chain, one such group claims this security "vulnerability" as a "feature". Hash chains, like their precursor hash tables, have there usage; but not in this context, the reasons are two fold a) hash values are not unique, they have collisions, when used in a hash table or chain they have limited scoipe to prevent the effect of any collisions, b) hash chains can easily be changed (recalculated), see asymmetry in POW above. This vulnerability was one of many reasons, why digital signatures are used rather than hash values or even chains alone.
Same old collective amnesia in action again. Hash collisions is the exact vulnerability which was exploited in the successful bitcoin transaction malleability attack above.

Point two, to take away "Hash" values are Not guaranteed to be unique, they only guarantee that a single bit change in input will produce a different resultant hash output.


Commercial Risk
Bitcoin miners can simply stop processing any transactions from any bank they believe does not act in their, or there perceived community interest, this is currently happening in bitcoin today where some miners are ignoring single low value transactions, there is nothing in the bitcoin protocol that required any transaction to actually get onto any block in the block chain.

"About a week ago, lead Bitcoin developer Gavin Andresen quietly introduced a patch that would add a fairly significant change to the transaction propagation rules: any transaction with any of its outputs less than 5430 satoshis (0.00005430 BTC) would be classified as non-standard, and will not be included or further propagated across the network by default miners."

The code could be modified to say all transactions with Address of say ANZ, CBA, or Westpac, will not be processed, there is no one in control of bit coin, anything is possible. Similarly groups using bitcoin to "anchor" other assets, could simply find they are "removed" from the network. Many bitcoin developers already object to "coloured" coins usage of the bitcoin block chain..

Also today, for less than 2BTC in fees an actor can disrupt and clog the bitcoin network for hours..

Control/Ownership Risk
Its a simple fact, all banks, market participants ect, want to own and control the block chain ledgers which underpin their business.  They have shown they are willing to let a third party like SWIFT handle cross boarder, low level connectivity networks but that is about as far as it goes..
The concept of any bank or participant all using a single "uncontrolled" public bitcoin block chain or anything that relies on it, is commercially flawed, and will not fly.

All Banks and exchange participants, "need" to own and control all aspects of the Block Chain Ledger Technologies, without any fear of patent infringements..

System Risk
A settlement system, is much more than just a blockchain. What is required is a complete eco-system which has all the resources to make and keep it secure.
At a minimum it needs

  • HSM backed keys
  • BYOD mobile device management, loss, theft, compromise
  • Secure Identity, with optional full AML/KYC
  • Scalable, distributed solution for at last 1 Million transactions per day per settlement node.
  • Support for real-time "liquidity" viability
  • Support various risk profiles, via selectable algorithms, must be able to address future quantum computing advances without destroying any past transaction.


Where to now?
Ok, so the above is a bleak picture for all those groups, blindly linking applications, other than bitcoin to the bitcoin block chain today..

In short DONT!


KISS to the rescue..
A solution to all of the bitcoin issues above, is very simple to understand and commercially available today, and yes, can support ~ 10,000 tps per distributed node. These Block Chain Ledgers are based on well understood accounting principles such as  "Triple Entry Accounting", which is an evolution, not revolution of double entry accounting, and good old cryptographic "Block Chain".  Block Chains and Ledgers have existed for at least three decades, nothing radical here. These Block Chain Ledgers use tried and tested, for at least the last 20 years algorithm suites (not the one in bitcoin), are algorithm agile, and can transparently adapt to future threats. Expect to see these delivered as total eco-systems i.e "settlement-in-a-box" which can be owned and operated (including patent protection) by various parties, which run in conjunction with existing settlement systems. The existing system will never change, its is not commercially viable..

See just one such solution, the first Payments-> Public Block Chain Ledger.

Lighter side..
As an English speaking person, the  correct description is Block Chain, not blockchain.. the noun is "chain", and the adjective is "block".. see history below...Life is too short sometimes..

History before bitcoin:
  1. Double Entry Ledgers, from 1299
  2. Hash functions, from 1970's
  3. Chain of hash entries, BSD rtable, 1977
  4. Merkle tree, Ralph Merkle 1979
  5. Cipher Block Chain (CBC), 1981
  6. Concept of electronic cash, invented by David Chaum, 1983.
  7. Byzantine Generals Consensus algorithms, 1983.
  8. Elliptic Curves, discovered by Certicom in 1985.
  9. First citation of "block chains" Open-Architecture Computer Systems, 1987.
  10. X.509 certificate chain (chain of hash, signed records), 1988
  11. FinTech, from 1990.
  12. First commercial cryptographic based currency, Mondex 1994
  13. Block Chain Ledger, Patented 2000
  14. Bitcoin, 2009


Acknowledgements
http://web.cs.ucla.edu/classes/cs217/Baran64.pdf
https://en.wikipedia.org/wiki/Proof-of-work_system
http://www.slideshare.net/MrCollectrix/the-distributed-ledger-landscape?related=5
http://www.technologyreview.com/news/525676/academics-spy-weaknesses-in-bitcoins-foundations/
http://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf
http://www.cs.cornell.edu/~ie53/publications/btcPoolsSP15.pdf
http://www.technologyreview.com/news/540921/the-looming-problem-that-could-kill-bitcoin/
http://www.technologyreview.com/news/537486/leaderless-bitcoin-struggles-to-make-its-most-crucial-decision/
https://www.youtube.com/watch?v=Lx9zgZCMqXE&feature=player_embedded#t=7
https://erisindustries.com/components/erisdb/
http://arxiv.org/pdf/1311.0243v5.pdf

Without permission, anyone may use, reproduce or distribute any material in this blog for noncommercial and educational use provided that the original source is cited.

Disclaimer The contents of this site should not be understood to be an offer for sale of any payment , currency, security trading or settlement systems, accounting, taxation or investment advice but rather as general educational information that may or may not meet your specific requirements.

Sunday, July 12, 2015

Superanuation, Block Chain Ledgers and Digital Auditors

Following several auditing scandals, the most notable the Enron Scandal in October of 2001,for the first time in its modern history the global audit industry lost its most precious asset: public trust. Although the industry has since recovered, and the rules have changed to limit the risk of another scandal of similar proportions, the potential for auditor fraud, as uncovered in 2001, still remains.

Over the course of the evolution of financial markets, there was an obvious and increasing need for a system of public accountability. Traditional methods of accounting and bookkeeping allowed companies to record and report their financial information in a standardised format that could be more easily digested by fund members and public investors; but without adequate trust, the public was often left at the mercy of self-interested businesses.

The Auditor
An audit is quite simply an opinion provided on the financial statements of a Fund or Company based on pre-determined accounting guidelines (most commonly International Accounting Standards). The role of the auditor is to provide the trusted voice that states that opinion. On this, an enormous and lucrative industry has been built, with the majority of large players in global financial markets being audited by the “Big Four”.  Our Australian Superannuation sector has mandated yearly audits as part of the public confidence in the Superannuation system.

The evolution of bitcoin, and more recently specialist standard double entry accounting systems with integrated Block Chains, has been discussed as being potentially disruptive in the context of many major industries. In different scenarios, significant variations of block chain architectures have been suggested. Bitcoin, the most common use of a block chain, has proven to be tremendously valuable as a perceived network for broad transparency and security, where public participation and visibility is is essential element of this trust. This contrasts with the secretive nature of almost all Superannuation Funds worldwide, a similar situation applied to most investment managers,

Recently we have seen the emergence of both Public (bitcoin like) and Private Block Chain Ledgers, the latter have greater flexibility for data privacy and authorised access. In many implementations these are  based on standard double entry ledgers with block chain security applied to them, nothing radical like bitcoin, just a natural evolution of accounting systems.
Across this spectrum (from fully public to private) lies the solutions to many of the world’s centralised data problems, including financial reporting and auditing. The first commercial Private Block Chain Ledgers for the superannuation industry was released in 2015, we expect to see the first truly decentralised (bitcoin has a single distributed block chain)  Public Block Chain Ledger within the same year.

Problems and Opportunities
Those familiar with accounting will understand the concept of double-entry bookkeeping, as being an evolution “from single-entry, which just recorded what happened, to double-entry, where what happened has to be explained by reasoning with another account. So if you don’t have an explanation, you can’t have an entry”.

This is the basis of debits and credits in accounting, where one account tracks a balance and the other an event or activity. Over the course of an operating period, balances above accumulate with each additional entry. By the end of the year, Fund X may be accumulated balances for each of its members after all contributions, investment activities and payments are netted together.

This is the point in time where the auditor comes in. Because Fund X is accountable to its members, they require accurate financial statements to characterise the Fund activities and their resulting member benefits.

In essence, the auditor will test a reasonable sample of these balances, and the transactions they are comprised of, to make sure that the reporting is “close enough” to the truth (based on the materiality of the Fund). Often, the auditor’s test will include communicating with the respective parties to have them confirm the balance reported on Fund X’s financial statements.

In addition to this entire process, consider that for each customer and supplier, there could be another auditor testing the very same transactions on the other end. In terms of instances of redundancy and inefficiency, this is one of global proportions.

The Audit Premise
The audit processes involved in the scenario described above have remained relatively unchanged for decades, with slight improvements to change the nature of the information from paper to digital, but without questioning the underlying premise and the role of the auditor. The technology of a Block Chain Ledger is very well suited to address this scenario.

With the ability to compare accounting entries between two parties, while maintaining data privacy, this solution could significantly reduce the reliance on auditors for testing financial transactions. Once a match is posted to the block chain ledger, the transaction is time stamped and irreversibly recorded. each and every transaction and flows between systems can be verified from the source. You have the debit, the credit, and the confirmation by the network.

A block chain ledger solution could essentially allow for an automated third party verification by a distributed network to ensure that transactions are complete and accurate and unalterable.
As described, it is difficult to properly convey the size of this opportunity. The use of a block chain for the purpose of audit is unique from other uses as audits impact all industries and are the fundamental basis by which global financial markets are trusted by superannuation members.

The use of  private and Public Block Chain Ledgers, will revolutionise the audit process and significantly enhance the confidence in the Superannuation Industry. The rate of change in this area is truly amazing, and like all disruptive technologies there will be the inevitable winners and looses.

The future of secure Block Chain Ledgers and the next generation of digital audits is here today..

Further Reading

Triple Entry Accounting, and Secure Block Chain Ledgers.

Public Block Chain Ledger for Accounting, SMSF, and Portfolio processing.



Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Wednesday, June 17, 2015

Free, Real-time Gross Settlement system (RTGS) for everyone, with a mobile phone.

Today, "money" is a in all cases a bag of bits within a computer system, gone are the days of bank vaults, guards or burglar alarm systems. Money is today sent for close to zero incremental cost between computers. The real costs involved in monetary payments, is securing the 100+ year old double entry accounting systems, and the mass of clerks and auditors who keep  "payment systems" and decade old payment networks like SWIFT running, and manage the risks associated with any losses. To be fair there is a "significant" regulatory cost imposed on banks, and payment systems as well, but these do not match the excessive payment fees which exist today, this is what creates the opportunity. If existing financial institutions offered a free payment service, or close to costs, once they isolated or upgraded their old world insecure accounting systems, than a new global service would get wind in its sails. The system proposed herein is the next generation of Real-time Gross Settlement Systems (RTGS) where all transactions are atomic, instantaneous and irreversible, and have the ability to execute in a distributed orchestrated data and processing environment, including P2P, even if the P2P is not the most likely first commercially deployable option.

Back to reality
An observation; there is "significant" amounts of money going into bitcoin related "block chain" activities, which will never become "verbs" such as to "Google" to "Xerox". There is no truly disruptive technologies evident in this space, which is probably not surprising given the focus on banks and their involvement combined with the massive amounts of profits made from processing payments today. A free payments system is simply not on anyone's agenda, it is typical to see recent graduates as heads of Banking block chain groups, or it is a part time activity for the non executive banking staff..

Like most entrepreneurs, one looks to the "big vision" which can "change the world", and make life better for all. Making money comes as a by product of achieving the "vision" or getting as close as possible, a fundamental different view of the world from the typical banking executive.

The Bill Gates foundation has spend billions trying to solve third world health problems, such a malaria, a free payments system which creates wealth for individuals, can more effectively address third world health issues, than any cure. Poverty unpins many third world heath problems.

There is a saying "Teach a man to fish and he can feed his family forever" in this case enabling third world populations to securely participate in the global economy, we envisage will bring lasting change for the better for everyone. The "Vision"..


Hence if payments, are the focus, rather than a total "Block Chain Ledger for Everything" solution, a vision which is consistent and a subset of the Secure Block Chain Ledger Vision, is a world with a fully decentralised and totally free payments system which is available to anyone who has only a mobile phone.






If one looks at the bitcoin network, it by design drives up the cost of a each transaction, some say its sits at ~$10 per transaction today, totally the wrong approach, its this basic.

Considering the references listed below, if one combines "triple entry accounting", the Private and Public Block Chain Ledgers and Secure Identification Numbers(SIN), and lastly BlockAuth then the implementation of a secure payments system becomes very simple, especially as almost all of the technologies required exist as freely available software today. To support a wide range of eCommerce, the same protocol supports orders and invoicing as well as payments, the two should not be separated.

As all public Block Chain Ledger entries are atomic and instantaneous, and in reality have close to zero incremental cost, then all payments should also be free, this underpins the vision.
We expect the wide availability of free payments, to have the potential to increase the GDP of many third world individual and countries, and lead to an improvement in the wealth of  all.

Today Cloud Accounting for sole traders, and Superannuation Funds is free, no-one needs to pay for accounting software, why not free payments as well.

This result will be truly disruptive to the existing old world, when combined with a fully decentralised Public Block Chain Ledger, and secure payment protocols, making use of the almost universally available global mobile phone platform and free software.

Key Features
  • All payments less than a threshold, say $10,000 are Free
  • Real-time, atomic, cryptographically secured, fully decentralised Public Block Chain Ledger, participating in a "Triple Entry" accounting ledger protocols.
  • Explicit for FX transactions as required, no explicit gateways or exchanges required.
  • All transactions appear instantly on the distributed distributed Public Block Chain Ledger
  • Requires only a mobile device, with internet access,lightweight data usage
  • Suitable for both first and third world participants, bring into the commercial world the existing disenfranchised populations.
  • Supports payments to and between individuals who lack first world bank accounts or  identification
  • Based upon well known double entry accounting systems, with addition of secure Block Chain Ledger technologies. Private Block Chain Ledgers do not need a single or standard technology solution set, only that they can publish and participate in supporting the global distributed Public Block Chain Ledger protocols
  • Reuse of as much bitcoin technologies and available free software as possible
  • No bank account required
  • Saleable from micro payments though to any value, recognising there may be additional measures required to address additional risks or compliance requirements.
  • Supports anonymous and non anonymous payments via SIN and SIN attributes.
  • Non anonymous SIN required for all transaction amounts above $10,000.
  • Support for commercial Orders and Billing within common payments protocols
  • Any taxation is held within the Private Block Chain Ledgers, all payments are considered tax free as is the case today.
  • Makes use of IMEI within Mobile device SIM cards.
  • Practical unlimited value, is capable of being held within the distributed Public Block Chain Ledger, there is no hard protocol limits as there are no limits within the underlying double entry accounting systems. No wealth or money is created within the Public Block Chain Ledger or payments system.

What about Banks
What do financial institutions want?  Cryptographically verifiable settlement and clearing systems that are globally distributed for resiliency and compliant with various reporting requirements.

What role would banks play in a distributed free value transfer world?
Banks can continue with their existing functions, especially in the early stages, but are not a fundamental element of the solution space, especially for sub $10,000 value transactions with SMEs involved in  B2B, C2B and C2C type payments. In fact banks can use these same underlying technologies to bring their own ledgers into the modern digital world we all live in.

They also play a role in the Secure Identification Number (SIN), when there is a requirement for non-anonymous attributes being applied to the SIN, to support a range of commercial payments and regulatory frameworks, but like above this is not a mandatory element of the solution. And other providers will appear over time, like market place "ratings ect) all variations of SIN attributes are supported. One of the objectives is to support payments from people who have no bank accounts and no first world identification today, and are locked out participating in global eCommerce today.
The one palce that banks will still maintain an dominant position is the supply of "cash" most likely via ATM's for the various local communities, we don't envision the total replacement of "cash" and do not see anyone removing the dominance and convenience of ATMs, we would hope that they can be integrated into the free payments network, even if "cash" dispensing will probably never be free.

Banks also have significant risk management expertise, and in many cases this is a requirement of a successful transaction, especially as the transaction value increases.

But banks are optional parties within any payment transaction, it is the participants choice, in any decentralised solution, Opt-in is always the prim objective.

Why Mobile Phones
In many third world countries, without any banking or credit card systems the only technology that exists is a mobile phone.

Many of these countries rely almost entirely on services like "Western Union" to provide universal basic and not free money transfer and payments, western union is the practical "currency" in many countries.

Many developing countries have encouraged mobile phone companies to invest in infrastructure, the story of a home without any electricity, but with a solar charger for their mobile phone is not something unique today. Hence it is an obvious choice to base any global universally available payments system on this infrastructure.

Why the existing RTGS system is broken and cannot get anywhere close to FreeThe answer is obvious refer to the figure below, its nowhere close to KISS..




The Solution, Key Technologies
  1. Hardware secured and protected ECDSA, and ECDH keys and key chain ( July 2015)
  2. Secure Wallets on mobile devices (mostly available free today, just needs linkage to hardware key chain above).
  3. Secure Private Block Chain Ledger (available today)
  4. Secure Public Block Chain Ledger (available today)
  5. Secure Identification Number(SIN) (complete infrastructure operational today)
  6. SIN attributes for non anonymous  transactions (available today)
  7. BYOD management for device compromise (available today)
  8. BitAuth between key chain and mobile device ( available today)
  9. Scaleable, algorithm agile eco-system (available today)
  10. Payments protocol (in development)
A new and exciting word is almost here..

Reference Implementation
In the reference implementation, using a commercial hash keyed database, ~10,000 blocks per second could be processed. This is for each of the distributed PBCL nodes within the PBCL's; hence the total processing of the PBCL is practically unlimited. The reference implementation also supported ~ 5,000 read operations, this asymmetry is typical of commercial databases.  The performance is relatively independent of the number of transactions in the distributed PBCL up to the tested 1 Billion transactions. Due to the decentralised nature of the PBCL, this poses no technical transaction processing limitations, and should easily exceed any existing global payments system.
All transactions within the PBCL are atomic, instantaneous and irreversible.

Performance Comparison:
·         Bitcoin 7 tps
·         PayPal 115 tps
·         PBCL 10,000 tps for each BPCL node, unlimited across the global PBCL
·         Visa network <56,000 tps

Storage Comparison
·         Bitcoin, at very high transaction rates each block can be over half a gigabyte in size
·         PBCL typically less than 500 bytes per transaction



References
1. Free hardware generated and protected Bitcoin Private key and key-chain.
2. Identity Theft and the Digital World.
3. Triple Entry Accounting , and Block Chain Ledgers
4. BitAuth, Decentralized Authentication for the mobile digital world


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Monday, June 1, 2015

Triple Entry Accounting, and Secure Block Chain Ledgers..


The magic in this space is what we sometimes hear called triple entry, which is highlighted by the bitcoin block chain’s success in mounting an independent currency over a shared ledger.

We all know how insubstantial internal ledger entries are, and how we can really only rely on them to the extent that we trust our internal processes (e.g. who can forget the Enron events of 2007 leading to a popular view that accounting and audit have failed us).

On the other hand, we also see how solid payment systems are. Whether bank- or Government- or private-run, payments generally work. When these multi-party activities do not work, all hell breaks loose, and people run, sometimes quite literally, to other systems.

When accounting ledgers break, we sigh and move on. Triple entry, via Block Chain Ledgers takes us from the unreliable fantasy of the accounting entry to the hard concrete reality of the payment: the secure distributed Block Chain Ledger is as solid as a bitcoin payment.

Quite simply, the basics of accounting have not changed for hundreds of years.
Today, the many well known issues are trying to be addressed by formulating new rules, employing more auditors and investing in more IT infrastructure. This is the wrong approach.

I believe most of the above are solvable by doing four things;
  1. Make accounting of a business activity an integral part of that activity. Instead of treating it as a separate process. What if the invoice was the journal?
  2. Sharing data between entities. Any business transaction involves an agreement of value by one or more parties. Privacy is not a problem as all parties should be recording the same data.
  3. Using cloud accounting ledgers. Enterprises maintain simple private ledgers. Cloud APIs allow for easy integration and the development of APPS.
  4. Securing each ledger, with private block chains, brings existing accounting systems into today's digital world, without throwing away everything ( like bitcoin has done).
Bitcoin achieves the first two things for cash payments. By creating and signing a Bitcoin transaction, one generates a proof (which is consensus verified) that the transaction happened and they had the rights & obligations to the unspent transaction outputs referenced in the transaction.

This doesn't mean that bitcoin should replace double entry,rather it augments the traditional accounting system ledger by providing a way for parties to share certain transactions as if they were as solid as payments.

E.g., when Alice Ltd wants to pay Bob Ltd, Alice will no longer rely on its accounting systems alone to describe this situation, and neither will Bob. Both of these parties will share a “receipt” that is cryptographically signed by some party that has mediated it (could be an existing bank such as ANZ, the Reserve Bank of Australia, or it could be VillageMall).


Triple entry accounting is very simple, as shown above, there are three parties, each holding a copy of the same receipt, hence the label "triple entry". In the Bitcoin world, that middle inter-mediator is the bitcoin block chain and the two other parties are the Wallets.

The receipt or public book above, itself is strong because it is cryptographically authorised by the payer, and cryptographically signed off by the mediator (as a minimum). It represents such solid evidence that it is practically irrefutable in terms of the facts on record, and it is trivially automated in audit terms.

Holding this entry is far more flexible than Alice and Bob relying  solely on their double entry systems because firstly you can build the double entry systems out of the collection of receipts any time you need them, and secondly, it is so strong that it can be used as evidence to create derivative claims. E.g. it’s a set-up for securitisation or loaning contracts or other more advanced uses. And, it’s a lot easier to audit because it is such solid evidence.

Back to bitcoin and its block chain. This is the first social experiment in a large scale triple entry issuance. In part, seeing what happens on the block chain generates excitement because we perceive an ability for any company to turn its stalled internal assets into contracts that are then dynamically mediated through cryptographic receipts.

Once one can issue all the accounted assets into a triple entry arrangement that others will instantly respect, finance will democratise.

Savings for every Accounting Ledger
According to Santander (2015), "distributed ledger technology could reduce the banks' infrastructure costs attributable to cross-boarder payments, securities trading and regulatory compliance by between $15-20 billion per annum by 2022".

So where are we at today?
With the release in 2004 of commercial Block Chain Ledgers the double entry accounting of each party Alice and Bob can now be secured, and audited via their individual "Private" Block Chain Ledgers. With the introduction of a intermediary or Public Block Chain Ledger (public ledger above), and communications based upon existing bitcoin block chain protocols, today we have a full implementation of a commercial "triple entry accounting".

Where each end accounting system and the intermediary public block chain provide a "secure"  distributed triple entry ledger.

This concept can be expanded, Bob above can maintain a local ledger containing all its adjustments, however it can also maintain a distributed ledger which contain details of all transaction or contracts. As the distributed ledger is agreed upon by all participants and there are digital signatures to provide a degree of non-reputability, Auditors can rely on this ledger. The auditors job starts getting easier, finally the digital world helps to secure old world double entry systems.

Worked Purchase Contract Example:
1. Alice -> Purchase Widget from ->Bob.
2. Bob  ->Ships Widget and Invoice -> Alice
3. Bob -> Posts journal  DR Account Receivable, CR Income to Private BCL
4. Posts Transaction, with unique TxnId to Public Block Chain Ledger(PBCL)
5. Alice-> Posts Transaction DR Expenses, CR Accounts Payable to Private BCL
6. Post transaction with same TxnId to Public Block Chain Ledger(PBCL)
7. PBCL-> combines messages 4, and 6 along with their signatures (Contract)
8. PBCL-> countersigns and timestamps the combined message 7, along with transactions (i.e DRs and CRs)  and posts to the PBCL.

Worked Payment Contract Example:
1. Alice -> Pays ->Bob.
2. Alice-> Posts Transaction CR Bank, DR Accounts Payable to Private BCL
3. Posts Transaction, with unique TxnId to Public Block Chain Ledger(PBCL)
4. Bob->Receives Payment->From Alice
5. Posts journal  CR Account Receivable, DR Bank to Private BCL
6. Posts Transaction, with unique TxnId to Public Block Chain Ledger(PBCL)
7. PBCL-> combines messages 3, and 6 along with their signatures (Contract)
8. PBCL-> countersigns and timestamps the combined message 7, along with transactions (i.e DRs and CRs)  and posts to the PBCL.

I believe that while the above could represent a practical Public Block Chain Ledger,  the commercial reality is likely to drive a range of specialist PBCL, i.e. each focused on a specific use case. Collectively these will form the globally decentralised Public Block Chain Ledger.  Each segment of the PBCL is navigated using Internet DNS entries, within the domain blockchainledger.net. An example of a reference specialist "payments" PBCL is provided at the end of this article.

In the case where a bank is offering the PBCL the changes to the above example are trivial. The point is all types of interactions P2P or traditional intermediary are supported. In the case of a bank intermediary, the Public Block Chain Ledger for each entity would simply be their "Bank Statement". The unique aspect of an architecture with both private and public Block Chain Ledgers, is that the distributed PBCL supports all "between" entity transactions, and hence the concept of "gateways" as used in almost all crypto-currencies is not required. With the PBCL and P2P transactions there is no settlement or clearing delays, as all entries are atomic and instantaneous. In the case of no intermediary there are some addition joint signatures required to secure the transaction, over the intermediary signature used, but all standard crystallographic techniques.

The fully distributed Global Public Block Chain Ledger is the record of truth, and available to all, the atomic nature of all Block Chain Ledger transaction, allow instantaneous transfers to occur.

In fact when the PBCL is applied to P2P payments, we do not see why all payments should not be free, as our analysis shows the incremental cost is close to zero, and each Private Block Chain Ledger can easily support its part of the decentraliced PBCL. The same could be applied to all commercial transactions which are capable of being processed though an accounting system,virtually everything.

An enhancement within the Block Chain Ledger over bitcoin, allows each and every block to have a unique private ECDSA key and the digital time-stamped signature, is applied atomically to each transaction block, This enhancement allows instantaneous sealing of each block and all transactions in time, plus traditional bitcoin identification of each block (address) and hence the ability to instantly post to the PBCL, this also supports detection of duplicate transactions, as the private Block Chain Ledgers cannot be changed or altered in any way by either Alice or Bob, the PBCL can request the parts of the block chain necessary to validate each Private Block Chain Ledger before signing the triple entry.

The public block chain ledger provides a real-time, atomic transaction, and reporting system.
The atomic transaction is completed once the PBCL entry in 8 above is posted to the PBCL, each party Alice and Bob and anyone else can verify the "Contract" or transaction, with a deterministic level of non repudiation.

An auditor can request all transaction data, and if required can counter sign, a Block within the PBCL and hence bind parts of both Alice and Bob's private Block Chain Ledger and also the PBCL in time (see BlockAuth detached time-stamp signature specification).

The point is that if one is inherently happy about Transactions then the accounting and audit process becomes much more simple; no need for reconciliation's or for an auditor to mess about with 3rd party confirmations (which are almost never returned!). An auditor can also gain 100% assurance into existence and completeness of transactions with counter-parties – this is the holy grail of audit.

As mentioned in the above comment, this is super useful, not only for audit. Due diligence, tax reporting, generating data for financial reporting also benefit, in fact almost everything benefits form this approach.

Bitcoin already contains a set of protocols which will allow interaction between each Private Block Chains and the Public Block Chain, with minor tweaks, this existing code and network, allows a kick start to a more commercial set of Block Chain Applications, that in most part have nothing do with digital money. Additionally as the Block Chain Ledger is based on traditional double entry accounting systems a mixture of P2P and more traditional Public Block Chains can be utilised. As above the Reserve Bank could run an inter banking Block Chain Ledger, that has all of the existing frameworks, but in this case actually secure and suitable for the modern "digital" world we all work in.


Welcome to the Internet of Value.
The intermediary Block Chain Ledger is in fact "signing off" or witnessing, both sides of the block chain ledgers transaction, this is in fact the "Contract" process, the ledger Transactions could be stock trading, property sales, or in fact anything that can be processed though a standard double entry accounting system.

The Internet of Value’s ubiquitous, seamless, comprehensive and secure method of transferring value allows for the distribution of value in all sorts of novel ways.

Some obvious use cases:
  • syndicated loans
  • trade finance
  • supply chain provenance
  • asset provenance
  • clearing/settling
  • cross boarder payments
  • inter-bank payments
  • identity/data authentication
  • private stock/equity issuance
  • contracts 
  • global P2P payments

Implementation example.
Theory, is fine, but one also needs concrete commercial examples, one such implementation is The Cognition Cloud Accounting Engine, which due to the design, as a modern Cloud based double entry Accounting Engine; which is required to process high volumes of transactions, the internal design is consistent with the design requirements of a Private Block Chain Ledger, in fact each cognition ledger has a fully integrated Block Chain today, using existing bitcoin technologies.
The BlockAuth Detached, Time Stamped, Signature , has already been implemented in commercial Private Block Chain Ledgers, such superannuation funds in 2015.

The building blocks are here today, allowing companies to run their own secure private block chain ledgers, and also allow future integration with a public Block Chain Ledgers.

Reference Implementation
In the reference implementation, using a commercial hash keyed database, ~10,000 blocks per second could be processed. This is for each of the distributed Public Block Chain Ledger(PBCL) node within the PBCL's. Hence the total processing of the PBCL is practically unlimited. The reference implementation supported ~ 5,000 read operations, this asymmetry is typical of commercial databases.  This performance is relatively independent of the number of transactions in the distributed PBCL

Performance Comparison:
·         Bitcoin 7 tps
·         PayPal 115 tps
·         PBCL 10,000 tps for each BPCL node, unlimited across the global PBCL
·         Visa network 56,000 tps

Storage Comparison
·         Bitcoin, at very high transaction rates each block can be over half a gigabyte in size
·         PBCL typically less than 10 KB per transaction

Update 2016.
We have released the first Block Chain Ledger Payments Rail, which implements "tripple entry" accounting as described in this article. In addition the worlds first Bank International Settlements defined DvP Model 1, atomic cross ledger settlement..
See The Holy Grail of Settlements

Details:
The Global Block Chain Payment Rail
The Global Block Chain Securities Settlement Rail

Also see
1. Free hardware generated and protected Bitcoin Private key and key-chain.
2. Identity Theft and the Digital World..
3. Navigating the Public Block Chain Ledger

Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Wednesday, May 20, 2015

Cognition-> Public Block Chain Ledger for Accounting, SMSF, and Portfolio processing.


Bitcoin is probably the most well known public block chain implementation.
In the first Quarter of 2015, we introduced the first secure, private Block Chain Ledger, as part of the Cognition Cloud Accounting Engine solution.

This private Ledger Block Chain differed from the bitcoin implementation in several ways:

  • The clock chain is a secure by mature, hardware based cryptography, capable of third party ITSEC evaluation
  • The block chain is fully distributed (bitcoin is a centalised block chain), and bound to a single ledger
  • The Cognition block chain, due to its decentralized architecture, can scale to billions of transactions without any performance derogation, or massive size.
Within the commercial world, not all ledgers, need or want to be public, the dual threaded distributed block chains allows a commercial decision to be made regarding exposure to the public block chain.
As an example a Broker may only expose trade related transactions, which keeping internal settlement private, this allows full disclosure of all trading which may be the objective of the public  block chain.

Like wise there is a commercial need to support a bitcoin like "public" block chain for a number of FinTech applications. In order to meet these requirement, we plan a 3rd Qtr release of a Public Block Chain ledger as follows:
  • Be a bitcoin like block chain ledger
  • Map any private block chain Ledger, into a bitcoin like seamless public block chain.
  • Map secure private block chain ledger onto the ECDSA bitcoin implementation
  • Support ephemeral ECDSA private key in public block chain, to reduce bitcoin like vulerabilities
  • Map the private block chain Ledger onto a number of ECDSA related BIPS, including support for bitcoin like address, multiple public keys,  derived public key from signatures. 
  • There is no need for any mining, consensus or linkage to money printing, this is a commercial Ledger.
  • A DNS like global Block Chain, ledger navigation.
  • All access via a secure REST/JASON API.
  • Platform and OS agnostic.
  • Explict permission required to publish as a "Public Block Chain"

The duel thread, private/public block chain ledger is designed to allow a wide range of commercial application to be supported by Public Bock Chain Ledgers (PBCL).

We plain on releasing the specifications for the decentralized Public Block Chain Ledger (PBCL) into the public domain, on or around the first release.

 The Public Block Chain Ledger is derived from a full featured, commercial Cognition Cloud Accounting Engine, and provides full featured reporting and compliance processing, with integrated Accountant back office Virtual CFO support.

Initial Block Chain support is proposed for the following:

  • Self Managed Superannuation Funds (SMSF)
  • Broker Portfolio Solution (BPS)
  • General purpose Cognition Accounting.

The next generation FinTech accounting Bock Chain Ledger engine is available today to any VAR, and as a Public Block Chain Ledger from 3rd Quarter 2015..

Contact VillageMall for details or to be involved in the early trials.

Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.