CSE is a task that started in 2016 as a push to change the manner in which cryptographic forms of money are planned and created. The general concentration past a specific arrangement of advancements is to give a more adjusted and feasible biological community that better records for the requirements of its clients and different frameworks looking for coordination.
In the soul of many open source ventures, CSE did not start with a far reaching guide or even a definitive white paper. Or maybe it grasped an accumulation of plan standards, designing accepted procedures and roads for investigation. These incorporate the accompanying:
• Separation of bookkeeping and calculation into various layers
• Implementation of center segments in exceptionally particular useful code
• Small gatherings of scholastics and engineers contending with associate surveyed look into
• Heavy utilization of interdisciplinary groups including early utilization of InfoSec specialists
• Fast emphasis between white papers, execution and new research required to adjust issues found amid survey
• Building in the capacity to redesign post-conveyed frameworks without annihilating the system
• Development of a decentralized subsidizing instrument for future work
• A long haul see on enhancing the outline of digital currencies so they can chip away at cell phones with a sensible and secure client encounter
• Bringing partners nearer to the activities and support of their digital currency
• Acknowledging the need to represent numerous benefits in a similar record
• Abstracting exchanges to incorporate discretionary metadata with the end goal to more readily comply with the necessities of inheritance frameworks
• Learning from the about 2,000 altcoins by grasping highlights that bode well
• Adopt a benchmarks driven process enlivened by the Internet Engineering Task Force utilizing a devoted establishment to secure the last convention plan
• Explore the social components of trade
• Find a sound center ground for controllers to communicate with trade without bargaining some center standards acquired from Bitcoin
From this unstructured arrangement of thoughts, the principals chipping away at CSE started both to investigate digital money writing and to manufacture a toolset of deliberations. The yield of this examination is IOHK’s broad library of papers, various study results, for example, this ongoing scripting dialect outline and also an Ontology of Smart Contracts, and the Scorex venture. Exercises yielded a thankfulness for the digital currency industry’s strange and now and again counterproductive development.
To start with, dissimilar to fruitful conventions, for example, TCP/IP, there is small layering in the plan of digital forms of money. There wants to safeguard a solitary idea of accord around actualities and occasions recorded in a solitary record, paying little mind to whether it bodes well.
For instance, Ethereum has hampered tremendous unpredictability endeavoring to wind up an all inclusive world PC, yet experiences unimportant concerns possibly decimating the framework’s capacity to work as a store of significant worth. Should everybody’s program be a five star native paying little respect to its monetary esteem, cost to keep up, or administrative outcomes?
Second, there is little thankfulness for earlier outcomes in standard cryptographic research. For instance, Bitshares’ Delegated Proof of Stakecould have effortlessly and dependably created irregular numbers utilizing coin hurling with ensured yield conveyance, or, in other words known since the 1980s (see the fundamental paper by Rabin and Ben-Or).
Third, most altcoins (with a couple of remarkable special cases, for example, Tezos) have not made any settlement for future updates. The capacity to effectively push a delicate or hard fork is vital to the long haul achievement of any cryptographic money.
As a result, endeavor clients can’t submit a huge number of dollars worth of assets to conventions where the guide and on-screen characters behind them are fleeting, frivolous or radicalized. There should be an effective procedure through which social accord can conform to a dream for developing the basic convention. In the event that this procedure is hugely troublesome, discontinuity could break the network separated.
At long last, cash is eventually a social wonder. In the push to anonymize and disintermediate focal performing artists, Bitcoin and its peers have likewise disposed of the requirement for stable personalities, metadata and notoriety in business exchanges. Including these information through unified arrangements evacuates the auditability, worldwide accessibility and permanence — or, in other words purpose of utilizing a blockchain.
Inheritance money related frameworks, for example, those made out of SWIFT, FIX and ACH are wealthy in value-based metadata. It isn’t sufficient to know how much esteem moved between records, control frequently requires the attribution of performers included, consistence data, detailing suspicious action, and different records and activities. Now and again, the metadata could easily compare to the exchange.
Consequently, it appears to be sensible to deduce that the control of metadata could be as destructive as falsifying money or revamping exchange history. Making no settlement for performing artists who need to willfully incorporate these fields appears to be counterproductive to standard appropriation and customer insurance.
The accumulation of our principled investigation of the digital currency space is two accumulations of conventions. Separately, a provably secure confirmation of stake  based cryptographic money called the CSE Settlement Layer (CSL) and an arrangement of conventions called the CSE Computation Layer (CCL).
Our plan accentuation is to suit the social parts of cryptographic forms of money, work in layers by isolating the bookkeeping of significant worth from complex calculation and address the necessities of controllers inside the extent of a few permanent principles. Besides, where it is sensible, we endeavor to vet proposed conventions through companion audit and check code against formal determinations.
PROOF OF STAKE
Utilizing verification of stake for a digital currency is a fervently discussed plan decision, anyway in light of the fact that it adds a component to present secure casting a ballot, has greater ability to scale, and allows more colorful impetus plans, we chose to grasp it.
Our evidence of stake convention is called Ouroboros and it has been composed by a greatly skilled group of cryptographers from five scholarly institutions driven by Professor Aggelos Kiayias of the University of Edinburgh. The center advancement it brings past being demonstrated secure utilizing a thorough cryptographic model is a secluded and adaptable plan that takes into account the piece of numerous conventions to improve usefulness.
This particularity takes into consideration highlights, for example, appointment, sidechains, subscribable checkpoints, better information structures for light customers, distinctive types of arbitrary number age and even extraordinary synchronization suspicions. As a system creates from having thousands to millions and even billions of clients, the prerequisites of its agreement calculation will likewise change. In this manner, it is crucial to have enough adaptability to oblige these progressions and accordingly future-verification the core of a digital currency.
SOCIAL ELEMENTS OF MONEY
Cryptographic forms of money are a prime case of the social part of cash. While confining investigation exclusively to innovation, there is little distinction among Bitcoin and Litecoin and even less so among Ethereum and Ethereum Classic. However, both Litecoin and Ethereum Classic keep up expansive market capitalizations and hearty, unique networks and additionally their very own social orders.
It tends to be contended that a huge piece of the estimation of a digital money is gotten from its locale, the manner in which it utilizes the cash, and its level of commitment in the money’s development. Advancing the idea, monetary forms, for example, Dash have even incorporated frameworks straightforwardly into the convention to connect with their locale in choosing what ought to be a need to create and support.
The tremendous decent variety of digital forms of money likewise gives proof to their social components. Differences about theory, fiscal approach, or even just between the center designers prompt discontinuity and forks. However not at all like their digital money partners, fiat monetary standards of superpowers have a tendency to survive political movements and neighborhood differences without a cash emergency or mass departure.
In this way, it appears that there are components of inheritance frameworks that are absent from the cryptographic money industry. We contend — and have taught into the CSE guide – that clients of a convention require motivations to comprehend the social contract behind their convention and have the opportunity to propose changes beneficially. This opportunity stretches out to each part of an esteem trade framework, from choosing how markets ought to be managed to which activities ought to be supported. However it can’t be facilitated through brought together performing artists nor require some unique certification that could be co-selected by an all around subsidized minority.
CSE will execute an arrangement of overlay conventions based over CSL to oblige the requirements of its clients.
To start with, paying little mind to the achievement of a crowdsale to bootstrap improvement, assets will in the long run disseminate. Henceforth, CSE will incorporate a decentralized trust financed from monotonically diminishing expansion and exchange charges.
Any client ought to be qualified to ask for assets from the trust by a vote framework and the partners of CSL vote on who turns into a recipient. The procedure makes a beneficial input circle seen in different digital currencies with treasury/trust frameworks, for example, Dash, by beginning a discussion about who ought to and ought not be subsidized.
Subsidizing dialogs drive a connection of long and here and now objectives, the cryptographic money’s social contract, needs and the faith in esteem creation with specific recommendations. This discussion implies that the network is always assessing and discussing its convictions against conceivable guides.
Second, our expectation is that CSE will in the end incorporate a formal, blockchain based framework to propose and vote on both delicate and hard forks. Bitcoin with its square size discussion, Ethereum with the DAO fork, and numerous different cryptographic forms of money other than have persevered through long standing and, in continuous cases, uncertain contentions over the specialized and good bearing of the codebase.
It can and ought to be contended that a significant number of these contradictions, and the breaking of the network that outcomes when move is made, are an immediate aftereffect of an absence of formal procedures for discussing change.
Where does one go to persuade Bitcoin clients to embrace Segregated Witness? By what method should the center engineers of Ethereum measure network assessment for safeguarding the DAO? On the off chance that the network cracks, is the digital currency harmed destroyed?
In the most pessimistic scenarios, moral specialist to act could essentially degenerate to whoever has the engineers, infrastructural connections and cash, not the all the best of by far most of the network. Moreover, if a huge segment of the network is blocked off or withdrawn because of terrible incentives, at that point by what method can one really know whether their demonstrations are authentic?
Proposed cryptographic forms of money, for example, Tezos give a fascinating model to inspect where a digital money convention is dealt with like a constitution containing three areas (Transaction, Consensus and Network) with an arrangement of formal standards and procedure to refresh the constitution. However there stays much work to be finished with motivating forces and over how precisely to model and change a digital currency with a formal dialect.
The utilization of formal strategies, machine justifiable determinations and consolidating a treasury with this procedure for money related motivating forces are being investigated as conceivable roads for motivation. At last, only the capacity to propose a convention change in a straightforward, restriction free route with blockchain based casting a ballot ought to enhance the procedure, regardless of whether more rich arrangements can’t be outlined.
DESIGNING IN LAYER – CSE SETTLEMENT LAYER
Some principles extracted from a historical view are the following:
- You cannot predict the future so build in wiggle room
- Complexity is nice on paper, but simplicity usually wins
- Too many cooks spoil the broth
- Once a standard is set it will probably stick around, regardless of whether it is suboptimal
- Bad ideas can actually evolve into pretty good ones if there is a will
CSE is a financial system that accepts its social nature. There will be a tremendous need for flexibility and the ability to address arbitrary complexity in a particular user’s transaction. If successful, there will be a need for tremendous computational, storage and network resources to accommodate millions of concurrent transactions.
Yet we do not have a digital, decentralized Robin Hood to take from the rich nodes and give to the poor ones in order to achieve a fair network. Nor do we have the luxury of trusting human beneficence to altruistically sacrifice for the greater good of the network. Therefore, CSE’s design borrows from TCP/IP the concept of separation of concerns.
Blockchains are ultimately databases ordering facts and events with guarantees about timestamps and immutability. In the context of money, they order ownership of assets. Adding complex computation by storing and executing programs is an orthogonal concept. Do we want to know how much value went from Alice to Bob, or do we want to get involved in figuring out the whole story behind the transaction and deciding how much to send?
It is incredibly tempting to choose the latter as Ethereum has done because it is more flexible, but it violates the design principles above. Figuring out the story means that a single protocol has to be able to understand arbitrary events, script arbitrary transactions, permit arbitration in cases of fraud and even potentially reverse transactions when new information is made available.
Then one has to make difficult design decisions about what metadata to store for each transaction. What elements of the story behind Alice and Bob’s transaction are relevant? Are they relevant forever? When can we throw away some data? Does doing so violate the law in some countries?
Furthermore, some computation is private in nature. For example, when calculating the average salary of workers in an office, we would not necessarily want to leak how much each person makes. But what if every computation is publicly known? What if this publicity biases execution order to harm outcome?
Thus, we have chosen the position that the accounting of value should be separated from the story behind why the value was moved. In other words, separation of value from computation. This separation does not mean that CSE will not support smart contracts. On the contrary, by making the separation explicit, it permits significantly more flexibility in the design, use, privacy and execution of smart contracts.
The value ledger is called the CSE Settlement Layer (CSL). As the purpose is to account for value, the roadmap has the following goals:
- Support two sets of scripting languages, one to move value and another to enhance overlay protocol support
- Provide support for KMZ sidechains to link to other ledgers
- Support multiple types of signature including quantum resistant signatures for higher security
- Support multiple user issued assets
- Achieve true scalability, meaning as more users join, the capabilities of the system increase
Starting with the scripting language, transactions between addresses in a ledger require some form of a script to execute and be proven valid. Ideally, one would not want Eve to access Alice’s money, nor would one want a poorly designed script to accidently send value to a dead address making the funds irretrievable.
Systems such as Bitcoin provide an extremely inflexible and draconian scripting language that is difficult to program bespoke transactions in, and to read and understand. Yet the general programmability of languages such as Solidity introduce an extraordinary amount of complexity into the system and are useful to only a much smaller set of actors.
Therefore, we have chosen to design a new language called Simon6 in honor of its creator Simon Thompson and the creator of the concepts that inspired it, Simon Peyton Jones. Simon is a domain-specific language that is based upon Composing contracts: an adventure in financial engineering.
The principal idea is that financial transactions are generally composed from a collection of foundational elements. If one assembles a financial periodic table of elements, then one can provide support for an arbitrarily large set of compound transactions that will cover most, if not all, common transaction types without requiring general programmability.
The primary advantage is that security and execution can be extremely well understood. Proofs can be written to show correctness of templates and exhaust the execution space of problematic transaction events, such as the creation of new money out of thin air or transaction malleability. Second, one can leave in extensions to add more elements by way of soft forks if new functionality is required.
That said, there will always be a need to connect CSL to overlay protocols, legacy financial systems, and special purpose servers. Thus we have developed Plutus as both a general purpose smart contract language and also a special purpose DSL for interoperability.
Plutus is a typed functional language based on concepts from Haskell, which can be used to write custom transaction scripts. For CSL, it will be used for complex transactions required to add support for other layers we need to connect, such as our sidechains scheme.
With respect to sidechains, CSE will support a new protocol developed by Kiayias, Miller and Zindros (KMZ sidechains) based upon prior results from proofs of proofs of work. The particular design is beyond the scope of this paper; however, the concept allows for the secure and non-interactive movement of funds from CSL to any CSE Computation Layer or other blockchain supporting the protocol.
KMZ sidechains are the key to encapsulating complexity. Ledgers with regulatory requirements, private operations, robust scripting languages and other special concerns are effectively black boxes to CSL, yet the CSL user will gain certain guarantees about accounting and the ability to recall funds once computation is complete.
In order to securely move value from Alice to Bob, Alice needs to prove she has the right to move the funds. The most direct and reliable way of accomplishing this task is to use a public key signature scheme where funds are connected to a public key and Alice controls an associated private key.
There are hundreds of possible schemes with different security parameters and assumptions. Some rely upon mathematical problems connected to elliptic curves, whereas others are connected to exotic concepts using lattices.
The abstract goal is always the same. There exists a hard problem that cannot be solved unless someone has a secret piece of knowledge. The holder of this piece of knowledge is said to be the owner of the keypair and should be the only entity that has the ability to use it.
There are two groups of concerns a cryptocurrency faces with choosing a signature scheme. First, there is the long-term security durability of the scheme itself. Some cryptographic schemes used in the 1970s and 1980s such as DES have been broken. The period over which the scheme should be expected to survive must be decided upon.
Second, there are many enterprises, governments and other institutions that have preferred, or in some cases, mandated the use of a particular scheme. For example, the NSA maintains the Suite B protocol set. There are standards from ISO and even W3C workgroups on cryptography.
If a cryptocurrency chooses a single signature scheme, it is forced to accept that the scheme could be broken at some point in the future and at least one entity cannot use the cryptocurrency due to legal or industry restrictions. Yet a cryptocurrency cannot support every signature scheme as this would require every client to understand and validate each scheme.
For CSE, we decided to start with using elliptic curve cryptography, the Ed25519 curve in particular. We also decided to enhance the existing libraries by adding support for HD wallets using Dr Dmitry Khovratovich and Jason Law’s Specification.
This said, CSE will support more signature schemes in the future. In particular, we are interested in integrating quantum computer resistant signatures to our system. We are also interested in adding SECP256k1 to enhance interoperability with legacy cryptocurrencies such as Bitcoin.
CSE has been designed with special extensions that will allow us to add more signature schemes through a soft fork. They will be added as needed and during major updates planned in the roadmap.
USER ISSUED ASSETS (UIAS)
Early in Bitcoin’s history, protocols were quickly developed to allow users to issue assets that piggybacked on Bitcoin’s accounting system in order to track multiple currencies concurrently. These protocols were not natively supported by the Bitcoin protocol, but implemented through clever hacks.
In the case of Bitcoin overlays such as Colored Coins and Mastercoin (now called Omni), light clients are forced to rely on trusted servers. Also transaction fees still have to be paid in bitcoins. These properties combined with the single pipeline for transaction approval make Bitcoin suboptimal for multi-asset accounting.
In the Ethereum case using the ERC20 standard, there is more feature richness. However, transaction fees still require ether. Furthermore, the Ethereum network is having difficulty scaling to the needs of all the issued ERC20 tokens.
The fundamental problem can be broken into three parts: resources, incentives and concern. With respect to resources, adding an entirely new currency to the same ledger means one has two independent UTXO (unspent transaction inputs) sets sharing the bandwidth, mempool and block space. Consensus nodes responsible for embedding transactions of these currencies need an incentive for doing so. And not every user of a cryptocurrency will or should care about a particular entity’s currency.
Given these problems, the benefits are tremendous as the primary token of a multiasset ledger can effectively serve as a bridge currency allowing for decentralized market making. Special purpose assets could be issued to provide additional utility such as value stable assets like Tether or MakerDAO that are useful for lending and remittance applications.
Given the challenges, CSE has adopted a pragmatic approach to multiasset accounting. Building in stages, the first challenge is designing the necessary infrastructure to support the demands of thousands of UIAs. Namely the following advancements are necessary:
- Special purpose authenticated data structures to permit the tracking of a very large UTXO state
- The ability to have a distributed mempool to hold a huge set of pending transactions
- Blockchain partitioning and checkpoints to permit a huge global blockchain
- An incentive scheme that rewards consensus nodes for including different sets of transactions
- A subscription mechanic that allows users to decide which currencies they want to track
- Strong security guarantees that UIAs enjoy similar security as the native asset
- Support for decentralized market making to improve liquidity between UIA and the primary token
Our preliminary efforts for finding the right authenticated data structure have resulted in a new type of AVL+ Tree jointly developed by Leo Reyzin, IOHK and Waves. More research is required, but it is a foundational advancement that will be included in a later version of CSE.
A distributed mempool could be implemented using Stanford University’s RAMCloud protocol. Experiments will begin in Q3 of 2017 to study its integration into CSE’s consensus layer.
The remaining topics are interconnected and covered by ongoing research. We expect — subject to research results — to include a protocol into CSE for UIAs during the Basho of CSL release in 2018.
Distributed systems are composed of a set of computers (nodes) agreeing to run a protocol or suite of protocols to accomplish a common goal. This goal could be sharing a file as defined by the BitTorrent protocol or folding a protein using [email protected]
The most effective protocols gain resources as nodes join the network. A file hosted by BitTorrent, for example, can be downloaded much faster on average if many peers are concurrently downloading it. The speed increases because the peers provide resources while also consuming them. This characteristic is what one typically means when stating a distributed system scales.
The challenge with the design of all current cryptocurrencies is that they actually are not designed to be scalable. Blockchains, for example, are usually an append-only linked list of blocks. The security and availability of a blockchain protocol relies upon many nodes possessing a full copy of the blockchain data. Thus, a single byte of data must be replicated among N nodes. Additional nodes do not provide additional resources.
This result is the same for transaction processing and the gossiping of messages throughout the system. Adding more nodes to the consensus system does not provide additional transaction processing power. It just means more resources have to be spent to do the same job. More network relaying meaning more nodes have to pass the same messages to keep the whole network in synchronization with the most current block.
Given this topology, cryptocurrencies cannot scale to a global network on par with legacy financial systems. In contrast, legacy infrastructure is scalable and has orders of magnitude for more processing and storage power. Adding a specific point, Bitcoin is a very small network relative to its payment peers, yet struggles to manage its current load.
Our scalability goals for CSE are greatly aided by our consensus algorithm. Ouroboros permits a decentralized way to elect a quorum of consensus nodes, which in turn can run more traditional protocols developed over the last 20 years to accommodate the needs of large infrastructure providers such as Google and Facebook.
For example, the election of a quorum for an epoch means we have a trusted set of nodes to maintain the ledger for a specific time period. It is trivial to elect multiple quorums concurrently and partition transactions to different quorums.
Similar techniques could be applied for network propagation and also sharding the blockchain itself into unique partitions. In our current roadmap, scaling methods will be applied to Ouroboros starting in 2018 and continue to be a focus in 2019 and 2020.
CSE COMPUTATION LAYER
As mentioned previously, there are two components of a transaction: the mechanism to send and record the flow of tokens and the reasons as well as conditions behind moving tokens. The latter can be arbitrarily complex and involve terabytes of data, multiple signatures and special events occurring. The latter can also be remarkably simple with a single signature pushing value to another address.
The challenge behind modeling the reasons and conditions of value flow is that they are immensely personal to the entities involved in the most unpredictable of ways. Lessons from contract law paint an even more problematic picture where the actors themselves might not even be aware that the transaction does not match commercial reality. We generally call this phenomenon “the semantic gap”.
Why should one build a cryptocurrency chasing an endless layer of complexity and abstraction? It seems Sisyphean in nature and naive in practice. Furthermore, each abstraction embraced has both legal and security consequences.
For example, there are numerous activities online that are universally deemed illegal or scorned such as the trafficking of child pornography or the selling of state secrets. By deploying robust decentralized infrastructure, one is now providing a channel for this activity to occur with the same censorship resistance that normal commercial transactions enjoy. It is legally unclear if the consensus nodes of the network — which have the incentive to become more federated over time to promote efficiency — would be held accountable for the content they host.
Prosecution of Tor operators, the brutal treatment of Silk Road’s operator and the lack of overall legal clarity behind legal protections of protocol participants leaves an uncertain road. There is no lack of imagination of what else a sufficiently advanced cryptocurrency could enable (see the Ring of Gyges). Is it reasonable to force all users of a cryptocurrency to endorse or at least enable the worst acts and conduct of the web?
Unfortunately, there are no clear answers that provide insight to a cryptocurrency designer. It is more about picking a position and defending its merit. The advantage that both CSE and Bitcoin have is that we have chosen to separate concerns to layers. With Bitcoin, there is Rootstock. With CSE, there is the CSE Computation Layer.
The kinds of complex behavior that would enable the acts elaborated previously cannot run on CSL. They require the ability to run programs written in a Turing complete language and some form of gas economics to meter computation. They also require consensus nodes willing to include the transactions in their blocks.
Thus, a functionality restriction could reasonably protect users. So far, most established governments have not taken the position that the use or maintenance of a cryptocurrency is an illegal act. Hence, the vast majority of users should be comfortable maintaining a ledger that is comparable in capability with a digital payment system.
When one wants to extend capability, there are two possibilities. It is enabled by a private collective of likeminded individuals and ephemeral in nature (for example, a poker game). Or, it is enabled by a ledger of comparable capabilities as Ethereum. In both cases, we have chosen outsourcing the events to another protocol.
In the case of a private, ephemeral event, it is reasonable to avoid the blockchain paradigm entirely, but rather restrict efforts towards a library of special purpose MPC protocols that can be invoked when desired by a group of likeminded participants. The computations and activities are coordinated in a private network and reference CSL only as a trusted bulletin board and a message passing channel when necessary.
The key insight in this case is that there is consent, encapsulation of liability and privacy. CSL is being used as a digital commons for users to meet and communicate — like a park would host a private event — but does not provide any special accommodations or facilitation. Furthermore, the use of special purpose MPC will enable low latency interaction without the need for blockchain bloat. Thus, it improves the scale of the system.
CSE’s research efforts towards this library are centralized at our Tokyo Tech laboratory with some assistance from scientists abroad. We call the library “Tartaglia” after a fellow mathematician as well as contemporary of CSE and expect the first iteration to be available in Q1 of 2018.
In the second case, one needs a blockchain with a virtual machine, a set of consensus nodes and a mechanism to enable communication between the two chains. We have begun the process of rigorously formalizing the Ethereum Virtual Machine using the K-framework in partnership with a team from the University of Illinois.
The result of this analysis will inform the most optimal way to design a replicated and eventually distributed virtual machine with clear operational semantics and strong guarantees of correct implementation from the specification. In other words, the VM actually does what the code tells it to do with the security risks minimized.
There are still unresolved questions about the gas economics proposed by Ethereum and how it relates to work such as Jan Hoffmann et al’s resource aware ML and the broader study of resource estimation for computation. We are also curious about the level of language independence of the virtual machine. For example, the Ethereum project has expressed desire for transition from their current VM to Web Assembly.
The next effort is in developing a reasonable programming language to express stateful contracts that will be called as services by decentralized applications. For this task, we have chosen both the approach of supporting the legacy smart contract language Solidity for low assurance applications and developing a new language called Plutus for higher assurance applications requiring formal verification.
Like the solidity based Zeppelin project, IOHK will also develop a reference library of Plutus code for application developers to use in their projects. We will also develop a specialized set of tools for formal verification inspired by work from UCSD’s Liquid Haskell project.
In terms of consensus, Ouroboros was designed in a sufficiently modular fashion to support smart contract evaluation. Hence, both CSL and CCL will share the same consensus algorithm. The difference is that Ouroboros can be confirmed to permit both permissioned and permissionless ledgers via token distribution.
With CSL, Ada has been distributed by a token generating event to purchasers throughout Asia who will eventually resell on a secondary market. This means that CSL’s consensus algorithm is controlled by a diverse and increasingly more decentralized set of actors or their delegated assigns. With CCL, it is possible to create a special purpose token held by delegates of that ledger who could be regulated entities, thereby creating a permissioned ledger.
The flexibility of this approach allows for different instances of CCL to materialize with different rules about the evaluation of transactions. For example, gambling activities could be restricted unless KYC/AML data is present simply by blacklisting non-attributed transactions.
Our final design focus is on adding trusted hardware security modules (HSM) to our protocol stack. These are two enormous advantages when introducing these capabilities into the protocol. First, HSMs provide massive boosts in performance without introducing security concerns beyond trusting the vendor. Second, through the use of Sealed Glass Proofs (SGP), HSMs can provide assurances that data can be verified and then destroyed without being copied or leaked to malicious outsiders.
Focusing on the second point, SGPs could have a revolutionary impact upon compliance. Ordinarily, when a consumer provides personally identifiable information (PII) to authenticate identity or prove the right to participate, this information is handed to a trusted third party with the hope it will not act maliciously. This activity is intrinsically centralized, the data provider loses control over their PII and is also subject to various regulations based on jurisdiction.
The ability to select a set of trusted attestors and then warehouse PII in a hardware enclave means that any actor with a sufficiently capable HSM will be able to verify facts about an actor in an unforgeable way without the verifier knowing the identity of the actor. For example, Bob is not an US citizen. Alice is an accredited investor. James is a US taxpayer and one should send taxable profits to account X.
CSE’s HSM strategy will be to attempt implemented specialized protocols over the next two years using Intel SGX and ARM Trustzone. Both modules are built into billions of consumer devices from laptops to cellphones and require no additional effort on the consumer side to use. Both are also heavily vetted, well designed and based upon years of iteration from some of the largest and best funded hardware security teams.
The harsh reality of all modern financial systems is that as they scale, they accumulate a need, or at least a desire, for regulation. This outcome is generally the result of recurrent collapses due to the negligence of some actor or cabal of actors in a marketplace.
For example, the Knickerbocker Crisis of 1907 resulted in the creation of the Federal Reserve System in 1913 as a lender of last resort. Another example is the excesses of the 1920s in the United States that resulted in a terrible financial collapse, the Great Depression. This collapse yielded the creation of the Securities Exchange Commission in 1934 in order to prevent a similar event or at least hold bad actors accountable.
One can reasonably debate the need for, scope and efficacy of regulation, but one cannot deny its existence and the zeal with which major governments have enforced it. However, the challenge all regulators face as the world globalizes and cash becomes digital is two-pronged.
First, which set of regulations should be supreme when dealing with a collection of jurisdictions? The antiquated notion of Westphalian sovereignty melts when a single transaction can touch three dozen countries in under a minute. Should it simply be whomever wields the most geopolitical influence?
Second, improvements in privacy technology have created a digital arms race where it will become increasingly more difficult to even understand who has participated in a transaction, much less who owns a particular store of value. In a world where millions of dollars of assets can be controlled with nothing more than a secretly held 12-word mnemonic, how do you enforce effective regulation?
Like all financial systems, the CSE protocol must have an opinion in its design over what is fair and reasonable. We have chosen to divide between individual rights and the rights of a marketplace.
Individuals should always have sole access to their funds without coercion or civil asset forfeiture. This right has to be enforced because not all governments can be trusted not to abuse their sovereign power for the personal gain of corrupt politicians, as seen in Venezuela and Zimbabwe. Cryptocurrencies have to be engineered to the lowest common denominator.
Second, history should never be tampered with. Blockchains provide a promise of immutability. Introducing the power to roll back history or alter the official record introduces too much temptation to change the past in order to benefit a particular actor or actors.
Third, the flow of value should be unrestricted. Capital controls and other artificial walls diminish human rights. Outside of the futility of attempting to enforce them, in a global economy with many citizens in the least developed nations traveling outside of their jurisdiction to find a living wage, restricting capital flows usually ends up harming the poorest in the world.
These principles stated, markets are distinctly different from individuals. While the designers of CSE believe in individual rights, we also believe that markets have the right to openly state their terms and conditions, and if an individual agrees to do business within this market, then they must be held to those standards for the sake of integrity of the entire system.
The challenge has always been cost and practicality of enforcement. Small, multijurisdictional transactions are simply too expensive in legacy systems to provide high assurance of recourse in the event of fraud or a commercial dispute. When one sends their wire transfer to the Nigerian Prince, it is usually too expensive to try to get one’s funds back.
For CSE, we feel we can innovate on three levels. First, through the use of smart contracts the terms and conditions of commercial relationships can be better controlled. If all assets are digital and can be solely expressed on CSL, strong guarantees of fraud-free commerce can be gained.
Second, the use of HSMs to provide an identity space where PII is not leaked but yet used to authenticate and credential actors should provide a global reputation system and allow for much lower cost regulated activities to be conducted, such as online gaming with automated tax compliance or decentralized exchanges.
Finally, in CSE’s roadmap is the creation of a modular regulation DAO that can be customized to interact with user written smart contracts in order to add mutability, consumer protection and arbitration. The scope of this project will be outlined in a later paper.
WHAT IS THE POINT OF ALL OF IT?
CSE has been a marathon project involving feedback from hundreds of the brightest minds inside and outside of the cryptocurrency industry. It involves tireless iteration, the active use of peer review, and shameless theft of great ideas when uncovered.
The remaining sections each cover a particular aspect of focus we have decided is a core component of our project. Some were selected due to a desire to improve the overall best practices of the space whereas others are specific to CSE’s evolution.
While no project can cover every goal or satisfy every user, our hope is to provide a vision for what a self-evolving financial stack should look like for jurisdictions that lack them. The ultimate reality of cryptocurrencies is not that they will disrupt the existing legacy financial systems. Legacy financial systems are always capable of absorbing change and maintaining their form and function.
Rather one ought to look to places where it is simply too expensive to deploy the existing banking system, where many live on less than a few dollars a day, have no stable identity and credit is impossible to find.
In these places, the power to bundle a payment system, property rights, identity, credit and risk protection into a single application running on a cell phone is not just useful, it is life changing. The reason we are building CSE is that we feel we have a legitimate shot at delivering — or at least advancing — this vision for the developing world.
If we can change the way cryptocurrencies are designed, evolved and funded, then there is a great accomplishment.