Regulating public Blockchains

The “Bitcoin: A Peer-to-Peer Electronic Cash System” paper proposed a solution for currencies without the need for an intermediary financial institution. Though it provided a technologically workable solution, it did not address the moral or ethical usage of money. It never intended to.

Bitcoin introduced the Blockchain, which provided a solution to the problem of “double spend” without the need for a central authority. This allowed legitimate transfer of ownership of Bitcoins. In Blockchain, we prefer calling it a “State” change. This state change is agreed upon by all the participants of the Blockchain ecosystem. That means, a consensus is arrived at. The consensus protocol used in Bitcoin is called “Proof-of-work” and is of the nature of an “emergent consensus”. A simple explanation in layman’s terms can be found here.

In such an ecosystem, there is no possibility of reversing transactions or freezing accounts. The Blockchain accepts any transaction which plays by the rules encoded in the Blockchain. The bitcoin address provides no indication of who the owner is.

sidenoteSome crypto-currency exchanges maintain wallets for its users. It is possible to identify the users from there. However, users can have their own wallets. When they transfer bitcoins from such wallets, it will not be possible to trace the users.

Need for regulation

By removing central authorities from its ecosystem, public Blockchains have led to a situation in which governance is practically non-existent. No wonder then, that Bitcoin has been associated with illegal activities like “silk road”. This kind of negative association overshadows the benefits that the technology provides. Hence, the policy makers have a tendency to over-weigh the negative view. This has led to the banning of ICOs in some markets, and a possible ban for Cryptos in many jurisdictions.

Without the central authority, jurisdictions may find it difficult to make and enforce policies. Policies are often enforced through regulatory bodies and intermediaries. Regulatory bodies play a major role in the stability of the markets. For the general good of the financial markets, the following aspects are important:

  • Market confidence
  • Financial stability
  • Consumer protection
  • Reduction in financial crime
  • Regulating foreign influence on local markets; and more…

To achieve these goals, regulatory bodies need to:

  • enforce rules through the intermediaries
  • provide guidelines to financial institutions
  • observe market activity through reporting requirements
  • reprimand or punish the offenders by freezing accounts or impose fines on financial institutions / entities

For the general good of the financial system, people and society; regulation is a must.

A technical way to enable regulation in public Blockchains is explored in this article.

Coins could represent crypto-currency, equity or any other form of ownership of assets.

sidenoteOne of the argued benefits of public Blockchain is that it provides a low entry barrier by bypassing the KYC and other regulatory requirements. This is viewed by many as a good strategy for “financial inclusion”. Many people (possibly a couple of billion at least) in developing countries have a mobile phone but no bank account and are therefore excluded from the benefits of economic growth. They can benefit from these un-regulated public Blockchains. This argument does seem very convincing.

A technical perspective

Regulatory bodies impose various requirements on financial institutions. The requirements range from identifying entities / people and related entities, to restrictions on large exposures, affiliations and activities etc. Depending upon the nature of the financial institution (coins), requirements can vary.

Blockchains that are already live cannot change the rules (protocol) without getting most of the involved participants to upgrade. In the past, we have seen hard forks getting created because of disagreements over new rules (protocol). Hence,

a new Blockchain, which can be made public and has the ability to enforce regulation based on the jurisdiction, country of domicile, etc. is needed.

sidenoteHard forks have been created on Bitcoin, Ethereum. One such hard fork due to disagreements over protocol change is explained in one my earlier posts.

Segwit, BitcoinCash: Technical details explained

Executing transactions

Whenever money is transfered or stocks are purchased, a transaction is executed. This execution happens via financial institutions (Bank, Broker, Exchange etc). Regulators enforce the rules via these “executing” bodies.

In public Blockchains, the execution happens via the network through the protocol rules. A sample can be seen here: Rules for validating transactions on Bitcoin. If these rules are met, the network will accept the transaction for execution. After some time the transaction will get mined and eventually settled (after say 6 confirmations; Emergent consensus).

In the absence of an intermediary (that could have enforced regulatory rules) for executing transactions, the network can have rules enforced by adhering to a regulatory protocol.

Trustless v/s Trusted

Typical software solutions are designed for an environment which is collaborative. An exchange, for example, has many software components which interact with each other. These software components never assume that other software components within the exchange are trying to cheat / steal or even disrupt the working of overall system. They work with each other, supporting the business functions. If at all there are technical failures or bugs they need to be handled. This is what we refer to as a “collaborative environment”.

On the other hand, Blockchain is a publicly available immutable ledger. It’s out there for anyone to connect, and try various transactions / software actions which could either give away coins or disrupt the Blockchain or its participants. Unethical hackers have unrestricted access to the Blockchain. The software has to be built considering such an “adversarial environment”. Hence, the regulatory protocol has to be designed in such a way that honest participants can perform in the presence of the “unethical hackers”.

While designing such a protocol, it is very important to consider:

  • What do we want to protect?

From a user’s perspective it translates into:

  • What can a user trust it for?

We trust the existing public Blockchains for:

  • storage of value
  • transfer of value (subject to confirmations based on the consensus protocol)

Name, Address, Telephone numbers etc. must not be left out in the open in such an adversarial environment. The regulatory protocol must be designed by applying cryptographic design principles.

The protocol must make sure that the user’s identity, details of ownership are not compromised.

A separate section on KYC can be found below.


A key factor in the success of public Blockchains is incentive. The process of executing a transaction (ascertaining the validity of a transaction) must have some reward for enforcing regulation. However, every node that validates a transaction cannot be rewarded. The validation of the transaction therefore has to be simple and minimal.

Transaction validation should only ensure that the proposed transaction has followed regulatory rules. This can be achieved easily through digital signatures of entities that are nominated / accredited by regulatory bodies. The accredited entities will get rewarded in coins.

Regulatory nodes

Accredited parties can host nodes which enforce the necessary regulatory requirements. These nodes can race to perform the regulatory checks, and get rewarded. Once the regulatory checks are performed it must be digitally signed and further sent to the public Blockchain which executes the transaction. Only if the transaction gets mined, the regulatory node may claim its reward, possibly after a fixed number of confirmations.

The public keys of the regulatory nodes must be updated in the public Blockchain. These will enable digital signature validation while executing the transaction. Digital certificates can authenticate “accreditation” to a regulator.

sidenoteIn an adversarial environment, we cannot trust the regulatory nodes or their checks. The regulatory protocol must be designed considering that regulatory nodes can be bribed or corrupt.

Blockchains; Bitcoin in particular, is alleged to be inefficient and not scalable. One may argue that adding one more layer in transaction processing will further slow down the overall system. This is an important point of consideration in designing the new public Blockchain.

Know Your Customer responsibility

KYC is one of the basic tools used by regulators. The accredited entities must perform KYC checks.

  • The KYC information must be provided by the customer through a secure and authorized channel.
  • The network storage system must retain the data for good, and keep it secured.
  • This storage system must provide a time bound authorization for perusal of data by the accredited agents.
  • A user may only provide new versions of data, and not modify old versions.

After the validation is performed, a KYC token needs to be generated and handed over to the customer. Beyond a specific time, the token becomes invalid.

KYC tokens must be present in every transaction. A concept of an account is no longer needed as the tokens are already present in the transaction. A user may generate as many addresses as she wishes.

The transaction output address could embed the KYC token and a coin address.

The technical parallel of regulatory node (performing KYC) in the world wide web is “Certificate Authority”. The KYC tokens would be a part of the hierarchy in which the root would be the regulatory body of the jurisdiction.

Mining nodes

Miners would continue to get rewarded with coins, just as they do today. A small portion of the reward will get allocated to different regulatory nodes which contributed to the transactions in the block.

Freezing accounts and unspendable coins

Regulators sometimes freeze accounts when they detect financial crimes. This is very easy to implement through the regulatory nodes. Transaction outputs are associated with KYC tokens, and thus the unspent transaction outputs, can be rendered “unspendable” by “suspending / prohibiting” the KYC token.

Technical concepts

Technology is already available to implement the proposed Regulated Public Blockchain. We need:

  • Secure P2P file sharing
  • KYC tokenisation
  • Cryptographic concepts like Hashing, Public Key Infrastructure, Digital Signatures (Multi-Signature, Group-Signature etc).
  • Timestamping service
  • Regulatory scripting language (Domain Specific Language)
  • And of course the “public Blockchain

Secure P2P file sharing

The secure P2P file sharing becomes a store for huge data. It is not wise to store all the data on the public Blockchain. The service must support authentication and authorization. This will enable storage of personal information required for KYC. There are a few open source secure P2P file sharing softwares already available for this.

The regulatory rules as well can also be stored here. The section on Scripting Language has some more information on the regulatory rules and its storage.

KYC Tokenisation

Public Key Infrastructure technology enables creation of tokens / certificates valid until a specific time. These tokens could be issued by the regulatory nodes which act as Certificate Authority. A hierarchy of Certificate Authority can be formed.

Digital Signatures

At least two digital signatures are needed for executing a transaction. One from an accredited regulatory node and the other from the owner(s) of coins. Cryptographic concepts like hashing functions and digital signatures etc. are already implemented in the public Blockchains. One may familiarize with those here.

Timestamping service

We cannot rely upon the timestamps provided by clocks on computers. These can be tampered by notorious nodes. The most effective timestamping can be achieved by using the Blockchain.

Each block is like a tick of a global clock. In that sense, the depth of the main chain is the number of ticks from epoch. This can be a light-weight, higher frequency auxiliary Blockchain.

The time limitation needed for KYC tokenisation can be simply implemented using the depth of the main chain. A token is valid only until a specific depth. The specific block number will occur in the future, and for transactions beyond that block, the KYC token will not be valid.

Scripting Language

A Domain Specific Language can be used for scripting the rules. Note that the regulatory rules must be modifiable. This means that rules must be applied from a specific time until updated at another time. The timestamping service comes into play here as well. All transactions must apply the regulatory rules applicable at the time of executing the transaction.

A very likely scenario is that people already own coins, and a new regulation is passed. To support this, it is proposed to store the regulatory rules on the secure P2P file store. Details like the applicability of regulatory rules based on timestamp etc can be store in the same file. The scripts used in the public Blockchain are separate from the regulatory scripts. Generic transaction scripts like Solidity from Ethereum and FScript from Bitcoin are not suitable for this purpose. The regulatory script must have its own context, and language with keywords specific to the domain of regulation. Hence, the proposal for a “Domain Specific Language”.

Before a transaction is passed on to the public Blockchain, it needs to be run on a “Regulatory Virtual Machine” which interprets the scripting language. This is quite similar to the EVM of Ethereum.

The auxiliary Blockchain described in Timestamping service can be used to implement the Regulatory Virtual Machine.

sidenoteEthereum is not proposed for the regulatory virtual machine, because Ether itself is already used as a crypto-currency. The underlying Ether can be traded without regulation.

Security and Ethics

While it is common to assume that “users” are owners of their data, and must keep it secure; this is far from practicality. Loss or theft of private-keys and user ignorance must be considered. Mt Gox was an example of a security breach.

How will Regulation help reduce financial crimes in such cases? This is a grey-area, and regulatory nodes must enforce as directed by Arbitrators and Jurors. Should regulation be granted control on every coin on the Blockchain? Every jurisdiction will have its own opinion of this.


This attempt is an incremental step towards a better financial world with lesser irregularities, and an ability to audit the trail of financial transactions. There could be legal as well as economic scenarios which need consideration in designing such a regulated Blockchain. Comments in this regard are welcome, and will help in evolving the design of the Blockchain.



  1. Thanks Alok for the details on the regulatory implications on the new investment tool and technical solutions to it

  2. > “Regulatory bodies play a major role in the stability of the markets. For the general good of the financial markets”.

    Heh, I spotted the statist keynesian!

    1. Thanks for your comment. 🙂
      I am only a technologist who has grown up in countries that maintain law and order.
      The disruption caused by Bitcoin and public Blockchains has put forth a very important question to humanity, whether we need governance and an agency to maintain law and order or we can manage without one?
      May be the statement above makes me look more of a statist! However, I am certainly not a statist in the sense that I believe in democracy. I don’t have any background of economics, certainly lesser of “Keynesian economics”.

      If you see through it, you will notice, that in the proposed solution, even you can create your own “regulation” with a group of your counterparts.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s