Properties of Permissioned and Permissionless Blockchains


Doc Searls asked me a question about blockchain that led to me writing him a rather long email. I thought I'd take a minute and write up my thoughts with some references.


According to Robert Sams, there are three properties we want from a decentralized ledger system:

  1. Avoid forgery He calls these "sins of commission".
  2. Avoid censorship He calls these "sins of omission". Censorship might be hiding transactions, but its more often going to be regulatory control over transactions.
  3. Avoid deletion He calls these "sins of deletion". This amounts to reversing transactions after they've been written in the ledger.

Sams's thesis is that this is kind of like the CAP theorem because we get two of these. Since (1) is necessary in almost all cases and quite easily solved through cryptographic means, we really get to choose between the other two.

Permissionless blockchains (like the ones in Bitcoin, Namecoin, etc.) optimize (2) over (3) while permissioned blockchain systems (like the ones in Ripple, Evernym, etc) optimize (3) over (2).

Permissionless blockchains are distinguished by their use of a proof-of-work (or proof-of-stake) to avoid Sybil attacks caused by the cheap pseudonym problem. Permissionless blockchain systems exhibit features that make banks and other existing institutions leery of them. They are hard to use in a regulatory regime where authorities want to exert control over them. This, for blockchain enthusiasts is a feature, not a bug. There are places where (2) is more important than (3). This resembles cash and most of the disadvantages people raise about bitcoin are similar to those they'd raise about cash.

Permissioned blockchains have a governance process that selects validators and thus don't have to survive Sybil attacks since the validators are known--there are no pseudonymous validators. Permissioned blockchains are useful where the ledger bumps up against physical, so-called "off chain" transactions and have to make claims about things about, say a property title. They value (3) over (2) in that case because (a) we have to rely on the legal mechanism of the state to enforce the asset's ownership since it's off-chain and (b) those mechanisms won't rely on transactions that might be reversed (even if unlikely and rare) by anonymous verifiers who can't be held legally responsible for their choices.

Permissionless blockchain cheerleaders will say "write the title in the chain". But there are a bunch of people with guns who have a monopoly on violence (i.e. Governments) who are unlikely to relinquish their control of property records, etc. blithely.

So the world will likely be full of a mix of permissioned and perimissionless ledger systems that don't interoperate or only do so uneasily for some time. The important thing to remember is that they can co-exist.