Professional Documents
Culture Documents
Authorized licensed use limited to: Universidade Federal de Toncantins. Downloaded on July 04,2020 at 18:13:43 UTC from IEEE Xplore. Restrictions apply.
as is the Bitcoin blockchain, or a node are added in a manner that links them significant challenges for anyone wish-
might require preauthorization and per- cryptographically to past board con- ing to corrupt or alter the contents,
haps identification to join. Distributed tents, forming the “chain” in block- because every participant machine
ledgers requiring preauthorization are chain. In addition, board contents are would need to be hacked.
called permissioned ledgers, while open impossible to erase. Indeed, “erasure” These properties are the origin for
networks are called permissionless. Per- might only be possible by starting a the statement that DLTs eliminate
missioned ledgers will typically enable new board that is the same as the orig- the need for trust. Two or more par-
participants to identify one another, inal blackboard up to the point just ties engaging in a transaction online
unlike the pseudonymity of many per- prior to where the contents are to be need to be sure that commitments
missionless ledgers. Different appli- erased. Because this action creates two will be honored and that individual
cations will require different system parallel chains that are identical to the actions of multistep transactions will
architectures and designs. point where they diverge, the process not be reversed. Traditionally, parties
is called forking the blockchain. who did not know one another would
WHY THE EXCITEMENT These additional rights for readers use a mutually trusted third party,
ABOUT BLOCKCHAIN? create some interesting consequences, often a law firm, bank, or other regu-
We can answer this question by com- which explain much of the excitement lated entity, to assist with this by, for
paring blockchain technology to the about blockchain technology. The first example, acting as a witness to prom-
web. The web made it relatively easy to consequence is that anyone writing ises and by holding funds in escrow
share information between one person onto the board knows that the other until other steps of a transaction were
or organization and others, either by participants (the readers) have seen completed. DLT ensures that all prom-
placing the information directly onto the content: they had to have read it ises and actions are witnessed by all
a webpage, or by enabling access to the to vote on it before it was uploaded to the participants in the shared ledger,
information via a webpage (for exam- the board. So everyone party to the not only the parties to the transaction,
ple, when stored in a database). A web- distributed ledger knows the same and makes it difficult or impossible for
page, therefore, is akin to a blackboard, content (that is, the participants have any party to subsequently repudiate,
where one person—the controller of the “shared state” for the variables on corrupt, or reverse the actions under-
server—has the power to write contents the ledger) and everyone knows that taken. Of course, the participants
onto the board, as well as to erase con- everyone knows this, and so on. In the might not need a trusted third party to
tents from it. If the webpage is public, language of game theory,3 the partic- witness their individual transactions,
then anyone can read the board’s cur- ipants have common knowledge, which but they will still need to trust the soft-
rent contents. If the webpage requires makes it impossible for a participant ware being used.
access permission (as, for example, sub- to plausibly repudiate a shared ledger’s
scription newspaper sites do), then the content at a subsequent time. SMART CONTRACTS
ability to read the contents might be Second, the chaining of content Anything expressible in digital form
limited to a private group. means that any change to past contents can be written on an electronic black-
Under this metaphor, distributed- requires changes to all the later con- board. In addition to transaction
ledger technologies (DLTs) provide tents. Such changes could not happen data, a distributed ledger can also
blackboard readers with some extra surreptitiously, and, like all proposed hold computer programs. Such pro-
powers, at the possible expense of the writing to the board, would require grams could use data from blockchain
writer’s powers. Distributed ledgers prior participant approval. Hence, the records as inputs and then generate
only allow content to be written to the past records are effectively immutable. outputs which are, in turn, written to
blackboard if the readers first agree, Third, the shared ledger is not stored that same or another blockchain. If
according to some prespecified voting on only one machine, but, rather, copies stored on a blockchain and executed,
rules. For example, for content to be are stored locally on each of the partic- their execution will occur locally at
added, all readers, a majority of read- ipants’ machines. Every reader has a each participant node connected to
ers, or a particular nominated reader copy of the board, and these copies stay the blockchain. Because many of the
might have to agree. Board contents in sync with one another. This creates applications envisioned for distributed
SEPTEMBER 2017 51
Authorized licensed use limited to: Universidade Federal de Toncantins. Downloaded on July 04,2020 at 18:13:43 UTC from IEEE Xplore. Restrictions apply.
BLOCKCHAIN TECHNOLOGY IN FINANCE
Contract Contract in “Split” natural Natural contracts on that blockchain can effec-
entirely in code code with language language tively settle transfer of that cryptocur-
duplicated contract with contract with
rency in its native form. Whereas assets
natural encoded encoded
language performance of payment are dematerialized and then recorded
version nonhuman mechanism onto a blockchain, smart contracts
aspects can perform the same function. These
smart contracts have a feature that they
would not have had they been recorded
100% code Automated on a medium other than the medium in
is contract performance
which those assets exist. This feature is
a key reason for the disruptive nature of
FIGURE 1. Smart contracts lie on a spectrum reflecting the extent to which the contract distributed ledger and smart contract
embodies computer code versus natural language. (Source: Adapted from S. Murphy technologies in finance.
and C. Cooper, Can Smart Contracts Be Legally Binding Contracts?, white paper, R3cev Because smart contracts embody
and Norton Rose Fulbright, 2016; www.nortonrosefulbright.com/knowledge/publica- and execute workflows, they could
tions/144559/can-smart-contracts-be-legally-binding-contracts.) potentially be used for automation
of regulatory workflows, for exam-
ple, reporting and monitoring of
required data, checking of compli-
ledgers involve coordination between physical goods’ journey are reached. ance, approval (or not) by a regula-
distinct people or organizations, an Such programs are examples of tor, and even levying and payment of
obvious application of such computer smart contracts, a term invented by fines for noncompliance. Such applica-
programs is the automatic execution Nick Szabo before Blockchain’s devel- tions, which Philip Treleaven termed
of business workflows across multiple opment. According to Szabo, a smart RegTech, have significant potential for
organizations. For example, the legal contract is “a set of promises, specified the application of AI to governmental
movement of physical goods from one in digital form, including protocols and regulatory activities.
country to another typically requires within which the parties perform on As with distributed ledgers them-
export and import permissions from these promises.”4 To the extent that selves, because the technology is still
the countries involved. Associated such programs embody agreements emerging, smart contracts’ nature
with these permissions might be taxes between two or more organizations, and form are diverse. For instance, the
or duties, evidence of payment of which distributed ledgers are a natural home design of smart contracts might dif-
is required for the relevant permis- for these programs. The advantage fer significantly according to whether
sions to be granted. The vendors and of putting the records of these events or not the distributed ledger on which
buyers of these goods might require and the controlling programs onto a they execute is permissioned (because
bridging finance to cover delays in distributed ledger is that the various this influences the ability to identify
receipt of payments or goods, and they parties can all see these programs and participants), and whether or not the
might purchase insurances of various monitor the trade flow progress as it ledger has an internal cryptocurrency.
forms along the chain. There may be happens. Moreover, the ledger tracks Sean Murphy and Charley Cooper have
multiple parties: vendors and buyers the chain of custody for the assets proposed a spectrum of smart contract
of the goods, transporters, banks pro- involved and records their provenance. definitions according to the extent
viding trade finance, insurance com- In addition, smart contracts on dis- to which the contract embodies com-
panies, different countries’ customs tributed ledgers of assets often have the puter code versus natural language
departments, and so on. The workflow capacity to do real-time settlement for (see Figure 1).5
could—at least, in theory—be managed the assets embedded or represented in The far left-hand of Figure 1 shows
by a sequence of computer programs the ledger. Whereas a blockchain is a agreements between parties that are
that execute automatically as succes- record of who owns what amounts of, only represented in computer code
sive intermediate milestones in the for example, a cryptocurrency, smart form. At each of the other positions,
SEPTEMBER 2017 53
Authorized licensed use limited to: Universidade Federal de Toncantins. Downloaded on July 04,2020 at 18:13:43 UTC from IEEE Xplore. Restrictions apply.
BLOCKCHAIN TECHNOLOGY IN FINANCE
questions 1 and 2 would include legal time as they interact with one another, semantics theory distinguishes sev-
knowledge and experience, while using modal logics with temporal and eral different types of formal represen-
questions 2–5 would require soft- epistemic operators. For example, tations of programs.
ware development expertise and per- public announcement logics (such as The first type, axiomatic semantics,
haps other computational knowledge that described by Jan Plaza10) repre- defines each program in terms of the
and skills. Using human expertise in sent updates in the knowledge of hear- preconditions that must exist before
this way is not scalable, and probably ers when speakers make announce- the program can be executed, and the
neither efficient nor very accurate. ments to a group. With such logics, we postconditions that apply following its
Our goal is to automate the analysis can reason about the participants’ execution utterance.
required to answer these questions for knowledge over time and understand, A second type of semantics, an oper-
any proposed smart contract. Is this for instance, the extent to which ational semantics, considers the smart
possible? malicious coalitions of nodes control contract as computational instruc-
Formal and automated verifica- other participants’ knowledge. A key tions that operate successively on some
tion of computer programs has been research challenge will be formally abstract or virtual machine’s states.
an active area of computer science specifying the properties of interest in The program commands are thus seen
research for at least three decades, the modal logic so that these proper- as state-transition operators, and the
with several methods now in use. A ties can be verified. operational semantics defines these
common method is model checking, in Trace alignment will be an import- transitions precisely.
which the program-verification task ant technique for verification of Finally, in denotational semantics,
involves proving properties of a math- these programs when considered as each language syntax element is
ematical model of the program. Indus- part of a larger business process.11 In assigned a relationship to an abstract
try has widely applied these tech- this approach, we use formal models mathematical entity, or its denotation.
niques, for example, in the design of (DFA and/or modal logics) to create We then seek to reason about the pro-
computer hardware8 and autonomous expected execution runs, or traces, gram’s properties by reasoning about
underwater vehicles.9 and then another formal represen- the denoted mathematical entities,
Most smart contract applications tation, such as linear temporal logic, and vice versa.
being considered in industry are to undertake the verification. Tech- Each of these types of seman-
intended to automate or semiauto- niques from AI planning might then tics can apply to particular classes of
mate business processes, which are be used to automatically fix any mis- smart contracts when viewed sim-
combinations of sequential, parallel, alignments identified. ply as programs (that is, ignoring the
or interleaved actions undertaken blockchain platform). For most smart
over time by multiple participants. For Verification of smart contracts, creating both an axiomatic
this reason, action sequences and mes- contracts (questions 2–5) and an operational semantics should
sage sequence charts are obvious spec- To apply formal verification meth- be straightforward. An operational
ification and design tools for the inter- ods to the five questions, we need to semantics will be of most value when
actions and communications between have certain tools and methodologies we are exploring the properties of col-
participants in distributed ledgers, in place. For questions 2–5, we need a lections of smart contracts (that is, in
and deterministic finite automata formal (machine-readable) represen- trying to answer question 5), because
(DFA) are an obvious computational tation of a smart contract program this semantics should facilitate the
model of their operation. DFA present and its effects on the world in which it analysis of effects due to concurrency
an external view of the actions of a exists. If we view a smart contract as and interaction. It might be that ver-
participant or a smart contract across just a computer program operating on ifying desirable properties of these
a ledger, without modeling their inter- some real or virtual machine, ignoring programs requires an assumption that
nal states. (for the moment) that it operates in a the machines running the contracts
We can formally model the internal distributed fashion across separate all have some common implementa-
states of entities (participants or smart nodes, then this is straightforward, at tion environment, possibly a virtual
contracts), and how these change over least in principle. Program language environment. Thus, proving low-level
SEPTEMBER 2017 55
Authorized licensed use limited to: Universidade Federal de Toncantins. Downloaded on July 04,2020 at 18:13:43 UTC from IEEE Xplore. Restrictions apply.
BLOCKCHAIN TECHNOLOGY IN FINANCE
the properties of the individual com- area before we can achieve automation automation. Space and scope limita-
ponents in the system and their rules of question 2’s validation task. tions prevent us from pursuing these
of interaction. Higher-level properties ideas here.
and phenomena might emerge as more Shared understandings and
individual programs come into contact intentions (question 1)
A
with one another. The tasks involved in question 1’s val- lthough formal verification of
As enterprises deploy multiple idation task are probably the most computer programs and sys-
blockchains, some public and some challenging to automate. Human legal tems has a long history in com-
private (that is, permissioned), each expertise is necessary, and for con- puter science, with many successful
running various smart contracts read- tracts in particular domains, such as commercial applications, features of
ing inputs from and writing outputs to commodity futures or trade finance, this application domain create major
these different ledgers, predicting and such knowledge might need to be very research and implementation chal-
preventing such interaction effects specialized. However, many of the lenges for automated verification and
will become increasingly important. proposed smart contract applications validation of smart contracts. None of
However, the science of complex sys- are for repeated and essentially rou- these challenges is insurmountable,
tems applied to collections of com- tine applications, in which only some but they will take time and effort to be
puter programs and ecosystems of IT parameters vary from one instanti- resolved.
systems is itself still fairly immature, ation to the next. The spectrum pro-
and computer scientists have only just posed by Murphy and Cooper,5 for ACKNOWLEDGMENTS
recently begun looking, for instance, instance, includes cases where the We are grateful for conversations on these
at verification of the properties of encoded component is merely pay- topics with Sean Murphy, Michael Sin-
swarms of autonomous entities.18 ment actions or is similarly limited. clair, and Victoria Birch of Norton Rose
Thus, one might imagine using human Fulbright; Benjamin Herd of Bosch; Philip
Natural language expertise to create and validate a col- Treleaven of University College London;
contracts (question 2) lection of template natural language and the anonymous reviewers.
Automatizing question 2’s validation contracts along with parameters rep-
task will require formal representa- resenting the understandings (beliefs) REFERENCES
tion of both the smart contract pro- and intentions of participants. An 1. S. Nakamoto, Bitcoin: A Peer-To-Peer
gram and the natural language con- example could be the choice of legal Electronic Cash System, report, Bitcoin
tract. One way is via the creation and jurisdiction under which disagree- .org, 2008; bitcoin.org/bitcoin.pdf.
application of a descriptive mark-up ments about the contract would be 2. R.G. Brown et al., Corda: An Introduc-
language for legal contracts that would adjudicated. Such parameters would tion, white paper, R3cev, 2016; www
tag the terms of contracts with formal be chosen by the participants—either .r3cev.com/s/corda-introductory
(machine-readable) semantics. A pro- individually or jointly—and instan- -whitepaper-final.pdf.
posed mark-up language of this kind tiated into the written contract. Marc 3. M.S.-Y. Chwe, Rational Ritual: Culture,
is the Legal Knowledge Interchange Lauritsen and Thomas F. Gordon pro- Coordination, and Common Knowledge,
Format (LKIF), developed as part of posed a theory of document model- Princeton Univ. Press, 2001.
the European Commission-funded ing in legal domains,22 and this could 4. N. Szabo, “Smart Contracts: Building
research project Estrella.19 Christo- encompass such activities. Blocks for Digital Markets,” Extropy,
pher Clack and his colleagues recently These efforts seek to automate 1996; www.fon.hum.uva.nl/rob
proposed a standardized format for the creation of, and the provision of /Courses/InformationInSpeech
storage and transmission of marked-up legal and computational advice on, /CDROM/Literature/LOTwinter
legal agreements as part of a frame- smart contracts. These goals are best school2006/szabo.best.vwh.net
work and meta-language that would understood within the context of a /smart_contracts_2.html.
incorporate both natural language larger and long-running AI research 5. S. Murphy and C. Cooper, Can Smart
documents and program code.20,21 agenda to formalize legal reasoning— Contracts Be Legally Binding Contracts?,
Much work remains to be done in this both to understand it and support its white paper, R3cev and Norton Rose
SEPTEMBER 2017 57
Authorized licensed use limited to: Universidade Federal de Toncantins. Downloaded on July 04,2020 at 18:13:43 UTC from IEEE Xplore. Restrictions apply.