Blockchain - dark currencies and the risks
Smart ledgers may provide one of the best tools for reshaping a more open, trusting society, and should be a boon to auditors, writes Professor Michael Mainelli.
From at least the time of the Sumerians we have had ledgers. The technology of ledgers has evolved over the millennia from cuneiform tablets to papyrus, tally sticks, paper, and databases. We are witnessing a further stage of evolution to smart ledgers.
Central or ‘trusted’ third parties are the traditional custodians of central ledgers. The central third party approach, while scarcely bettered over millennia of civilisation, has its problems. The two biggest problems are corruption and monopoly. Any central registry becomes a target for cheating and the controllers of the ledger are an obvious weakness. The officials, public or private, are susceptible to bribery or other inducements to collude with cheaters. This is often seen as a third-world problem, but the global traded markets have seen corruption in LIBOR and foreign exchange markets ‘fixing’ certain important pricing benchmarks through central functions. Any successful registry or exchange is also susceptible to becoming a natural monopoly, and thus strongly tempted towards excessive charges.
Mutual distributed ledgers (MDLs, aka blockchains) and smart contracts are the ‘next big thing’ in technology. MDLs are multi-organisational databases with a super audit trail. MDLs have been used for years but gained fame, or notoriety, as they began to be used since 2009 in cryptocurrencies such as Bitcoin, as the ‘Bitcoin blockchain’. A ‘smart contract’ or ‘sprite’ is ‘the implementation of contract terms as executable computer code’. Smart contracts can be embedded in MDLs to record what has been agreed to happen when certain events occur. A simple example of a smart contract is a contract which pays $50,000 on every day in July when the temperature recorded by a given field on the Met Office website is above 33 °C.
A smart contract can be anything that has a time, a test, and a trigger, for example a premium uplift, a notification of change of circumstances, or a claim. While bankers have been a-twitter about cryptocurrencies for payment systems, other sectors have already quietly implemented them, such as healthcare organisations using smart ledgers to chronicle clinical trials, or insurers using them to log swaps of data. Smart ledgers are particularly suited to identity, document, and agreement exchange (IDAX). IDAX may be their ‘killer app’.
Smart ledgers are a technology for fair play in a globalised world. Three characteristics enhance fairness. First, most smart ledgers have no centre. This means fair play for everyone regardless of their location. Second, the permanent records are distributed and immutable. A benefit of decentralisation is strong cybersecurity and physical robustness. The process which lets many computers all over the world process transactions together also means that if a machine is compromised it does not affect the rest of the computers holding the smart ledger. Third, ‘mutual’ means held in common or owned by no one. Nobody has to be in charge of a smart ledger; they operate by consensus. Local smart ledgers can be run by a sovereign entity or a company, and they can choose who can participate, similar to an existing corporate network but more secure.
Smart ledgers pose big challenges to auditors. The DAO (Decentralized Autonomous Organization) was launched on the Ethereum blockchain on 30 April 2016 with a website and a 28-day crowd sale to fund the organisation. By 21 May it had raised capital of more than US$150m from more than 11,000 investors. On 17 June an unknown attacker ‘stole’ from the DAO around 3.6M ‘ether’, Ethereum’s online currency similar to Bitcoin. At the time 3.6M ether was about $55m dollars and represented around a third of the DAO’s assets.
The DAO was intended to operate as a hub that dispersed funds in ether to suitable projects. Investors received voting rights by means of a digital share token and voted on proposals that were submitted by ‘contractors’ while a group of volunteers called ‘curators’ checked the identity of people submitting proposals and made sure the projects were legal before ‘whitelisting’ them. The profits from the investments would then go back to its stakeholders.
The underlying technology powering the DAO was a ‘blockchain’, similar to bitcoin, overlaid with ‘smart contracts’. The DAO was controlled by the votes of its members (anyone who transferred ether to it) and transactions occurred automatically once enough members voted for them. A vulnerability in the code was exploited by the attacker, who used a race-to-empty or recursive call attack, to appropriate ether.
Complex legal questions remain over whether the attack was really ‘theft’. In effect, the Ethereum project claimed to ‘let the code’ decide, and the code decided to transfer 3.6M ether to an account. However, the eventual solution, a ‘hard fork’ that moved the ‘stolen’ ether back into a new version of the DAO, in effect replaced 'tyranny of the code' with ‘tyranny of the majority’.
A learning experience
There is an incorrect assumption that all MDLs are alike. In fact, MDLs can be built in a wide variety of ways for a wide variety of purposes. A cryptocurrency ledger is concerned with supporting a proof-of-work consensus mechanism; an internet-of-things datalogging MDL is concerned with speed and efficiency. Both may be subject to audit, eg not just cryptocurrency cash, but also billing or liabilities recorded by a utility company’s MDL. Let’s explore four challenges for now, understanding the technology, defining the boundary of the system, auditing the system, and examining governance.
The technology is not especially complicated, but these ‘multi-organisational databases with a super audit trail’ are built on foundations unfamiliar to many, even programmers using them. Cryptography and hashing are two core techniques for MDLs. Cryptography is the process of storing data in such a way that it can only be read by those with the correct keys. Hashing is the process of reducing computer files to an individual, unique signature. MDLs are constructed using hashing of records one into the next, but often use cryptographic techniques as well. If the MDL is not just recording, but perhaps supporting a token or cryptocurrency, then a host of transaction validation techniques may need to be understood, such as proof-of-work, proof-of-stake, proof-of-burn, full consensus, broadcasting, or voting mechanisms. Finally, if the MDL is a smart ledger, then many of the rules are based in pieces of code embedded within the MDL itself.
Defining the boundary of the system is frequently quite wide, not just a cryptocurrency, but also the wallets and exchanges that are used for the transactions. This distributed system is itself subject to attacks. Cryptocurrencies are seen by many as big ‘honeypots’, worth probing and attacking by hackers because the rewards for stealing cryptocurrency can be enormous. In auditing one cryptocurrency system we needed to trace accounts from their ledger into other cryptocurrencies that had been used for payment. Immediately we hit problems tracing the sources of funds from wallets and exchanges that had made the deposits, as well as problems identifying where transactions had potential conflicts with regulatory jurisdictions.
Auditing the system is not especially different from auditing a normal ledger database, but there are some wrinkles. These ledgers are typically very large, requiring extra data handling resource. Performance can be volatile. We have been examining an ‘active audit’ process whereby we are simulating the overall system performance and contrasting that simulation with what happened in reality in order to identify anomalies for further audit tests. For clients, these simulations serve as the basis for constructing a permanent ‘market quality’ dashboard.
Examining governance is possibly the greatest challenge. The strength of smart ledgers lies precisely in the lack of ownership. The DAO attack alone raises serious questions about the types of safeguards that investors should have with such collective investments and the governance issues of the wider system for making such decisions. Z/Yen has conducted some initial work on governance standards, with more to come.
Possibly the best way to think of governance just now is to contrast smart ledgers with email of old. Email is ungoverned as it passes from machine to machine. In the early days, auditors paid a lot of attention to validating email trails. We have come to rely on email to the point we rarely audit email trails technically. We can also expect to see forms of indemnity and insurance arising on smart ledgers. If I pay to use your data you may also have to provide me with an indemnity, for example paying me in the event that a digitally signed document authenticated by you proves to be false.
Smart ledgers are here, and show every sign of increasing deployment due to their amelioration of the central third party problem, their technological flexibility, and their power. Smart ledgers may provide one of the best tools for reshaping a more open, trusting society, and should be a boon to auditors. As system auditors, our responsibility is to get learning and thinking now about how best to use smart ledgers for mutual good and common wealth.
Professor Michael Mainelli – executive chairman, Z/Yen Group and principal adviser to Long Finance.
Y/Yen has been building and analysing mutual distributed ledgers (aka blockchains) since 1995 and has a smart ledger architecture community, ChainZy.
Michael’s latest book, The Price of Fish: A New Approach to Wicked Economics and Better Decisions, written with Ian Harris, won the 2012 Independent Publisher Book Awards Finance, Investment & Economics Gold Prize.