,
25 tweets,
7 min read
Read on Twitter
Thread: as the only research co-founder of Chainspace that did not join Facebook (the blockchain scalability startup that Facebook acquired), people have been asking me about my view of Libra. Here's a thread about it. cheddar.com/media/facebook…
I don't have any doubt that the Libra team is building Libra for the right reasons: to create an open, decentralized payment system, not to empower Facebook. However, the road to dystopia is paved with good intentions, and I'm concerned about Libra's model for decentralization.
To understand Libra's technical philosophy for decentralization, this comment is a good point to start: github.com/libra/libra/pu…. Libra's 100 node closed set of validators is seen as more "decentralized" than e.g. Bitcoin, as Bitcoin has 4 pools that control >51% of hashpower. 
I'm aware that the word "decentralization" is overused. I'm looking at decentralization, and Sybil-resistance, as a means to achieve censorship-resistance. Specifically: what do you have to do to reverse or censor transaction, how much does it cost, and who has that power?
My concern is that Libra could end up creating a financial system that is *less* censorship-resistant than our current traditional financial system. You see, our current banking system is somewhat decentralized on a global scale, as money travels through a network of banks.
In the banking system there is no majority of parties that can collude together to deny two banks the ability to maintain a relationship which each other - in the worst case scenario they can send physical cash to each other, which does not require a ledger. It's permissionless.
With cryptocurrency systems (even decentralized ones), there is always necessarily a majority of consensus nodes (e.g. a 51% attack) that can collude together from censor or reverse transactions. So if you're going to create digital cash, this is extremely important to consider.
With Libra, censorship-resistance is even more important, as Libra could very well end up being the world's "de facto" currency, and if the Libra network is the only way to transfer that currency, and it's less censorship-resistant, we're worse off than where we started.
Libra's current permissioned consensus node selection authority is derived directly from nation state-enforced (Switzerland's) organization laws, rather than independently from stakeholders holding sovereign cryptographic keys, as was well, the cypherpunk vision.
In other words: the "root API" for Libra's node selection mechanism is the Libra Association via the Swiss Federal Constitution and the Swiss courts, rather than public key cryptography. Also, Association members must be large $1b+ companies, and are overwhelmingly US-based.
You might argue that governments can still regulate the people who hold those public keys, but a key difference is that this can't be directly enforced w/o access to the private key (example in next tweet).
Example: US pressures Swiss govt to add sanctions against $country that require Libra Association to remove $country's orgs from Association, and remaining organizations are regulated to censor $country's transactions. If $country controls its own keys, it wouldn't be possible.
This is not a hypothetical. Last year, Iran tested how resistant global payments are to US censorship, by requesting a 300 million Euro cash withdrawal via Germany's central bank. They rejected it under US pressure, changing the rules at the last minute. zerohedge.com/news/2018-08-2…
US sanctions have been bad on ordinary people in Iran, but they can at least use cash to transact with other countries. If people wouldn't even be able to use cash in the future because Libra digital cash isn't censorship-resistant, that would be *brutal*. bbc.co.uk/news/world-mid…
My argument is Sybil-resistant node selection through permissionless mechanisms such as proof-of-stake, which select a set of cryptographic keys (which may be individuals) that participate in consensus, is necessarily more censorship-resistant than the Association-based model.
(Nitpick: the Libra whitepaper confuses consensus with Sybil-resistance. Proof-of-work is a Sybil-resistance mechanism, not a consensus mechanism. The "longest chain rule" is the consensus mechanism. You can still e.g. have proof-of-work + BFT consensus.)
Now to their credit, Libra has outlined a proof-of-stake-based permissionless roadmap (libra.org/en-US/permissi…) and "start this transition within five years". Five years. By then it will be way too late - central banks are already lining up to control it. coindesk.com/g7-forming-tas…
What I find particularly rude about Libra's whitepaper is that they claim they need to start permissioned for the next five years, because permissionlessness and scalable secure blockchains are an unsolved technical problem, and they need the community's help to research this.
It's as if they ignored the past decade of blockchain scalability research efforts. Secure layer-one scalability is a solved research problem. Ethereum 2.0, for example, is past the research stage and is now in the implementation stage, and will handle more than Libra's 1000tps.
In fact, the company that they acquired - Chainspace - was specifically *in the middle of* implementing a permissionless sharded blockchain with higher on-chain scalability than Libra's 1000tps. With FB's resources, this could've easily been accelerated and made a reality.
And there are many research-led blockchain projects that have implemented or are implementing scalability strategies that achieve higher than Libra's 1000tps without heavily trading off security, so the "community" research on this is plentiful; IMO FB is being lazy.
So tl;dr: I find it a great shame that Facebook has decided to be anti-social and launch a permissioned system as "they need the community's help as scalable blockchains are an unsolved problem", instead of using their resources to implement on a decade of research in this area.
Let me remove the word "implemented" from the quantification of "many" actually: achieving scalability without significantly trading off security is extremely hard and I don't want to give the impression that most projects have done it successfully.
However, as stated, I do believe the core research to achieve it exists, and either way ignoring it in favour of launching permissioned for such an important system seems unwise.
(addendum)
