“By substituting computationally expensive but automated security for computationally cheap but institutionally expensive traditional security, Satoshi gained a nice increase in social scalability. A set of partially trusted intermediaries replaces a single and fully trusted intermediary.” — Nick Szabo (2017)
In my recent primer on smart contracts I introduced the motivation for why and when blockchain-based smart contracts might be used in place of traditional legal contracts. Instead of words written by lawyers and enforced by courts, a smart contract can use unambiguous computer instructions enforced by a protocol. In this article I will explore how the process of automating trust in smart contracts works.
The phrase smart contract was coined by computer scientist and legal scholar Nick Szabo. In introducing the idea in 1997, Szabo used the illustrative concept of a vending machine. The vending machine is a simple mechanism that mediates the sale of a soda without a human sales person involved. Coins are held in escrow by the coin mechanism until a soda is selected. When sufficient value is deposited, a soda and correct change is released to the buyer and the price of the soda is deposited into a lockbox for the seller. A buyer trusts that the mechanism will reliably count their coins, give a soda, and provide the proper change. The whole process is not automated (a human seller still has to restock, for example), but for our purposes we focus on the blockchain analog of the mechanism that counts the coins and deposits them to the seller’s lockbox, or refunds them to the buyer.
With the launch of the Bitcoin protocol in 2008, Satoshi Nakamoto created a system that allowed value to be stored and transferred digitally on a global public ledger. Instead of physical coins and a mechanism to count them, cryptographic signatures approve transfers and record value transfers on a globally distributed ledger, also known as a blockchain. The Bitcoin protocol is trusted to hold and transfer money, instead of the coin mechanism and lockbox from the vending machine example, and digital signatures take the place of coins.
How do you replace the coin mechanism of our vending machine with a protocol? A coin is a traditional bearer instrument (a physical value-holder that has no record of ownership) used to transfer and store value; a protocol on the other hand describes rules for communication. The Bitcoin protocol combines these concepts, describing rules for communicating the transfer and storage of value. The Bitcoin protocol both guarantees reliable transfers and provides a way to achieve a global consensus of ownership. In very simplified terms, all transfers are broadcast to all participants. Valid transfers are recorded to each person’s local copy of the ledger, and each participant can check their own local copy of the ledger to verify the transfer’s details. In the case of contradictory transfers – for example, A gives X to B, but A also gives X to someone else (i.e., not just the same amount, but the same coin) – timestamping of transactions prevents both transfers from being “believable” by the system. That is, since the blockchain is a ledger in time, only one or the other of these contradictory transfers (namely the earlier) should be recorded by all participants. Bitcoin thereby solves the problem of “double spending” of value by automating trust and transparency in the form of a timestamp of transactions.
The Bitcoin protocol is trusted to hold and transfer money, instead of the coin mechanism and lockbox from the vending machine example, and digital signatures take the place of coins.
If it hadn’t been addressed, this issue of contradictory transfers would have kept Bitcoin from getting out of the starting blocks. To get a better feel for it, imagine you write a check to buy groceries and another to buy a car, but have insufficient funds for both. When they are cashed, it’s up to the bank to decide which check is paid and which bounces. The Bitcoin protocol specifies how this process is handled for bitcoin transfers. Instead of a single bank, the task is distributed among thousands of specialized subcontractors, also known as miners who earn, through sheer computational effort, the right to record the all-important order of transactions into the everlasting blockchain ledger. The protocol ensures that all miners settle on a global order of transactions, and Bitcoin’s protocol includes incentives that prevents any single person or group from controlling the ordering. This order becomes the blockchain ledger that is used by everyone in the system, sealed with modern cryptography’s digital signature, which is sufficient proof for anyone looking at the global ledger to know a transfer was properly authorized. There is no need for recourse to a third party to determine ownership or order of transactions.
In an updated vending machine that accepts blockchain payments, the coin mechanism now needs an internet connection and up-to-date copy of the global ledger to participate in the protocol. A buyer presents the machine with a payment transaction and valid digital signature to authorize a transfer to the soda seller. The vending machine broadcasts this transaction to everyone else in the world and waits until the mining subcontractors confirm its ordering on the global ledger. If the transaction is valid based on the current state of the ledger, and sufficient time has passed to know no contradictory transactions will be confirmed, the machine can release a soda.
Traditional vending machines work because a buyer and seller trust that the rules of the system are properly encoded into a mechanical device. Similarly, people rely on traditional contract systems to the degree they believe the rules of the legal system, both in theory and practice, lead to fair and predictable results. The Bitcoin protocol distributes trust among many computers operating all over the world, instead of to a single bank or legal system. People trust contracts based on the Bitcoin protocol because both in theory and practice it leads to predictable and immutable results at a low cost. It’s much cheaper to employ automation in the form of computers and telecommunications systems than to hire a lawyer, just as using the automated coin mechanism and lock box saves the seller labor cost while reaching more buyers.
People often wonder how blockchain-based smart contracts can be extended to messy real life situations. A simple financial transaction is a common use of contracts, but there are many others. A vending machine may embody some illustrative features of a smart contract, but it still requires people to stock it and empty the coin box – and it has a number to call in case of a fault in the machine. If no one stocked or fixed it when it broke, no one would buy sodas from a vending machine. Or if people could cheat the coin mechanism to get free sodas or steal from the lockbox, the seller would stop selling at vending machines altogether. So for vending machines, it’s the human, non-automated ecosystem that allows this element of automation to thrive.
People often wonder how blockchain-based smart contracts can be extended to messy real life situations.
Practical smart contracts can explicitly encode clauses to incentivize people responsible for different aspects of operating a vending machine, essentially bringing some of the traditional labor that supports an automated mechanism under the jurisdiction of smart contracting. For example, as each soda is sold, a portion of the value deposited can automatically go to the person who stocks it. The vending machine maker responsible for repairs can receive fixed monthly lease payments directly from the machines earnings. Every purchase and payment is visible on the global ledger so all parties can verify proper contract execution. The vending machine is just a simple example, but there are many ways trust can be automated starting with a solid foundation of trusted value transfers.
Ultimately, though, complete contract automation is impossible in many situations. Some conditions require a trusted human third party and cannot be easily evaluated by a digital protocol. For example, an escrow agent is typically used to check that the deed transfer and other documents have been signed before instructing the bank to release escrowed funds to a home seller. A similar arrangement can be encoded using a smart contract. The blockchain can enforce a condition that two out of three parties must sign to transfer some escrowed value. If the sale conditions are met, the buyer and seller will sign together. Only in the case of a disagreement must the arbitrator become involved. The arbitrator can sign with the buyer to refund, or with the seller to transfer the escrowed value. In this way smart contracts can take advantage of automated trust, but still include a place for human judgement where it’s most needed – when things go wrong or where there’s a lot on the line.