Deconstructing bitcoin

Do you need a blockchain?

There are several checklists to help you decide whether or not you need a blockchain. The most recent one is the Blockchain Technology Overview published by the NIST in October 2018. Others are discussed in a recent blog by Chris Hammerschmidt. All of these checklists ask whether you need to store data, whether you have many readers and writers, whether they are known or anonymous, and whether they are trusted and if not, whether you trust an intermediary.

Wrong question!

However, all of these checklists focus on the technology and so cannot answer the question of whether you need a blockchain. Rather, they focus on some important properties of blockchain technology. Whether or not you need technology with these properties depends on your business goals. Determining those goals is not a technology question.

Furthermore, these checklists focus on blockchain technology only. Blockchains are only one example of Distributed Ledger Technology (DLT), and different kinds of DLT have different properties. Let me clarify this by analyzing the properties of bitcoin blockchains and then identify the core property of DLTs.

The goal of the Bitcoin network

The bitcoin network offers the following value proposition:

Facilitate peer-to-peer pseudonymous payments.

Payment should be as simple as sending an email, and payment transactions in the bitcoin network should be just as secure, or more so, as bank transactions. However, they should not involve intermediaries like banks. The bitcoin network provides the following properties, that all contribute towards this goal.

Bitcoin network properties

No identity management. Anyone can join or leave the bitcoin network, without asking permission from or notifying an identity manager. Members of the network identify themselves with a public key, and typically they use a different public key for each transaction. A transaction consists of a transfer of bitcoins from current owners of bitcoins to new owners of these bitcoins, both identified by a public key. The absence of identity management supports the democratic goal of the designers of the bitcoin network: anyone is free to join or leave at will. But because the identity of nodes is not known, we cannot assume they can be trusted.

Replicated ledger. Because there is no intermediary like a bank to maintain the ledger of transactions, the ledger is replicated over all members of the bitcoin network. The term “shared ledger” is misleading, because it suggests that there is a single ledger shared by all members of the network. Rather, the ledger is replicated by all members, and the copies are synchronized by a consensus algorithm.

Replicated validation. Whenever a bitcoin payment is done, this transaction is broadcast over the network. All full bitcoin nodes check the validity of the transaction. For example, the sender must own the bitcoins, spend each coin only once, and not spend more than it owns. In an intermediated world, payment service providers like banks would perform these validations. In the decentralized bitcoin world, all full nodes perform the same validation. One of the nodes will add the transaction to the ledger, and it cannot be predicted which node this will be. Hence, unless more than half of the nodes collude in a conspiracy, it is pointless to attempt a fraudulent validation.

No censorship. The bitcoin protocol ensures that valid transactions will eventually be stored in all copies of the ledger. This is different from banks, who may refuse valid transactions. For example, in 2011 Julian Assange was denied access to Visa, Paypal, and Mastercard. This promoted the use of bitcoin to donate money to Wikileaks.

Probable finality. To ensure that a valid transaction, once stored in the bitcoin blockchain, will not be changed, i.e. is final, the bitcoin network uses four ideas.

1. Nested hashing. Transactions are collected in blocks, and each block contains a header that summarizes all transactions in the block by means of a hash. If any transaction in the block changes, this hash changes. Furthermore, each header also contains the hash of the previous block’s header. As a result, the blocks form a chain, and if any transaction in any block in the chain is changed, the hash of the most recent block header will be changed. This makes it easy to detect if stored transactions have been changed. All nodes in the network can check this.
2. Proof of work (PoW). The header of each block also contains a nonce, which is a number that can be chosen by the node constructing the block. This node is called a miner. The rule of the game is that the miner must choose a nonce that makes the block hash smaller than a previously agreed number, called the difficulty target. The only way to find such a nonce is to try all 232 possibilities one by one until one hits a solution. This takes a lot of computing power. Currently (November 2018), the miners of the bitcoin network jointly compute about 50 000 000 Terra hashes (5 * 1019hashes) per second.
3. Monetary incentives. Computing a valid block is very expensive and no one would do this unless there would be a reward that covers the cost of mining. The miner who first finds a valid nonce is rewarded with freshly created bitcoins (currently ₿12.5) as well as with the fees of the transactions in the block. Payment participants choose transaction fees themselves, and a higher fee leads to faster inclusion in a block. The mining reward is large enough for miners to make a profit, but it is insufficient to re-compute any of the previous blocks. This contributes to the finality of transactions once they are in the blockchain.
4. Building on the longest chain. Two miners may find a solution to the PoW puzzle almost simultaneously and broadcast their solutions through the network. This leads to a temporary fork of the blockchain. This will be resolved because the length of these forks will quickly become different and the bitcoin protocol prescribes addition of a new block to the longest chain (which took most computing power to produce). The network will therefore soon converge on a single chain. This does mean that it may take a while before we can be sure that a transaction is final. Normally after one hour, six blocks have been added, and a transaction is considered to be final. For large payments, the safe waiting time is longer.

The core properties of the bitcoin network are thus the absence of identity management and of trust assumptions, the absence of intermediaries and of censorship, as well as the presence of validation of highly probable finality of transactions. This contrasts with the properties provided by trusted payment intermediaries like banks. Banks provide identity management and maintain a centralized ledger. They validate transactions and may censor them. Once recorded, a transaction is final. Mistaken transactions cannot be undone but may be compensated by later transactions.

Distributed ledgers are decentralized ledgers.

The bitcoin blockchain is an example of a distributed ledger. Why does it contain blocks? Because it takes some time to solve the PoW puzzle, and hence miners must collect transactions in blocks to keep up with the speed of producing transactions. Hence, a blockchain. If a DLT would not take so much time to reach consensus about the transactions to be added, blocks would not be needed.

And why does bitcoin need a PoW puzzle to reach consensus? Because nodes are pseudonymous and cannot be assumed to be trusted. If nodes would be known and trusted, then another consensus algorithm could be used, such as one of the Byzantine consensus algorithms for state machine replication. Ethereum is currently experimenting with another consensus mechanism, Proof of Stake, that takes less time to make a decision.

Whether we need to realize pseudonymity and trustlessness depends on our business goals. Different distributed ledger technologies provide different properties, which can be useful in different business contexts. The Corda framework, aiming at the highly regulated financial settlement business, assumes trusted and known nodes, and as explained in Mike Hearn’s white paper, does not use a blockchain. Hyperledger Fabric, which sees itself as an operating system for running distributed applications, assumes federated identity management and uses a blockchain partitioned into channels.

What is common to all DLTs is that they are decentralized ledger frameworks that allow for replicated ledgers and transaction validation. Choices about the consensus mechanism, identity management, transaction censorship, and finality may vary across DLTs. So to see if you need a DLT or something else, you need to analyze your need for decentralized ledger replication and transaction validation. And this boils down to investigating your ecosystem.

What is your ecosystem?

Transactions are performed in an ecosystem of actors who want to transfer money or other assets to each other. To find out what technical support you need for these transactions, you must analyze your ecosystem. Do you know all the participants? To which extent do you trust them? What assets are exchanged in the ecosystem? What value-adding activities are performed by the actors in the ecosystem? What value propositions are delivered by the system as a whole? What cash flows must be generated? The answers to these and other questions determine whether you need a DLT, and if so, which of the available DLT frameworks is best for you.

Originally published at www.thevalueengineers.nl on November 7, 2018.