Search This Blog

Tuesday, 19 May 2015

Of #Smart Contracts, Blockchains And Other Distributed Ledgers

Seems I caught Smart Contract Fever at last week's meeting of the Bitcoin & Blockchain Leadership Forum. So rather than continuing to fire random emails at colleagues, I've tried to calm myself down with a post on the topic.

For context it's important to understand that 'smart contracts' rely on the use of a cryptographic technology or protocol which generates a 'ledger' that is accessible to any computer using the same protocol. One type of 'distributed ledger' is known as a 'blockchain', since every transaction which is accepted is then 'hashed' (shortened into a string of letters and numbers) and included with other transactions into a single 'block', which is itself hashed and added to a series or chain of such blocks. The leading distributed ledger is 'Bitcoin', the blockchain-based virtual currency. But virtual currencies (commodities?) are just one use-case for a distributed ledger - indeed the Bitcoin blockchain is being used for all sorts of non-currency applications, as explained in the very informative book, Cryptocurrency: How Bitcoin and Digital Money are Challenging the Global Economic Order. As Jay Cassano also explains, another example is Ripple, which is designed to be interoperable with other ledgers to support the wider payments ecosystem; while Ethereum is even more broadly ambitious in its attempt to use smart contracts as the basis for all kinds of ledger-based applications.

Generally speaking, the process of forming a 'smart contract' would be started by each party publishing a coded bid/offer or offer/acceptance to the same ledger or 'blockchain', using the same cryptographic protocol. These would be like two (or more) mini-apps specifying the terms on which the parties were seeking to agree. When matched, these apps would form a single application encoding the terms of the concluded contract, and this would also be recorded in the distributed ledger accessible to all computers running the same protocol. Further records could be 'published' in the ledger each time a party performed or failed to perform a contractual obligation. So the ledger would act as its own trust mechanism to verify the existence and performance of the contract. Various applications running off the ledger would be interacting with the contract and related performance data, including payment applications, authentication processes and messaging clients of the various people and machines involved as 'customers' or 'suppliers' in the related business processes. In the event of a dispute, a pre-agreed dispute resolution process could be triggered, including enforcement action via a third party's systems that could rely on the performance data posted to the ledger as 'evidence' on which to initiate a specific remedy. 

Some commentators have suggested this will kill-off various types of intermediaries, lawyers and courts etc. But I think the better view is that existing roles and processes in the affected contractual scenarios will adapt to the new contractual methodology. Some roles might be replaced by the ledger itself, or become fully automated, but it's likely that the people or entities occupying today's roles would be somehow part of that evolution (if they aren't too sleepy). The need for a lot of human-readable messages would also disappear, signalling the demise of applications like email, SMS and maybe even the humble Internet browser. Most data could flow among machines, and they could alert humans in ways that don't involve buttons and keyboards.

So what are the benefits?

Well, it might take significant investment to set up such a process, but it should produce great savings in time, cost, record-keeping and so on throughout the lifetime of a contract. And, hey, no more price comparison sites or banner ads! Crypto-tech distributed ledgers would enable you to access and use a 'semantic web' of linked-data, open data, midata, wearables, smart meters, robots, drones and driverless cars - the Internet of Things - to control your day-to-day existence.

The downside?

This also might also play into the hands of the Big Data crowd (if they find a way to snoop on your encrypted contracts), or even the machines themselves. So it's critical that we figure out the right control mechanisms to 'keep humans at the heart of technology - the topic of the SCL's Tech Law Futures Conference in June, for example.

Meanwhile, I'm reviewing my first smart contract, which is proving rather like being involved in the negotiation of a software development agreement - which it is, of course. I'll post on that in due course, confidentiality permitting...

Wednesday, 6 May 2015

Of #Blockchains And #MultiFactorAuthentication

Okay, so yesterday I was trying to use the car rental scenario to understand the concept of blockchains and distributed ledger technology and ended with the point that all sorts of computer applications could run "on" the blockchain. Some could act as gateways between/among blockchains, and some could link applications on blockchains with the applications running on the Internet - like social media, email - or applications on mobile networks, including SMS. 

So, in the example, the contractual program running on the blockchain that doubles as my car rental contract could also initiate a text message telling me where and when to pick up my rental car. 

I also mentioned that my own request to rent a car could provide the details for where the car rental company's program could go to verify my driver's licence. I didn't mean for identification purposes, but to work out if I'm licensed to drive a vehicle.

On the identity front, I mentioned that both me and the car rental company would be acting pseudonymously. That's important because blockchain transactions are accessible by anyone with a device running the relevant technology. So mine and the rental car company's respective bits of code would have to offer a way for us to authenticate each other. And this is where the public nature of blockchains really come into their own.

Back in 2011, we had a big discussion on identity at the CSFI from which my 'takeaways' were that (1) identity is dynamic, not static - we are better defined by the data generated by everything we do, rather than a birth date or fingerprints. So (2) verifying our identity could be based on a unique snapshot of our behavioural data, which could then be discarded, rather than a passport etc.  which could be copied and used by fraudsters.

The challenge with multi-factor authentication in the Internet world is possibly that the data is subject to alteration (though on a mass scale it could be hard to alter every item of data about a person's behaviour).

But blockchains are infinitely harder to alter, since (I'm told) all the computers running the technology check each block when it is completed and that can't be undone, unless you control most of the computers at any one time (like a villain in a Bond movie).

So our identities could be verified by reference to a series of our blockchain transactions. For privacy and security reasons, each blockchain transaction should be coded so as not to give away much information about the transaction itself. That ought to be easy, since the code only needs to be understood by the computers who process each transaction at that time. At any rate, each transaction could somehow be combined into a unique identity token that would continually evolve to remain unique.

Hey presto, reliable multi-factor authentication!

Do I have any of this right?


Tuesday, 5 May 2015

Of #Blockchain And Other Distributed Ledger Technologies

I'm still trying to get my head around the concept of the blockchain and other 'distributed ledger' technologies, how they are useful and what else needs to happen to harness their potential. To that end, I'm trying to ignore the 'virtual currency' use-case that seems to get everyone tied up in knots. I mean, the Internet is more than a money remittance platform, right? Well, the concept of a 'distributed ledger' is similarly broad - maybe broader than the Internet. According to Ethereum, "a platform for decentralised applications", even the word 'ledger' is too limiting.

Recently, I read the 'call for evidence' on this topic from European Securities and Markets Authority (ESMA), especially as there's been a lot of talk about using the blockchain to cut the time and cost of central clearing and settlement in the financial markets.

Yet, as the call for evidence itself shows, even ESMA is struggling to understand the uses beyond investment products which (a) provide exposure to a virtual currency without buying it, or (b) require you to actually trade in virtual currency in ways that are recorded in the relevant 'blockchain' or other currency ledger. 

This could be because ESMA is viewing the technology through the lens of the existing, heavily intermediated financial market structures and how these might be somehow replicated using the new technology (see the two diagrams in section 4).  But as I've complained for years, financial regulation (for which ESMA is partially responsible) funnels investment funds and opportunities into marketplaces where comparatively few intermediaries are allowed to operate - so they can charge what they like and not bother innovating, except to suit themselves (high frequency trading?). Internet technology has helped a bit, by making it cheaper to build and host systems etc, but that technology is still based on the idea that transactions occur in separate computers and the related data remains locked away in proprietary databases, or displayed only to subscribers.  

Distributed ledger technology seems to herald something far more revolutionary.

As I see it, these technologies basically involve publishing machine-readable applications or programs that can be read by any device running the same technology. Each market participant just needs to publish or display to others what it is offering or what it needs and any 'deal' will be recorded or coded on a nominated blockchain or ledger. Certain stuff can still be kept secret, but enough information can be shared to enable the computers to record the deal publicly so that everyone knows the deal was done.

Take an ordinary consumer transaction like renting a car. The rental car company's computer could publish a certain program that identifies the company itself (pseudonymously), a specific car, the make/model, its current location and the price to rent it for the day (including full collision damage waiver!). If I need to rent a car, I could publish some code that identifies me (pseudonymously), what type of car I need, where, when, how much I'm prepared to pay per day, the payment method and how the rental company can authenticate my driver's licence. Our computers find each other, like what they see and submit a transaction to a third computer which writes it up in code that instructs other computers to take my payment, send me the collection details and so on. In other words, as well as being an open record that the transaction exists, the code can also refer others to more detailed information where necessary.

It seems that very little should need to change outside the above scenario for this begin to happen, since the programming languages are now expressive enough to enable such codes to be written about every day transactions without a lot of fuss over industry standards. However, over time the same technology could be at work all over the place in more technical scenarios. For instance, my driver's licence could also just be a computer code available on a separate blockchain or ledger, to which the rental company's computers could be referred to check when it expires, whether I have any demerit points and so on. Even credit references and so on might be ascertainable in this way. 

In other words, all sorts of computer applications could run "on" the blockchain and/or act as gateways between/among blockchains and between blockchains and the applications running on the ordinary old Internet, like social media, email or those running on mobile networks, like SMS. So, in the example, a program running on the blockchain could initiate a text message telling me where and when to pick up my rental car.

I'm now struggling a little to see the difference between 'distributed ledger technology' and the 'semantic web' or 'Web 3.0', Linked Data, Open Data and so on. But, hey, I'm taking it a day at a time. At any rate, it all seems to promise the death of human-readable price comparison sites and their corny advertising, so bring it on!