Follow Blockchain at Berkeley on Feedspot

Continue with Google
Continue with Facebook

Photo by AbsolutVision on Unsplash

I interviewed industry professionals at top law firms, investment funds, exchanges, and various decentralized finance (DeFi) projects, in addition to attending panels and conducting independent research, to better understand the the emerging DeFi industry. DeFi: What it Is and Isn’t is the first of a three part series that draws upon the insights derived from this research.

The article that follows will outline the differences between the DeFi dream and the DeFi reality and highlights 7 of the most pertinent challenges the industry must overcome before bridging the gap. Subsequent articles will analyze the decentralized exchange of assets and decentralized lending and derivatives. These articles assume a foundational knowledge of both financial markets and blockchain technology.

The most widely used application of blockchain technology is in the creation of digital currencies, which has required the development of financial markets to support their exchange. However, these financial markets, in their current state, prevent fair and open access. Furthermore, the infrastructure that supports blockchain-based markets is vulnerable to counterparty risk, censorship, a lack of transparency, and manipulation as it remains largely centralized. Current infrastructure flaws erode trust and inhibit adoption.

Just as the internet allowed for the creation of a new information infrastructure, blockchain technology allows for the creation of a new financial infrastructure and the development of entirely new markets. The DeFi movement has emerged in an attempt to make the infrastructure that supports new and existing blockchain-based markets just as decentralized as the underlying technology.

The DeFi Dream

In a functioning decentralized financial system, internet connection would be the only prerequisite to accessing financial services, rather than geography or circumstance. A reduction in the centralization of those that control and own the infrastructure underpinning financial markets would increase transparency, decrease costs, and reduce the opportunity for censorship and / or manipulation. The global “unbanked” (both individuals and enterprises) would gain access to financial services. DeFi would not only facilitate markets for illiquid financial products that already exist but would also allow for the creation of new financial products and markets that don’t yet exist. The ability to more effectively arbitrage, borrow, hedge, and access liquidity would spur more institutions to join the movement without restricting the usage of these products and markets exclusively to them.

The DeFi Reality
While DeFi is referred to as “open finance” and is sometimes touted as a way to “bank the unbanked,” the truth of the matter is these products aren’t aimed at the mass retail investor, let alone the global “unbanked.” Technology is not usually the primary factor restricting access to financial services. More often than not, identity and/or oppressive regimes are. On the retail side, it is unreasonable to believe that the average retail investor would understand the risk profile of even the simplest DeFi products and I’ve yet to hear a compelling argument for why the average retail investor would need access to exotic financial derivatives. UX/UI challenges present further obstacles to retail adoption.

Product-market fit for most institutional investors is not any clearer. Most DeFi projects aren’t well suited for HFT (high-frequency trading) since they’re limited in terms of speed. They are not well suited to trading large positions either and traditional finance institutions won’t even consider entering into transactions in which their counterparty is unknown. At this point, institutional traders aren’t willing to make these trade-offs so long as they can trust at least one other person in the markets in which they operate.

As a result, product-market fit is currently constrained to crypto-native power users that are comfortable with the existing UX/UI challenges of crypto networks and blockchain-based assets. For user adoption to accelerate, the trade-offs required by DeFi interfaces must not outweigh the perceived benefit of ownership, access, and transparency when compared with centralized alternatives. A lack of developer education and tools is also restraining the industry. Tooling and services need to be further developed and a best-in-class stack needs to be established so that users don’t have to interact with a fragmented ecosystem marching in fragmented directions. Developers, regulators, lawyers, investors, professional traders, and retail users will have to work together to overcome existing challenges.

As a result, the transition towards a decentralized financial system is more likely to be evolutionary than revolutionary. That doesn’t diminish the potential of DeFi to reshape the way in which markets function and the way that the entire world interacts and transacts.

While the DeFi movement has the potential to provide meaningful benefits over centralized alternatives, there are many practical challenges the DeFi industry needs to overcome first. User adoption may be the biggest impediment to the development of the industry at present, new risks compounded across protocols may be the biggest threat to its sustainability. An in-depth look at the 7 most pertinent challenges follows.

1.) Identity and Reputation
The first step in entering into a financial transaction often requires the identification of transacting parties. However, a core tenant of DeFi is that one’s ability to access financial services should not be dependent on most aspects of identity. This is problematic as violations of KYC / AML / OFAC regulations can not only result in large fines but could result in criminal charges. If a DeFi Relayer (an entity that hosts on order book on a DeFi protocol) facilitates an exchange between unknown parties and those parties turn out to violate any of these regulations, the consequences may be serious. Furthermore, without a way to enforce identity, most proposals for decentralized governance of these projects are quickly reduced to plutocracy.

While still far from complete solutions, projects are researching ways to allow for KYC (know your customer procedures) without introducing centralization. For example, Relayers on 0x can opt-in to implement a permissioned liquidity pool that ensures that pool is only accessible to whitelisted Ethereum addresses that meet certain requirements, such as those required by AML (anti-money laundering) and KYC policies. However, this method still doesn’t ensure identity in a way that allows one to know that a counterparty is trustworthy without excluding those outside of the traditional financial system and introducing centralization. Several parties have issued EIPs (Ethereum Improvement Proposal) to incorporate KYC/AML compliance into ERC-20 tokens. However, in many cases, these proposals would still require service providers to work together off-chain via a consortium to review each others’ KYC policies and it is still unclear whether these proposals would fully satisfy regulatory requirements.

Establishing reputation in blockchain networks is a distinct challenge. This is a strong industry focus as the range of possible products expands when there is a sense of on-chain reputation. There are currently two main ways to attempt to establish reputation in these networks:

  • Allowing everyone to start on an equal playing field under the assumption that network participants are good actors. Participants that prove to be untrustworthy / uncreditworthy would subsequently be slashed (punished.) Underwriters on the Dharma network fall into this category, wherein they gradually build reputation over time via an on-chain record of their accuracy and behavior.
  • Porting existing credit data to a blockchain network via an oracle. This is hardly an improvement over the traditional finance system in terms of allowing for fair access.

The lack of an on-chain reputation method that doesn’t require users to reveal too much about their personal identity means most DeFi projects require (over)collateralization in lieu of being able to establish trustworthiness.

2.) Capital Inefficiency

The overcollateralization required by DeFi projects is capital inefficient. MakerDAO requires users to deposit 1.5x the value of ETH to establish the collateralized debt position underpinning Dai (CDPs will be covered in more depth in Risk Off or On?: Decentralized Lending and Derivatives.) Even still, most people choose to keep their “loan-to-value” ratio at 300 percent in order to avoid double digit liquidation penalties.¹ Similarly, Compound requires a 2x collateralization ratio, which the company says will decrease over time.² However, some users indicated a willingness to post 4x–5x the required collateral.²

Until a decentralized reputation system is developed, there is little choice but to require users to lock up excess capital, dulling the benefit of taking out these positions to begin with. Even when/if reputation is solved, the volatility of the underlying positions could result in a persistent preference to overcollateralize.
3.) Oracles

Corruption of on-chain oracles (the mechanism that finds and submits real-world data to a smart contract) is a huge concern for these systems since liquidation occurs automatically in the event that collateral levels drop below their specified “loan-to-value” ratios. Different DeFi projects approach oracles in different ways, but many projects in the space are using MakerDAO’s oracle. MakerDAO’s oracle is currently designed to support single collateral Dai (backed entirely by ETH) but will be re-designed to support multi-collateral Dai (backed by a pool of different cryptocurrencies) in the near future. MakerDAO’s oracle pulls data from sixteen different sources for its oracle feed. These sources are comprised of Ethereum addresses voted on by MKR token holders, which are then submitted to an autonomous smart contract. The oracle chooses the median of all sixteen submitted data points. This system allows for 51% tolerance as it excludes the outliers which are more likely to be submitted by malicious actors.¹ Importantly, MakerDAO also utilizes an oracle security module in which the second layer of the protocol can activate an emergency shut down. This shut down freezes the system at its last known “safe state” if it has reason to believe the oracle may have been compromised. If an emergency shutdown occurs, users can convert their Dai to ETH at the equivalent of 1$/1 Dai, according to the state of the ledger at its last determined “safe state.¹”

Single collateral Dai oracles update every time the price of ETH fluctuates by +/-1.0% but multi-collateral Dai (MCD) oracles will update once an hour.¹ This allows the sixteen oracle inputs to be viewable for an hour before they are acted upon, increasing transparency. However, such a long lag time may not be appropriate considering the volatility of cryptoassets. The company’s argument that this delay can be compensated for by the risk model is questionable. Furthermore, liquidation of collateralized positions (essentially defaults) will be executed via auction with MCD, which means it will “six hours or more” to liquidate positions as the protocol accesses “all the arbitrageurs and liquidity across the whole marketplace and ecosystem.¹” The impact of having to wait 6 hours to unwind a single position during times of market distress, or failure, would be significant.

Compound takes a different approach with its oracle, aggregating and averaging price feeds from a series of exchanges and posting them on-chain consistently. The data updates every time the underlying value fluctuates by +/- 0.1%, but data is updated on-chain every 15–30 seconds, confined by the processing speed of Ethereum.² Given the importance of oracles in these systems, DeFi projects may want to more closely consider which method they use or choose to implement their own methods.

4.) Network: Platform, Liquidity, Scale

Most current DeFi solutions are built on top of Ethereum and therefore DeFi’s adoption is tied to the scalability and usability of the Ethereum network. The scalability debate is well known (and addressed below) while usability remains a challenge as mainstream users still struggle to easily interact with Web 3.0.

While the composability of protocols built on Ethereum creates even larger switching costs, it also introduces network risk. As more projects build on Ethereum, it may become harder to upgrade the base layer protocol in a way that allows for backwards compatibility.

Part of the power of DeFi is that it allows for the creation of new markets. However, decentralized markets suffer the same circular problem that all new markets do: adoption is required to generate liquidity, but liquidity is a driver of adoption. While DeFi can enable new markets and allow new participants to access them, it does not automatically create liquid markets for these products. This is a problem because assets that are illiquid tend to trade at a discount to their liquid counterparts.³ It also creates inefficient pricing as opportunities for arbitrage go uncaptured since it remains difficult to move quickly and seamlessly between crypto markets.

Alex Evans of Placeholder VC breaks down the models of current DeFi networks into three broad categories:

  • Those that require users to find peers to trade with. Augur, 0xDharma
  • Those that pool “maker” assets and offer them to “takers” for a fee. Compound, Uniswap
  • Those that set parameters through governance, allowing users to trade directly with a smart contract. Ex: MakerDAO

Each model has implications for liquidity. The lack of requirement to find a specific peer with which to trade seems to be the design advantage of the top protocols. These protocols also tend to offer fewer options in terms of products / use cases, which pools demand, facilitating better liquidity. Alex Evans also believes automatic and consistent processes (MakerDAO) better facilitate liquidity than bespoke and varied ones (Augur.) This seems to have been one of the drivers behind UMA and Dharma deciding to set tighter parameters on their products (relative to a completely open system in which individual users set all parameters.)

“At least initially, the markets that have built deep pooled liquidity in a handful of important markets appear to have the adoption lead versus those that have tried to create a multi-asset infrastructure.” — Alex Evans

Assuming these markets find a way to bootstrap the necessary liquidity, blockchain infrastructure is not yet scalable enough to process volumes similar to those processed by centralized exchanges. For a sense of the limited scale of current DeFi networks, investor with Paradigm, Arjun Balaji, predicts that December 2019’s aggregate volume on 0x will lag a single day’s volume on Coinbase. While advances are being made in Layer 2 scalability and innovative solutions such as StarkDEX (currently partnering with 0x) show promise, current blockchain infrastructure has a long way to go before it can support volumes similar to those supported in traditional markets.

**Front-running, and other opportunities for manipulation, on DeFi networks will be addressed in Trade-Offs: Decentralized Exchange.**

5.) Business Models Still Undefined

While there are many options, most DeFi projects have left their monetization method “undefined” and are focused on “defining the incentives of the protocol at large.⁴” However, at some point these projects will need to generate revenue if they are to persist.

dYdX highlights three main monetization models for DeFi projects:

  • Value accrual via a native token. MakerDAO (MKR)
  • Monetization via fees. Potentially Compound
  • Monetization via a user facing application. dYdX, Dharma, etc.

In most cases, a native token monetization model introduces another layer of friction to user adoption. For other projects it might not make sense. For example, a token monetization model doesn’t make much sense in networks where ownership / voting percentage can be determined by participation, which is recorded on-chain.² Nadav Hollander of Dharma points out that a fee model implemented at the protocol level, in addition to being somewhat anathema to blockchain ideology, could easily be forked away.⁴ However, Compound is not against keeping a small amount of the interest flowing through the system in a model akin to the AUM model in traditional finance.²

The latter appears to be the prevailing model. Dharma, dYdX, and others found that they needed to build out full stack products (Expo on dYdX, for example) because they found that developers weren’t willing to invest the time necessary to build on these new protocols. While the 0x model is often touted as the exemplary model, 0x’s success was enabled, in part, because there was already an existing market for DEXs (decentralized exchanges.) 0x’s protocol opened into an existing market, whereas these new DeFi protocols have to create new markets from scratch.

In an effort to bypass many of the challenges of creating a two-sided marketplace from scratch, it’s likely that new DeFi protocols will continue to build out full stack services and monetize those, at least over the near term.

It is important to remember that creating a marketplace is a service business and that is unlikely to change. Whatever entity enables a marketplace also has to offer services to both the demand and supply sides. Marketplaces can’t be created out of thin air, even by the smartest protocols. They will always require a team / company to support the ecosystem with the services that allow marketplaces to live and grow.

As a result, designing businesses with “minimal viable decentralization” may be a more efficient way of launching of products and approaching early governance⁶ although its likely to be viewed less favorably by those that prioritize decentralization above all else.

DeFi business models are not constrained to the above mentioned models. For example, Arwen is planning to monetize via a revenue sharing agreement with centralized exchanges for the trades referred by Arwen⁵ (further details will be provided in Trade-Offs: Decentralized Exchange.)

6.) New Risks Compounding Across Protocols

Cryptocurrencies and blockchain-based markets have fundamentally different characteristics than their traditional counterparts. DeFi protocols benefit from composibility which leads to faster innovation, but also results in higher levels of interdependancy. Therefore, it’s fair to assume that the risk profile of these products, especially in combination, is not yet fully understood. While each project claims to have developed its own robust risk models, the complexity of analyzing these new risks across interdependent protocols is non-trivial. It’s also worth noting that most risk models weren’t very useful in 2008. In some cases, these models failed because just one assumption was flawed.

Many of these projects utilize concepts that contributed to the 2008 financial crisis, but more importantly, they utilize them in new and untested ways. For example, the rehypothecation of collateral, fractional ownership of structured products, and pooling of risk were all elements of the 2008 financial crisis. DeFi takes these concepts and applies them to highly volatile and hard to value assets in relatively illiquid markets with insufficient safeguards. The combination of all of these factors, combined with the complexity of creating a cohesive view of collateral rehypothecated across protocols, creates an entirely new risk profile for which there is little precedent. Superfluid collateral? Let’s not do this.

In this context, it’s worth considering what a market failure would look like. MakerDAO is an experimental network upon which the success of many other projects depends. It is important to remember that in the case of market failure, CDPs and other DeFi products are not insured and a third-party is not likely to step in to recapitalize small cap crypto start-ups (which may be the ideological preference of the industry anyway.) Investors, users, and token holders will be responsible for recapitalizing this highly interdependent DeFi system.

The systemic impact would likely be jarring. Dai is commonly traded on 0x Relayers as a pair with ETH. It is often deposited on Compound and then lent out again to hedge funds to be used for risk-on trades. dYdX is also dependent upon MakerDAO since its short ETH token is long Dai. dYdX further depends on Dharma (which lends in Dai) and the 0x protocol (which facilitates the trading of Dai) to access liquidity. The cascading effect of a failure of any one of these protocols would likely cause a systemic unwind that is rapid (due to volatility of underlying, rehypothecation, and automated execution of smart contracts), jarring (these markets are not as liquid as traditional markets), and significant. The rewards may be high, but the risk is at least commensurate.

Cryptoeconomics don’t defy the principals of regular economics and cryptofinance (DeFi) can’t escape the classic risk/reward constraint of regular finance.
7.) Regulation

The primary concern regarding regulation of the industry doesn’t seem to be that current regulations are too restrictive, but rather the concern is related to the ambiguity as to how existing regulations will be applied in regards to blockchain-based networks and cryptocurrencies. Many of the startups in the space don’t know how to determine whether they should launch or not because the regulatory environment they are operating in is so unclear. The cost of all this uncertainty is high.

In fact, the regulatory burden is so high that some start- ups have determined that they don’t have enough capital to launch in a fully compliant manner, made all the more difficult by the recent crypto winter fundraising environment.
From Dream to Reality

Projects in the space are acutely aware of the..

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Let me start with one of my favorite visualizations of surveillance (not my original idea). In the late 18th century, an English philosopher, Jeremy Bentham, designed a brutally efficient prison architecture. The main innovation is quite simple: prison cells are arranged in a circular format surrounding a central watchtower. The watchtower theoretically only needs to be manned by one person, who is obscured from view from the inmates. At any given moment in time, the watchman can observe any prison cell, while the inmates cannot see which way the watchman is looking.

Panopticon (Wikipedia)

It’s mercilessly effective. Without needing to hire a guard to watch every individual inmate, or even punish every instance of bad behavior, the prison is able to exert control over everyone. With the knowledge and fear that they can be monitored at any given moment, the prisoners must behave under the assumption that they are being monitored at every moment.

Here, I will try to design a digital panopticon to offer the same level of oppression, built for the modern-day electronic lifestyle. Note: this article is merely a hypothetical thinking exercise to create a fictional dystopia, not a conspiracy theory.

Step 1: The Walls
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
― Edward Snowden

The first step is to build my digital prison building, then convince my population to live in it. This step is surprisingly easy to build: I weave hardware sensors and software data collectors into everyday objects. I market my products as “smart” so people will trust them enough to bring them into their homes, package some with shiny electronic jewels so people will wear them, and offer my online services in exchange for the permission to collect all data — I call those services “free.” I’m not lying, initially: their data isn’t worth anything just like having a window in my home isn’t an invasion of privacy if nobody is looking through it. But I now have billions of windows, ranging from helpful smart thermostats to life-saving heartbeat monitors, in every person’s home.

Step 2: A Central Watchtower
“I fear the Greeks, even when they bring gifts.”
– Virgil

The second step may happen concurrently: build my watchtower. This part, of course, requires some disclosure to the new residents of my homely prison. I simply demonstrate that I’m able to respond to their behavior — good, bad, or otherwise — to let them know I’m watching. Here is where I do better than Bentham: I actually can watch everyone at the same time without hiring billions of guards.

In CS188 (the introductory artificial intelligence course at UC Berkeley), a student with a year’s programming experience can learn to write a machine learning model that classifies handwritten numbers correctly with less than 20 lines of code (and a few imported libraries). Here are a few examples these students can put together in a two-day hackathon or summer intern project: collect birthdays and remind everyone to make each other happy on their special days. Tweak the spellcheck to learn slang after a user corrects it enough times. Classify videos using user-inputted genres or keywords to make smart recommendations to viewers. Seems innocent enough.

Step 3: Locking the Doors
“The user’s going to pick dancing pigs over security every time.”
– Bruce Schneier

The key to our third step is to convince our residents that they want to live here forever, while we continue to build more cells and more walls until there is nowhere else to live.

Whatever the situation, I know the exact movie, game, or trinket to sell my prisoners to make them happy. When they search for the news, I know what they want to see and give them the laws to be angry about and politicians to hate. I know the best romantic restaurants, flower arrangements, and perfume boxes. And when I notice breakup tunes and ice cream cartons, I know which romcoms to recommend. I am their best friend.

I’m even able to promise to cure cancer: the data I collected turns out to be worth trillions of dollars as profiles comprised of genetics, symptoms, diagnoses or misdiagnoses, medicines and side effects are used to compute individualized treatment plans. This is an absolute win for patients and health insurance companies alike, but the people whom I collected data from didn’t receive a penny. I tell them it doesn’t matter: they couldn’t have done much with just their personal medical record anyway.

Step 4: The Chains
“It is impossible to correct abuses unless we know that they’re going on.”
― Julian Assange

Up until this point, none of our prisoners feel that their rights have been violated. In fact, it’s easily argued that life quality has increased. Let me show you how I can abuse them while maintaining this benevolent illusion. I introduce real-time price adjustments for my consumers: everybody took economics in high school and understands that by following supply and demand principles, they get the best price. I also offer an intuitive reputation system: a star rating for each consumer and merchant to transparently determine the prices they can demand. I’m giving them more power!

Alice: Based on Alice’s social media posts and messaging history, I happen to know she has a grandma living in Japan who is suffering from a cardiac disease. I know Alice’s discretionary income to the dollar because she posted where she works and I have been monitoring her spending habits, so I double the price of plane tickets to Japan for her. I know she’ll pay it. I recommend some smoothie recipes for heart health and use the correct marketing words to sell her ingredients and homeopathic medicine.

Bob: Across the country is Bob, a student who has decided to become a ride-sharing driver to help pay his bills. Unfortunately, he has a rough start: his unfamiliarity with the app causes him to miss a few stops, so he gets bogged down with low star ratings. He tries to recuperate but keeps getting matched with riders who also have low star ratings; the scores they give each other carry less weight because they are deemed less “trustworthy.” Months go by and Bob manages to get up to a respectable 4.1, but one mistake with a five star-rated rider bumps him back down to where he started. Bob suffers financially because his poor reputation gets fewer rides and lower rates.

Charlie: Later, Alice and Bob get married and have a child named Charlie. I can make an educated guess on the baby’s ethnicity and socioeconomic status based on his parents’ geographic location, interests, and shopping history. Thus, this baby already has a profile before he is even able to use a cellphone. My machine learning models learn all of society’s gender, racial, and socioeconomic biases. Charlie and his parents will receive targeted advertisements nudging him into the lifestyle he is stereotyped to belong to. He might never have the chance to explore educational opportunities or higher-income career paths. Hey, I’m not racist — it’s just correlations in the data.

Step 5: Hope
“Working in porn is awesome, until you want to find another job.”
― anonymous person who used to work in porn

I read somewhere that if you have a chicken factory with an open back door to a 10x10 ft plot of grass, you can call the chickens “free range chickens” (please don’t quote me on this). I need to give my prisoners a bit of hope, so I start a company that allows people to game the system a little bit. The company exploits real workers to run various accounts, visiting certain key websites to generate an online profile — just like a farmed video game account. The basic profiles are quite simple: “wealthy white female” and “middle-class millennial,” but I also sell older profiles that have been trained to include “Ph.D in neuroscience,” “loyal customer of this specialty store,” and “hardworking low-income student interested in becoming a doctor.” The rich can afford to be anybody they want; my service becomes very popular for college applications. Those who don’t have this option, however, have to control every scroll and click as they move through their digital life.

Why Privacy is a Human Right
“Security is always excessive until it’s not enough.”
– Robbie Sinclair

While the inhabitants of my fictional digital panopticon enjoy technological solutions to improve everything from entertainment to healthcare, their behaviors and lives are slaves to what their data says about them. No doubt we all understand the value of lots of data fed into well-engineered models, but we must also establish that an individual’s data is worth something too. And hopefully the mere option of privacy was shown to be insufficient; privacy should be the default.

My fictional prisoners are unable to retake control of their own data because they were misinformed in the initial stages and allowed to the doors to lock before they knew what they were getting themselves into. It is not the users’ responsibility to understand which security implementations they want; the right to privacy must be respected and protected by the empowered. However, as we consumers begin to discover the implications of exciting new technologies, we mustn’t be tricked into giving up our most basic rights for bells and whistles.

Works Referenced and Stuff To Check Out

Assange, Julian. Cypherpunks: Freedom and Future of the Internet.

Galloway, Alexander R. Protocol: How Control Exists after Decentralization.

Hughes, Eric. A Cypherpunk’s Manifesto.

“Nosedive.” Black Mirror, season 3, episode 1. Netflix.

xoJane. “Working In Porn Is Awesome, Until You Want To Find Another Job.” HuffPost, HuffPost.

About Gloria

Gloria Zhao is President of Blockchain at Berkeley and a UC Berkeley student majoring in Computer Science and Psychology. She also teaches Blockchain Fundamentals, an undergraduate Berkeley EECS course.

Digital Panopticon: Why Privacy is a Human Right was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

If there is one area where blockchain technology seems to have not only direct relevance but also an enormous potential, it is ultimately developmental economics. Because blockchain’s purpose is to remove the middleman in transactions, in other words removing the need for institutions, it seems particularly relevant to use blockchain in developing countries where institutions might not always be trustworthy and efficient. Blockchain furthermore provides the possibility of using alternative cryptocurrencies instead of national currencies, which can be especially beneficial in countries where inflation hits extreme levels. Blockchain technology also offers new opportunities for financial and insurance services, which is particularly appropriate in countries where the level of unfunded and uninsured individuals is very high. Finally, blockchain potentially offers much more secure and cost-effective ways of making donations, sending funds for foreign aid and making cross-border transfers. Here are 5 ways we think blockchain can boost economic development and alleviate poverty.

1. Blockchain to Replace Failing Institutions

According to many development economists, from Daron Acemoglu to William Easterly and UC Berkeley professor Edward Miguel, the slow economic convergence of developing countries is a direct result of the instability of their institutions and of the corruption and inefficiencies that result. For the majority of economists, we need to focus on improving institutions in the developing world if we want to promote their growth and development.

Property rights are one good example of an institutional challenge in most developing countries. An important number of households in developing countries can’t trust any institution to keep a good and secure record of their land-ownership rights or property rights. This is because these countries often lack the legal and political security and maturity that other western countries might benefit from. Instead, these countries’ record systems are often fragmented, and the citizens tend not to trust the politicians and officials behind them because of political instability or corruption concerns.

Blockchain thus offers an interesting alternative to these untrusted institutions, proposing a secure, transparent and immutable environment that removes the need for an official institution or middle-man. Instead of a centralized system of property rights, which offers an easy leeway for manipulation and subversion to corrupt officials, blockchain has the benefit of being a decentralized ecosystem where transactions are processed by multiple nodes (or miners) in a network. The immutability characteristic of the blockchain is especially interesting in the context of property rights. Blockchain systems, for example, ensure the immutability of a block in the chain of validated transactions by including block headers that reference the previous block in the chain of transactions. In that way, if someone tampers with a block (or set of property rights in this case), the change propagates throughout the whole chain and everyone sees that a malicious actor tried to modify this block.

2. Blockchain as an Alternative Source of Capital

Access to bank loans, for both modest individuals and small firms, is often difficult in developing countries, as most banks ask for large collaterals and insurances that these agents don’t have. The problem of funding is very important in the developing world. In the absence of banking services, a significant amount of African households simply lend to one another in very informal settings. In his paper “Credit Markets in Northern Nigeria: Credit as Insurance in a Rural Economy”, published in the World Bank Economic Review in 1990, Udry shows that, instead of resorting to state banks, households pool risk and lend to one another by taking advantage of the free flow of information within local communities and of informal enforcement mechanisms.

Blockchain could provide an interesting alternative to these informal lending processes, and help agents find more secure sources of financing. A few new startups have emerged proposing tailored financial services using blockchain to address the issues associated with informal lending. For example, the startup OmiseGo proposes decentralized wallets and asset-agonistic value exchange for the unbanked individuals, and Wetrust offers insurance and lending circles within existing reputation-based trust networks and communities as an alternative to the formal insurance and lending institutions. Humaniq addresses another facet of the funding issue and seeks to foster financial inclusion by using biometric authentication for identity. In all of these use cases, blockchain offers an interesting middle ground between formal and informal lending and enables processes to be more local while ensuring broader enforcement mechanisms.

3. Blockchain to Escape Fluctuating Currencies

In many developing nations, inflation and hyperinflation often cause currencies to devalue at rapid rates, making prices of everyday items extremely expensive and imports far more costly. For example, Venezuela has faced immense inflation in the past 6 years. By the end of 2018, Venezuela recorded reaching astronomical highs of 80,000% inflation. Cryptocurrencies have the potential to eradicate this problem as a supplement to a country’s fiat currency, providing a decentralized digital form of payments.

Stablecoins, for example, are often pegged to a different asset like the US dollar or gold but do not have a central bank behind their stability. Stablecoins can thus be used as an alternative medium of exchange (the ability to trade without having to barter), a store of value (the ability to keep value over years), and unit of account (the ability to measure a unit to define and compare the values of markets). This empowers cryptocurrencies to essentially be used for more day-to-day transactions and as an alternative store of value in cases of high inflation.

4. Blockchain for Cross-Border Payments

Currently, many fees are collected by organizations that facilitate cross-border payments. In 2017, the global remittances market reached over $613 billion. The costs of remittances have been estimated to be up to 5%, and the average transaction fee in sub-Saharan Africa is at an astounding 9% for cross-border payments. However, blockchain can actually bring these costs down to 1%. Blockchain also guarantees real-time transactions across borders and is able to reduce risks existing from currency fluctuations. Companies like Abra have for example developed platforms that empower people to convert fiat currencies into cryptocurrencies that can be withdrawn in their local currencies instantly.

In international money transfers, various middlemen often benefit from commissions, which allow them to stay in business, such as SWIFT which collects a small portion of every transaction across borders. Blockchain technology enables the elimination of these middlemen and removes the need for central agencies that manage payment processing fees. In addition, blockchain has the quality to allow near-instant money transfer because there is no need to wait for central agencies to facilitate its movement.

5. Blockchain and Foreign Aid

Blockchain can finally help in even more straightforward ways, for example in the context of foreign aid. Issues with foreign aid to developed countries today are multifold: donations are often subject to important overhead costs to compensate for every actors and third-parties in the process, which often disincentivizes potential donors; donations often lack data transparency, both in terms of how the money gets to destination and in terms of how it is used and beneficial for the cause; finally, donations are often thought of as counterproductive for an underdeveloped country, keeping it in a state of dependency with the donators.

Blockchain is an interesting solution to these problems because it substantially decreases the number of middlemen involved in the donation, thereby decreasing overhead costs that get “lost” in the donation. Instead of paying the multiple actors involved in the processing and converting processes, blockchain allows for targeted donations that directly land in desired hands without the need for any third party thanks to automated mechanisms enabled by smart contracts. Blockchain can hence make donations much more efficient, transparent and trustworthy for the donator. Furthermore, blockchain offers real-time and traceable data on the donation, without the need to trust a specific organization. New companies like Alice and Bankymoon, for example, seek to provide real-time and transparent data on donations thanks to blockchain technology. According to Alice’s website, “The performance of each project is publicly available, making it easier for funders (philanthropic organizations, impact investors, small donors) to identify and help scale social projects that actually work.”


Three young boys running down the street, Cape Town, South Africa (BFG Images)

In conclusion, although much still needs to be achieved in practice and new potential problems can arise from blockchain use in developing countries, blockchain technology offers promising solutions to a lot of problems undeveloped countries face today. The use cases we have addressed in this blog post are just examples among an infinity of possible applications of blockchain in the developing world. Alleviating poverty and fostering growth in poor countries should be a concern shared by everyone, as world inequalities have skyrocketed in the last decades and populations in these countries are especially vulnerable to civil conflicts and, in the immediate future, to the negative consequences of climate change that the rich world has mainly fostered. We think that blockchain, among other new technologies, has a central role to play in creating stronger growth and higher standards of living in developing countries, and that NGOs and businesses should seriously consider its promises if they want to alleviate economic problems in the developing world.

Based on a research paper co-written with Faiz Moosa

5 Ways Blockchain Can Boost Economic Development was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In Spring 2019 semester, Blockchain at Berkeley continued its journey in Blockchain space. With the goal of becoming a center for blockchain innovation, we helped launch the first Blockchain-focused accelerator at UC Berkeley through a joined effort with Berkeley Engineering’s Sutardja Center for Entrepreneurship, and the Haas School of Business. In addition, we have held regular events and meetups that are accessible to students and professionals interested in blockchain. Internally, with Blockchain at Berkeley’s powerful alumni network and plentiful resources, our members never ceased to explore new applications of blockchain and new areas of knowledge related to blockchain. As a result, we have had many outstanding internal projects which we will explain further in this article.

Berkeley Blockchain Xcelerator

With a joint venture between Blockchain at Berkeley, Berkeley Engineering’s Sutardja Center for Entrepreneurship and Technology, and the Haas School of Business, we have launched a new blockchain-focused accelerator, the Berkeley Blockchain Xcelerator. The new accelerator will help entrepreneurs pursue ventures in the blockchain space, tap into the vast resources of UC Berkeley and Silicon Valley, and receive expert industry guidance to create high-value blockchain startups.

On March 19, the Berkeley Blockchain Xcelerator welcomed its first batch of teams. Drawn from a very competitive pool of applicants from all over the world, these teams were selected based on their unique approaches and potential for delivering real-world use cases for blockchain. The Spring 2019 cohort is made up of 12 teams (AnChain.ai, Bitmark, DataAgora, Dyson Network, FourthState Labs, Insolar.io, PlayTable, Source, SWFT Pay, TruSource, Vinc, and zkSystems) that utilize blockchain technology in a variety of ways, ranging from data ownership to tabletop gaming.

Public Events and Meetups

The Meetup program is a place for B@B members and the community to engage in comprehensive technical workshops and openly discuss advanced topics relating to blockchain technology and decentralized systems. These insightful and comprehensive technical workshops are primarily geared toward developers. In Spring 2019 semester, we have organized the following events:

1. Cosmos Introductory Talk ~ Many Chains, One Ecosystem: An introductory overview of the critical infrastructure and tooling provided in the Cosmos technology stack.

2. Smart Contract Security: Overview of security vulnerabilities in solidity such as overflow as well as typical attacks/defenses and analyze historical hacks like DAO hacks.

3. Blockchain for Social Impact: Blockchain and decentralized technologies stem from ideologies of personal freedom and equality; naturally, their potential for social good is vast and has been explored by many humanitarian organizations. Examples include energy and the environment, democracy and governance, agriculture including ethical sourcing, financial inclusion, and digital identity. However, with such a nascent technology, many challenges must be overcome before true impact is possible, and the blockchain space is constantly evolving with new advancements and breakthroughs every day. Our goal is to get an idea of what has been made possible by blockchain so far, what problems need to be solved to make more progress in social issues, and what we can expect in another ten years.

4. Blockchain in 2019: How we got here and where we’re going: The blockchain industry has undergone massive change, both good and bad, since the inception of Bitcoin in 2009. While there has been a Cambrian explosion of over 2,000 crypto assets, many of these are, or will be, failed experiments. Despite setbacks, the industry continues to innovate on scalability solutions, use-cases, and user adoption.
Come learn from the world’s leading crypto investors how the landscape has developed over the last decade, the state of the industry today, and how it will evolve in 2019 and beyond.

Upcoming events in April include:

1. she256 Recolor: Annual Conference 2019: she256 is a nonprofit dedicated to increasing diversity and breaking down barriers to entry in the blockchain space. Recolor is meant to be an amalgamation of experiences, opinions, and takeaways from this foundational year in the blockchain space. Because this is space is still in its infancy, we have the opportunity to set a precedent right now, to build in diversity and inclusion as a priority and value from the very beginning.

2. Developing on Hyperledger Technologies: Hosted by Blockchain at Berkeley and members of the Hyperledger community in Berkeley, this event will walk through how to develop on Hyperledger Fabric and help the public gain a deeper understanding of the processes behind Hyperledger and Ursa. The workshop will feature developers from IBM and Fujitsu. The workshop will feature both a non-technical overview as well as a hands-on lab.

Internal Projects

Each semester, selected members are presented with the opportunity to build internal consulting projects to be showcased to B@B’s greater community. Below is a snippet of present projects for Spring 2019:

1. Textbook Rental Project:Textbook rental and purchasing are problematic on various fronts — , particularly regarding online textbooks. A blockchain network has the ability to solve these problems. The issue of ownership could be alleviated by recording the transfer of rights from one individual to another upon the sale of these textbooks through tokens and could be used to lock out individuals and prevent them from accessing content that they have resold.

2. Curated Academic Journal:By creating a blockchain-based academic archive where anyone can submit a paper or contribute to the process of peer review, we hope to standardize and streamline the publishing process. This project will consist of a direct feedback system where verified experts are incentivized to review curated papers on a global scale.

3. Campaign Funding: For the target audience of individual campaign funders who want to fund and keep a record of the spending of campaigns without the need to trust other organizations, the team proposes the solution of building a hybrid blockchain platform. The first level of this platform is that individuals will send their donation from public blockchain, and platform will deposit it to the designated campaign. For this second level, the team aims to design a consortium blockchain with nodes of campaigners, companies that will work with campaigners and regulators for validating spendings to create an environment for recordkeeping of spendings.

Education Projects

Another important department of Blockchain at Berkeley, Education’s mission is to learn by teaching and offering accessible, open-source, world-class blockchain education to everyone, free of charge.Education members have put a lot of effort into enriching these educational experiences; this semester, they have also put in a lot of effort into conducting research on different topics whose results will be integrated into our educational resources. Here are some highlights of these projects:

  1. edX Blockchain for Developers: Blockchain at Berkeley is launching the Blockchain for Developers course on edX, which will provide prospective developers a comprehensive overview of relevant topics in blockchain development, as well as hands-on experience in developing and deploying their own smart contracts. The course will cover the fundamentals of blockchain, the Solidity programming language, as well as relevant industry tools such as Metamask, Geth, Truffle, and Ganache. Through completing the course, students will be confident in their ability to develop and deploy blockchain-based solutions on important industry issues.
  2. Distributed Systems Simulation: Consensus mechanisms are a core topic in distributed systems. Consensus can be approximated or avoided (as with traditional internet architecture) or can be explicitly defined and executed in conjunction with Sybil control systems, as with many of the projects in the blockchain space. We design a system for simulating relaxed instances of various consensus mechanisms. Our system is firstly an educational tool focused on clean user experience, but the modularity of design and data pipeline have been carefully considered for future data analysis/ML workloads.
  3. Financial Class Papers: The Financial Instrumentation team of Blockchain at Berkeley has switched gears from its past semester of researching bonds, derivatives, and credit swaps to topics in developing economies and the potential blockchain have in stimulating and revitalizing economies. From corruption and fluctuating currencies to foreign direct investment and identity ownership, we are eager to investigate how blockchain can reduce income inequality, curb centuries of societal injustice, and move towards global progression.
  4. Privacy Research: This project is focused on learning and contributing to zero-knowledge research. We start with modular math, RSA, Diffie-Hellman, and other cryptographic protocols, so we can understand their relation to the technical implementation of zero-knowledge proofs with the goal of contributing to current open-source projects working on zk theory, development, and optimization.
  5. Derivatives Platform Research: Working on revolutionizing the financial industry through a better exchange to replace the slow swaps/bonds/forwards market. We aim to equalize potential in the financial industry through decentralization.
We will have a showcase for all the education and internal projects at the end of this semester. If you are interested to learn more, please follow us on Facebook and Twitter for finalized details!
Research & Development

Besides our initiatives in education, we have also put in a lot of effort in conducting original academic research on various topics in the field. Here are some of the highlights of our accomplishments for this semester :

  1. DHT: The Distributed Hash Table (DHT) team is focused on creating a distributed hash table that has byzantine fault tolerance built in as a primitive. It works via a traditional DHT with a protocol that reaches local and shard-level consensus through simple gossip-based views similar to avalanche and a main Byzantine fault-tolerant chain that is used to settle disagreements with the rest of the network.
  2. Bitcoin Network Analysis: The team conducts a literature review process that has covered 28 articles published between 2011 and 2019, which analyze data from the Bitcoin Network. Using research methodologies including, clustering, labeling and graph modelling, the team comes up with the research result that shows literature related to Bitcoin Data analysis is centered around three main objectives: Presenting descriptive analytics of the networks and study its evolution; evaluate privacy guarantees, attempt to de-anonymize entities (users) and characterize their behaviour; create software or theoretical frameworks to better process data or model the network.
  3. Cryptoeconomics research: Innovators in the blockchain space are beginning to bring financial products sold and traded in traditional markets to a decentralized marketplace. The objective of our project is to design a robust and secure decentralized market for insurance products. The cryptoeconomics research team is focused on designing a distributed Oracle, marketplace, and reputation system to facilitate the offering and purchase of insurance policies.
Want to know more about Blockchain at Berkeley and connect with us?

Visit our website and follow us on Twitter, Facebook, and LinkedIn

YouTube: Our YouTube Channel features notable videos from our conferences, meetups, whitepaper circles, deep dives, and lectures.

Discord: In an effort to further grow our community, we have decided to move forward with a switch to Discord. We hope to be a center of blockchain discussion for anyone and everyone! Expect resources on relevant topics, direct connection to Blockchain at Berkeley members, daily trivia questions, information on upcoming events, and more! Join here.

Educational Inquiries: education@blockchain.berkeley.edu

Consulting Inquiries: consulting@blockchain.berkeley.edu

Research Inquiries: research@blockchain.berkeley.edu

News and Media Inquiries: marketing@blockchain.berkeley.edu

Blockchain at Berkeley Spring 2019 Report was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

After 2017’s Crypto-Optimism and 2018’s Crypto-Pessism, it is time for Crypto-Realism.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The work token has emerged as a novel way of interacting and contributing to decentralized applications.

Before we can dive into current work token implementations, we have to take a step back and analyze early token economic models.

Current Problems:

Fundraising Tools: Many projects simply created tokens as fundraising tools rather than using fiat/ETH. Raising via a traditional equity round or an existing token was more difficult so projects simply released a new token. As a result, even if these projects attain their technological roadmap, they will still see a disconnect between their product and token.

Medium of Exchange (MoE) Models: “Utility” tokens do not automatically result in increased network value with increased token usage. Even after product launch, networks with proprietary payment systems offer little incentive for participants to hold their tokens. Both the supply and demand side can then buy in, use the service, and sell when completed. With inflation, selling pressure will push prices down even further. Vitalik Buterin (Ethereum) and Kyle Samani (Multicoin Capital) have both discussed the issues around token velocity extensively:

“Now, let’s look at the story with a “medium of exchange” token. N people value a product that will exist in a decentralized network at $x; the product will be sold at a price of $w < x. They each buy $w of tokens in the sale. The developer builds the network. Some sellers come in, and offer the product inside the network for $w. The buyers use their tokens to purchase this product, spending $w of tokens and getting $x of value. The sellers spend $v < w of resources and effort producing this product, and they now have $w worth of tokens.

There needs to be an ongoing stream of buyers and sellers for the token to continue having its value.” — Vitalik Buterin

Airdrops: We saw airdrops as a novel way of distributing value; however, they failed to spark real adoption. Sending “interested” addresses tokens was a spray-and-pray model in which the vast number of addresses that even noticed the tokens simply dumped the tokens or provided almost zero value to the protocol.

Speculation: Speculation also caused projects to ignore token economics in 2017 and many now are still avoiding the subject by deferring to “utility” rather than incentives. Aside from failing to deliver on their technology, this will push some projects to their downfall. Even with improved token economics, we will see speculation disrupt market equilibriums.

With these issues, a few projects have begun thinking about their token economics from day one and better align supply side and demand side participants.

Emergence of Work Tokens

Medium of Exchange tokens help exploit the Free Rider problem in which certain market players receive benefits that they have not necessarily paid for. With no skin in the game, token holders who are not active participants will benefit disproportionately from active participants’ efforts. Along with very little incentive to hold the token, constant selling pressure based on external market forces/speculation will push prices down further.

Work tokens introduce a novel way to organize network participants. With proper incentives, participants are, in theory, incentivized to actively contribute to the network.

In a work token system, network participants need to stake a certain amount of tokens to provide a service on the network and earn the corresponding fees associated with that work. The common analogy is the taxi medallion model in which individuals pay a high upfront cost to receive a medallion which gives them the right to drive/lease the medallion for additional income.

Source: https://medium.com/@patrickmayr/improving-network-incentives-through-work-tokens-94193b0dd922Work Token ImplementationsAugur

Augur is a decentralized prediction market protocol which allows anyone, anywhere to create markets.

Service: The REP Token is required to participate in the reporting and the disputing of outcomes in the prediction markets. Token holders stake behind outcomes they believe are correct with the ability to dispute outcomes as well.

Incentive Structure: Fees are paid out to token holders in proportion to the amount of REP they have staked. Token holders that stake behind inaccurate outcomes will be penalized.


Livepeer provides decentralized transcoding services focused on creating a cheaper solution for live streaming in the Web3 stack.

Service: Nodes stake LPT tokens to perform transcoding work. This process includes converting video inputs into various formats suitable for end user devices and applications. Token holders who do not wish to provide transcoding services themselves can stake behind transcoders. Service providers compete based on fee rate and past performance.

Incentive Structures: Nodes receive fees for providing transcoding services and delegators receive a portion of fees from their respective transcoder. Network participation rate also directly affects the token inflation rate, creating another incentive layer to participate. Transcoders that fail to perform will see their stake slashed and be replaced by other willing nodes.

Additionally, the team introduced the concept of a MerkleMine in which miners compete to compute Merkle proofs to earn a share of LPT. Although this saw a relatively centralized distribution, this was arguably more effective in token distribution than the traditional airdrop model. Only token holders who showed the technical capabilities of computing the proof were seen as token holders capable of providing transcoding services via Livepeer.

The Graph

Graph is building a decentralized query protocol that allows DApps to pull data from blockchains in a more quick and secure manner than centralized indexing services.

Service: Graph tokens are staked to perform a variety of services on the network including indexing relevant blockchain data, filtering data of interest, and validating indexing services. These services are of interest for DApps wishing to query blockchain data.

Incentives: Nodes earn fees for indexing, filtering, and validating with fees going to Graph nodes that provide accurate indexing and querying features.


FOAM is creating a decentralized location services platform.

Service: FOAM tokens are staked to add geographic points of interests, curate, signal new locations, and more with the launch of dynamic proof of location.

Incentives: With a TCR, token holders can dispute and verify the accuracy of points added to the network. Also, FOAM token holders that stake their holdings can provide location verification services in exchange for fees.


NuCypher is building a proxy re-encryption network focused on privacy in decentralized systems.

Service: Nodes provide re-encryption services which allows multiple individuals to share private data on public blockchains.

Incentives: Fees are paid out to nodes for their re-encryption services. NuCypher has expanded upon the traditional work token and is looking into the WorkLock Model in which participants lock up ETH and receive tokens to then provide network services. If they use their tokens appropriately, then they will receive their locked up ETH. If not, their ETH will be burned.

Source: https://blog.nucypher.com/the-worklock/

This is an interesting take on staking mechanisms, but we will have to see how receptive nodes are to lock up ETH in relation to re-encryption services’ returns. If nodes have to lock up ETH to provide work, they are forgoing other opportunities such as lending through Compound or Dharma.

Valuing Work Tokens

Work tokens are an attempt to better align network incentives on both the supply and demand side. By not treating all token holders the same, active participants can choose to stake, perform work, and earn outsized returns compared to most other token holders. On the supply side, participants able and willing to perform services can begin offering services such as transcoding and querying, providing buyers of the market the opportunity to launch their applications/services with a set of suppliers ready.

As the demand for the service grows, we can project how much in fees nodes performing work on the network will receive.

What are some factors that need to be considered when working on a work token model?

A project simply implementing a work token does not equate to an intrinsic value accrual mechanism.

  1. Total Addressable Market (TAM) and Serviceable Available Market (SAM)

TAM is a very useful figure for understanding how big of a market a particular project is attempting to tackle. This is usually the total market revenue for a particular good or service. Big markets offer opportunities for disruption and are usually marketed up front; however, relying solely on TAM can be a very misleading value.

In a decentralized context, the project’s SAM should also be analyzed as this points to what value of the centralized market can a decentralized solution capture. This is incredibly important as it is hard to believe that one decentralized network will be able to capture 100% of an industry’s TAM. The SAM, on the other hand, can reveal what section within the TAM is the target market.

For example, Livepeer’s TAM could arguably be the $30 billion live streaming market. However, its SAM could be a smaller section of the market that is looking to transition to a decentralized streaming platform due to censorship, platform restrictions, etc. Not every existing live streamer will see a need to transition to another platform for a potential decreased cost if that means they are giving up larger platform opportunities and network effects found in existing centralized solutions.

2. Fees and Node Participation

With the TAM/SAM analysis, we can transition into how much potential fee generation can occur for a particular product or service. The percentage of total tokens a node stakes determines the amount of work provided to that node and, therefore, the corresponding fees. If the demand for a service grows rapidly, the fees in aggregation will begin to increase. In theory, network participants will see the increased cash flow as an opportunity to earn more and purchase additional tokens to stake.

For example, if DApps using the Graph begin seeing an increased number of transactions, query volume could also increase, providing more fees for indexing and curator nodes.

3. Projected Growth and Net Present Value

By projecting how much the particular service/application will grow, we can project how much fee generation will also grow. This projected growth can reveal how much the total fee pool will grow and the stake value that is required to become a service provider.

With an appropriate discount rate and any assumptions about fee adjustments, we can use NPV to arrive at some indication of what the work token should be worth.

This type of analysis makes many assumptions that vary from project to project, so it’s important to understand where limitations exist.

Work Token Model Considerations:
  1. Service Provider Concentration/Governance:

As demand for a particular service grows, we could argue that more nodes would want to take advantage of the growing cash flows and enter the market. However, there are barriers to entry that may prevent newer players from entering.

Aside from spending the required amount to stake, nodes may need some type of specialized hardware or technical expertise depending on the service being provided. Unlike general PoW or PoS networks, service layer-work token models may only cater to a small group of network participants from day one such as early investors/hardware specialists who have the ability to actually perform the work required. If a certain node does not perform their work properly, their tokens may be slashed; however, if the barrier to entry becomes higher and higher, then the number of following nodes that can replace the malicious one decreases over time.

This can lead to an increasingly concentrated group of service providers which opens up new attack vectors and possible cartel behavior.

Also, what happens to governance of the network? If network participation has shown to be low already, highly concentrated providers can choose to make protocol changes such as higher fees or staking changes without much discourse.

While work tokens provide more incentive for service providers to be involved in protocol changes, the question comes down to: Which token holders and how concentrated is that decision making power?

The NYC taxi market saw the cost of buying a medallion become higher and higher, providing only a handful of entities the opportunity to enter. These concentrated players then had full control over driver fees and supply, resulting in a poorer service for both customers and drivers. This is not 100% analogous to how work token maturity could play out but an interesting case study to learn from.

2. Fees vs. Cash Flows

With the need for specialized hardware or technical expertise, there needs to be enough incentive for service providers to perform work to compensate for hardware/time. If a decentralized platform is attempting to disrupt a rent-seeker and offer a cheaper service, then the fee charged for the work needs to be low enough to convince buyers to join. However, if that fee is too low, then service providers will not put up the additional hardware/time that is required for this particular service, as their income is too low.

Over time, this could arrive at some market equilibrium, but if the economics don’t incentivize the supply side early then the network will fail to take off.

3. Economies of Scale vs Decentralization

Many work token models are targeting existing centralized services such as video, querying, storage, etc.

Centralized incumbents vastly benefit from economies of scale. That is, the per unit cost decreases over time as total production increases. For example, as AWS has scaled over the past decade, their costs for incremental computing and storage have decreased.

AWS Data Center

A decentralized service will not benefit from the economies of scale achieved by these centralized players immediately. It will take time to attract active participants willing to perform the work required. This means the network cannot achieve the same cost advantages at the same scale immediately either.

Therefore, a project needs to provide a service in which the factors of decentralization such as censorship resistance, improved long-run economies of scale/reduced fees, removing counter-party risk, etc. need be more valuable than the immediate switching costs and risk.

A work token model that is attempting to disrupt a centralized service without a clear reasoning for decentralization will face a long, uphill battle against years of economies of scale.

This idea ties back into product/market fit. Why does a service need to be decentralized and how does the token model help the network grow?


The work token is helping to solve issues found in many token economies; however, there are definitely limitations that need to be addressed. Two fundamental questions should be addressed in any work token model:

  1. Does the application truly need its own token?
  2. How do you incentivize participants to stay active long-term?

As the crypto space matures, we can expect to see multiple iterations of existing work token models.

Stake to Play Token Economics: Exploring Work Tokens was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Our electricity grid is one of the most complex technological innovations of the 20th century. Figuring out how to use blockchains most effectively might end up being one of the biggest technological innovations of the 21st century. So what better way to really give yourself a headache than try and combine the two? That’s exactly what over 150 companies (according to the November 2018 report from SolarPlaza — up from 90 in January of the same year) are trying to do.

In the last year, it’s been exciting to see a lot of the research move towards commercial pilots around the world, from New York to Thailand and London, as energy blockchain start-ups get stuck in working with regulators and utilities. However, given the noise and hype that still surrounds a lot of blockchain projects, it can be hard to figure out what’s actually going on. So I had a go. These are the top 5 use cases I found:

1) Coordination of distributed energy resources (DERs)

The exponential growth in distributed generation, electric vehicles, and energy storage offers huge potential for decarbonizing the grid, but also introduces significant co-ordination and load balancing challenges. This growth is happening quickly; Deloitte projected that, by 2030, variable solar and wind generation will contribute over 20% of our energy in 21 US states, up from just one in 2015. As a result, many of these resources are not yet being used to their full potential, particularly when it comes to ancillary grid services such as load following and energy imbalance. The introduction of blockchain-based virtual power plants, microgrids, and asset registration platforms are seeking to solve these problems through bringing transparency to all levels of the network. This transparency additionally enables more accurate calculations of the marginal value of DERs based on location and grid constraints, to inform future investment decisions.

Example players: Electron, OmegaGrid, PowerLedger, LO3WePower

Predicted penetration of Variable / Distributed Energy Resources across the US by 2030 [SOURCE: Deloitte report on managing variable and distributed energy resources, 2015]2) Green credit trading

Green credits have been introduced around the world to incentivize the generation and consumption of environmentally sustainable energy by imposing a ‘price’ or ‘discount’ for these attributes. Examples include Renewables Obligation Certificates in the UK and Low Carbon Fuel Standard credits in California. With multiple parties inputting data who have incentives not to trust each other, where it’s also important to be able to track the history of transactions and avoid double counting, several players are making moves to solve these challenges using blockchain.

Example players: PowerLedger, Volt Markets, Greeneum, Energy Web Foundation

3) Wholesale energy trading

Wholesale energy markets see a high throughput of high value transactions; where the order of incoming transactions and confirmations must be retained. The platform access and transaction fees currently charged by many of the centralized exchanges are the target of several blockchain companies in this space. In addition, increasing the speed of transaction confirmations is expected to significantly reduce issues of reconciliation and therefore reduce the risk carried by the exchange. Some of the more ambitious business models are also looking at bringing individual consumers into wholesale markets and bypassing retailers, using a blockchain-based trading bot that is responsible for meeting your household energy needs.

Example players: VAKT, Ponton, LO3Grid+

4) Renewables development financing

Financing of large energy infrastructure projects, such as the development of a new solar farm, is a complicated and often slow, drawn-out process. Blockchain accelerates the financing process and mitigates risk through automation and simplification of contractual compliance, which can be exceptionally complex in an industry whose contracts are riddled with covenants. Additionally, access to finance is particularly difficult in developing economies, where the financial system may be less transparent and projects often carry higher risk. Blockchain can enable the selling of future energy generation as tokens today to raise capital for investment, or fractional ownership of solar panels which distributes the financial burden across a number of parties.

Example players: Banyan Infrastructure, M-PAYG, Sun Exchange, WePower

5) Automated financial settlement

Ensuring that energy customers pay the right amount at the right time consumes considerable resources for utilities around the world. This settlement process often takes several weeks and counterparties carry significant credit risk. Automated and near-instantaneous payments can be made possible using blockchains, to speed up the process and reduce risk.

Example players: BTL Group, Causam Exchange, VervGrid+

DERs in action. I took this photo from the top of a new Envision Energy wind turbine in China and it reminds me how rapidly the world of energy and technology is shifting… Watch this space!Conclusion

As you can see from this list, the opportunities for blockchain to improve our energy sector are both broad and significant (and in my personal nerdy opinion, super exciting!). Precise estimates vary, but a report by Zion Market Research predicts that the energy blockchain market will reach $12bn by 2024.

I’m particularly excited about the sheer magnitude and breadth of impact that could come from improved DER management, and also recognize that some of the others, like carbon credit trading, might be easier to implement at large scale. However none of these are a simple path to take; the crucial dependencies on energy market regulation and different market structures in each jurisdiction means that implementing these business models requires bucket loads of innovative thinking and determination, but I’ll save that for another blog…!

Thanks to Joyce Yao, Medha Kothari, Bosun Adebaki and Justine Humenansky for their inputs and advice on this article.

Top 5 energy blockchain use cases was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Photo by Michael Davis on Unsplash

“Those who rule data will rule the entire world… That’s what people of the future will say.” — Masayoshi Son³. If we agree on this premise, the question becomes, who do you want to own this data? Do you want this data to be ruled by corporations or do you want to have ownership and control over your own data?

As our lives become increasingly digital, our digital identities are comprised of the series of digital footprints (data points) we leave behind. As a result, digital identity is inextricably tied to data. The following post will outline how blockchain technology can prevent unintended access to this data through minimal disclosure models and monetizable data ownership as well as highlight some of the techniques being employed to ensure more secure data exchange. In light of the advancement of technologies that rely heavily upon our data, it is increasingly important to protect and own our digital identity, arguably one of our most valuable assets.

Note: This is by no means a comprehensive list of digital identity initiatives in the blockchain industry, instead it is a high-level overview illustrating some of the ways that blockchain technology is relevant to the digital identity discussion and highlights select projects that are working on critical components thereof.

In a Digital World, Data = Identity

Identity can be broken down into two distinct aspects. The first is “the fact of being who or what a person or thing is⁵.” My earlier post, The Impact of Digital Identity, focused on the ways in which blockchain technology can be used to create a decentralized personal identity tied to a unique and verifiable “digital fingerprint.” The post that follows will focus mainly on the second aspect of identity, which can be defined as “the characteristics determining who or what a person or thing is⁵.”

We leave digital footprints everywhere we go. Advancements in voice technology and the corresponding proliferation of in-home devices mean data collection is no longer restricted to our online lives. All of our steps can be pieced together to create an accurate picture of what we do, what we like, who we talk to, what we spend money on, and as a result, who we are.

I won’t go into the prevalence of large-scale data breaches or the role user data plays in the business models of many “free” and widely used Internet services. Suffice it to say that we have lost control of our data, and as a result, we have little control over this component of our digital identity.

Why it Matters: Unintended Access and Unintended Inferences

Supreme Court Justice Louis Brandeis perhaps most aptly described the historical view towards privacy as “the right to be let alone.” Now privacy would be better described as “the ability to control data we cannot stop generating.¹” More importantly, as we generate more and more data each day, this data now gives rise to “inferences that we can’t predict.¹” Quite simply, we do not understand the extent to which our data is being collected, with whom it is being shared, or the ways in which it is being utilized to derive insights about our identity. Sometimes our data is used in non-obvious ways. For example, machine learning can be applied to Google searches to draw inferences related to health and language patterns can be detected in anonymously written text / code to infer authorship, among countless other examples.

Even if we have come to accept that our data is for sale, the purpose for which it is being “purchased” is not often clear.

Traditionally, security and privacy have been two distinct fields where security involved the safeguarding of data and privacy involved the protection of user identity. As data is now a primary component of digital identity, the two have blended and more emphasis is being placed on privacy, which has historically taken a back seat to more pressing security concerns. In other words, in a world where prolific machine learning applications raise concerns about unintended inferences, protection against unintended access to data becomes a heightened priority¹.

Governments have taken notice and have begun to implement data privacy regulation (Europe’s GDPR, for example.) However, data privacy regulations will likely be ineffective as our ability to meaningfully consent to data collection is diminished in an environment where unintended usage and unintended inferences impair our ability to value access to our data¹.

This doesn’t mean that users or organizations shouldn’t share their data. Keeping data private doesn’t mean data has to be kept in silos, the real issue is unintended access.

Blockchain technology can help by facilitating models that allow for minimal disclosure of sensitive information and mechanisms through which data owners can be commensurately compensated for allowing access. Privacy-focused blockchains can also allow for a more secure way to exchange information.

Minimal Disclosure Models

Users repeatedly disclose non-relevant but sensitive information when transacting online. For example, if a company needs to prove that Alice is old enough to rent a car, the rental car company might ask Alice for a copy of her driver’s license, which contains her address, her driver’s license number, and other demographic information in addition to her date of birth, which she might not want to share. The rental car company really only needs to know that she is old enough to rent a car, they don’t need to know that she is 5’6’’ and lives on Center St. They don’t even need to know her exact birthdate, they just need to know that she is above a certain age. Repeatedly sharing unnecessary information with multiple parties creates more points of vulnerability. Minimal disclosure models leverage blockchain technology to create systems in which relevant data is disclosed to querying parties, while non-relevant data is kept private, greatly reducing the transmission of and number of parties storing sensitive identifying information.

Source: Civic

Civic has developed one such minimal disclosure model, focused on utilizing certificate authorities to create a “re-usable KYC.” Civic has created a system in which previously audited PII (personally identifying information) can be used to assure third parties of a person’s identity without the need to re-share the underlying PII. Using the example from above, with Civic, Alice only has to go through the KYC process once, and then the entity that verified her KYC (this step unfortunately still requires standard forms of ID) can provide attestations that Alice’s PII meets certain criteria. More specifically, the verifying entity can provide an attestation to the car rental company that Alice is above the minimum age required to rent a car without revealing any additional information about Alice. The Civic token (CVC) is used to incentivize third-party validators to provide attestations and can also be used to purchase “identity-related products” such as secure login / registration, multi-factor authentication, etc.

Just as sharing the same sensitive data with multiple parties creates vulnerabilities, using the same user ID and password across multiple platforms is not only bad policy from a security standpoint but can lead to association and tracking of accounts. With this in mind, Microsoft has designed its own minimal disclosure model targeted at authentication.

Microsoft has designed an open source, interoperable Layer 2 DID implementation in which a user creates a DID which is then linked to non-PII data. A user’s actual identity data (PII) resides encrypted off-chain and under control of the user. DIDs are user-generated and not limited to one per account since the idea is to avoid having one set of log-in credentials that can be traced and tracked across multiple platforms or service providers. DIDs can either be public (when you want an interaction linked to you in a way that can be verified by others) or pairwise (in the event that privacy is important and therefore interactions need to be isolated and correlation prevented.)

Source: Microsoft

To walk through a concrete example, lets say that Alice wants to authenticate with an external party. Alice would disclose a DID to that party, and that party would look up the disclosed DID through the Universal Resolver, which would then return the matching non-PII metadata corresponding to that DID. The external party then creates a “challenge” using the public key references in the metadata and performs a “handshake” with Alice, proving that Alice is the owner of the DID. To prevent creation of “false identities,” attestations may be required initially until a level of credibility is established through multiple attestations or endorsements. Organizations requesting authentication can require multiple attestations for higher stake interactions.

Coinbase is also focused on identity, running a dedicated team focused on the topic and recently acquiring Distributed Systems, a company focused on decentralized identity. The company seems to be focused on minimal disclosure, in addition to other aspects of identity, as the company highlighted how decentralized identity could let a user prove that they have a relationship with the Social Security Administration without producing an actual copy of their SSN. While the social security administration and the DMV are currently the strongest purveyors of identity in the U.S., as the world becomes increasingly digital, Coinbase believes this model may ultimately extend to social media posts, photos, and other components of one’s digital identity.

Monetizatable Data Ownership

While minimal disclosure models focus mainly on protecting personal identifiers (SSN, DOB, and other PII), the non-PII data points that comprise a users’ online identity also need to be protected. If users could own their own data, and control access to it, the value of this data would theoretically accrue to its owner rather than the platforms that currently collect it (Google, Facebook, Amazon.) Governments have acknowledged that “data has value, and it belongs to you” with California Governor Gavin proposing a “digital dividend” that allows consumers to share in the profits of tech companies that have been “collecting, curating and monetizing” their users’ personal data⁶. However, this approach doesn’t allow for commensurate compensation and equates to little more than a tax on Big Tech companies, evenly distributed to individuals. Instead, blockchain technology allows for a more dynamic system in which users control their own data and can directly monetize access to that data, commensurate to the level of access they choose to provide.

There are several blockchain companies, in various stages of usage and development, that aim to create marketplaces for users to monetize their own data. BAT is an example of one such platform. BAT stands for Basic Attention Token and is an ERC-20 token that serves as a utility token traded between advertisers, publishers, and users within a blockchain-based digital advertising platform. In the system, advertisers grant publishers BATs based on the measured attention of users. Users also receive BATs for participating and they can choose to donate them back to publishers or use them within the platform. In the future, advertisers could participate in a system where a user receives one BAT in exchange for being served one ad. Zinc is another blockchain-based platform with a similar goal. Likewise, Vetri is a blockchain-based data marketplace through which users can sell anonymized data to marketers in exchange for VLD tokens that can be used to purchase gift cards within the platform.

Source: Basic Attention Token

Other examples of such marketplaces include Fysical and Steemit. Fysical is creating a platform for the exchange of location data and currently publishes over 15 billion data points from more than 10,000,000 mobile devices every month, according to the company. Steemit is a platform that allows users to monetize Reddit-style, user generated content by earning tokens when their contributions get upvoted.

Data Exchange

Unintended access to data can also occur during data exchange, even when that data is anonymized. This is problematic since data exchange is necessary for continued innovation. Sharing medical and genomic data across medical institutions could accelerate the discovery of new treatments, conducting data analytics across financial institutions could avert financial crises, and sharing of driving data is likely imperative to the development of autonomous vehicles⁷. While blockchain technology can facilitate the exchange of data between untrusting parties, this data exchange still remains susceptible to privacy issues. Luckily, there are several blockchain companies focused on building privacy-focused networks from the ground up so that data can be exchanged in a way that prevents unintended access to underlying identifiers.

Oasis Labs is one such company. Oasis Labs is taking a full-stack approach to privacy, utilizing trusted execution environments (secure enclaves), secure multi-party computation, zero-knowledge proofs, and differential privacy. This limits the parties that have access to data at the protocol layer and limits data leakage of anonymized data at the application layer. Enigma is another project focused on creating a scalable privacy protocol, utilizing similar privacy techniques.


Since no blockchain article is complete without this list… and again, this is not a complete list. Check out The Impact of Digital Identity and Blockchain’s Battle with Financial Inclusion, by my friend and colleague Bosun Adebaki, for more challenges related to digital identity. All the usual blockchain limitations also apply.

Ownership Rights: While the idea of an individual controlling access to, and thereby monetizing, their own data sounds appealing, in practice it can be challenging. One issue with creating a marketplace for the exchange of individual data is that data property rights have yet to be defined. Once data is shared with a third-party it is very difficult to define ownership and to prevent a secondary market for this information from forming once the information is known.

Valuation and Willingness to Pay: It will also be difficult to determine the value of different data or the willingness to pay for privacy initially, especially since users have been giving their data away, practically for free, for years. Furthermore, it is unclear if the $/month an individual might make from personal data monetization will be enough for the average consumer to offset the current user experience friction (key management, etc.) and uncertainties.

Recourse: Recourse in the case of abuses is also unclear in decentralized data exchange. In a recent video interview, Mark Zuckerberg spoke about researching ways to replace Facebook Connect, the social media giant’s single sign-on (SSO) application, with a more distributed system. However, he also posed some of the same questions raised above, asking “The question is, do you really want that? Do you have more cases where, yes, people would be able to not have an intermediary but there’d be more instances of abuse and recourse would be much harder?”

Still, the need to securely exchange data in certain industries is imperative to the viability of the business (autonomous driving, for example) and therefore the value proposition to enterprises is more likely to be high enough to offset any pain points in user experience and/or more active management.

Now that identities are digital, identity is inextricably tied to data. In light of the advancement of technologies that rely heavily upon this data, it is increasingly important to protect and own the data that comprises our digital identity. We need blockchain technology to help us regain control of our data, and as a result our digital identity, and this is more important now than ever as unintended access can lead to unforeseen consequences. Society reflects the tech we build it on…. we need to keep building.


1.) https://hbr.org/2019/01/privacy-and-cybersecurity-are-converging-heres-why-that-matters-for-people-and-for-companies

2.) https://avc.com/2018/12/video-of-the-week-chris-dixon-and-brian-armstrong/

3.) http://fortune.com/go/finance/softbank-vision-fund-masayoshi-son/

4.) https://www.coindesk.com/coinbase-dapps-decentralized-identity-crypto

5.) https://en.oxforddictionaries.com/definition/identity

6.) https://www.bloomberg.com/news/articles/2019-02-12/california-governor-proposes-digital-dividend-targeting-big-tech

7.) https://www.oasislabs.com/primer

Digital Footprints: Data and Digital Identity was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

How to not lose your crypto with novel cryptography.

By: Leland Lee (Independent) and Dev Ojha (UC Berkeley / ex Tendermint)

Figure: Sometimes we need multiple signatures to get things done

It is ironic how some multi billion dollar cryptocurrencies do not natively support multisignature. Where m-of-n signers are required to authorized a transaction. We’re not ones to judge because maybe it’s by design to only have one private key[0]. But that is not the world that we want to live in, because who wants to lose millions of dollars due to a faulty smart contracts or lost private keys?

Today we will examine various multisignature schemes for transaction signing in blockchains that are applicable to both UTXO and account based models. Please note that some of schemes are still being actively researched and that there are multiple constructions with differing attributes (communication over head, signing time, etc). And if there’s too much technical content jump to the trade off space section.

In the status quo, existing blockchains have pursued several different systems to have multiple owners control the same set of coins: smart contract based (Ethereum) to native scripts (BTC’s P2SH).

How Signatures Work

In order to send a valid transaction on any blockchain several steps must be taken.

  1. Construction a valid transaction
  2. Sign the transaction with the corresponding private key of the account or UTXO
  3. Submit the signed transaction to network
  4. A miner verifies the transaction and signature
  5. The transaction is placed into a block and relevant blockchain state is updated.
Non Cryptographic Techniques and Their IssuesSmart Contracts

Although smart contract based multi signature accounts offer much flexibility (daily allowances, infinite customization) they historically have suffer from bugs in both the code, language, virtual machine and compiler. Hundreds of millions have been locked up in perpetuity due to human related errors.


Unlike smart contract platforms, Bitcoin has a more primitive scripting language. The differences are stark: not Turing complete, not compiled, no virtual machine and no concept of “state”. Whether this makes the cryptocurrency less useful is a debate to be held elsewhere. But more importantly there are specific op_codes for operations such as multisignature. In Bitcoin and Bitcoin related forks, there is a special script known as Pay-to-Script-Hash which is used to create multisignature accounts. An in depth explanation can be found here.

Both Bitcoin’s multisignature addresses and Ethereum’s multisignature wallets require on chain submission of all relevant signature for a transaction to be sent. Some of the schemes we will explore today only require one signature to be submitted, saving valuable onchain space and potentially making the address indistinguishable from single private key addresses.

Cryptographic Techniques

Here we explore various techniques to add multisignature to blockchain protocols. None of these are the silver bullet, as each method has various trade offs that need to be explored thoroughly before determining which technique is optimal for particular situations.

Note depending on what lense we apply to these class of cryptographic constructions they all look the same from high up enough, we’ve taken a distinct balance to highlight some of the key technical differences without diving to far into the technical weeds.

Shamir’s Secret Sharing (SSS)

Note this is not a multisig in a classical sense, nonetheless it is discussed here to provide a counterexample to other forms of cryptographic multisignature.

Here a private key is used to derive n shards, where m are required to reconstruct the private key. This scheme is often used for key recovery, if a user loses the private key it is possible to to reconstruct the original key using the shards the user has distributed to various friends. However it is not apt for multi signature as:

  1. The private key must be generated to derive the shards.
  2. The private key must be reassembled from the shards before a transaction can be signed.

This means that there is a trusted generation and reassembly step which are points of failure. Also individual shard holders have no say in which transaction is going to be signed, all they provide is the shard. Trusted hardware could mitigate the trusted generation and signing concerns, but this leads issues such as side channel attacks, availability, etc.

Nonetheless there are some unique features of SSS that should be noted, it is possible to create as many distinct set of shares without modifying the underlying secret / private key. Thus if Alice originally has 10 secrets and unfriends Bob, a secret holder, Alice can regenerate 9 secrets and give it to the remaining trusted parties (who hopefully destroy their old shares, rendering Bob’s share useless).

There are some libraries out in the wild for Bitcoin (SplitKey) and Ethereum, however they function as key recovery systems.

Threshold ECDSA

In threshold ECDSA, we remove the vulnerability of Shamir’s where there is a preimage / existing private key. Here we describe a recent construction pioneered by Steven Goldfeder in his ECDSA MPC paper, which surpasses previous ECDSA work in terms of efficiency for both the key generation and signing.

Using a distributed key generation (DKG) scheme, all key holders participate in an interactive process that generates both a private key for themselves and a single public key. This ensures that no party ever learns the true private key. Before this construction key generation would only be practical using a trusted dealer as the computation time would be too great for parties greater than two.

We know of two working implementations of threshold ECDSA done by Keep Network and Kzen Networks.

Threshold Ed25519

An issue with ECDSA is that due to the intricacies of the signing algorithm, threshold signatures are complex. However for other signatures schemes such as EdDSA (Edwards-curve Digital Signature Algorithm), and particularly with curve Edwards25519 whose signature scheme Ed25519 has relatively more efficient and straightforward threshold signatures. Users generate their own keys and then have an aggregation step to create a single public key and transaction signing has a three round interactive protocol.

Kzen Networks has implemented a reference library for Ed25519 threshold signatures; Stellar[4], Near Protocol and Cosmos use the same curve but do not to implement cryptographic threshold signatures.

Schnorr Signatures

In Bitcoin, Schnorr signatures are a form of signature aggregation. Instead of using P2SH which grows linearly to the number of keys, signature aggregation allows for constant size signatures. And the verifier does not need to know the individual public keys of the signers, increasing privacy. Blockstream is helping pioneer this technique in Bitcoin.

There are several ways to implement m-of-n multisignature in Schnorr (section 5.3) with various trade offs, in some schemes users provide their own keys, whereas in others there must be a DKG ceremony. In general there is at least one round of communication for key generation and transaction signing, transaction signing also does not scale well with large a large m or n.

BLS Signatures

Short for Bohen-Lynn-Shacham signatures, they work very well for large signature sets. Meaning we can have a 2 of 10 or 2 of 1000 multisignature scheme with barely any difference in set up and signing times. For the setup phase the only thing necessary to do is generation of membership keys for each private key, this only requires one round of communication[5]. Because users supply their own private keys it is possible to use techniques such as HD Derivation for easy management of multiple keys. Users sign transactions offline and a single aggregator adds up the signatures and submits it.

This particular construction using membership keys is fairly new, another method is to leverage Shamir’s Secret Sharing (used by Dfinity and Dash) however either a trusted dealer or a DKG is necessary. A downside of BLS lies in the weeds, where finding an optimal pairing is inefficient, meaning signature verification is slow, a magnitude slower than ECDSA. Dive deep into BLS here.

Trade off space

When observing these techniques from a distance it seems that some on paper are superior to others. Unfortunately that is not the case when we dive into the trade off space. Some techniques are preferable for larger groups of signers, others more apt for low bandwidth environments. Here we explore a non exhaustive list of attributes to analyze the various techniques from above.

Preimage: Is there a private key that must be split?

Trusted Setup: Is there a single entity that generates the keys or can there be a distributed key generation scheme?

Detect Multisig: Can a viewer of the blockchain determine whether a particular address is a multisignature address?

HD Derivation: Is it possible to have hardware deterministic keys for the associated cryptographic process? (Can users use techniques like BIP32 so they only need to remember their seed rather than a bunch of private keys)

Weight: Is it possible to assign different weights to particular private keys? (ex: 1 of 2 multisig, where key holder A has a weight of 2 and key holder B has a weight of 1, meaning A does not need B to sign but B always requires A).


  • Privacy of Signers: Can a viewer of the blockchain determine who were the particular signers of a transaction
  • Signature size: Do multi signature transactions require more on chain space, does the amount of space vary depending the number of signers?


  • Key generation time: How long does it take to generate the keys, does key generation time increase based on the number of parties?
  • Key generation rounds: If key generation is interactive, how many times do participants need to interact with each other.
  • Verification time: How long does it take to verify a signature
  • Signing time: How long does it take to sign a transaction


  • Interactive: How many rounds of communication are required to sign a transaction
  • Curve Efficiencies: Even though some of these techniques work for all curves it is necessary to consider things such as curve efficiencies and cofactor selection.
Figure: The trade off space for the schemes discussed, note that there are several constructions for each scheme which leads to different attributes.Future Developments

Although there are many different techniques that enable multisignature accounts for blockchains we must be cognizant of the design considerations in a protocol. Some of these techniques require changes to the underlying protocols, while others do not. Protocol designers should be aware of the implicit trade offs in both user experience and future proofing for advance in cryptography.

Fun fact: signatures have much more uses than for sending transactions. They are / can be used for block signing in Proof of Stake systems, aggregate signatures to have smaller blockchains, and transaction compression.

Fun questions

Now that you know more about cryptographic multisignatures here are some questions to ask yourself when deciding what kind of signatures scheme you should choose when implementing a protocol.

  • Are there use cases where one wants to be able to differentiate between multisignature and single signature accounts on chain.
  • Threshold cryptography provides the property where the individual key signers are unknown, where can this be beneficial or detrimental?
  • Is it possible to have a signature scheme that allows for selective disclosure, where some transactions reveal the signers and other transactions do not?
  • Is it possible to have a signature scheme that can reveal only a subset of the signers but not all?
  • Is it possible to have a scheme where the signing parties are not able to determine who are the other signers in the interactive step?
  • How does key management work when it is not possible to have HD wallets?
  • For BLS one can use HD keys, however it is necessary to generate additional membership keys. What should protocol be when the user loses their membership key?
  • Should multisig lie entirely in the cryptographic realm or should one there be a balance between smart contracts / scripts and cryptography
  • Are there instances where signature size does not matter at all because signature are tossed or there is a novel form of compression?

Foot Notes

[0] Technically all blockchains do have a form of native multisignature assuming there are cryptographic signatures. However finding an efficient threshold signature scheme for any arbitrary signature algorithm can be rather difficult.

[1] Zcash currently uses P2SH, in the upcoming Blossom update it will switch to a custom cryptographic construction.

[2] Grin unique among cryptocurrencies to use a cryptography based multisignature, it is similar to Bitcoin’s confidential transactions. A downside of their approach is that it is custom to their protocol and hard to generalize.

[3] Monero only supports n-of-n and n-1-of-n schemes, the former being very similar to a splitkey.

[4] Stellar has multisignature but does not implement it in cryptography, instead it is achieved by using their scripting language.

[5] Note for UTXO models there is a one time interactive step for the generating the public key which is necessary for the unlocking script when users want to spend.

Thanks to Tarun Chitra, Joyce Yang, Dan Robinson, Jeremy Rubin, Jeremiah Andrews and countless others for review and explanations of various cryptographic techniques.

Alternative Signatures Schemes was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

I interviewed modern-day Microfinance institutions that have issued a combined $750m in micro loans to over 4.5m customers globally, and here’s what I found.

Source: Shutterstock

What could distributed ledger technology mean for unbanked and underbanked populations? In particular, how might distributed ledger technology revolutionize the Microfinance industry? Is the Microfinance industry even in need of change?

These are questions that I’ve been asking myself repeatedly over the last 18 months. Rather than sit in my bedroom and ponder, I decided to spend a few months doing some research. I interviewed a selection of modern-day Microfinance institutions (MDMFIs) that have, in recent years, issued a combined $750m in micro loans to over 4.5m customers in emerging economies across the globe. First, I assessed MDMFI performance and impact. Second, I examined how Blockchain technology could increase the scope of impact of MDMFIs. Third, I explored the key challenges to Blockchain adoption.

Summary of Key FindingsPerformance and impact

MDMFIs have shown that they are adept at using mobile phone data to draw signals and inferences about the behaviors that drive loan repayment. They have achieved, on average, repayment rates of over 90%, and their loan acceptance rates of 50% are significantly higher than those of traditional financial institutions.

With loan decisions made in mere minutes, MDMFIs algorithmic data driven approaches have acted as a catalyst for greater financial inclusion, allowing millions of un(der)banked individuals to grow their businesses or smooth their income streams.

Opportunities for Blockchain technology

Blockchain technology has the potential to foster growth in Microfinance and provide more effective solutions in four key areas:

  1. offering a new and innovative way of verifying a borrower’s identity
  2. creating shared and trusted credit histories
  3. enabling the sharing and maintenance of sensitive data in more secure ways
  4. allowing for cheaper and quicker flows of capital to and from borrowers.
Challenges to Blockchain adoption

Despite offering improvements to the Microfinance business model, Blockchain technologies face a number of challenges to become a viable solution. These include:

  1. a lack of interest from relevant stakeholders and an inability to change processes due to legacy contracts and infrastructure
  2. the infancy of the technology and the absence of integrated and interoperable solutions that can be easily incorporated into existing operational models
  3. the significant regulatory uncertainty, particularly relating to public accessibility of sensitive data (e.g. GDPR).
BackgroundA history of the Microfinance industry and the rise of MDMFIs

Microfinance institutions (MFIs) have been around for a long time. Initially coined in 1970s following the success of the Grameen Bank of Bangladesh, the basic objective of an MFI is to enable traditionally unbanked individuals (and businesses) to obtain access to capital through the provision mini or micro loans. MFIs seek to achieve financial inclusion through developing solutions that a) seek to find innovative ways to address the challenges of nonexistent credit history, and b) build partnerships with a broad range of organizations, from governments through to non profit foundations to source and secure capital flows.

Whilst the mechanics of how micro loans are provided differ based on the relative sophistication of financial systems in different locations (e.g. traditional cash vs. mobile money vs. peer to peer lending), and the specific client base (e.g. unbanked, SMEs, social enterprises, underbanked), the essence of what a MFI does has remained unchanged for decades:

assess creditworthiness and provide capital to the underserved.

Historically, MFIs were operated as quasi-nonprofits. Backed by organizations such as the World Bank, the IMF, international foundations, in addition to national governments and global nonprofits, their main goal was to provide access to credit. There was no inherent need to generate the high Return on Investment (ROI) required by commercial credit providers because MFIs’ key funders did not hold investment returns as their primary objective. Rather, they were concerned with social good. Borrowers were sourced through intimate knowledge of local communities, using information obtained through interviews and experimentation, with limited focus on the benefits of using recordable digital data.

Over time, MFIs have innovated and become more akin to traditional profit driven providers of credit, lending at market rates of interest. Traditional MFIs are now widely accepted as having contributed significantly to global financial inclusion by serving an estimated 200m borrowers. However, MFIs face significant criticism for often charging high interest rates to borrowers, something that is widely accepted to be a consequence of an operationally heavy and labour intensive business model.

Modern-day Microfinance institutions

Modern-day MFIs (MDMFIs), in the context of this post, are MFIs that use alternative data, specifically mobile phone data from smartphones, as the underlying source and foundation of their credit solutions. MDMFIs have lower operating costs and are digitally native, allowing them to offer cheaper and more efficient credit solutions to borrowers.

It is estimated that two thirds of the world’s unbanked have mobile phones. Through the use of data generated from a device that has now become ubiquitous in both the developed and the emerging worlds, MDMFIs are able to assess creditworthiness of potential borrowers in a manner that is automatic, automated, and driven by big data.

My research

I interviewed a number of MDMFIs, which combined, serve over 4.5m customers in emerging economies across Africa, LATAM and Asia, and have issued over $750m in loans over the last few years.

How the MDMFI model works

Whilst there are variations in the loan process depending on geography and the particular MDMFI, a simplified model of the typical customer process is as follows:

  1. Borrower installs the MDMFI’s smartphone app. This app gives the MDMFI complete access to the borrower’s mobile phone (from call duration records through to words included in a SMS).
  2. Borrower uploads relevant ID documents through the app. This allows the MDMFI to create a unique record under which, the mobile phone is associated to a specific borrower, and local Know-Your-Client obligations are satisfied
  3. The MDMFI analyzes the borrowers mobile phone data and, if possible, any available credit data from local credit bureaus based on the borrowers ID, to assess credit worthiness.
  4. Upon the borrower’s request for credit, the MDMFI uses algorithms to analyze mobile phone data in order to generate a probability of repayment score. The MDMFI then offers, within minutes, a line of credit to the borrower. This line of credit is often for 60 days or fewer and typically for less than $350.
  5. The borrower’s repayment of the loan (or lack thereof) in addition to mobile phone usage and habits are analyzed repeatedly by the MDMFI and used to inform the MDMFI’s algorithm.
Key data points assessed

MDMFIs typically gather between 1,200 and 2,000 mobile phone data points to generate a probability of repayment score. This includes mobile phone usage data (e.g. regularity of phone usage, regularity of phone charging, times of day that the phone received SMS messages), mobile phone geosensing data (e.g. where the phone was physically used, variation on location of usage, consistently of location over time), and borrower psychometric data (e.g. how long it took borrower to complete loan application, answers on loan application etc), which are grouped and analyzed within the context of 3 main buckets:

  • Own data — data “controlled” by the individual borrower. This focuses on the borrower in isolation.
  • Inferred data — data on the social interactions and social networks that the borrower is associated with.
  • Relative data — data on the borrowers “metrics” relative to the rest of their cohort and relative to all other borrowers on the MDMFI’s platform.

Whilst not all of the 1,200 to 2,000 data points that comprise these three buckets have equal levels of importance, when considered in aggregate this data has predictive qualities. The core to an MDMFI’s success is an ability to use mobile phone data points to identify the particular behaviors or behavioral traits that offer the most accurate and consistent predictive signals about an individual borrowers likelihood to repay credit.

Anecdotal examples of mobile phone data that provide stronger and more robust predictive signals about a borrower’s likelihood of repaying loans, include the following:

  • Borrowers who include both first name and surname when saving a contact to their mobile phone address book offer higher repayment rates
  • Borrowers who maintain their phones fully charged for longer, offer higher repayment rates
  • Borrowers who have fewer gaming apps than productivity apps on their phones offer higher repayment rates
  • Borrowers who request credit between the morning hours of 5am — 8am, offer higher repayment rates

Traditional MFIs and banking institutions do not consider or analyze mobile phone data to this level of granular detail when assessing risk. Rather, an individual’s income, history of recorded credit repayments and residence address are determining factors.

Whilst income levels and history of recorded credit repayments are, of course, strong predictors of repayment, mobile phone data has been found to be more effective than credit bureau methods at predicting those who are more likely than not to repay funds. The assessment of the day-to-day interactions, in addition to the psychological and sociocultural context of borrowers is where MDMFIs have created a great niche. Given that mobile phone data is real time, MDMFIs can also assess quickly the impact that changes in borrower behavior are likely to indicate about the ability to repay, and adjust their credit amounts accordingly.

Progress towards meeting objectives

MDMFIs core lending businesses have been exceptionally successful using mobile data to assess a borrower’s ability and willingness to repay in a low cost manner. Given the lack of brick and mortar branches and low fixed overhead, the marginal cost of adding an additional borrower is minimal. This has allowed MDMFIs to offer loans to new and larger populations of borrowers. In particular, to individuals who operate in the informal economy, are geographically distant from traditional lending options, or cannot afford the interest rates offered by traditional MFIs.

From those MDMFIs that I spoke to, the following headline numbers were identified:

  • Typical MDMFI repayment rate is over 90%
  • More than 50% of MDMFI loan applicants receive a line of credit
  • Interest rates are typically materially cheaper that those from comparable payday loans or traditional MFIs
  • Loan approval occurs in mere minutes

These results show that commercially, the MDMFI model is working. MDMFIs are allowing a greater number of people to access credit, smooth their income and obtain cheaper working capital (through lower priced short term loans) in the process. However, they have faced many criticisms, particularly, for creating an increased dependence on debt, given the relatively low proportion of first time borrowers (typically around 7%) and high proportion of repeat borrowers (typically 90%+). This is particularly pertinent given widespread reports of individuals using loans from one MDMFI to repay loans obtained from another MDMFI.

If MDMFIs really want to deliver on their core goals of financial inclusion they will need to offer products, such as savings, investments or planning, that help borrowers think to the future.

Source: Imperial College Business SchoolImplications for Blockchain technologyWhat is Blockchain?

Blockchain or Distributed Ledger (DLT) technology is, at its core:

  • A shared database / ledger of chronologically recorded transactions, secured by cryptography;
  • That is immutable and tamper-resistant, allowing users to append and record data, but not delete or edit;
  • With no central owner and, instead, run by a network of distributed computers, each holding a copy of the database / ledger of transactions;
  • Where the network reaches consensus on the true state of database / ledger through a predefined consensus mechanism.

In more simple terms, Blockchain/DLT allows the creation of a shared database held and controlled by a network of distributed computers, where data can only be added to the database, and the database’s veracity is secured by complicated cryptography.

Use cases given research observations

Based on my interviews, MDMFIs see Blockchain technology as something for the future. That being said, practical use cases for Blockchain technology based MDMFI pain points include:

  • Credit histories — Whilst many MDMFIs create “probability of repayment” scores based on mobile phone data and then record borrowers’ payment histories on the MDMFI’s own individual platform, this information is not publicly shared across platforms in such a way that a borrower is able to develop a global verifiable history of credit repayments.
  • Blockchain’s immutable ledger offers the ability for a borrower’s repayment history to be permanently recorded to a public database that all potential lenders can access. This could cover all “credit like” repayments and would enable MDMFIs to implement risk based pricing to all borrowers through the aggregation of data across providers (many MDMFIs do not currently offer risk based pricing and instead offer flat interest rates to all applicants). The credit history could be linked to a digital ID (see below) with the solution implemented in conjunction with local credit bureaus. Such a partnership with local credit bureaus would ensure that borrowers are able to eventually access the traditional financial system (both locally and internationally) using MDMFI data (i.e. using proven and verifiable evidence of debt repayment, which is what traditional credit providers require). Existing Blockchain solutions that seek to blend credit history with digital ID include The Kiva Protocol, Bloom, BanQu, and Colendi.
  • ID verification — A common challenge for MDMFIs is obtaining valid ID documents when seeking to identify their borrowers, particularly in locations where more than one form of ID document is issued.
  • Blockchain solutions such as uPort, Civic, CULedger or those developed by the UN backed ID2020 Alliance, have attempted to address this issue, either through digitizing paper based records, or creating digital passports. These decentralized digital IDs could be linked to an individual’s biometric data or unique public-private key pairing, and would be more easily transferable, sharable and accessible. This would enable to MDMFIs to onboard a greater number of borrowers more quickly and effectively.
  • Disbursements and collection — MDMFIs work with local payment processors and telcos to distribute and collect funds. Given that most well funded MDMFIs operate in a number of jurisdictions, funds need to be regularly moved across international borders to disburse to borrowers, leading to associated FX risks. MDFIs use the existing financial infrastructure, which is slow, does not not offer real time information and often requires nostro accounts to be held at correspondent banks when transferring money across borders.
  • Blockchain based payments systems such as Stellar and Ripple seek to increase the speed and information associated with cross-border payments, in addition to eliminating the need for tying up funds in nostro accounts, and reducing FX risk through the use of stable coins (digital assets pegged to the value of non-digital assets) or atomic swaps. As MDMFIs disburse increasing amounts of capital each day to borrowers, having greater control of cash in real time and reducing reliance on telcos and payment processors will become imperative to continuing to offer cheap services.
  • Data sharing and protection — MDMFIs obtain and share data from/with partners (e.g. Android, telcos) in order to create and develop their algorithms and improve machine learning. This requires data sharing agreements with a broad range of parties across the globe. Privacy considerations are often the main concern of companies when it comes to sharing data. Currently, this data is held in centralized servers or cloud providers (e.g. AmazonAWS, Microsoft Azure, Google Cloud).
  • Blockchain providers such as Enigma, Oasis Labs seek to create solutions to allow privacy-secured sharing and storage of data. This will allow MDMFIs to identify and track who has access and has accessed which pieces of data at all times, ensuring that only the relevant people have access to sensitive information.
Challenges to use cases

Whilst Blockchain technology could facilitate the scaling of MDMFIs, there are a number of challenges, both practical and technological that will need to be addressed.

  • Adoption — Many of the solutions require the acceptance of new blockchain based infrastructure by multiple parties. Given the diversity of stakeholders, including regulators, governments and businesses, with conflicting objectives (e.g. maximization of profits vs. improving social cohesion vs. ensuring consumer protection), wide scale adoption may be difficult to achieve.
  • Additionally, the technical stack required for Blockchain technology to be feasible for all day to day transactions is still a way away from being fully built out. That being said, we are now seeing companies develop blockchain based mobile phones (for example, HTC and Sirin labs) which would enable seamless integration between mobile phone data and blockchain based technologies (for example, ID verification and credit histories), albeit that these phones are way outside the price point of the average MDMFI borrower. As the cost of blockchain based smartphones decrease, adoption of the underlying technology is likely to increase.
  • General Data Protection Regulation (GDPR) — Blockchain technology’s core benefit is that the data stored on the chain is immutable. Once it has been recorded, it cannot be deleted. This is contrary to the rules of the GDPR, which requires that businesses can delete data sorted on their customers, if requested by customers.
  • To the extent that local or national governments across the board introduce similar legislation, this could create regulatory challenges when using Blockchain technology to record data.
  • Technological — To create a system that covers credit data, ID, payments and privacy will require Blockchain interoperability and scalability. Interoperability is the area where Blockchain technology remains most in its infancy. Therefore, until this has been resolved (organizations such as Cosmos are intending to build a solution), the technology will struggle to achieve high levels of adoption, as integration into existing MDMFI operational models remains impractical.
Source: Kim RuyleConclusions

MDMFIs have shown that they are adept at using mobile phone data to draw signals and inferences about the behaviors that increase an individual’s likelihood to repay loans. As a result, they are able to provide cheap credit funding to millions of un(der)banked individuals who otherwise would have no reasonably priced access to the loan funding required to grow their businesses or smooth their income streams. In this way, MDMFIs are clearly continuing the work of their MFI predecessors of assessing creditworthiness and providing capital to the underserved.

A major criticism of MDMFIs is that they encourage the use of credit where it otherwise wouldn’t be required, drawing people into a cycle of debt dependency. Given that over 93% of borrowers repay loans, however, it is possible that the cycle of debt claim may be overstated.

Blockchain technology has the potential to foster MDMFI growth and provide more effective solutions to larger client bases through a) offering a new and innovative way of verifying a borrower’s identity; 2) creating shared and trusted credit histories; 3) enabling the sharing and maintenance of sensitive data in more secure ways; and 4) allowing for cheaper and quicker flows of capital, both to and from borrowers. However, challenges for the implementation of Blockchain technology are abound, particularly those relating to technological infancy, regulatory uncertainty.

About Bosun

Bosun Adebaki is a Business Consultant at Blockchain at Berkeley and an MBA student at UC Berkeley’s Haas School of Business. He believes in using FinTech to create a more accessible financial system.

Microfinance and alternative data meets the world of Blockchain was originally published in Blockchain at Berkeley on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read for later

Articles marked as Favorite are saved for later viewing.
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview