« Staying in | Main | Copyright exception gymnastics »

Funny money

Is the blockchain a solution or a technology looking for a problem? At Tomorrow's Transactions Forum a couple of months ago, Michael Salmony argued forcibly that it's the latter. Distributed databases and consensus algorithms have been researched for 30 years, so what's the big whoop?

At last week's Trust in Digital World's blockchain event (PDF), I heard an answer: "What's new is proof of work," said Michael Huth, a computer science professor at Imperial College. Proof of work is the "mining" we talk about when trying to explain where bitcoins come from. Proof of stake sounds recursive and exclusive: you prove you have a stake - that is, money, if it's a financial system - in order to get your block accepted as valid and added to the blockchain.

MichaelHuth.pngFor several years now there's been a lot of suggestion that the blockchain would be widely used in all sorts of ways by legacy systems and players. For that purpose, Huth said, solving proof of stake is vital because, as Alexandra Dmitrienko pointed out, proof of work is wasteful. The bitcoin network today consumes as much energy as 280,000 US households. Not going to scale, and hence the need for alternatives.

Both, according to Vitalik Buterin in Bitcoin Magazine in an analogy I find helpful, are essentially anti-spam measures. Except when you're talking about money the "spam" is fraud and can cost people real money. Last week, an attacker proved the point by draining ether tokens worth about $50 million from an automated blockchain-based investment fund called The DAO.

Bitcoin, Huth said, is trying to be a revolution; but it may wind up with the coexistence of reformation. It sounds abstract until you consider this in the context of last week's attack. The idea, as David Siegel helpfully explains at Medium, was to run a fully automated fund in which software in the form of "smart contracts" made all the decisions based on the rules programmed into it. It's nice, neutral computer code! What could possibly go wrong?

emin-gun-sirer.jpgCornell professor Emin Gun Sirer studied exactly this question and found a number of answers, which he published shortly before the fund opened for 1business with a call for The DAO to stop operating until the flaws were fixed.

The idea behind The DAO, as the the BBC explains, was to create a fully autonomous fund owned by its participants, who put in money that, converted to ether tokens, could be spent to back start-ups that members voted on. Think a venture capital fund with less expense, less regulation, and no managers. It's arguable that what went wrong was really not the thing of setting up the experiment: that's what early adopters and new technologies are for, and there's not much wrong with that. What went wrong, really, is that everyone got a little too excited, and put in too much money: "While the agile approach of "ready, fire, aim" generally works best with new software, it can be dangerous when $150 million gets loaded into the chamber," as Siegel put it.

Meanwhile, the attacker can't actually do much with the funds they've sequestered under an address only they control in a subfund "child DAO". The fund's governing rules enforce a 27-day delay on spending - which gives the Ethereum Foundation and its attendant community plenty of time to fight over what, if anything, should be done. Unlike most other types of software, where real money is involved governance has to grow up fast; Sirer told the BBC that coding things like this is "more similar to writing code for a nuclear power reactor, than to writing loose web code". The two main options are a soft fork, in which the address where the ether tokens are stored is blocked from spending them, or a hard fork, in which the blockchain is rolled back to before the attack and the community proceeds from there, erasing the intervening history. Meantime, in a second attack, carried out by Ethereum developers, the rest of the fund's money was diverted to a safe location (another couple of child DAOs) for its own protection, an effort the attacker intends to block.

Internet history keeps proving that every community has a value threshold above which it's become a significant enough target that abuse becomes a fact of life. In the past, humans have typically reacted by creating institutions and governance: money begat robbers, who begat banks, who begat bankers, who begat the Securities and Exchange Commission. The desire to substitute code for all that mishegoss is understandable. But it is staggeringly easy to screw up - with or without code - if the incentives and opportunities are wrong.

Siegel had what sounded like a sensible idea; he suggested the attacker should buy a bunch of ether, work with The DAO to return the money to the original token holders, and then they should dissolve The DAO. While they debate soft and hard forks, the wider blockchain community is finding itself considering questions like: whom do we bail out, and why? What kind of precedent does that set? How far do we let people proceed at their own risk? Does the coded contract rule supreme even when the code is flawed? These questions have to be answered no matter what kind of -ware is doing the governing.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


TrackBack URL for this entry:

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)