Holochain Consistency vs. Global Consensus

Money Just Has to Work #

Money that won’t buy things isn’t just inconvenient; it is dangerous. Cryptocurrency based money, especially those based on global-consensus cryptocurrencies (basically, all of them) are especially fragile. Only during globally calm, disaster-free idyllic periods of history could they possibly pass as useful money.

What Happens When Disaster Strikes #

The CAP theorem claims: Consistency, Availability or Partition-tolerance – pick any two. It is not possible (in theory) to have all three. But, ideal money is widely assumed to be CAP:

• Available: you can always buy/sell something for cash money
• Consistent: it’s not easily counterfeitable, and balances are verifiable
• Partition-tolerant: if you can “talk” to your counterparty, you can do a deal

AP #

Global consensus systems are sometimes AP; they give up Consistency to maintain Availability, in the face of a network Partition. Bitcoin will carry on processing transactions and mining new Bitcoins inside each partition of the network. When the partition ends, all but the longest chain will simply disappear.

This is, obviously, false Availability. Bitcoin will process transactions and mine new Bitcoins inside each partition of the network – but when the partition ends, all but the longest chain simply disappears!

For those in the “disappeared” fork, was the system really available? No, it was not – all of their transactions ceased to exist. The remaining Bitcoin blockchain is “Consistent”, all right – consistently absent of all of their transactions.

That something; just not … money.

CP #

Hashgraph (hBar, Carbon, and perhaps some others) will stop, in whatever part(s) of the network cease to have a majority quorum of signatory nodes, and then resume when the partition re-joins the larger network.

So that’s at least better; we can’t “seem like” we’re doing a deal, and then find that it just blinked out of existence.

At least it works at tens of thousands of transactions per second, with absolute settlement in seconds, when it works! But, what do I do about food when I happen to be disconnected from the ‘net for a couple of weeks?

Better; still just not quite … money.

CaP #

Holo’s Holochain based systems maintain Consistency, giving partial Availability in the face of a Partition. The HoloFuel cryptocurrency used by Holo for hosting payments, etc., is an example of what is possible, beyond the restrictions of global consensus systems.

You can transact a deal with any other party that you can communicate with (of course, you can’t deal with other agents you can’t communicate with, which sort of makes sense).

Furthermore, the deal is validated by as many nodes are available within your partition. Of course, don’t do a billion-dollar deal if you’re in a mobster’s network and can only see a few of his nodes. But, even if you do – as soon as you rejoin the larger network, any attempt at fraud will be immediately discovered. Unlike statistical consensus, which agrees with a majority – it only takes a single non-fraudulent node to detect and report fraud, and then any and all other nodes can confirm it, and black-list the complicit parties.

Worst case, you’ll have to Decline the (unfortunately fake) funds you were paid, to restore your account to non-fraudulent status. But, for most typically use cases, the cost of building the fantastically complex and elaborate “charade” required to perpetrate a single fraudulent transaction won’t be worth it. Especially since the ill-gotten funds are worthless – nobody will deal with the account – as soon as the fraud is detected by a single other node!

These risks are somewhat analogous to cash:

• Don’t take suitcases of “totally legit!” USD$100 bills from a stranger in exchange for your yacht.
• Don’t trust a certified cheque from “Bubba’s Bank and Trust and Taco Shack”, or from the “Royale Bank of Scottland” branch in the City of Culiacán, Sinaloa, Mexico.

That’s more like money!

Simplicity, Safety and Security #

If you can’t explain how it works to a drunk guy at a bar, or teach your dad how to use it – it’s also not money.

When you make one small mistake, and it all disappears; well, while that’s sort of like money, it’s not ideal. Money stored in an account must offer layers of protect that prevent a single error from emptying the account.

Public/Private Keys #

The majority of cryptocurrencies use some form of public/private key pairs to identify accounts (the public key), and authorize transactions (the private key).

For Bitcoin, Ethereum, and most others, what this means is: if you ever reveal your private key: you’re toast. Your account balance is gone, the instant that someone ever discovers that private key.

It might happen now, in a month or 3 years from now – but once your private key is left open (sitting on a desk, in an unencrypted file on your computer, in a filing cabinet, buried in your back yard, …) – your balance will simply blink out of existence, into someone else’s account. You’ll totally be able to see exactly where it went; but you can never, ever recover it. It’s gone.

Hardware Wallets #

The Hardware Wallet seems to a solution. You can’t leak your private key, because you can never “get” it; you ask the hardware to sign stuff, and it never gives up the key.

You still have to save the root entropy seed (those pesky 24 BIP39 words). If anyone ever gets them, they have not just your one leaked wallet’s contents – they have them all. So, not really a perfect improvement.

What You Know + What You Have #

2FA (2-Factor Authentication) is an improvement.

In Holo’s HoloFuel, to make a transaction, not only do you need the signing private key; you also must prove that you hold certain data from private source-chain entries, which have never left your devices. They aren’t printed anywhere (they are backed up, using passphrases unrelated to your private key, between all of your devices). They are entirely independently secured.

So, an attacker must A) get your private key, and B) get your device (or its backup from another of your devices, plus discover the backup passphrase).

Compared to typical cryptocurrency wallets, stealing funds requires both collecting key data, plus physically or logically penetrating a physical device that is in your possession.

Much higher bar; more like money.

Revoking Your Way to Security #

Everyone makes mistakes. Requiring you to destroy all of your accounts and create new ones every time you may have made a security mistake is not great, but that’s the best we can do with public/private keys and plain 2FA.

Using Holo’s DPKI (DeepKey), you can revoke and reissue your private keys at any time. You retain your account’s ID (its original Public Key), so all of your account relationships remain intact – but a new Private Key is required for all future transactions. To accomplish this, you need a “revocation key” issued for the account, which you would do at account creation.

These revocation keys can be generated and stored in N fragments with multiple trusted parties; spouse, lawyer, accountant, family friends, bank safe-deposit boxes, filing cabinets, etc. When required, they can be reconstructed by collecting M of N of these fragments, where M <= N.

Very much like money, stored in a safe that can only be opened with the collaboration of the majority of your most trusted third-parties.

Summary #

The day is coming when the creation of money will be wrested from the hands of governments, and commercial/central banks, and placed back into the hands of individual wealth creators. In the mean time, at least we can now offer money substitutes that allow free people to convert their debasable Fiat money into a more value-stable, safe, efficient and useful form.