Blockchain: Is Trust Superfluous?
It may seem as though trusting a blockchain transaction is a ‘done deal’. After all, the entire premise of a Decentralized Ledger Technology (DLT) such as blockchain is to present a transparent, immutable list of what are, in effect, database updates. No single party has the power to rewrite the database to their own ends (or, less maliciously, to accidentally create a database update that destroys content).
However, it’s already been pointed out that a blockchain carries its own set of potential vulnerabilities, such as Proof-of-Work exploits (e.g. the 51% attack and mining monopoly) and vulnerabilities in code executed, such as The DAO ‘unintended consequences’ smart contract coding error on Ethereum (explored further below). There are also potential security issues with external data provision to a blockchain, by way of “oracles”. These are third parties that communicate with the blockchain to provide data such as asset prices, geopolitical events, random numbers, etc. (oracles will be discussed in a future post).
Are these vulnerabilities show-stoppers for blockchain technology? Almost certainly not. After all, the non-digital world’s contracts may contain “loopholes” that a savvy counterparty may exploit, and the potential for fraud always exists. In the non-digital world, the solution has been to develop (over centuries) a legal system that allows redress to occur in the event that trust has broken down. If one or more parties believes that a contractual transaction has been manipulated, or is subject to fraud, then they may engage in dispute resolution via legal recourse.
But is such a redress procedure necessary for blockchain? Why would anyone dispute publicly available, publicly verifiable, immutable blockchain transactions?
Why Redress Matters: Subjective Loss and Fairness
We cannot rely upon blockchain’s DLT mechanics to wave away the need for dispute resolution. One simple reason is that people generally feel loss more deeply than gain,1 and so
Hurrican-e or Hurrican’t?
A classic example is an insurance contract, where 1) the type of loss insured, and 2) the probability of loss together influence the insurer’s decision to accept or deny a claim, after a loss has occurred. Many insurance policies only insure for specific causes of a loss–so if a loss occurs from a low probability (but highly destructive) event, such as a hurricane, policies will only trigger claims if the specifically insured factor is “causative”. If a hurricane causes both wind and flood damage, and you only have flood insurance, your insurer may claim wind was the causative factor, and deny a claim.2
But to the contracting party suffering the loss, the fact that their home has been destroyed by both flood and wind during a hurricane may cause them to seek redress outside of the insurance contract, even when the claim has been denied. This is because the scale of the catastrophe (such as the complete destruction of a home) carries a colossal quality-of-life penalty.
See-Saw Markets: Flash Crash!
Another example is a financial market “flash crash”, when asset price changes are triggered from algorithmic corrections that lead to huge swings in prices over very short time intervals (an example is the May 2010 US stock market crash-and-recovery). In principle, investors are aware of “the rules of the game” when investing–they are supposed to know the potential for steep losses (and potentially large gains) as a result of asset price changes. But in reality, these changes are not efficiently priced into asset valuations when high-frequency trading is responsible for ex ante low probability, but high volatility, price movements. As a result, there is scope for seeking redress in such situations (using e.g. a class action lawsuit mechanism3).
Contracts which depend upon (and presumably price!) low probability events that significantly change the distribution of assets for one party are subjectively more likely to be construed as “unfair” after such an event occurs. Thus, these contracts are more vulnerable to adjudication and redress. This is a conclusion about contracts in general, and so is relevant to any contractual relationship formulated on the blockchain (whether as e.g. a simple cryptocurrency transaction, or as a more complicated interaction via a “smart contract”).
Why Redress Matters: Intent vs. Outcome
A contract between parties is designed to facilitate a trustworthy relationship. One consequence is that a contract needs to be able to outline every meaningful outcome that can occur, so that each party understands what they are getting into. If a contract cannot cover meaningful outcomes–either because the contract is incomplete, or because the contract is so complex that all outcomes are not predictable–then there may again be a failure of trust in the relationship:
The DAO Redux
A well-known example of this divergence between intent and outcome is the destruction of ‘The DAO’, a Decentralized Autonomous Organization launched at the end of April 2016 as a smart contract on the Ethereum blockchain infrastructure.4 The DAO was to serve as an investment vehicle along the lines of Kickstarter. After raising c. USD 150 million in the first month of its inception, in June 2016 an anonymous user was able to execute part of The DAO’s smart contract code to expropriate cybercurrency (Ethereum’s ‘ether’) worth approximately USD 50 million.5
This event created a division within the Ethereum community, when the developers of Ethereum decided to change the smart contract of The DAO (using a “hard fork” of the Ethereum blockchain) to be able to return funds to the original investors. This was presented by the developers and much of the community as ‘the right thing to do’. To them, it was ‘clear’ that the intent of The DAO as an investment vehicle had been divorced from its outcome (viz. the movement of USD 50 million to the account of a single user, without an associated project).
But a significant part of the community disagreed. They said that since the anonymous user had used The DAO’s smart contract programming code as it was written, in the end the expropriation was part of the set of outcomes that the smart contract provided–even if the original programmers of The DAO weren’t aware of it.
The result of the division was the creation of two blockchains, Ethereum and Ethereum Classic, with their respective cryptocurrencies. To one group, trust in the original blockchain’s smart contract outcome had been sufficiently devalued that it was preferable to “start over” and seek redress (via the hard fork). This was irrespective of the fact that the code of The DAO was publicly available and had been reviewed, and hence should have been considered (and, for a brief period, was considered) trustworthy.
Moving forward: Building Trust Infrastructure
In future posts we’ll delve deeper into other considerations that make trust paths on the blockchain interesting in their own right. More importantly, we’ll suggest solutions to address trust path shortcomings.
Read more in the white paper: “Enabling Trust on the Blockchain”
References
- An example is prospect theory (cf. Daniel Kahneman and Amos Tversky, “Prospect Theory: An Analysis of Decision Under Risk“, Econometrica vol. 47 no. 2, pp. 263-291).
- Christopher C. French, “Hurricanes, Fraud, and Insurance: The Supreme Court Weighs in on, But Does Not Wade Into, the Concurrent Causation Conundrum in State Farm Fire and Casualty Company v. Rigsby“, 165 U. Pa. L. Rev. Online 99, 2017.
- Tara E. Levens, “Too Fast, Too Frequent? High-Frequency Trading and Securities Class Actions“, The University of Chicago Law Review vol. 82, no. 3, pp. 1511-1557, 2015.
- See e.g. Richard Waters, “Automated company raises equivalent of $120m in digital currency“, Financial Times, May 17, 2016.
- Phil Daian, “Analysis of the DAO exploit“, HackingDistributed (blog), June 18, 2016.