Smart digital contracts for next-generation distributed ... · Trading Post-Trade Expiry Regulator...
Transcript of Smart digital contracts for next-generation distributed ... · Trading Post-Trade Expiry Regulator...
Fritz HengleinUniversity of Copenhagen, [email protected] Digital, [email protected]
FMAIL 2019Bergen
December 2nd, 2019
Smart digital contracts for next-generation distributed ledger
technology
Professor of Programming Languages and SystemsUniversity of Copenhagen
Head of ResearchDeon Digital AG
Fritz Henglein
Related background
• Partner, European Blockchain Center (ebcc.eu)
• Steering committee chair, Danish Innovation Network for
Finance IT (-2018),
• Principal investigator, Functional technology for high-
performance architectures (FUTHARK)
Academic background, affiliations, guest positions
Areas of interest• Programming language technology• Theoretical computer science
(algorithms, semantics, logic)• Blockchain technology• Contract management• Financial technology• Enterprise systems
3
Why blockchain?
4
Blockchain: orthodox view • Hash-linked chain of blocks of Merkle trees.• Contains a single log of all transactions worldwide.• A logged transaction constitutes a validated transfer of a
built-in cryptocurrency. • Implemented by open distributed network of replicated state
machines with atomic broadcast (total event order consensus)• Nodes and users are pseudonymous, have multiple self-
issued identities (public keys).• Nodes in the network employ a peer-to-peer gossip
protocol for sending new blocks to each other.• New blocks are proposed by nodes elected by probabilistic
decentralized one-dollar-one-vote mechanism. Successful proposer is paid in cryptocurrency.
5
Bitcoin: Replicated state machine + gossip protocol + total event order consensus
Blockchain: generalized distributed ledger view
• behaving like a single reliable virtual computer, but with decentralized governance,
• performing tamper-proof recording of digitallysigned (real-world) events and their evidence;
• securely managing economic resources:• digital storage, transfer, transportation and transformation of
economic resources (money, assets, goods, rights, etc.)
It provides• consistent, nonrepudiable history across all principals
(suppliers, partners, customers, regulators, etc.)• economic resource preservation (duplication impossible)• (possibly) authentication, privacy and confidentiality
7
A dynamic peer-to-peer computer network characterized by
Democratic, egalitarian access and control
behaves like
server-based system
Secure tracking & tracing
No forging or double spending
Blockchain/DL systems: Current favorites
• Nonpermissioned (self-authenticating users and node operators):
• Bitcoin
• Ethereum
• Permissioned (externally authenticated users and node operators):
• Hyperledger
• Corda
• Build Your Own (since no single system can be best at everything)
8
Standard blockchain application architecture
9
• Private front-end program (private key management, trading strategy, etc.)
• Public smart contracts (programs tied to particular blockchain system)
• Public settlement layer (resource and information manager) with smart contract execution engine(single blockchain system)
Ethereum-style smart contracts are neither smart nor contracts.
They are single-threaded, sequentially scheduled programs.
Distributed application (“dapp”)
10
Resource manager/settlement layer (blockchain/DL system)
Strategy Contract Strategy Strategy Contract Strategy
Company A
Shared (public, governed, trusted party)
Company CCompany B
Contract manager
Contract manager
Decentralized business ecosystem: Contracts and multiple trusted third parties
Trusted third parties:
Exchanges, brokers, clearing
houses,..;IT service and
platform providers; government institutions,...
Contract-oriented systems architecture with multiple contract and resource managers
11
multiple resource managers
• Private systems (ERP etc)• Confidential digital contracts
• permissions and obligations
• Confidential contract managers• monitoring, arbitration, escrow,
collateral management, etc.
• Shared resource managers• Centralized and decentralized
multiple contract managers
confidential contract
12
Contract specification language comparison
2/12/2019 All Rights Reserved © 2019 Deon Digital AG www.deondigital.com
Criteria CSL(Deon Digital)
Solidity(Ethereum)
DAML(Digital Assets)
Kotlin/Java(Fabric/Corda)
Plutus(Cardano)
adjoint(Adjoint.io)
Pact(Kadena)
Legally binding digital contract YES No (Yes) No No No No
Human and machine readable YES Limited Yes No Limited Limited No
Contract/strategy separation YES No No No No No No
Reporting capabilities YES No No No No
Formal semantics/ verification YES No (Yes) No Yes No No
Compositional YES No No No No No No
Deterministic YES Yes Yes No/Yes Yes Yes Yes
Type safe YES No Yes No Yes Yes
Ledger-agnostic YES No No No No No No
WARNING: Marketing slide
Use case: Dynamic multimodal mobility
13
Bus company(public cloud
hosted)
Web app Sales system
Passenger Tour operator
Contract manager (private blockchain)
Banking system
Peer-to-peer last-mile car service
(blockchain)
Custom API adapter Smart contract API Payment API (via PSD2 or payment
provider)
Custom ticket for trip A->B
Train company(private data center)
Custom API adapter
Contract manager (cloud hosted)
• Monitors specified multimodal journey• Collects payments for legs taken• Reschedules connections dynamically
EXAMPLE TRAVEL BOOKING
Relation 1:n Relation 1:1:n
• Blockchain replaces aggregators
• Each player canrepresent customer interface into the entire ecosystem
• Resilient network can compensate temporary failures of one element
Relation 1:1
Collaborating services
Conventionalway
Blockchain wayPlatform way
Today
“Do it yourself” “Pay the platform to do it” & build & maintain hundreds interfaces yourself
“Let the ecosystem do it”
Use case: Dynamic multimodal mobility (illustration)
Illustration by Sabine Reppert
15
CCPRepository
Pre-Trade
Trading
Post-Trade
Expiry
Pre-Trade
Trading
Post-Trade
Expiry
Regulatory
Platform
Action
Reaction
✗ Paper based legal documentation✗ Transaction validations is prone to errors✗ Asynchronous business states
✓ Digitalized legal documentation✓ Contract based, safe transaction validation✓ Synchronous business states
Client Projects
Automation of OTC derivatives contracts
Pre-Trade
Trading
Post-Trade
Expiry
Pre-Trade
Trading
Post-Trade
Expiry
Digital OTCContract
CCPRepository Regulator
y
2/12/2019 All Rights Reserved © 2019 Deon Digital AG www.deondigital.com
Smart digital contract management vs. Ethereum-style smart contracts
• Separation of contracts from contract life cycle management• Contracts portable, analyzable, domain-oriented (e.g. Deon Digital CSL)• Contract life cycle managers generic (can manage any contract), in any implementation
language (Kotlin, Go, Java, Haskell,...), instrumentable, changeable (adding escrow, collateral management, etc., without changing contracts)
• Separation of resource management from contract management• Increased scalability 1: Consensus per contract, global consensus not required• Increased scalability 2: Aggressive partitioning of resources (sharding, channels, etc.)• Increased privacy: contract and contract state disclosed only to contract parties
• Precise, mathematical semantics of contracts• Mathematical guarantees, formal verification• Guaranteed security• Ex-ante analytics (price/value, risk numbers, counterparty default exposure, strategy
synthesis, etc)
16
Blockchain, IoT, contracts: Past, present, future
time
Alternative state 1
Alternative state 2e'
Contract
Physical evidence frameworkPhysical world
History in Blockchain
e
now
Physical assetsand
physical events
Illustration by Boris Düdder
Blockchain/DL systems:Record consistent, nonrepudiable
history of events
IoT devices:Digitally certify current
events
Digital contracts:Specify admissible
future events
18
A peak at some of the computer science theory behind it
CSL syntax: Composing subcontracts
19
Deon Digital CSL: Based on generalized events, with expressive constraint language P
Relational CSL semantics: Contracts as event sequence classifiers
20
CSL formalization (mechanization) and reasoning
• CSL semantics: Operational, denotational, relational• 3 different induction principles for reasoning
• Metatheory results: Equivalence of semantics• Use any of the three induction principles
• CSL static semantics: Abstract interpretation framework• Based on and proved correct wrt. relational semantics
• Mechanization of semantics, metatheory, static semantics in Coq• Identified and eliminated bugs in original CSL paper (2006) • Prepared for automatic code extraction from constructive (Coq) proofs
• Examples: Participation, fairness
21
Christian Kjær Larsen, Agata Murawska, FH (2019)
Algebraic resource accounting
22
Algebraic resource accounting: Why?• Transfers = finite records whose entries sum to 0 (in resource vector space)
• guarantee resource preservation: no double spending, no losing • no discrete ‘coins’ or ‘tokens’ necessary, account-based
• fully fungible (`50 dollars is 50 dollars’)• untraceable
• arbitrary number of resource types, can be user-specified• transfers closed under scaling, inverse and addition• netting of pairwise transfers = addition of transfers (in vector space)
• Multi-dimensional decomposition (``sharding’’) of resource managers• Divide resource managers by agents (e.g. countries)• Divide resource managers by resources (an agent can have multiple
• Transactional resource transfers • Any number of transfers, not just `atomic swap’• All transfers succeed or none have effect• Guaranteed rollback by automated (optimal) escrow management
23
What’s next?
• Secure high-performance distributed ledger systems:• Authenticated nodes (no cost for proof of work or proof of stake)• Sparse replication instead of full replication (less redundancy, less message traffic)• Parallel contract management (global consensus not necessary)• Composable resource managers (parallelization by sharding, state channels, etc)• Privacy and confidentiality (by advanced cryptography and trusted execution environments)• Formally verified code bases
• Secure digital contracts: • Formally verified contracts and contract analytics (for pricing, risk, production planning,...)• Multiple resource managers, both central/existing (banks, land registries,...) and
decentralized/new (unlisted shares registry, crowdfunded projects, artistic designs,...)• Ecosystem of contracts managers (clearing house, mobility service provider,) both central
and decentralized
24
Why blockchain?25
Tamper-prooflogging?
Decentralize?
Store and transfer
resources?
Server-/data center hosted system (trusted/privileged system provider)
Point-to-point communicating systems: RPC, REST, micro services
(trusted/privileged data managers)
Structured P2P storage systems with hash pointers
Blockchain/distributed ledger system
no
no
no
yes
yes
yes Digital contracts: protocols for resource transfersRobotic contract managers/smart contracts: guarantee
correct and fair execution of contracts