The blockchain’s salad days

I’m not sure if you’re supposed to have a favourite supply chain fraud or not but I do, and it is the famous case of the vegetable oil that almost bankrupted American Express (and went some way toward making Warren Buffet a multi-billionaire). The essence of the story is that a conman, Anthony “Tino” De Angelis, discovered that people would lend him money on the basis of commodities in the supply chain. His chosen commodity was vegetable oil (see How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE). Amex had a division that made loans to businesses using inventories as collateral. They gave De Angelis financing for vegetable oil and he took the Amex receipts to a broker who discounted them for cash. So he had tanks of vegetable oil and Amex had loaned him money against the value of the oil in those tanks, the idea being that they would get the money back with a bit extra when the oil was sold on. Now as it happened, the tanks didn’t much contain oil at all. They were mostly water with a layer of oil on top so that when the inspectors opened the tanks and looked inside they saw oil and signed off whatever documentation was required. Eventually the whole scam blew up and nearly took Amex down, enabling the sage of Omaha to buy up their stock and make a fortune.

Fortunately for us and unfortunately for conmen like Tino, the supply chain is one of the many industries that the blockchain is going to disrupt. As my good friend Michael Casey and his co-author Pindar Wong explain in their recent Harvard Business Review piece on the topic (Global Supply Chains are about to get Better, Thanks to Blockchain in HBR, 13th March 2017), blockchain technology allows computers from different organisations to collaborate and validate entries in a blockchain. This removes the need for error prone reconciliation between the different organisation’s internal records and therefore allows stakeholders better and timelier visibility of overall activity. The idea discussed in this HBR piece (and elsewhere) is that some combination of “smart contracts” and tagging and tracing will mean that supply chains become somehow more efficient and more cost-effective.

An aside. I put “smart contracts” in quotes because, of course, they are not actually contracts. Or smart. Bill Maurer and DuPont nailed this in their superb King’s Review article on Ledgers and Law in the Blockchain (22nd June 2015), where they note that smart contracts are not contracts at all but computer programs and so strictly speaking just an “automaticity” on the ledger. (Indeed, they go on to quote Ethereum architect Vitalik Buterin saying that “I now regret calling the objects in Ethereum ‘contracts’ as you’re meant to think of them as arbitrary programs and not smart contracts specifically”.) 

Using the blockchain and “smart contracts” sounds like an excellent idea and there’s no doubt that supply chain participants are taking this line of thinking pretty seriously. Foxconn (best known as the makers of the iPhone) are a recent case study. In March 2017 they demonstrated a blockchain prototype that they used to loan more than six million dollars to suppliers. I should note in passing that the article didn’t make it clear why they were using a blockchain (as opposed to any other form of shared ledger) or why they were using a shared ledger rather than a database but, like Merck and Walmart and many others, Foxconn is a serious business that sees promise in the technology so we should take the case study seriously.
While I was reading about Foxconn, and a couple of other related articles in connection with a project for a client, I started to wonder just how exactly would the supply chain industry be disrupted? How would the blockchain have fixed the salad oil problem? It’s very easy to think of a fancy fintech setup whereby smart contracts took care of passing money from the lender to the conman when the tanks were certified by the inspectors but as sceptical commentators (e.g., the redoubtable Steve Wilson of Lockstep) frequently point out, transactions using blockchain technology are only “trustless” insofar as they relate to assets on the blockchain itself. As soon as the blockchain has to be connected to some real-world asset, like vegetable oil, then it is inevitable that someone has to trust a third-party to make that connection.

Trusting these third parties can be a risk. Another of my favourite scandals (I have quite a few, I should have mentioned that) is the horsemeat scandal that swept Europe on the 50th anniversary of the salad oil scandal. Basically horsemeat was being mixed with beef in the supply chain and then sold on to the suppliers of major supermarkets in, for example, the UK. One of the traders involved was sentenced to jail for forging labels on 330 tonnes of meat as being 100% beef when they were not. Once again, I am curious to know how a blockchain would have helped the situation since the enterprising Eastern European equine entrepreneur would simply have digitally-signed that the consignment of donkey dongs were Polish dogs and no-one would have been any the wiser. It is not clear how a fintech solution based on blockchains and smart contracts would have helped, other than to make the frauds propagate more quickly.

The reason that I am interested in scandals like this one is that the tracking of food features as a one of the main supply chain problems that advocates hope the blockchain will solve for us. Work is already under way in a number of areas. I understand that Walmart have carried out some sort of pilot with IBM to try to track pork from China to the US and another pilot was used to track tuna from Indonesia all the way to the US. But if someone has signed a certificate to say that the ethically-reared pork is actually tuna, or whatever, how is the shared ledger going to know any different? A smart contract that pays the Chinese supplier when the refrigerated pork arrives in a US warehouse, as detected by RFID tags and such like, has no idea whether the slabs in the freezer are pork or platypus.

If you do discover platypus in your chow mein, then I suppose you could argue that the blockchain provides an immutable record that will enable you to track back along the supply chain to find out where it came from. But how will you know when or where the switcheroo took place? Some of the representations of the blockchain’s powers are frankly incredible, but it isn’t magic. It’s a data structure that recapitulates the consensus of its construction, not a Chain of True Seeing with +2 save against poison. So is there any point in considering a form of shared ledger technology (whether a blockchain or anything else) for this kind of supply chain application? Well, yes. We think there is.

Let’s go back to the first example, the great vegetable oil swindle.  Had American Express and other stakeholders had access to a shared ledger that recorded the volumes of vegetable oil being used as collateral, the fraud would have been easily discovered. 

“If American Express had done their homework, they would have realized that De Angelis’s reported vegetable oil ‘holdings’ were greater than the inventories of the entire United States as reported by the Department of Agriculture. “

via How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE

Interesting. So if the amounts of vegetable oil had been gathered together in one place, the fraud would have been noticed. What could that one place be? A federation of credit provider’s databases? A shared service operated by the regulator? Some utility funded by industry stakeholders? How would they work? What if the stakeholders instead of paying some third party to run such a utility used a shared ledger for their own use? It would be as if each market participant and regulator had a gateway computer to a central utility except that there would be no central utility. The gateways would talk to each other and if one of them failed for any reason it would have no impact on the others. That sounds like an idea to explore further.

How might such a ledger might operate? Would American Express want a rival to know how much vegetable oil it had on its books? Would it want anyone to know? The Bank of Canada, in their discussion of lessons learned from their first blockchain project, said that “in an actual production system, trade-offs will need to be resolved between how widely data and transactions are verified by members of the system, and how widely information is shared”. In other words, we have to think very carefully about what information we put in a shared ledger and who is allowed to say whether that information is valid or not. Luckily, there are cryptographic techniques known as “Zero Knowledge Proofs” (ZKPs) that can deliver the apparently paradoxical functionality of allowing observers to check that ledger entries are correct without revealing their contents and these, together with other well-known cryptographic techniques, are what allow us to create a whole new and surprising solution to the problem of the integrity of private information in a public space.

It is clear from this description that a workable solution rests on what Casey and Wong call “partial transparency”. At Consult Hyperion we agree, and we borrowed the term translucency from Peter Wagner for the concept. For the past couple of years we have used a narrative built around this to help senior management to understand the potential of shared ledger technology and form strategies to exploit it. Indeed, in some contexts we focus on translucent transactions as the most important property of shared ledgers and as a platform for new kinds of marketplaces that will be cheaper and safer, a position that you can find explored in more detail in the paper that I co-authored with my colleague Salome Parulava and Richard Brown, CTO of R3CEV. See Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis. Journal of Payment Strategy and Systems 10(2): 118-131 (2016).

As you might deduce from the title, in this paper we co-opt the architectural term “ambient accountability” to describe the combination of practical Byazantine fault tolerance consensus protocols and replicated incorruptible data structures (together forming “shared ledger” technology) to deliver a transactional environment with translucency.  As Anthony Lewis from R3CEV describes in an insightful piece on this new environment, it is much simpler to operate and regulate markets that are built from such structures.

The reconciliation comes as part of the fact recording; not after. Organisations can “confirm as they go“, rather than recording something, then checking externally afterwards.

From Distributed ledgers: “Confirm-as-you-go” | Bits on blocks

In this way the traditional disciplines of accounting and auditing are dissolved, re-combined and embedded in the environment. Smart contracts wouldn’t have disrupted Tino’s business, but ambient accountability would have uncovered his plot at a much earlier stage, when the near real-time computation of vegetable oil inventories would delivered data on his dastardly plot. You’d hardly need Watson to spot that inventories greater than the United States entire annual production ought to be looked into in more detail.

Perhaps we need to shift perspective. It is the industry-wide perspective of the shared ledger, the shared ledger as a regtech, that makes the disruptive difference to supply chains, just as it is the shared ledger as a regtech that will reshape financial markets by creating environments for faster, cheaper and less opaque transactions between intermediaries that have to add value to earn their fees rather than rely on information asymmetries to extract their rent. As the World Economic Forum’s report on the Future of Financial Services says, “New financial services infrastructure built on [shared ledgers] will redraw processes and call into question orthodoxies that are foundational to today’s business models”. We agree, and if you want to make this a reality for your organisation, give me or my colleagues at Consult Hyperion a call. We will provide help, not hype.

Incidentally, the brilliant Maya Zahavi from QED-it will be explaining how ZKPs can transform supply chains at the 20th annual Consult Hyperion Tomorrow’s Transactions Forum on April 26th and 27th in London. Run, don’t walk, over to that link and sign up now for one of the few remaining delegate places and to be kept up-to-date in the future, sign up for our mailing list as well.

[Sincere thanks to my colleague Tim Richards and to my former colleague Salome Parulava for their helpful comments on an earlier draft of this post.]

Blockchain in 13 minutes

Well, that was the fun. The nice people at the Meaning Conference gave me 13 minutes to try to explain what a blockchain technology is, what blockchains might do, and what the implications might be, to an audience of largely creative people. Quite a challenge.



Since they were creative types, I thought I ought to frame my explanations with poetry rather than mathematics. I decided to start with the Ur-statement of ordered immutability, the Rubiyaat of Omar Khayyam (1048-1131):

“The Moving Finger writes; and, having writ,

Moves on: nor all thy Piety nor Wit

Shall lure it back to cancel half a Line,

Nor all thy Tears wash out a Word of it.”

You can see a revised version of the slide deck here (we accidentally sent the wrong version on the day, but it really didn’t matter). It sets out the revised “4x4x4” model of shared ledgers, so that there is context for talking about the blockchain, and then quickly works through how there are different kinds of blockchains (and bitcoin is only one) and then gets to what I think will be the lasting impact: ambient accountability and new kinds of transaction environments where traditional auditing and policing are taken care of by the environment itself.

In order to explain my focus on ambient accountability, we went back to poetry, this time with T.S. Eliot and choruses from The Rock (1934).

“They constantly try to escape

From the darkness outside and within

By dreaming of systems so perfect that no one will need to be good.”

The point here is to frame shared ledgers as as much of a regtech as a fintech. The technology may well not cut the cost of financial transactions at all — as I constantly point out, when people tell me about bitcoin’s incredible ability to move money around the world instantly and for free, the blockchain isn’t instant and it isn’t free — but it has the potential to cut the cost of regulating financial transactions substantially. We can, I think, see ways to dissolve traditional notions of auditing and replace them with infrastructure that embodies auditing instead. If there’s no way that your view of the ledger and my view of the ledger can differ, then there’s no need to reconcile them.


You can watch the presentation here on YouTube (where it takes 19 minutes – I failed). They were kind to me with their feedback, although going back over the presentation I’m a little disappointed with it. I think I can do better to bring the new world of the shared ledger to the general audience. So I’d appreciate your feedback on two elements of the presentation. First, does the “real world ledger” model help with the discussion or is it an unnecessary complication and second do the example ledgers presented across those six layers make sense? I want to quickly show the different types of ledger in one slide, so I want a decent graphic comparing Bitcoin, Ethereum, R3, Hyperledger, DAH and so on. If someone has one I’d love to use it (fully credited, of course).

Any pointers? 

House of Blockchain

On a cold and foggy December morning I set off for the Mother of Parliaments. As I had contributed to the Parliamentary Office of Science and Technology (POST) work on shared ledger technologies (SLTs), I had been invited to the House of Lords for a slap-up full English and a discussion on the topic with assembled Lords and Commons. Very exciting for a lad from Swindon.

House of Blockchain

Once I reached the Palace of Westminster I went straight for the Black Rod’s garden gate.

House of Blockchain

But this turned out to be the exit, not the entrance. I went back round to the entrance and found a queue of blockchainafficionadospatiently awaiting the constable in charge of opening the gate at 8am sharp. I told the assembled throng (from the STFC) that I was there to lobby parliament to have THE BLOCKCHAIN accepted as a religion, like Scientology, and to have all associated tax breaks and other privileges. They think I’m joking, but they are not entirely sure. They are planning to put physicists on theblockchain, so I am a little suspicious of them.

House of Blockchain

At 8am on the dot the boys in blue let us in. They put my bag and coat and things through an X-ray machine, even though I told them that I had noblockchainsabout my person, and then we were inside the hallowed halls. I began the search for the elusive darkblockchainwith the help of the STFC chaps. No luck.

House of Blockchain

The breakfast was held in the Attlee Room. This is named after Clement Attlee, who led the post-war Labour government in Britain. The picture on the wall behind me is by “Michael Hestletine”, although it wasn’t clear to me whether it was by a Michael Hestletine or by the Michael Hestletine. Much like the distinction between the blockchainand a blockchain, it is rather important in my opinion.

House of Blockchain

I have to say that the slap-up full English was top notch. Two things I particularly liked: they didn’t use cheap sausages (skimping on the sausages ruins a full English in my opinion) and they served the baked beans in a separate little pot (is it called a “ramekin”?) which I really appreciated because I don’t like the beans mixing with the scrambled eggs and tomato. Anyway, to move on, Stephen Metcalfe MP, chair of the Science and Technology Committee, and Sir Mark Walport, the Government’s Chief Scientific Adviser (GCSA), opened the proceedings. Sir Mark had published a report on the technology earlier in the year.

The British Government’s Chief scientific adviser, Sir Mark Walport, has published his Government Office for Science report on “Distributed Ledger Technology: beyond blockchain”.

From Scientific advice about the blockchain | Consult Hyperion

He said that the goal of the POST reports is to demystify technology for policy makers although I have toreport that in his closing remarks he said that we had not been entirely successful in this enterprise and I fully concur with his opinion.

Sir Mark comes from the medical profession and he used a pharmacological analogy to introduce the topic to the group, saying that new drugs tend to go through a familiar cycle of “miracle cure” to “wouldn’t give it to a dog” on to “is good for X, Y and Z under certain conditions”. I think he was asking the expert speakers to explain what the X, Y and Z might be and under which conditions. In which case, and I am not casting the first stone here, we failed.

House of Blockchain

Sir Mark, as you might recall, was kind enough to the use the Consult Hyperion model of SLTs in his report mentioned above, gave a couple of examples that – and I say this in a spirit of enquiry and integrity – I just don’t buy. He specifically mentioned the example of constraints on the spending of welfare payments. Now, while I think this is a bad idea, I can think of far easier ways to achieve it (MCC restriction, for example) than tracking everything that welfare recipients spend on a blockchain. I can certainly seethat in the coming world of smart money (i.e., money that is transferred between ~smart ~contracts) it will be possible to constrain, restrict or censor transactions, but who and why are more important questions than how. In any case, who would mine this blockchain? The Department of Work and Pensions and… well, I think I wouldneed to see a more fully-developed architecture to comment.

My old friend Simon Taylor from 11:FS had also been asked along to provide input to the discussion and he tried a different set of metaphors relating to the confirmation of events from multiple sources but it was notclear to me that he was able to help Lord Birt and others to understand the key issues.

House of Blockchain

After a while, the discussion moved on to the Estonian electronic identity system. I expressed some scepticism as to whether the Estonian electronic identity system was on a blockchain. The conversation continued. Then to my shame I lost it and began babbling “it’s not a blockchain” until the chairman, in an appropriate and gentlemanly manner, told me to shut up. At this point, Simon and I got into an excellent twitter debate about what might constitute a distributed ledger and whether you need some particular combination of characteristics in order to claim that a system is a distributed ledger and whether, irrespective of the blocks and chains, the blockchain is a sensible description of certain systems.

House of Blockchain

I noted that someone nearby was looking at me with a slightly quizzical expression that I took to be some questioning of my ability to comment on the topic. Well, I went all “don’t bring your knife to my gunfight” on twitter. First of all,  one of the first podcasts I ever recorded (a decade ago) was with Tarvi Martens, one of the architects of the scheme.  Tarvi kindly contributed a case study on thescheme to my 2007 book “Digital Identity Management” (available from all good bookstores).

Forum friend Tarvi Martens presented a case study from Estonia on population-scale identity cards. This had been updated from the original case study that Tarvi kindly contributed to both the Digital Identity Forum and Digital Identity Management. The first card was issued back in 2002 and by October 2006 there were a million cards in circulation.

From Still practising | Consult Hyperion

One of the things that I couldn’t help but point out is that the Estonian eID card gained initial traction due to some unusual circumstances.

Unusually amongst ID card, the principal use of the Estonian card is an a transit card in Tallin (120,000 people every day use their card for this) and as a travel document.

From Still practising | Consult Hyperion

Hence I couldn’t resist asking their Lordships whether the transport secretary’s announcement on this very same day of some sort of national travel smart card today was an attempt to introduce an identity card by the back door…

So. The Estonian ID card, which was first issued in 2002, has nothing to do with distributed ledgers or blockchains or any similar technology. End of.

When it came time for my two-pennyworth around the table, I said that it wasn’t atall clear to me that it was accurate to describe Bitcoin as a decentralised system since almost all of the hashing power resides with a very small number of unaccountable mining pools based in China but, more importantly that

  1. It seems to me that many of the efforts to move shared ledgers into the marketplace have concentrated on shaping shared ledgers to emulate existing solutions in the hope that SLTs will be faster, higher or stronger. These are all unproven assertions. It is possible that a shared ledger replacement for RTGS might be cheaper, or more resilient or more functional that the currency centralised solution, but who knows?

  2. The transparency of the shared ledger, the aspect that most doesn’t work for current solutions in current markets, may well turn out to be the most important characteristic because it allows for ambient accountability and therefore opens up the potential for new kinds of markets that are far less costly and complex to regulate, manage, inspect and audit. This is the “shared ledger as regtech not fintech meme” that I am rather fond of.

  3. Just as the invention of double-entry bookkeeping allowed for the creation of new kinds of enterprise, so it seems to me that the shared ledger will similarly lead to new kinds of enterprise that use the shared ledger application (the SLAPP) as the engine of progress and the focus of innovation. I assume that there are kids in basements experimenting with SLAPPs right now and that this is where the breakthrough use case will come from. As I said last year in a discussion about shared ledgers for land registry, turning the ledger into a platform may be the most important reason for shifting to this implementation.

    From Shared ledger applications and the Bouvier-Sams boundary | Consult Hyperion

    The ability to execute general purpose code on the consensus computer means that, just as the ability to executer general purpose code on conventional computers did,  people will create some amazing things that we can’t imagine right now.

    This will, in the long run, turn out to be much more important than creating a new kind of database.

When I wrote this I was thinking that the ideas for these new kinds of applications can only come from fresh perspectives, but I have changed my opinion on that having seen some of the work already going on the field. Maybe some of us old hands still have something to offer when it comes to rethinking the ways markets can work. All in all, a very interesting start to the day. Incidentally, the only people around the table who made complete sense, as far as I could tell, were Professor Vili Lehdonvirta from the Oxford Internet Institute (who talked about the need for control and governance) and Calogero Scibatta of Everledger who, of course, actually already has a business that depends on shared ledgers. Here I am with Calogero on the way out, still discussing whether the ontological classification of Bitcoin recapitulates its phylogeny or whether it should be re-classified according to external definitions unrelated to its history and development. In other words, just because it was designed to be decentralised doesn’t mean it is decentralised.

House of Blockchain

Oh, I also told the assembled Lords that most of the stuff I read every day about “the blockchain” is rubbish. It’s become a meaningless chromewash term. Here is a real conversation that took place with a blockchain vendor in the presence of a client recently:

Vendor:  We are using the blockchain to revolutionise [redacted].

Me: What’s in the blocks?

Vendor: We don’t need to use blocks westore each transaction in such a way that only the parties to the transaction can see it.

Me: Who forms the consensus?

Vendor: It’s a master-slave consensus so the purchaser has a master record and the suppliers have a copy of it.

Me: How are the transactions chained together?

Vendor: They store the transaction but we also store the hash of each transaction.

Me: Why?

Vendor: Because blockchain (I’m paraphrasing).

If Roger Ver is the undisputed Bitcoin Jesus, then I claim that after yesterday’s performance my position as the Blockchain Meldrew is now unassailable.

Mutable and immutable blockchains

Now we all know what the bitcoin blockchain is, don’t we? It’s just one particular version of the general class of blockchains, which share the characteristics that data is stored in blocks and because of some cryptographic jiggery-pokery the blocks are chained together, so that you can’t go back and change the contents of a block without having to then change the contents of every subsequent block. And depending on the consensus protocol that is used, you can’t change the blocks without everyone else agreeing to let you do it. Thus it is, as my colleague Salome Parulava describes it, “mutable by consensus”.

Whereas auditing at present entails the confirmation of transactions and balances on a company’s accounting ledger at the end of the period, a transaction on the blockchain would provide a permanent and immutable record of the transaction almost immediately.

From Blockchain and the Auditing Revolution – Real Time Audit within the Capabilities of Blockchain | Fintech Schweiz Digital Finance News – FintechNewsCH

The reason that this kind of structure is called immutable, even though it is mutable by consensus, is that it is computationally infeasible to go back post-consensus and make a change. Even if you obtain consensus and co-ordinate more than half of the “hashing power” in the case of bitcoin, and could in theory go back to the very first block, change it to send the bitcoins in it to yourself, and then go forward rewriting all of the subsequent blocks, it would take years and years of massive computing power. Someone could, in theory, treat all of the bitcoin transactions from the last checkpoint up until now as the wrong side of a fork. (For all we know, secret mining pools are As my good friend Gideon Greenspan pointed out to me, just because you could see that corrupt agents were rewriting history in this way it doesn’t mean that you could stop them. But it’s not a realistic attack. We can live with the description “immutable” to mean “theoretically mutable but not mutable under any practical circumstances that we can envisage”.

If you had a different kind of blockchain, however, you could design it work in a different way. It could be mutable by consensus, or mutable by a dictator, and it could be mutable in a computationally feasible way. This is what some researchers in the US and Italy have put forward in a paper called “Redactable Blockchain, or Rewriting History in Bitcoin and Friends” (5th August 2016). Giuseppe Ateniese, Bernado Magri, Daniele Venturi and Ewerton Andrade say: 

We put forward a new framework that makes it possible to re-write and/or compress the content of any number of blocks in decentralized services exploiting the blockchain technology. As we argue, there are several reasons to prefer an editable blockchain, spanning from the necessity to remove improper content and the possibility to support applications requiring re-writable storage, to “the right to be forgotten”.

We don’t need to go into the clever mathematics behind this. Just take forward the idea that you can use that clever mathematics to substitute for massive amounts of computing power that I mentioned above and can rewrite a block without having to go forward and rewrite all subsequent blocks. The well-known and well-respected outsourcing company Accenture has filed a patent on this idea with Professor Ateniese.

By allowing a central administrator to amend or delete information stored on a blockchain, the [outsorucing company, Accenture] says that its prototype will make the technology more attractive to the financial services industry.

From Accenture to unveil blockchain editing technique –

This announcement was met with widespread derision on social media, and I can understand why. One of the key reasons for considering a blockchain to implement certain kinds of financial services is that the state of the blockchain, the shared world view, is locked down and the end of each block. If the shared world view can be changed, it wouldn’t be useful for these services any more. Now, I can see why some people might want an accounting system that works this way (see, for example, the case of Kingfisher Airlines in India) but I wouldn’t have thought that society wants accounting systems that work this way at all. Why would you want a ledger that can be edited either by some group or subgroup of the consensus forming stakeholders or by some central authority? I can think of a few reasons, but none of them make any sense.

The financial services industry needs to face the question of how to balance the appeal of pristine accounting with the demands of the real world, where some things simply need to be struck from the records.

From Downside of Bitcoin: A Ledger That Can’t Be Corrected – The New York Times

Nothing ever needs to be “struck from the records”. If a bank makes a mistake — let’s say it accidentally opens a couple of million bogus accounts — then it can’t just go back and scrub the backup tapes and pretend it never happened. The way to correct a wrong debit is with a correct credit. The Financial Times quotes blockchain entrepreneur and serious player Blythe Masters, the former JPMorgan banker running Digital Asset Holdings, as saying of Accenture’s approach that “we think it is innovative and can strike the right balance between preserving blockchain’s key features and adapting it for real-world requirements within some permissioned systems.” But what are these real-world requirements within some permissioned systems that Ms. Masters is referring to?

I don’t think anyone would use the bitcoin blockchain consensus protocol that was designed for an open, permissionless  blockchain (i.e., proof of work) for a closed, permissioned blockchain so you would never need to edit it this way. My reading of the paper, from a not-a-cryptographer perspective, is that it does not deliver against the real-world requirements for permissioned systems in financial markets. The use cases that are set out in the paper are the need to remove child pornography from a public blockchain, the “right to be forgotten” and the need to consolidate records financial transactions. My feeling is that none of these are real-world requirements.

As for the first use case, this is not something that our clients need consider since none of them are proposing to implement critical national financial infrastructure on a public blockchain with arbitrary content controlled by unaccountable consensus groups. If, for example, a stock exchange were to implement a blockchain settlement system, it would not be of such a type as to allow members of the general public to store child pornography on it (or at least it wouldn’t be if it had people such as Consult Hyperion designing it).

What’s more, if a stock exchange were implemented on an editable blockchain, it would be utterly chaotic since at the execution of any transaction, no-one could be certain about the state of the ledger (since it would be possible for some future intervention to change it). My granny dies and leaves me IBM shares. I sell you my IBM shares. I use the money to buy a car. Then a decade later a court order overturns my granny’s will as it turns out she had a son that we’d never heard of. So we go back and change the blockchain so that the IBM shares belong to him instead of me. So now I didn’t have the money to buy the car. So I have to give the car back. But the car was scrapped… and so on. Interstellar overdrive… then I go back five years later because it turns out he wasn’t her son at all and now I want the blockchain changed to give me my IBM shares…

Richard Lumb, global head of financial services at Accenture, told the Financial Times that financial institutions and regulators would need a means to quickly correct errors on the blockchain before using it in securities markets. He gave the example of a “fat finger” trading error, or a trade assigned to the wrong counterparty.

From Accenture to unveil blockchain editing technique –

That’s not how you correct errors, by just rubbing out mistakes. These are regulated financial institutions, not the mafia. No-one is going to build a financial services market on top of a mutable blockchain. In one of the comments I saw about this proposal, someone said that it would be OK because the market participants would keep an audit log of the changes and who agreed them. I thought that perhaps such an important log might need to be stored on an immutable ledger. Uh oh, blockchain Inception

As for the next use case, I am not a lawyer, but I think that the paper misinterprets the so-called “right to be forgotten”. However misguided the European Court’s decision on this might be, it does not demand the rewriting of history. If you publish an article about me that I think contains “old, inaccurate or even just irrelevant data“, and I manage to persuade Google that it should be harder to find, then the article is not deleted. The link to the article is removed from Google search results but the article is still there. Here, for example, is the Daily Telegraph’s full list of stories that have been removed from search results.

Newspapers are not required to go back and tear out articles from their archives, they are exempt (but in Europe, Google opted not to be regulated as media company so is not exempt). And I’m sure none of us what would to live in a world where politicians could obtain court orders to go back a change the historical record! When it comes to the serious use cases (e.g., revenge porn) it is already impossible to purge the matrix and it won’t make any difference whether they are stored on a blockchain or not (although with a permissioned blockchain you would at least know who had put them there and therefore who to arrest).

The third use case, the consolidation of financial records is not clear to me at all. Since the invention of double-entry bookkeeping, the whole point of keeping a ledger has been that you have a record of all of the credits and debits that contribute to the current world view. Companies do not delete old transactions every few months to save space. In fact the law requires them to maintain the transaction records for years. Here’s one example: in the UK, the “direct debit guarantee” has no time limit at all, so all records relating to direct debits need to be kept forever. If there is something about this use case that I haven’t understood, I would be genuinely interested to be corrected.

In summary, then. We all appreciate the clever mathematical tricks behind the mutable blockchain, but when it comes to the serious world of banking and financial services, it seems like (in the casual demotic of our unlearned age) a bit of a chocolate teapot.

Sharing ledgers

Like many of you I am sure I never miss The Economist “Money Talks” podcast, which is how come I happened to hear about the bankruptcy of an Indian airline. A first glance a normal, run of the mill corporate failure…

Inaugurated in 2005, Kingfisher Airlines… never made money, not in one year. On 20 October 2010, the Directorate General of Civil Aviation (DGCA) suspended its licence to fly. Some 3,700 employees were left contemplating their future. More importantly, a clutch of largely public- sector banks is looking at writing off loans worth roughly Rs 6,000 crore as bad debt.

From The art of flying on froth | Tehelka – Investigations, Latest News, Politics, Analysis, Blogs, Culture, Photos, Videos, Podcasts

Well, these things happen. The more cynical among you might just note this as another example the subverted corporatist version of capitalism that we are familiar with today, where profits are privatised and losses are socialised, and put it to one side. But the story has a particularly fascinating trajectory and one of that is relevant to the kinds of discussions going on at executive level amongst some of Consult Hyperion’s customers. Here’s why. It’s the story of an unshared ledger. Kingfisher Airline’s corporate records have vanished.

The airline’s missing accounts—apparently stored on servers seized by a vendor who had gone unpaid—is an unwelcome complication for those who had hoped the Kingfisher saga might be inching towards some sort of resolution.

From Flying blind | The Economist

Now, I hate to say it, but this is one of the few news stories that I have seen recently that actually points out a genuine use case for shared ledger technology and as far as I can see (from my single source of truth, my Twitter feed) no-one picked this up. Set against the common vague management consultant stuff about how “the blockchain” is going to transform the health care industry, the refugee crisis and insurance, this is a real example of a use case that is not based on fantasies about reduced costs or improved performance or the eradication of intermediaries or “code is law” but the solid reality of  a consensus computer in operation.

So, imagine that Kingfisher had adopted something along the lines of Ian Grigg’s “triple entry” system. There’s a permissioned shared ledger that is maintained by, amongst others, the airline itself, the 17 creditor banks and the airline industry regulator. The airline and the banks update their own double-entry accounting systems using the data from the shared ledger.

If the airline goes bust or vanishes into a black hole or is infiltrated by ne’erdowells, it doesn’t matter, because everyone has a copy of the shared ledger. The banks can see that there are transactions with other banks, but may or may not see what those transactions are without permission. I assume that when a bank lends a few million quid to a company one of the first things it does is send in expensive finance-type persons to find out what other loans are outstanding and under what terms, so I don’t see my the transactions would be encrypted but I know nothing about corporate finance. But even if they were, then under warrant the regulator and law enforcement agencies would be able obtain the escrowed transaction keys needed to decrypt transactions of interest. You can sort of see how it would work. Back here to my fantasies about encrypted open books, translucent databases and shared ledger applications. Everyone would be able to see that assets exceed liabilities even though no-one (other than the relevant parties) could see what those assets or liabilities were.

If I were casting around for a practical proof-of-concept in the world of the shared ledger, I would certainly consider such an example. In this case we have a system where there are trusted participants who may become untrusted, records that must be immutable beyond the lifetime of their creator and real money to shared amongst the stakeholders. Think of all the money that could have been saved on auditing, forensic accounting and compliance! Money that could have instead been spent on customers, employees and suppliers of discretionary services.

So that’s why I used this particular story to help develop narrative in a couple of client meetings this week. As it happens, though, the story has even more to it as an exemplar. But first, a word about identity… Remember, names are attributes not identifiers. I’m a Dave Birch, but that doesn’t necessarily make me the Dave Birch in any specific instance. Now back to the story. The creditors want their money back so they are going after the guarantors of the loans made to Kingfisher where they have some evidence of the loan and the guarantor. Fair enough.

Last month it emerged that one of the aggrieved banks froze the accounts of three customers it alleged had guaranteed loans to the carrier in their role as board directors of Kingfisher. In fact, it blocked a destitute farmer, a vegetable stallholder and a security guard with similar names.

From Flying blind | The Economist

Ruh roh. So much for Know-Your-Customer (KYC). I’m sure this kind of problem will not recur, because India now has the Aadhar universal identity service. I’m sure that future loan guarantors will have to present their Aadhar card and be biometrically-identified as part of the loan process. This was, after all, part of the original vision for the Indian UID service, made clear back in 2010.  

“Lack of identity is hurting people and blocking progress. Aadhar (the brand name for UID) can serve as the know your customer guidelines that banks have. It can reduce friction for the poor person who is trying to access public services like banking,” Nilekani said…

[From UID can be an enabler of financial inclusion: Nilekani-Finance-Economy-News-The Economic Times]

But in other jurisdictions where universal identity is not yet the rule, some alternative might be needed. Perhaps here the shared ledger, which may in the long term be seen as a #regtech revolution and not a #fintech revolution at all, might also provide the necessary infrastructure (as I suggested in my presentation on “CRUDchains” at the Dutch national blockchain conference earlier this year). So now we have an interesting — but practical — model to work with. A shared ledger for the accounts that is linked to a shared ledger for the KYC. Anti-money laundering implemented as a process that constantly traverses both chains, not a set of expensive procedures.

I’m think I might use this example to test some of the ideas we are developing around shared ledger structures and blockchain (and other implementations) with some of our clients and partners, but as always I’m genuinely curious to hear what you have to say about the potential here.

A legacy of transparency

Well, the paper that Richard Brown of R3, my colleague Salome Parulava and I put together what seems like an age ago (a year is a long time in fintech) has finally been published! Hurrah! Here’s the reference for you:

Birch, D., R. Brown and S. Parulava. Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis. Journal of Payment Strategy and Systems 10(2): 118-131 (2016).

The paper itself is not online (you have to subscribe to the Journal for that) but I’m sure that the fine people from Henry Stewart Publications will have no objection to me reproducing the abstract for you here:

The consensus in the finance sector seems to be that the shared ledger technology behind Bitcoin, the blockchain, will disrupt the sector, although many commentators are not at all clear how (or, indeed, why). The blockchain is, however, only one kind of shared ledger and the Bitcoin blockchain works in a very specific way. This may not be the best way to organise shared ledgers for disruptive innovation in financial services. So what is? And why would financial services organisations want to do exploit it?

This paper sets out a simple shared ledger taxonomy and layered architecture designed to facilitate communication between technologists, businesses and regulators in the financial services world and explains why the various forms of shared ledgers might be attractive to financial services organisations, borrowing the phrase “ambient accountability” from architecture to suggest a new way to organise a financial sector.

The paper sets out the “4×4” model that we have used for exploring shared ledger technology with a variety of clients (and have found it to be a very useful tool to help clients develop their strategies around shared ledgers) and then uses this model to discuss the application of shared ledgers to financial services.

 Birch-Brown-Parulava Colour

We finish by putting forward the idea that the legacy of the great financial crisis of the last decade might be the creation of more transparent financial markets. Our focus on transparency was reinforced by the discussions at Money 2020 in Copenhagen, where I think I detected the emergence of “regtech” as a distinct from “fintech” as a paradigm and organising principle. I spoke to a few people about this during the course of those sessions and it seems to me that for many of the financial services delegates their number one problem, the place where costs are out of control and apparently growing without limit, is compliance not technology. Yes, there is great new technology out there but it can’t help unless it has a regulatory context in which to flourish. The idea that there might be new categories of technology (and actually I think that the shared ledger might be one of them because of its potential for a new kind of transparency and a regulatory win-win) where the impact is to reduce the cost of complying with regulation rather than to reduce the cost of delivering a functional service sounds is potentially revolutionary.

What would transparency mean in our context? We envisaged a new kind of financial marketplace where “translucent” transactions that are clear to counterparts, clear in outline to regulators and opaque to others might allow us to set up a transactional environment with ambient accountability. We use the “glass bank” example to create a narrative, and it’s an example that I’ve used before to illustrate the relationship between transparency and trust. Here’s something about it from six years ago:

Transparency increases confidence and trust. I often use a story from the August 1931 edition of Popular Mechanics to illustrate this point.

From Cryptography can bring novel solutions | Consult Hyperion

The legacy of a crisis is often regulation. If we view the shared ledger not only as a fintech (a technology that changes the cost/benefit landscape around financial services) but also as a regtech (a technology that changes the cost/benefit landscape around the regulation of financial services) then we might be able to make the legacy of the last crisis a better and more effectively regulated financial services sector that is a platform for radically new products and services. At a time when so much money is going on compliance and so much momentum is going into “legacy” regtech we realise that the use of shared ledgers may seem radical, but we are convinced that it is time for a new approach.

Tired: Banks that store money. Wired: Banks that store identity

Speaking at the Dutch National Blockchain Conference back in June, I remarked in passing that I thought bank customers would be storing their money (their wealth) in all sorts of places in the future – from a small percentage in demand deposit accounts, through investment accounts of one form or another, P2P marketplaces and who knows what – but that they would be storing their identity back at the bank.

DBC16 Identity


This was picked up on Twitter and a few people commented on it, so I thought I’d expand on what I meant here. First of all, it is neither a new idea nor my idea: other people have been saying this and they’ve been saying it for a while. I might have expressed it in a better soundbite, but it isn’t my concept.

Britain’s high street banks believe their future role will be as repositories of more than just money: they want to be the safe place where customers store their digital identities.

[From Banks want to keep your digital ID in their vaults –]

That’s from a couple of years ago. It is not some out-of-left-field edge thinking or me spouting aphorisms for a conference stream either. Round about this time, the European Banking Association (EBA) said something similar and you can’t get much more mainstream than them.

Banks are well positioned as is explained in a recent white paper of the European Banking Association (EBA).

[From Digital Identity: how banks can position themselves in their customer’s online lives | Innopay]

So what might banks do with your identity once they’ve got it safely locked away in their vaults? Well, one idea, particularly popular with me, is that they might give you a safe, pseudonymous virtual identity to go out an about with.

Some suggest that digital identity verification by banks could ultimately end the need to type in a credit-card number on an ecommerce website

[From Banks want to keep your digital ID in their vaults –]

Some others (uncharitable persons, of which I am not one) also suggest that banks will pratt about and muck this all up and hand digital identity ownership over to Apple, Facebook, Google, Amazon and Microsoft on a plate. But if banks were to develop some common strategy around this topic (perhaps related to the financial services passport concept that’s been discussed here before) then where should they start?

Well, what about the “adult identity”? Why doesn’t my bank put a token in my Apple Pay that doesn’t disclose my name or any other personal information, a “stealth card” that I can use to buy adult services online using the new Safari in-browser Apple Pay experience? This would be a simple win-win: good for the merchants as it will remove CNP fraud and good for the customers as it will prevent the next Ashley-Madison catastrophe. Keep my real identity safe in the value, give me blank card to top shopping with – a simple use case that will test the viability of the concept.

Blockchain as a public technology service

When people say “blockchain” they mean different things. And some of the things they mean are just absolutely, categorically different. Implications of public open blockchain designs and private blockchain designs vary drastically. I emphasis this distinction because it is key – the different designs assume and imply totally different things.

Both types are important but for different reasons, for different markets and for different use cases. I think we have passed the time when “Bitcoin bad – Blockchain good” seemed an eye opener. What this kind of argument did is it drew the attention of financial incumbents from the Bitcoin-like permissionless space to the private, permissioned space. Which makes sense for their business models. But I think they are not paying enough attention to the permissionless space. I think you are not either!

A brave slide from the Consensus conference in New York this year (unfortunately, can’t remember the name of the speaker! – let know and I’ll update), where I chaired the panel on post-trade and my colleague Dave Birch chaired panels on Identity. This illustrates that “Bitcoin bad, Blockchain good” is not set in stone.

I bet you hadn’t anticipated such a steep rise of Ethereum (the price of native Ethereum currency soared 10 times from the beginning of 2015 and Ethereum’s market cap reached 1.5 billion dollars). You may have even missed the creation of the first human-free organisation. Even if you try to keep an eye on the public blockchain world, you only get reminded of its existence when Bitcoin price surges to its 2-year high (it now trades at over 700$) and all the mainstream media cover this.

Both public and private shared ledgers (Blockchains) are essentially shared book-keeping (and computing) systems, one class – open for everyone to use (public), another – restricted to a certain group of members (private). And this is it. Open for everyone to use means lower entry barriers, it means identity-free and regulation-free shared book-keeping (and computing). What could be restricted by identity policies and financial regulations goes around this. You can, say, restrict a person from buying bitcoins by setting high KYC requirements to online exchanges (for users not to be able to change dollars for bitcoins if they are not KYC’d). You can even cut his or her internet connection. You can issue a court order to close a business that accepts bitcoins as money. And so on and so forth.

A lot of this effort looks similar to trying to stop the Internet, but I suppose the regulators can dream!

Public technology service and native digital rights

“Proof-of-work is inefficient”. So what? Let it go! Think of what’s the idea behind it and what it tries to achieve, regardless of this inefficiency. Regardless – because even if proof-of-work is not ideal, there are other permissionless technologies already developed and many more that are work in progress. Some of best minds in the world are looking to provide the benefits of permissionless shared ledger environment without the drawbacks of original Bitcoin’s proof-of-work. Just assume that they will solve that problem and move your thinking on.

What the blockchain delivers is permissionless book-keeping (and computing) public technology service (with the unchangeable and transparent transaction history as an incredibly valuable side effect). When I say “public service”, I do not mean that a company or public organisation provides it, I mean technology itself and collaborative user effort provide it. In a sense – everyone and no one. The protocol acts as the service provider.

And this is crucial. In traditional financial world, the basic value transfer layer that cryptocurrencies (i.e. everyone and no one) provide as a public technology service, is provided by companies – service providers, and is not accessible to anyone. For example, PayPal provides digital value transfer service.

Here I want to make a point that permissionless cryptocurrency systems have a promise of a digital environment in which value transfer is intrinsic, embedded on the protocol level – and so, for users the ability to make a transfer could become what I call a native digital right. Just to give you an analogy (it’s not a very accurate analogy but you’ll like it!) – take a guess what you see on the picture below. Well, it’s a standard residential elevator in my mother country Georgia, where you need to pay every time you use it! Up and down. Every time up, every time down!

Georgian elevator. Each time you go up and down, you need to pay!

So maybe we all (all internet users) live in our kind of Georgia, where every time we want to make a deal (economic agreement) in the online world we have to go through a cumbersome process and pay an unreasonable fee (each time!) for it. We need to get our bag out, fill in our card details, merchant’s acquirer (if it’s a merchant – even more obstacles with peer transfers) needs to send a request, card issuer needs to approve the transaction etc. Our today’s economic life online is based on this very complex e-commerce domain. And to me, it looks a lot like Georgian elevator. Think about it: on top of the obvious, that elevator only accepts certain denominations of Georgian coins – very specific, and is broken every once in a while – so even if you want to use a paid elevator sometimes you just can’t. So familiar.

How great would it be if we had a native digital right to make a value transfer online that noone could take from us (or grant us!), on a protocol level. How many applications could be built on top (at Consult Hyperion we call them SLAPPs -shared ledger applications)!

Persistence of permissionless

At the heart of the public shared ledgers is value transfer. This is because in order to assure the liveliness and self-sufficiency of the system, while providing non-restricted access to it, there needs to be an intrinsic economic incentive for those who maintain it. In other words, there should be a positive value to maintaining consensus. Most public shared ledgers for this reason can be described as currencies (decentralised cryptocurrencies) because they provide this incentive as a reward on the ledger in the ledger’s own “money”.

The canonical example of such a decentralised cryptocurrency is, of course, Bitcoin (remember, there are hundreds of them though!).  As Bitcoin was intended to exist and evolve out of the reach of regulatory, corporate or any other centralised command, the technology includes mechanisms that ensure it persistently “survives” and proves its robustness and self-sufficiency. (Disclaimer: I’m not a Bitcoin maximalist)

This persistence is a differentiating characteristic of a public shared ledger system. The technology does not need people at tables making decisions in order to survive, it is “permissionless” (nevertheless, the way it evolves to an extent is influenced by “people at the tables” – just different people).

Virtual economy

Potentially the principal implication of this persistence is the permissionless ascent of alternative virtual economy on top of decentralised protocols. Cryptocurrencies are not just a new form of payment – but rather, it’s a potential foundation for a new virtual economy, with new forms of economic interactions coming into place. When I say “new”, I don’t mean substitutive – I mean additional.

Virtual economic activity could become something fundamental to the Internet. Similar to the way the ability to communicate transformed into the ability to communicate over the Internet – it could grow into the ability to make friction-less economic arrangements (“economically” communicate) in the virtual world.

Thanks to the shared ledger technology and “smart contracts” innovation, not only the emergence of alternative economy is permissionless (and so – non-stoppable), but if it happens at certain scale, the very nature of economic relationships in this economy could be drastically different from what we are used to. A good depiction of such transformation is content monetisation on the web through the use of “invisible” micropayments. Another good example is seamless online payments in video games:

Breakout Coin provides for seamless in-game payments anywhere in the world, while the blockchain technology behind it, Breakout Chain, uses smart contracts and sidechains to enforce these financial agreements between parties.


Shared ledger technology could even turn our things (as in “Internet of Things”) into active economic agents through smart contracts.

Public shared ledger technology may help to turn a big part of our (as it seems) non-economic life into an economic activities. 

Although there are many “if” in that, we should not dismiss this possibility quite yet and keep an eye on the permissionless space. You can observe or get involved, but it would be a mistake to put your head in the sand and deny that something incredible is happening.

“Identity for Blockchain” vs “Blockchain for identity”. What’s in it for Airbnb?

Recently I had the pleasure to moderate a panel on “Blockchain and Identity” at the KYC & Identity conference organised by ECN in London. It was a well-organised event with speakers and participants from major institutions such as the European Commission, Barclays, Open Identity Exchange (OIX) and such. The conference, excellently chaired by Jon Shamah (from EEMA, the European Association for e-Identity & Security), had an interactive and friendly format, very useful to facilitate discussion.

Sally on KYC-Identity conf

Our panel (with UBS and Zerado) was the only one dedicated specifically to Blockchain, but one could hear the word mentioned here and there: almost inevitably discussions of the problems and future of identity led to Blockchain. And this is not a surprise: Blockchain & Identity is a hot topic, which Consult Hyperion has been exploring for a while with our clients.

Let’s take two different approaches to thinking about importance of this topic: “Identity for Blockchain” and “Blockchain for Identity”.

First, “Identity for Blockchain”, assumes that if Blockchain platforms (developed for many different use cases) are to gain widespread adoption, we need to understand how the identity dimension for these systems would look like. It is quite obvious that existing ways to manage identity won’t work for “the new magic blockchain enabled world”. At the moment, dozens of major institutions are developing blockchain platforms (or more precisely, shared ledger technologies = SLT). Take R3CEV for example, a consortium of 40+ international banks such as Barclays and Goldman Sachs, that has recently announced “Corda” shared ledger protocol for financial use cases. Linux foundation, IBM, DAH and others work on the “Hyperledger” project – a multipurpose standardized blockchain software stack. Assuming these technologies gain adoption that is at least 10% as widespread as the industry’s attention to them today, there will be a need for a robust and reliable identity layer to manage KYC, AML, authentication and authorisation processes for shared ledger applications.

Second approach could be called “Blockchain for Identity” and it formulates a separate self-sustained class of use cases. It assumes that Blockchain technology can enable solutions to known identity problems and can solve them better than current models are able to do. This week, blogposts from my colleague Dave Birch (Director of Innovation at Consult Hyperion) have been focusing on this latter approach, which we will explore further here.

So what problems does a “blockchain for identity” solve?

I would argue that the one of two key problems at question is lack of interoperability of identity information across organisations and marketplaces, in each of the three domains: identification, authentication and authorisation (see the series of “Putting Identity on the Blockchain” from Dave this week). KYC-sharing use case falls under this umbrella, but KYC is just one bunch of the identity data that can be shared. Nathan Blecharczyk, a co-founder and CTO at Airbnb (who have recently hired a bunch of blockchain experts), talks about sharing user’s reputation:

“The question is whether there’s a way to export [a user’s reputation] and allow access elsewhere to help other sharing economy models really flourish.”

– Nathan Blecharczyk, a co-founder and CTO at Airbnb.


Isolated identity systems create silos of ID information. Such disparate systems and fragmentation of ID markets limits the ways in which useful identity information can be generated, derived and enriched (not just shared). Therefore an associated problem is poor quality and lack of meaningful identity data. One example of rich identity data is (or at least should be) credit ratings. Another interesting example that has just been mentioned in another context is reputation:

Within the context of Airbnb, your reputation is everything, and I can see it being even more so in the future, whereby you might need a certain reputation in order to have access to certain types of homes”

– Nathan Blecharczyk, a co-founder and CTO at Airbnb.


Why suggest that Blockchain can help with this? To answer this question, let’s look at one of the key characteristics of the Blockchain technology – the immutability (unchangeability) and transparency of historical transaction records. All the identity transactions executed on Blockchain remain in the history and cannot be deleted or altered. This means that history of identity transactions can be held in a sort of public registry (this does not imply that actual personal data is transparent – let’s put aside the privacy issues for a moment). And therefore the history of identity transactions across organisations can become a basis from which new identity information is derived (through aggregation, referencing & vouching, statistical analysis, cross-attestations etc).

I call reputation an identity derivative (because it is derived from the attributes of an identity, it is not an attribute itself) that can be dynamically changed and simultaneously used in a Blockchain environment. Another connected identity derivative is “provenance”. Proof of provenance shapes one of the promising business cases for Blockchain. For example, “provenance” attributes can be used by insurance companies as a source of reliable information about the history, reliability and origin of a document, a digital good or a physical good with digital representation. See our favourite example of Everledger, a Barclays accelerator startup that records provenance of diamonds on the blockchain.

Thus, the promise of “Blockchain for Identity” is to tackle the problems mentioned above: lack of interoperability and lack of meaningful identity data. Potential is – to enable sharing of identity information and to create enriched identity derivatives that could in turn open doors to new business cases in trade, commerce, capital markets – any area in which identity-based decisions are made on daily basis really.

Identity is fundamental to businesses and markets today – so changing how it works could drastically transform to the way businesses operate.

Big risk. And big opportunity.


Putting “identity” on the “blockchain”. Part 4: Create a ledger of transactions

Okay let’s continue the experiment of thinking out loud about putting “identity” on the “blockchain”. Just to recap, in Part One we identified a specific identity problem that might be solved using shared ledger technology, in this case the problem of KYC for financial services. In Part Two we identified a useful and consistent model for digital identity that seemed powerful enough to encapsulate a solution to the problem. In Part Three we worked out which identity transactions we wanted to store in our shared ledger, and we decided that the history of transactions involving a particular virtual identity could serve a useful function as the reputation of that identity. Today, will move the thought experiment on to actually implementing the shared ledger.

Now without thinking about it for too long, it seems to me that there are three options for implementing the Shared Ledger of Identity Transactions that we intend to use to facilitate reputation-based interactions. Let’s call this the SLIT for short. We could implement the SLIT using conventional database technologies and either construct a centralised database for all financial services participants to share all we could have databases held by financial services participants interoperable through some form of federation, as we discussed in Part One. However, as I will return to the end of this piece, that implementation wouldn’t give us access to the likely source of genuine revolution in this space, which I think is the use of shared ledger applications (otherwise known as “smart contracts”) to deliver radically new products and services. Hence, I think we should dismiss the traditional implementation and look at implementations based on the new generation of shared ledger technologies.

I can see two ways of doing this. First would be to implement the SLIT using any one of a number of Practical Byzantine Fault Tolerant (PBFT) technologies that are out there right now. The other possibility, rather as Blockstack have done, is to implement the SLIT as a virtual ledger and build the applications on top of that, then map the virtual ledger to an actual ledger implementation. I tend to favour this latter approach, for the simple reason that it is not at all obvious to me (with the obvious caveat that I know literally nothing about cryptography) which is the best shared ledger implementation. It could be that implementing the virtual ledger on the Bitcoin blockchain is the best possible way of doing things (as shown in the diagram below). On the other hand, it could be that implementing the virtual ledger on an Ethereum blockchain built specifically for the purpose is the best way forward. On the other hand, it may be that not using a blockchain at all and implementing the virtual ledger on some other PBFT platform is the best way forward. As any of our consultants would say when dealing with this problem for a client, it depends. Until we know what the prioritised requirements, constraints and goals for the system are is not possible to say which is the best solution.

Ledger on Blockchain


So let’s go down this route. We define the SLIT and agree who has access to the SLIT. We define the financial services passport that we spoke about in Part One as a particular kind of virtual identity with some agreed fields. Now we can see how it might work in practice. I go to my bank to open a bank account. The bank does all of the necessary KYC checks and creates a digital identity. The private key associated with this identity is stored safely in the bank and a copy is downloaded to the bank application on my phone and safely tucked away in tamper-resistant memory (inside the SIM card or the secure enclave or wherever). The bank creates a virtual identity using the public key from the digital identity and adds a set of standard fields (name, address and so on and so forth) as required by the regulators. It then adds a digital signature using its own private key. A pointer to this virtual identity along with necessary descriptors is then added to the SLIT.

Now imagine that I go to appoint a new financial adviser. A financial adviser needs to see my financial services passport so I run the bank app my phone and select the option to provide my identity or however the marketeers dress it up. A copy of the ledger entry is sent to the financial adviser. Now he or she (or more likely their app) can go to the SLIT and look at all subsequent entries for that same virtual identity (in particular to see whether it has been revoked or not). The virtual identity looks okay, so now the financial adviser needs to know that the virtual identity belongs to me so his app takes the public key from virtual identity, encrypts a challenge and sends it to my app which decrypts it (because it has the associated private key) and responds. Now the financial adviser can either use that virtual identity or in the more general case use it to generate a financial advice virtual identity which is then stored in the ledger itself.

All of the financial services participants in this ledger can now have access to all of the virtual identities. I think, although I may need to think about this more! Anyway, we now have a problem, an identity model, identity transactions and a ledger to store them in. We’re nearly there.

What is crucial is to implement the virtual ledger using a technology that allows for shared ledger applications, and this is where we’ll continue with the final part of our thought experiment tomorrow.

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.