" We all pretend to know what [blockchain] is but not many of us really do."
Christian Venter, GM Consumer Digital Technology, ANZ
Blockchain is nothing like Credit Default Swaps or CDOs back in the early 2000s. But it shares one similarity: we all pretend to know what it is but not many of us really do. The sound bites you will most often hear are “Blockchain is a distributed ledger”, or “it’s the technology that underpins bitcoin” or “it’s going to transform the financial industry”.
All of these statements are true and will usually dazzle people enough to prevent further questioning. But on a rare occasion someone might ask “what is a distributed ledger and how does it actually work?” So in the spirit of the Big Short reference, let me be Margot Robbie in the bubble bath and simplify it for you.
Before we delve into blockchain, let’s break down the simple process of trade and exchange.
Let’s say Mary has a gold coin worth $1000. Mary gives John this gold coin. In return John might give Mary a physical good or a service.
When Mary gives that coin to John she no longer has it. She is 100 per cent certain John has it now as she was there when the transaction happened. Mary cannot give this gold coin to someone else, as she no longer has it to give.
No external party was needed to verify this trade. Mary had it, now John has it. It’s a simple fact. It’s impossible to double spend that gold coin as Mary can no longer give to anyone else.
That’s a great system if we all kept bags of gold under our mattresses, but it’s not very scalable or secure. People needed a place to store their wealth safely and this is what led to the earliest forms of banks being created around 400 BCE.
Fast forward to 2016 and money is kept in banks, with the vast majority of transactions made in digital form. The double-spending problem is managed by banks maintaining ledgers and a system of complex accounting, clearing houses and intermediary banks.
Lest assume Mary wants to buy something from John worth $100,000. Mary could withdraw $100,000 dollars of cash from her bank, Bank A. She could drive to John’s house and physically hand over the money. John would hand over the goods to Mary and then take the money to his bank B and deposit it.
Now let’s bring a third party, a bank, into the picture. Bank A uses a ledger to keep track of how much money Mary has with it. Bank B does the same thing with John.
When Mary withdraws $100,000 Bank A must record her account now has $100,000 less in it. Both Bank A and B must ensure their ledgers are safe, private and cannot be tampered with.
That was an easy but uncommon scenario. Cash spending is on the decline as new forms of electronic payment become so convenient.
Let’s assume the same scenario above, but this time Mary sends the funds to John using internet banking instead of withdrawing cash.
Let’s assume Bank A and B are both within Australia. Bank A records Mary sending money to John and debits her account by $100,000.
That night Bank A, which has what’s called a correspondent banking arrangement, sends a file electronically to Bank B. This file has a list of all the payments Bank A is making to Bank B. Effectively it is transmitting an IOU.
Bank B sees John is on this list and credits his account with $100,000. At the same time credits Bank A’s account to show that Bank A owes them the money.
Sending and receiving banks need to have direct relationships with each other and John may have to wait 12 to 24 hours before the $100,000 shows up in his account. Each bank updates their ledgers and must ensure they are secure and accurate.
Bank B also has a risk exposure now to Bank A as it has credited Johns account. He is free to spend the money while Bank B waits for Bank A to settle the money it is owed. To avoid double spending Bank A also immediately debits Mary’s account even though John does not have the money yet.
The situation gets more complicated if Bank B is overseas and Bank A and B have no relationship with each other. In this case yet more parties get involved in the transaction.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables institutions worldwide to send and receive information about transactions in a secure, standardised environment. SWIFT does not facilitate funds transfer, but sends payment-order messages which must be settled through correspondent accounts institutions have with each other.
Let’s now assume John lives in USA. Mary sends the money to John via her local branch. Her bank arranges an international money transfer and will ask Mary for the SWIFT code of Johns bank. (ANZ bank’s SWIFT code, for example is ANZBAU3M).
This code identifies the beneficiary (receiving) bank or financial institution so the SWIFT network knows where to send the payment message.
You will note I said the payment message and not the payment itself. The swift message, which in this case would be an MT103 message, informs the banks Mary is sending the money and John is to receive it. The banks still need to pass the money between themselves and they need to have accounts with each other through intermediary banks.
Bank A will have what’s called a Nostro (Latin for ‘Ours’) account with intermediary Bank C. Bank C would have a Vostro (Latin for ‘Yours’) account that keeps track of how much it owes Bank A.
We now have even more complexity. We have Bank A, Bank B, John, Mary, the SWIFT network and at least one or possibly more Intermediary banks involved with Nostro and Vostro accounts. Each of these parties will store their own copy of a ledger keeping track of who owes what and who sent what to whom.
What you can see from these basic scenarios is there are financial institutions all over the world keeping their own little copy of the truth in general ledgers.
All financial institutions spend significant amounts of money processing payments, verifying ledgers and keeping them secure from tampering. Interbank transfers across countries take several days to process and are expensive.
They also require the use of payment networks, intermediaries and central clearinghouses. It is estimated that keeping this all running costs over $A20 billion per annum.
In order to understand the benefits that something like blockchain can bring you must first understand the complexities of moving money around and avoiding the double spending problem.
What if there was a way to transfer funds directly from Mary to John in a way that guaranteed delivery, ensured the money could only be delivered to its intended recipient, ensured the transaction could not be tampered with and could be cleared and settled into Johns account within 10 minutes without needing a central clearing house, SWIFT, intermediary banks, nostro or vostro accounts?
Blockchain was developed to do exactly this for bitcoin. Bitcoin is a form of digital currency, created and held electronically. No one controls it. Bitcoins aren't printed, like dollars or euros – they're produced by people, and increasingly businesses, running computers all around the world, using software that solves mathematical problems.
There are now multiple different implementations of blockchain. The examples I will use below describe the bitcoin-style implementation.
In a blockchain world each participating organisation/user does not keep their own ledger of transactions, but rather there is one ledger or source of truth that is maintained by all of the organisations/users.
This is represented in the diagram below with each Node, A to J, having an exact copy of the same ledger of transactions. A node can be a participating organisation for private Blockchain or and individual for something like Bitcoin.
This is where the term ‘distributed ledger’ comes from when used to describe blockchain. It’s a shared, trusted public ledger no single organisation controls and everyone can read. These distributed ledgers are protected with advanced cryptography that ensures the authenticity of the contents of the ledger.
By distributing the ledger amongst many organisations or nodes in the blockchain we get redundancy in the system. All of the nodes in this system must agree the ledger and transactions to be stored in it are valid before the ledger is updated.
Any participating node in the blockchain can review the entries. Once a transaction is written to the blockchain it is extremely difficult to erase. The ledger keeps a record of every transaction ever posted to it since it was started.
So what’s all the fuss about then? The Reserve Bank of Australia has invested in a real-time banking system. This new system is scheduled to be fully implemented by the end of 2017.
Banks all over Australia are part of this New Payments Platform and must be compliant. This New Payments Platform (NPP), built by the organisation that runs the SWIFT payment network, will allow interbank transfers in Australia to happen instantly.
Using this platform, Mary’s $100,000 would arrive in John’s bank account, cleared and ready to be spent within seconds.
Blockchain technology has many applications both within and outside of the finance industry. Blockchain itself does not carry any intrinsic value. It is a building block to store and deliver safe, secure, and reliable and near real-time messages. The NPP platform could conceivably have been built using blockchain technology.
So we have now learned a few things about blockchain:
• Its distributed nature makes it highly available and reliable. There is no single point of failure and if one node fails the rest will continue as if nothing happened.
• It’s secure. The nature of the cryptography used in blockchain makes it tamper hardened. It’s almost impossible to tamper with the chain without being detected. The computational power required to alter an active, growing blockchain makes the likelihood of this occurring very, very small. Because the ledger is distributed on thousands of computers you would need to be able alter all of them simultaneously.
• It’s transparent. Everyone can read the transaction history. This increases the auditability and trust amongst participants.
• Transactions in the blockchain can be verified within minutes, not days.
We do need to keep in mind no system is infallible. While the encrypted contents of a bitcoin block may be immutable to anything but a brute force attack, the overall Blockchain is only as secure as its weakest link.
Most of the bitcoin hacks reported to date are a result of human/social engineering involving the stealing login credentials and private keys from compromised computers.
Bitcoin users are advised to wait until six blocks (~60 mins elapsed) are confirmed on top of their transaction before handing over goods sold as part of a bitcoin transaction as a measure to prevent fraud.
With zero confirmations you are vulnerable to the race attack and the Finney attack, as well as the 51 per cent attack.
With one confirmation you are vulnerable to the 51 per cent attack. Three confirmations remove most of that possibility. With six confirmations it is virtually mathematically impossible for an attacker with less than 51 per cent of all mining capacity to get six blocks in a row and surpass the longest block chain.
With 51 per cent or more ‘hashing’ power (more on that later on) an attacker could theoretically get six confirmations by creating a parallel blockchain in which only transactions approved by the attacker get included in blocks.
With this technology we can re-imagine the transaction between Mary transferring $100,000 to John overseas using a bitcoin-style implementation of blockchain.
Mary would make the transfer using her banks blockchain application or wallet. When Mary opens her wallet it connects to a subset of other users who currently have their wallet open.
Mary has John’s wallet ID or address, which is kind of like an account number for John. She then instructs the wallet application to send $100,000 to John.
This message is broadcast to the other connected wallets that perform a series of checks on the transaction to ensure that she has the funds and that she is the owner of them (i.e. confirming the validity of her digital signature).
When these checks are complete each peer relays the transaction to its connected peers causing the transaction to propagate through the network.
The distributed bookkeepers (aka miners) verify the transaction and assemble it along with others into a block of transactions using advanced encryption techniques called ‘hashing’.
They then solve a complex mathematical problem, which takes on average ten minutes to solve. This problem solving is referred to as “providing proof of work”. These miners are not human but specialised computers that are very fast at solving specific mathematical problems.
Once the problem is solved and verified, this block is then added to the ledger and cryptographically chained to the previous block. Hence the term “block chain” or blockchain.
The winning miner is given a financial reward to compensate them for validating the transaction and cover the cost of the computing power used to do so.
Within ten minutes John’s wallet would reflect that his balance had gone up by $100,000. The ledger would have been updated everywhere to reflect -$100,000 from Mary and +$100,000 to John.
Every user of this system can, using their wallet application, download and view the transaction history and every user’s history will match creating a system of trust.
For privacy the history would not identify John or Mary publically but store their public digital signature you can think of as their public identifier, sort of like a Facebook account or twitter handle that does not identify you.
When John wants to see his balance his wallet application scans the blocks in the ledger adding up inflows and outflows that match his public signature.
As an example, here is an address I created for this article: 1NNYSQw1xVQA69gzbp8vFbwWTiGtL5txGt. Feel free to send me some bitcoins any time ;).
An easy way to visualise the concept of a bitcoin wallet and address is to think of it like a glass safe.
Anyone with your address can look inside of the safe and see your coins. This address is your public key. No one however can access the coins without the combination to the safe. This is your private key. If you lose this private key there is nothing you can do to get your money out of the safe ever!
It’s impenetrable even with the best of modern hardware. For example, to break a 256 bit key like bitcoin, would take fifty supercomputers that could check a billion, billion (10^18) 256 bit AES keys per second about 3×10^51 years to exhaust the combinations a 256-bit key allows.
The universe has existed for 14 billion (1.4e10) years. It would take ~6.7e40 times longer than the age of the universe to exhaust half of the key combinations of an AES-256 bit key.
You may have heard in the news the FBI was trying to take Apple to court because they would not help unlock an iPhone involved in the San Bernardino shootings. Apple iPhones use 256 bit encryption to protect the data on their phones.
The FBI was unable to brute force attack the encryption so wanted Apple to help circumvent the 4-digit pin that unlocks the phone. They eventually did this with the help of a private security firm exploiting a weakness in the pin entry not the 256 bit encryption - once again proving any system is hackable if you find the weakest link.
The moral of the story is if you own bitcoins, don’t lose your private key. Ever!
It’s important to bear in mind the pseudonymity this system provides is dependent on the owner keeping their public key anonymous. The key I posted earlier for example is now no longer anonymous and linked to me. Five minutes on Google will give you the public keys to Microsoft’s Bitcoin account.
What is great about this transaction is there were no intermediary banks, no clearinghouses, no SWIFT and it was all done within minutes not days. If banks started using a tailored version of blockchain it could remove the need for single, trusted intermediaries.
It would distribute the responsibility of reconciling, validating and securing transactions to a broader community of intermediaries. The cost of this reconciliation across multiple parties once eliminated can drive efficiencies and potential cost savings to the industry.
It would also allow faster settlements and possibly reduce overall costs in correspondent banking.
A number of banks are investing in blockchain technology right now and several organisations like Ripple, R3CEV, Bankchain, TRUST and Sidechains are setting up exchanges based on the technology. ANZ is working with hyperledger and SWIFT GPII. Keep an eye out for more information there.
Still, it is early days for this technology. It’s doubtful you will see significant adoption in mainstream banking within next five years. Some of the reasons include:
• The banking industry is highly regulated and banks are naturally very cautious. Most of the big banks are piloting the technology and cautiously dipping their toes into the water.
• Scalability. Visa today handles about 2000 transactions every second. Blockchain for bitcoin is currently limited to four to seven transactions per second because the protocols in bitcoin limit the size of transactions blocks to 1mb. Obviously a major limitation, although some of those organisations mentioned above are working on solutions to scale blockchain. Bitshare, for example, claims to be able to process 100,000 TPS.
• Security. While extremely secure, the technology implementation of something like blockchain is unregulated. A group of individuals with gigantic computing power could theoretically establish their own chains as a definitive version and hijack the bitcoin block chain.
• Bitcoin implementation is decentralised and unregulated. This creates mistrust and if things go wrong, who do you sue? How do you implement compliance, anti-money laundering and know-your-customer regulations?
• The implementation and use of blockchain solutions are very new. There are also very few people who really understand it and what its capabilities and limitations really are.
• For blockchain technology to be effective it relies on cooperation and co-ordination. How likely is it banks all over the world competing for the same customers with similar products will choose to truly co-operate? One could argue they already have with SWIFT but this requires a standard for them to agree on and its early days for this to occur.
• Human nature has a big part to play in the adoption of anything new. The saying from the 1980’s, “No one ever got fired for buying IBM”, still applies, especially in highly risk averse regulated industries like banking.
Adopting blockchain-based payment processing will require leaps of faith and risk sadly very few will undertake at large scale until it’s necessary.
Let’s say you are a CIO’s who decides to take this leap of faith, who do you pick to take it with? Ripple, R3CEV, Bankchain, TRUST, Sidechains, Bitshare, HyperLedger, SWIFT GPII ? It’s early days and too soon to pick a winner. Beta or VHS ? USB3 vs Firewire vs Thunderbolt ? It may well be too soon to decide.
• Regulation could conceivably be part of the solution. The creation of a central governing body to regulate the financial services blockchain and its membership could help, but if history holds true, by the time this happens some new disruptive technology will probably be in place.
• While complex and costly, the current banking infrastructure that securely and safely transfers our money works very well. Unwinding this is unlikely to make it to the top of too many banks CEOs to-do lists in the short- to medium-term.
The world’s top 1000 banks earned over $US940 billion last year in profits. There are estimates floating about from Santander that banks can save $US20 billion if they used blockchain technology.
Given cost complexity and the time required to roll it out, something like blockchain globally on the scale of these figures puts the likelihood into perspective.
I’m sounding very pessimistic with that list but I’m just injecting a dose of reality into all the hype. Blockchain is and will be a revolutionary technology. Any financial institution (or anyone for that matter) in the trust business ignores blockchain at their own peril. It’s why most of the big banks are experimenting with it right now and why picking a standard at this point in time is not necessary.
What is important is solving the limitations the bitcoin implementation of blockchain has in order to allow mainstream adoption in Banking. ANZ are working on proof of concepts and with organisation like Hyperledger to design simpler, more effective and lower risk solutions.
The great thing is it’s not just banks that benefit from blockchain technology. If we look at the claimed capabilities the blockchain enables (transparency, security, availability and immutability) there are lots of industries which could and are benefiting from this already. A few examples are:
• Storing medical records. Imagine a national medical register that would allow any doctor anywhere in world could access to your details with your private key.
• Shipping companies are looking into it to create global shipping manifestos. Things would not go missing and this transparency could benefit customs and border controls.
• They could be used to create a global valuable items registry. Who owns that Rembrandt or Caravaggio painting? It could halt the sale of counterfeit art by allowing buyers to check a global registry they trust.
• There is a registry called Ever Ledger that has created a global registry of diamonds to help stop sale of conflict diamonds by storing lists of diamonds that have been certified.
• Guardtime, a company in Estonia, is using a version of blockchain to manage Estonian citizen data on behalf of the government.
• Artists, photographers and musicians could use it for copyright management. They could store hashed licences of their works in the blockchain. Any time they needed to prove work is theirs, they could run it through an encryption-hashing algorithm and until it matches one stored in the blockchain.
• Document vaults could store hashed data of original documents. These could then be reproduced anywhere in the world and be verified by signing them with the key stored in the blockchain. The legal industry is certainly watching this space.
• Share trading. Copies of trades could be kept on a public distributed ledger using block chain technology.
Obviously there are many potential uses of this technology. The key is finding problems that really need it.
If you have gotten this far, it’s likely you have more than enough information to appear like a blockchain expert to all but a very small portion of the population. You know what blockchain is, what is does and what it could do but not necessarily how it does it.
If you want to get a deeper understanding of how block chain enables secure, transparent and decentralised reconciliation of transactions and what the block and chain part of blockchain really mean, keep watching BlueNotes for our next blockchain story, where we will go deeper into the workings of bitcoin’s blockchain, including hashing, encryption keys, digital signing, proof-of-work and even merkle trees.
Christian Venter is, GM Consumer Digital Technology at ANZ
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
27 Apr 2016
06 Apr 2016
15 Mar 2016
06 Feb 2017