Searching for a Proof of “Actual” Authority in the Blockchain

Mehdi Touzani
Oct 19, 2018 · 8 min read
Image for post
Image for post
Group of explorators looking for a Proof of actual Authority (photo by Yeo Khee on Unsplash)

Vitalik Butterin recently said in an interview that the various “proofs” at work on Ethereum are merely technical ways of authentifications, and not proofs of judiciary/legal level. However, the author of this article knows about a few projects which try to reach that legal level, in particular by an extended and modified use of the “Proof of Authority”. Let’s take an actual example to study what is authority, and what can be done to make the technical “PoA” reach the level promissed by its own name (ie a proof, and an authority).

A// DEFINITIONS

  1. General wikipedia’s definition of Proof Of Authority (*)

In PoA-based networks, transactions and blocks are validated by approved accounts, known as validators. Validators run software allowing them to put transactions in blocks. The process is automated and does not require validators to be constantly monitoring their computers. It, however, does require maintaining the computer (the authority node) uncompromised. The term was coined by Gavin Wood, co-founder of Ethereum and Parity Technologies.

In brief, PoA involves “approved accounts” who guarantee the “integrity” of the “authority node”.

2. Usage of PoA

A Proof of Authority aims at avoiding the risks of fake transactions organized by a majority group of miners to fraudulently receive crypto-funds. By “pre-validating” transactions by a chosen group of few selected miners (with supposedly higher standards of integrity), prior to a subsequent record on the general/public Blockchain, the operator minimizes the risk of abuse or fraud as control is easier.

A secondary usage is to cut the costs of public transactions by registering a single transaction on the public blockchain. In fact, this single transaction corresponds to a group of several transactions that have been previously verified and validated on a Private Blockchain.

3. Implementation of PoA

PoA is commonly used for cost-cutting strategy.

But various blockchain projects show that there are different ways to extend, reinforce, and implement PoA, in order to reach different levels of “actual authority”. This variety comes from the fact that not all projects require the same level of “actual Authority”, and some have to implement features that are not necessary for other projects.

PoA can be implemented in different ways in order to give a wider array of guarantees through the same node. Not all project are the same that’s why PoA is an interesting subject in terms of project competitiveness and creativity.

  1. Oxford dictionary, definition of “authority”

“The power or right to give orders makes decisions, enforce obedience, official permission or sanction”

Smart-contracts simply need to be compatible with each other. The relationship is better visualized as a “request/authorization” relationship rather than “order/obedience”.

B// Different Levels of Authority

A proof of authority can be used for different purposes, from simple cost cutting technics (similar actual authority as “PoW to PoW”) to making a document valid for court usage, (“PoA to PoW” or “PoA to PoA”). For example, a certified document allowing to creater an automated judgment, by interconnecting several authority nodes from different blockchains together.

Objectively, it means that there are different levels or types of authorities that can be implemented, to either interconnect or to separate networks, or to make the PoA compliant with real-world requirements.

A lower level PoA is closer to a “Proof of Work prior to another Proof of Work”, without any intent to generate actual authority but mainly to cut costs. It could also be a PoA recognized by the users of that system, but without any kind of value outside the system and/or on another Blockchain.

A higher level PoA extends the node-authority to external entities, which can be other Blockchains (interconnexions allowed at certain conditions/standards/standardized certificates), or even legal authorities of the physical world (which have their own standards to recognize or refuse the value of a record as an “evidence”).

C// “With great power comes great responsibility”

When there is no accountability, authority is not complete. It is fragile or inexistent.

If the Authority is neither accountable nor liable, it should not be able to issue a Proof of “actual Authority”, ie recognized as valid outside the ecosystem of a network in particular.

If the Proof of Authority does not contain actual authority, it should remain at the level of a type of Proof of Work which is used to generate a secondary PoW on another system (PoW to PoW).

D// Stronger Authority should embrace liability to feed a higher standard of trust.

Liability of the validators appears to be a primary component to deserve the privilege to give an “actual authority” to their action.

Embracing their responsibilities means that the validators are aware of their role, believe in their mission, and accept all the consequences of misbehaving. Consequences range from a simple warning to a jail sentence, and of course a deletion from the list of approved authorities.

E// Is Authority compatible with Stake?

Authorities may have a stake in the system . It is natural to receive compensation for work.

But, if the Authorities have a stake in the system, it can be problematic to remove that stake, in particular when the stake is high.

If the State/Governance does not provide a sufficient stake for the authorities, AND if the State/Governance is too weak to control and enforce sanctions, then the authorities are likely to use their authority to raise their stake.

Corruption (at large) derives from an abuse of authority. When corruption is deeply rooted in the system, it is difficult to remove because the corrupted authorities will not accept it: the corrupted behavior has become the Stake without which the system may simply stop working (nobody’s interested in making it work anymore).

In conclusion, authority is not incompatible with stake as long as it ensures that the system works in the uncompromised way that is intended by the Governance.

F/ ANALYSIS OF (COMPANY X’s PoA

The platform uses Proof of Authority, so the computing power is irrelevant to the process of blocks creation and will not increase with time. This is substituted with miner’s authority (..)

Miner is an owner of 10,000or more tokens, who has applied for mining participation. Minersmaintain the functionality ofCOMPANY X blockchain system.

5% of the payment for all files, entries of which are contained in the block, is distributed.

Authority derives from a stake (10 000 tokens or more) and is a Proof of Stake acting as “Authority” over subsequent public PoW.

It’s all about being rewarded. Stake is the only condition of Authority. Stake proves mining privileges.

It works like this:
Proof of Authority = PoS + Opt-in.
BUT Opt-in = for stake (making the sys working for more profits, token valuation etc).
Then : Opt-In derives from Stake, and Authority derives from Stake.
So, the only criteria to become a miner is the Proof of Stake.
The subsequent PoA means nothing but a Proof of Stake.
Because stake is the only condition to acquire Authority.

The “Proof of Authority” implemented by COMPANY X is construed as a “Proof of Stake prior to a Proof of Work ”, from a Private Blockchain to a Public Blockchain.

Authority is entirely derived from a stake in the system.

There are no “validators” in COMPANY X, only miners (meaning of the sentence “substituted with miners’ authority”).

The “actual authority” (guarantee of integrity) lies less in the hand of the “substituted miners” than in the encryption, EVM, and technical protocols of COMPANY X. The validators do process the system by mining, but do not improve the guarantee provided by the encryption.

It is not expected from miners to take any action in case of compromission (or at least, this information does not exist in the White Paper). Are they even able to detect them ?
They simply mine the private blockchain and get rewarded for that. Their role is passive in terms of protection of integrity.

The only certainty offered by the current PoA is that the validators are corporations or individuals interested in maximizing profits by mining (stake in all operations supposed to guarantee commercial success of the whole system by attracting new stakers to maximize current miners’ stake).

The founders assume that the stake will be enough to ensure that miners “maintain” the system, as they need to seduce new users to increase their revenues, and users will not come if the system is corrupted. It’s logical but also partial.

There is no liability or sanction detailled for cases of abuse of Authority.

As a consequence, in its current description, the Proof of Authority implemented by COMPANY X is minimal, is merely a Proof of Stake, and actual authority is inexistent, except to prove the stake.

Absence of actual authority is reinforced by the fact that miners come in the system for the reward and may leave at any time it if these expectations are not fulfilled or if they sell all their tokens (for a profit or not). It is also possible to take over the system by purchasing all mining-tokens

Investors could argue that they have invested precisely because there is no sanction and because the role is passive, saved the need to use the system to make it run in the background to make money. This is also valid but it is only 1 of the two conditions of the Proof of Authority.

In Conclusion, the PoA has no actual authority and is similar to a Proof of Stake.

It is acceptable that a PoA remains without actual authority, as it is primarily an exchange of cryptographic signatures between nodes proving that “something” has been mined correctly on a private blockchain.

But it must be stressed that we are talking about a project that aims at collecting a large number of personal and corporate documents from “a maximum number of users”, in other words, a very high volume of sensitive and sought-after data.

And the value of such data could become much higher than the stake provided by the system.

In any case, Stake is the entry point to Authority: a complete take-over of the mining roles is easy to achieve through the purchase of all available mining-tokens, once the system is full of valuable data.

With such a high level of risks and responsibility toward the users of the system, it is not acceptable that the founders adopted a PoA of such low quality: they did not include — or even evoke — a mechanism of sanction or “downgrade” of the validators by the community of users and/or by the other validators/miners and/or by the Governance of the Private Blockchain.

( — — end of extract — — )

Mehdi Touzani is a Lawyer at the Paris Bar, France, www.mdtilegal.com. This story is also available in French language here

(*) the author beleives that wikipedia contains actual authority ;-)

Predict

where the future is written

Sign up for Predict Newsletter

By Predict

Monthly updates on science and technology shaping our future. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store