The trust machine

An interview with Dr Lawrence Ma and Gabriel Chan
By Eric Collins

Dr Lawrence Ma is founder and President of Hong Kong Blockchain Society, a non-profit organization dedicated to raising awareness of blockchain technology to the public, industry, regulators and policy makers. Lawrence was educated at Yale and Stanford universities and holds a PhD from Cornell University in Maths, and is also co-founder and CEO of eMALI.IO in Hong Kong.

Gabriel Chan is Secretary General of Hong Kong Blockchain Society and graduated from Systems Design Engineering at the University of Waterloo in Canada. Gabriel is an inventor and serial entrepreneur and has co-founded numerous tech startups.

Dr Lawrence Ma

Mr Gabriel Chan

Can you give us some background to blockchain?

LM: Blockchain solves problems to do with the transfer of value without the support of a trusted third party. When the internet was designed in the 1980s, people were already checking to see if it was possible to pay in digital money. But they stumbled on the double spend problem, due to the copying potential of the technology. It would be a disaster to the economy if you can copy and spend your one hundred dollars digital cash millions of times. So nowadays, if you want to transfer money digitally it has to go through a trusted third party such as PayPal or a bank where they can keep track of how much money you have spent.

In 2008 the paper from Satoshi Nakamoto proposed a protocol that solved the double spend problem introducing a new feature with an incentive taken from game theory. This is the proof-of-work consensus algorithm. It boils down to “If you behave honestly you will be rewarded. If you behave dishonestly you will be punished.” Bitcoin was the first use case of this technology.

Why was blockchain developed?

LM: People started to ask, if we can transfer money, why not other things? How about land title, property, or stocks? That was the beginning of the idea of the smart contract. The script language of Bitcoin is very limited with only some 23 commands. Vitalik Buterin came along and wanted a more universal computer language. He created the Ethereum language that would support smart or contingent contracts.

But there have been problems, such as the 2016 DAO hack when USD50M of Ethereum was stolen. People exploited some of the bugs in this more powerful and complicated code. Bitcoin is more structured, carries fewer possibilities, and is less vulnerable to hacking. No matter whether bitcoin is successful or not, it has already played its role in history.

What are private blockchains?

LM: Enterprises very quickly realized that the existing public blockchain system had two problems that prohibited them using it. Firstly, transactions are completely transparent. This lack of privacy will be a serious issue for enterprises as they surely would not want third parties who have no part in the transaction to know anything about it. Secondly, the proof-of-work is anonymous. We only know the author of the verifier’s work by an account name. In banking, the regulator needs to know that the verifier is trustworthy. If a transaction goes wrong we go back to the verifier who needs to be held accountable.

In response, R3 began to develop a private blockchain in 2015, and now leads a consortium of over 100 financial institutions. The R3 Corda system checks that the accounts exist on the network and prevents double spend by having a notary network whose identities are known to verify the ordering of transactions. This is instead of the proof-of-work consensus used by public blockchains such as bitcoin or Ethereum. R3 Corda also enables point to point communication for private transactions which don’t broadcast to the whole system.

How significant are privacy issues?

LM: One of the big components of blockchain is cryptography. Privacy is very important, especially in places like Europe where you have the “right to be forgotten”, and where the EU’s General Data Protection Regulation will come into force this May. Right now, if you go to a site you may be asked if you are above a certain age such as 18 or 21. In Hong Kong the primary means of age identification is the Hong Kong ID card. But that is already too much information to release in answer to a specific question because your ID card has your birth date, your name, ID number, etc. If the wrong kind of person gets hold of that information along with your mobile number, they can do a lot of damage.

By using crypto there are ways of proving that you are above the age of 21 without releasing extraneous information. Nowadays you can use zero knowledge proof. With this protocol, you can release information selectively, and the choice is with the user. If your statement is true, it can always be proved mathematically. But if your statement is wrong it will not be accepted.

What about issues like know your customer?

GC: A downside of blockchain is that it cannot verify identity on public blockchains. It doesn’t know if your initial data entry is true or false. It can only keep an immutable record thereafter. Blockchain talks about transferring value, but to make that effectively happen you have to be able to prove that you are the person who actually owns that asset. So, knowing the true identity of the participants or components is crucial. One solution is self-sovereign identity, where you have to give consent to the amount of information that you disclose. Self-sovereign gives identity to everyone. Right now, if the state disowns you, if Facebook closes your account you are a nobody. With self-sovereign identity you are always somebody. Self-sovereign identity solves the know your customer problem. Incidentally, it will also give identity to the 10 million-plus stateless people identified by the United Nations High Commissioner for Refugees.

Does the Internet of Things complicate the matter?

GC: With the IoT, the components are not necessarily secure. They may be hacked and used to launch an attack into the wider system. The coffee machine may be smart and running out of milk. It may talk to the accounting department and reorder milk. That is a legitimate and benign case. But if the right security features are not in place, it might go to accounts and mess things up. Then we get headlines like “Coffee Machine Hacks Accounts!"

Human beings can be made accountable, but how about machines?

GC: With autonomous cars, if there is an accident who is responsible? It’s all part of a package. There will be a rights privilege and that comes with a liability, a responsibility. As humans we will be entitled to a package, access to basic services, a passport, etc. Machines will also have entitlements because they too play a role in the economy. It will all come down to a mathematical equation, but we will still need to add the variables to that equation. Every human and every machine can have a reputation score.

How about the cost of implementing blockchain?

GC: Blockchain is not relevant to all situations. If cost is no concern, everybody will be using it. The world is constrained by time, by cost, and resources are not infinite. Look at the cost of proof-of-work in Bitcoin – using, by some accounts, as much energy as the Republic of Ireland. Against that there is also wastage in the current system. When the monetary authority produces our plastic and paper money, what is the carbon footprint?

The blockchain community already knows that proof-of-work is not the most efficient way forward. A reason that you are seeing a lot of Initial Coin Offerings is that people are claiming that they have achieved a more secure consensus mechanism. But at the moment the jury is out. We don’t know what is going to replace proof-of-work. It’s still being researched and developed.

Is Hong Kong sufficiently proactive with blockchain?

LM: The Hong Kong Monetary Authority has issued a second white paper and has laid down a trade finance joint initiative with the Monetary Authority of Singapore based on distributed ledger technology. The HKMA also promotes “Sandboxes” – where companies can experiment in fintech without fear of repercussions. But at the moment only the big financial institutions can play. Contrast Singapore where any fintech player is encouraged to experiment with innovative financial products or services.

What does Hong Kong Blockchain Society offer?

LM: On the training and education side, we provide workshops on the basics of blockchain, along with the technical, business and legal aspects of blockchain together with its business applications. We also organize blockchain competitions. Currently, we are running an international student blockchain competition called DappCamp with the College of Business as one of our partnering organizations. We invite students from across Hong Kong to a series of workshops held at City University, and go through all the principles of blockchain, including legal, compliance and business strategies. After that, we invite students to form teams and come up with proposals or prototypes using blockchain technology to solve problems in fintech, regtech & legaltech, and socialtech. Then the more interesting ones get to final pitch in a Developer App camp competition.

How about employment opportunities?

LM: Blockchain is a great opportunity for students because one of the big obstacles right now is that there is a real shortage of people in this field. Some of the enterprises such as banks and insurance companies can see this is coming. It is a question of when, not if. We think that some of the blockchain projects will start going live in two or three years’ time. To take just one example, in 2016 one of the largest insurance companies in Hong Kong was looking for a blockchain engineer. They searched for nine months, and in the end they had to take someone in-house.

Are you commercially motivated?

GC: People educate people in order to do things economically. Obviously, we want to make sure that the community produces top blockchain engineers, developers, eco-specialists, and business strategists. The other area we want to work in is adoption. That’s why the Blockchain Society works with the Hong Kong Federation of Insurers and The Law Society of Hong Kong. You have to promote the technology, let people know what it can do, before talking about whether people want to use it.

How about regulation?

GC: The whole Initial Coin Offering area is very much in flux right now. We think that they should converge to a position which is more like IPOs where there are proper governance and procedures in place. Right now, it is too wild. If you look at the history of the IPO they went through a similar turmoil, like the first IPOs such as the South Sea Company. Even Isaac Newton was fooled! But because of all the disasters the regulators figured out what to do and what not to do. History does not repeat itself, but it spirals, it echoes, it has patterns.

"The whole ICO area is very much in flux. If you look at history, IPOs went through a similar turmoil. Then regulators figured out what to do"