The Evolution of Custody: From Bearer Bonds to Blockchain

The Evolution of Custody: From Bearer Bonds to Blockchain

How we secure assets, whether they be securities, bonds or currencies, has been in a state of flux over the past century. As markets and the needs of individuals change, so do the mechanisms by which we secure and exchange assets. Central to all of this is the question of custody. How does an individual maintain control, or custody, of their assets without compromising security or the ability to access liquid markets for exchange?

How we secure assets, whether they be securities, bonds or currencies, has been in a state of flux over the past century. As markets and the needs of individuals change, so do the mechanisms by which we secure and exchange assets. Central to all of this is the question of custody. How does an individual maintain control, or custody, of their assets without compromising security or the ability to access liquid markets for exchange?

Today, the blockchain enables self-custody of assets in a way that when combined with innovative technologies like Ethos Bedrock, provides cutting edge security, rapid access to funds and liquidity in a way unrivaled by any other time in history. Understanding how this came to be is best done through examining the evolution of asset custody over the last century.

When trying to understand custody, a great place to begin are with bearer instruments, like bearer bonds, which are issued on paper (or goatskin) and can be stored by individuals in a safe, under lock and key. When one has physical possession of a bearer instrument, they gain all the beneficial ownership right associated with the asset. Thus, safeguarding these documents is vital since they are unregistered, with no records maintained of the changes of ownership or of the current owner.

Naturally, some people don’t want to keep these at home for risk of theft and have historically turned to banks for storage in a safety deposit box for safekeeping. This is referred to as custodial possession. The customer could then be given a key so they could get into their safety deposit boxes and have access to the assets. Sometimes the bank would also have a key. When two parties have a key to gain access to the underlying asset, this is referred to as joint custody.

Looking Back

As financial markets grew through the 20th century, the management and transferring of stock certificates, bearer bonds and cash became very unwieldy. In the 1960s, the New York Stock Exchange saw securities trading volume more than double over a span of just 3 years.

Adjusted for inflation, it’s estimated that billions of dollars worth of securities were stolen or lost during this era. A consequence of poor record keeping, insecure mechanisms of transfer, and theft from centralized repositories

The overwhelming trade volume marked the start of the Paper Crisis, which illuminated that the standard deployed by brokers for transferring and record keeping on securities exchanges, which at the time relied largely on paper and pen, was ill-equipped to handle the growing trade volume. This crisis led to dozens of brokerage firms going out of business and the implementation of computers, alongside professional management, to handle the high volume of trading.

Present Day

Today, custody has legally been defined as “. . .holding, directly or indirectly, client funds or securities, or having any authority to obtain possession of them” (17 C.F.R. 275.206(4)-2). This definition, while applicable to the status quo, fails to encompass custody as enabled by the blockchain, which breaks away from the inherent relinquishment of control necessitated by current standards.

The blockchain provides a revolutionary means of tracking, efficiently transacting/exchanging and securely storing assets in a decentralized fashion, in turn offering a solution that can mitigate risks associated with centralized fund storage through the self-custody of assets.

In the following section, we will provide a brief technical overview of how custody of digital assets can function in the emerging digital economy, specifically highlighting how the Ethos Universal Wallet, through Ethos Bedrock, is able to deliver safe and practical solutions to consumers and institutions through building on industry standards.

The Technology: Hierarchical Deterministic Wallet & Bedrock

As you now know, the blockchain enables self-custody of digital assets. Over the past decade, creating a wallet to store your digital assets was a complicated process, requiring individuals to manage independent public and private key pairs for every wallet they wanted to maintain. In order for someone to have 10 Bitcoin address, they would need to manage 10 private keys and 10 public keys… and if that list of lengthy alphanumeric private keys was damaged or lost, there was no simple way to regenerate those missing keys.

Now imagine if there was a way to securely generate 10 private keys and 10 public keys, all derived from and restorable with a single set of words instead of a lengthy alphanumeric string, wouldn’t that be convenient? Enter hierarchical deterministic wallets! Hierarchical deterministic wallets commonly referred to as HD wallets, allow an individual to create a multitude of private/public key pairs without the need for complex backup mechanisms or individual key management by the user.

The Ethos Universal Wallet is built 100% on Ethos Bedrock, with Bedrock being utilized as an institutional-grade custody engine. Bedrock Custody will solve the “custody trifecta” where you have your funds rapid, accessible and secure. Let’s take a dive into how all this works and examine how Ethos is building on industry standards to provide safe and secure custody solutions to consumers and institutions at scale through Ethos Bedrock.


BIP stands for Bitcoin Improvement Proposal. A BIP is a standardized way of introducing proposals for alterations of Bitcoin, including the network protocol, block or transaction validation, and more. BIP-32 describes what HD wallets are and how they operate. An HD wallet is a system for deriving seemingly infinite private/public key pairs from a single point referred to as a seed. This creates a hierarchical tree-like structure of private/public keys.

From a mnemonic phrase, the seed is derived. That is hashed and a master key, also known as a parent key, is derived. From that parent key, you can then derive child keys underneath that. From each of the children, you can derive more child keys, and so on. Think of it as a tree branching out. This structure also allows the owner of the wallet to provide one of the branches, or sub-trees, to someone else and they can then generate more addresses further down that tree.

Deterministic wallets eliminate the need for a user to document every single private/public key because they can be regenerated at any time with the single mnemonic phrase that’s held by the wallet owner


When creating a cryptocurrency wallet, a mnemonic phrase is sometimes generated in order to provide an easier way to remember your private key, instead of having to memorize or document a random alphanumeric string. BIP-39 provides a framework for generating that mnemonic phrase. Sometimes referred to as a “seed phrase,” it’s vital to keep this somewhere safe! The individual in possession of this set of words has full access to the assets associated with the given address, think of it as the combination to an otherwise uncrackable safe.

Under BIP-39, standardized lists of words in different languages are provided and can be used for creating a mnemonic phrase. The English language word list has 2048 words and can be found here.

For the Ethos Universal Wallet, your SmartKey is a 24-word mnemonic phrase (vs the 12-word standard used in many wallets). A single 256-bit seed, 24-word mnemonic provides master encryption for all of the private keys in each wallet you create.

Did you know the number of possible 24-word combinations of 2048 words exceeds the number of atoms on Earth!?


BIP-44 defines a logical hierarchy for deterministic wallets and expands on the capabilities of the HD wallet as defined in BIP-32 to allow for support of different coin types (i.e., BTC, ETH, ADA) and accounts. This allows for a single mnemonic phrase SmartKey to be used to recover seemingly infinite wallet addresses that hold assets across different blockchains.

While Ethos adheres to BIP32 and BIP39, we found BIP44 as it stands would limit the ability for Ethos to provide unique solutions to our users; namely, the ability to dynamically generate addresses for users to receive payment on blockchains they haven’t used, which enables airdrops into wallets where the address has not yet been generated by the user. In considering these benefits along with additional security risks, we decided to pursue a non-standard approach to unlock use cases that will be beneficial to the overall user experience.

Ethos Bedrock utilizes “extended public keys” to securely generate addresses on our servers without having to transmit private keys. These extended public keys are used to generate all child public keys that exist below it in the derivation path – which are then transformed into addresses that follow the scheme defined by each blockchain. For a full description of the mathematics of these extended keys, see the BIP-32 / BIP-44 documentation.

Through unlocking and expanding on the capabilities of the powerful mathematical structure outlined above, consumers and institutions can now have access to industry leading custody solutions at scale.

Looking Forward

While the application of this wallet technology may be clear to our Universal Wallet users who already enjoy the benefits of self-custody and the convenience of a mobile storage solution, it’s important to note that Bedrock also enhances the custody offering for Voyager as well. Through Bedrock, we are opening up support of coins that Voyager’s existing custody partners do not support and increasing the speed to market for new coins. This enhances both the Voyager retail trading application, in addition to the Voyager institutional offering. For both businesses, Ethos helps solve one of crypto retail and institutional markets biggest problems – secure custody.

The combined Bedrock and Voyager B2B offering will enable businesses of all types to build crypto applications rooted in custody, payments, investing and more. Together, we look forward to granting Voyager’s institutional partners access to the powerful custody solutions enabled by Bedrock.

From bearer bonds to blockchain, we have arrived full circle to what the people need, true and secure asset ownership. Individuals and institutions can rest assured that Ethos is here to provide them with unprecedented security over their assets, without sacrificing ready access to rapidly transact and exchange them.

Blockchain Finance - Measuring Decentralization in Crypto Graph

Measuring Decentralization in Crypto

Measure the extent of decentralization in crypto blockchain finance

Measuring Decentralization in Crypto

by Vishal Karir, CFA – Chief Investment Officer

There never were in the world two opinions alike, no more than two hairs or two grains; the most universal quality is diversity. – Michel de Montaigne

The crypto space — with its central promise of decentralization — thrives on a diversity of projects. This post measures the extent of decentralization (diversification) in crypto, reviews its evolution, and provides insights on the nature of the crypto economy.

Decentralization Score

Measures of diversity have been developed in ecology, demography, economics and politics. In this analysis, we use the Herfindahl Score (aka Herfindahl–Hirschman Index) as a measure for decentralization in crypto space. It measures the size of participants in relation to the ecosystem and reflects the competition among them. This Decentralization Score (DS) is the squared sum of weights (market shares) of the participants in a system:

where the w are the weights for the N assets.

DS is frequently used to assess the extent of competition among companies — company market caps in relation to the industry are used to calculate market share. A small score indicates high concentration whereas a larger score indicates a competitive industry. DS can range from 0, for a monopoly, to 1, for a large number of participants with small market shares.

Decentralized cryptocurrency economies will require a wide variety of services as they grow, which we expect will be provided by a large number of projects. In constructing the DS for Crypto, we use market caps (aka network values) of individual projects in relation to total crypto market cap. The market cap of a cryptocurrency project is calculated by multiplying the price of a coin by the number of coins in circulation. The market share — based on the price assigned by investors to various coins — encapsulates the diversity of innovation, philosophies, ideas and investor views in the crypto economy.

Let’s use a few simple examples to illustrate the behavior of the measure. Back in the day when Bitcoin was the only project in the crypto space and had 100% of the market share:

If instead the space had two projects, each with 50% share:

For three projects, where one has 50% market share, and the other two each have 25% share:

And what if there were 100 projects, each with 1% market share:

From above examples, it can be observed that DS rises rapidly — at a quadratic rate — as the number of participants increase, and take market share.

Cryptocurrency is growing and decentralizing rapidly…

The chart below shows crypto DS and market cap since 2013. Both DS and market cap have been rising since 2013, and saw a dramatic uptick in 2017.

The DS underscores investor confidence in the overall crypto economy. It’s been volatile — no surprise there — but has demonstrated a strong uptrend. Higher highs and higher lows have been registered every year since 2013.

Even during the long winter of Bitcoin — from late 2013 to late 2015 — the DScontinued to rise, indicating that the larger crypto economy was still functioning.

Most recently, the DS registered a higher low, and has started rising again after the ~70% drawdown in cypto market cap in the first quarter of 2018. Although market cap is still recovering, the DS is already closing in on its all-time highs.


… number of projects (coins) has been rising…

Number of coins, and hence projects, has grown steadily from a handful in 2013 to over 1500 in 2018. There is also a clear inflection point in 2017 where the number of projects started rising at a faster rate, and the curve steepened significantly.

… and Bitcoin’s market share has been falling.

Although Bitcoin’s market cap has risen significantly over the period, its market share has fallen — from over 90% in 2013 to under 40% at present — while other innovative projects have gained market share.

However, very few projects have been able to retain market share

In the tables below we review the top 10 projects by market share at the end of every year since 2013, and compare with their current market share (at the end of April 2018) to see how they fared.

At the end of 2013, Bitcoin had ~88% market share followed by Litecoin at ~6%, and Ripple at ~2%. Omni and all other coins that featured in the top 10 in 2013 have since lost market share and rank considerably lower at present.

Bitcoin market share dropped to 78% by the end of 2014, Ripple shot up to ~14%. Paycoin rose to ~3% but lost market share rapidly since, and has fallen way down the ranks.

Bitcoin reasserted itself with a ~92% market share in 2015, Ripple’s share fell to 3% and Litecoin ended the year ~2%. Ethereum emerged on the scene and took 1% market share.

Ethereum forked in 2016, and privacy coins like Monero and Dash found positions in the top 10.

2017 was a year of rapid market share erosion for Bitcoin which fell to ~39%. New projects like Cardano and IOTA featured in the top 10.

The crypto leaderboard has changed dramatically year over year, and continues to evolve. This constant change aligns well with crypto’s promise of decentralization, and lowering of barriers for new entrants. Proliferation of new, innovative projects is to be expected in this space.

How does Crypto DS compare with real world economies?

Crypto projects have been likened to economies in several studies — where the crypto network value is analogous to the GDP (Gross Domestic Product) of a real world economy. A comparison of the decentralization in the crypto economy to that witnessed in real economies provides us with a projection for the levels of decentralization crypto could potentially achieve.

Each country is a participant in the world economy. Individual country real-GDP — inflation-adjusted value of goods and services produced in a country over a year — is divided by world real-GDP to calculate its market share. Squared weights are then used to calculate the aggregate DS the same way we did earlier with crypto.

The World Bank makes GDP data available from 1960 to 2016. The DS for real economies was ~85% in the 60s, and has continued to gradually rise.

Information technology and global trade are two major trends that shaped the world economy in recent decades, and contributed to the rising DS. World’s largest corporations operate and compete in a global marketplace. The internet and smart phones continue to bring the world closer — informationally, socially and economically.

Interestingly, crypto economies naturally benefit from both these trends — permissionless and hooked up to the internet, most crypto projects are global out of the box. As can be seen from the above chart, a real world economy changes at a much slower rate as compared to the crypto economy. As crypto begins to live up to its central promises of decentralization and lowering barriers to entry, we expect it’s DS to rise to levels higher than real economies in the future.

What does this mean for crypto investors?

The Decentralization Score is a useful measure for the overall health of the crypto economy. A rising DS indicates that innovation continues to flourish in this young space.

We have witnessed a proliferation of innovative projects in the crypto space. Some of these younger projects will gain market share, while currently dominant projects lose market share over time. There will be several winners. The rising DS for crypto indicates investors should look at a diversified portfolio as a cornerstone of their strategy.

The chart below demonstrates that top 10 coins (Bitcoin + coins ranked from 2 through 10) have been able to capture ~80% share of the crypto market so far. An investor looking to benefit from the growth of the crypto economy — but without the resources to research projects in depth — can opt for a simple market-cap weighted portfolio of top n coins with regular rebalancing based on changing market shares.

At present, there is a dearth of solutions in the crypto space that make it easy to invest in a diversified portfolio. In the US as an example, a few crypto index funds have become available — but only to accredited investors, and the management fees are high when compared with traditional assets. Moreover, the custody is centralized, making such funds a fertile ground for hackers.

Equally importantly, solutions (wallets) that allow for safe and secure access to crypto, one-stop portfolio view, and analytics are also lacking.

We are positive that solutions will become available in the near future. We at are at work solving some of these problems to make crypto accessible to everyone — to build a financial ecosystem that is open, safe and fair for everybody.

As new entrants gain market share and dye the fabric of crypto with vibrant colors, we eagerly await the day when crypto DS crosses higher than world economy DS! Will it happen at crypto speed in the next few weeks/months or will we need to wait longer? We will continue to monitor…


Acknowledgements: Many thanks to Shingo Lavine, Adam Lavine, Stephen Corliss, Kevin Dean Pettit, Dan Caley for their valuable feedback in reviewing this post, and to Aidan Gordon, and Andrew Carpenter for helping build the analytics.

Data sources: crypto data from, real GDP data from World Bank

Blockchains Technology Computers

Blockchains from a Distributed Computing Perspective

Blockchains from a Distributed Computing Perspective by Maurice Herlihy, Brown University


Bitcoin first appeared in a 2008 white paper authored by someone called Satoshi Nakamoto [15], the mysterious deus abscondidus of the blockchain world. Today, cryptocurrencies and blockchains are very much in the news. Much of this coverage is lurid, sensationalistic, and irresistible: roller-coaster prices and instant riches, vast sums of money stolen or inexplicably lost, underground markets for drugs and weapons, and promises of libertarian utopias just around the corner.

This article is a tutorial on the basic notions and mechanisms underlying blockchains, colored by the perspective that much of the blockchain world is a disguised, sometimes distorted, mirror-image of the distributed computing world.

This article is not a technical manual, nor is it a broad survey of the literature (both widely available elsewhere). Instead, it attempts to explain blockchain research in terms of the many similarities, parallels, semi-reinventions, and lessons not learned from distributed computing. This article is intended mostly to appeal to blockchain novices, but perhaps it will provide some insights to those familiar with blockchain research but less familiar with its precursors.



The abstraction at the heart of blockchain systems is the notion of a ledger, an invention of the Italian Renaissance originally developed to support double-entry bookkeeping, a distant precursor of modern cryptocurrencies. For our purposes, a ledger is just an indelible, append-only log of transactions that take place between various parties. A ledger establishes which transactions happened (“Alice transferred 10 coins to Bob”), and the order in which those transactions happened (“Alice transferred 10 coins to Bob, and then Bob transferred title to his car to Alice”). Ledgers are public, accessible to all parties, and they must be tamper-proof: no party can add, delete, or modify ledger entries once they have been recorded. In short, the algorithms that maintain ledgers must be fault-tolerant, ensuring the ledger remains secure even if some parties misbehave, whether accidentally or maliciously.


2.1 Blockchain Ledger Precursors

It is helpful to start by reviewing a blockchain precursor, the so-called universal construction for lock-free data structures [12].

Alice runs an online news service. Articles that arrive concurrently on multiple channels are placed in an in-memory table where they are indexed for retrieval. At first, Alice used a lock to synchronize concurrent access to the table, but every now and then, the thread holding the lock would take a page fault or a scheduling interrupt, leaving the articles inaccessible for too long. Despite the availability of excellent textbooks on the subject [13], Alice was uninterested in customized lock-free algorithms, so she was in need of a simple way to eliminate lock-based vulnerabilities.

She decided to implement her data structure in two parts. To record articles as they arrive, she created a ledger implemented as a simple linked list, where each list entry includes the article and a link to the entry before it. When an article arrives, it is placed in a shared pool, and a set of dedicated threads, called miners (for reasons to be explained later), collectively run a repeated protocol, called consensus, to select which article to append to the ledger. Here, Alice’s consensus protocol can be simple: each thread creates a list entry, then calls a compare-and-swap instruction to attempt to make that entry the new head of the list.

Glossing over some technical details, to query for a recent article, a thread scans the linked-list ledger. To add a new article, a thread adds the article to the pool, and waits for for a miner to append it to the ledger.

This structure may seem cumbersome, but it has two compelling advantages. First, it is universal: it can implement any type of data structure, no matter how complex. Second, all questions of concurrency and fault-tolerance are compartmentalized in the consensus protocol.

A consensus protocol involves a collection of parties, some of whom are honest, and follow the protocol, and some of whom are dishonest, and may depart from the protocol for any reason. Consensus is a notion that applies to a broad range of computational models. In some contexts, dishonest parties might simply halt arbitrarily (so-called crash failures), while in other contexts, they may behave maliciously (so-called Byzantine failures). In some contexts, parties communicate through objects in a shared memory, and in others, they exchange messages. Some contexts restrict how many parties may be dishonest, some do not.

In consensus, each party proposes a transaction to append to the ledger, and one of these proposed transaction is chosen. Consensus ensures: (1) agreement: all honest parties agree on which transaction was selected„ (2) termination: all honest parties eventually learn the selected transaction, and (3) validity: the selected transaction was actually proposed by some party.

Consensus protocols have been the focus of decades of research in the distributed computing community. The literature contains many algorithms and impossibility results for many different models of computation (see surveys in [1, 13]).

Because ledgers are long-lived, they require the ability to do repeated consensus to append a stream of transactions to the ledger. Usually, consensus is organized in discrete rounds, where parties start round r + 1 after round r is complete.

Of course, this shared-memory universal construction is not yet a blockchain, because although it is concurrent, it is not distributed. Moreover, it does not tolerate truly malicious behavior (only crashes). Nevertheless, we have already introduced the key concepts underlying blockchains.


2.2 Private Blockchain Ledgers

Alice also owns a frozen yogurt parlor, and her business is in trouble. Several recent shipments of frozen yogurt have been spoiled, and Bob, her supplier, denies responsibility. When she sued, Bob’s lawyers successfully pleaded that not only had Bob never handled those shipments, but they were spoiled when they were picked up at the yogurt factory, and they were in excellent condition when delivered to Alice’s emporium.

Alice decides it is time to blockchain her supply chain. She rents some cloud storage to hold the ledger, and installs internet-enabled temperature sensors in each frozen yogurt container. She is concerned that sensors are not always reliable (and that Bob may have tampered with some), so she wires the sensors to conduct a Byzantine fault-tolerant consensus protocol [4], which uses several rounds of voting to ensure that temperature readings cannot be distorted by a small number of of faulty or corrupted sensors. At regular intervals, the sensors reach consensus on the current temperature. They timestamp the temperature record, and add a hash of the prior record, so that any attempt to tamper with earlier records will be detected when the hashes do not match. They sign the record to establish authenticity, and then append the record to the cloud storage’s list of records.

Each time a frozen yogurt barrel is transferred from Carol’s factory to Bob’s truck, Bob and Carol sign a certificate agreeing on the change of custody. (Alice and Bob do the same when the barrel is delivered to Alice.) At each such transfer, the signed change-of-custody certificate is timestamped, the prior record is hashed, the current record is appended to the cloud storage’s list.

Alice is happy because she can now pinpoint when a yogurt shipment melted, and who had custody at the time. Bob is happy because he cannot be blamed if the shipment had melted before he picked it up at the factory, and Carol is similarly protected.

Here is a point that will become important later. At every stage, Alice’s supply-chain blockchain includes identities and access control. The temperature sensors sign their votes, so voter fraud is impossible. Only Alice, Bob, and Carol (and the sensors) have permission to write to the cloud storage, so it is possible to hold parties accountable if someone tries to tamper with the ledger.

In the shared-memory universal construction, a linked list served as a ledger, and an atomic memory operation served as consensus. Here, a list kept in cloud storage serves as a ledger, and a combination of Byzantine fault-tolerant voting and human signatures serves as consensus. Although the circumstances are quite different, the “ledger plus consensus” structure is the same.



Alice sells her frozen yogurt business and decides to open a restaurant. Because rents are high and venture capitalists rapacious, she decides to raise her own capital via an intriguing coupon offering (ICO): she sells digital certificates redeemable for discount meals when the restaurant opens. Alice hopes that her ICO will go viral, and soon people all over the world will be clamoring to buy Alice’s Restaurant’s coupons (many with the intention of reselling them at a markup).

Alice is media-savvy, and she decides that her coupons will be more attractive if she issues them as cryptocoupons on a blockchain. Alice’s cryptocoupons have three components: a private key, a public key, and a ledger entry (see sidebar). Knowledge of the private key confers ownership: anyone who knows that private key can transfer ownership of (“spend”) the coupon. The public key enables proof of ownership: anyone can verify that a message encrypted with the private key came from the coupon’s owner. The ledger conveys value: it establishes the link between the public key and the coupon with an entry saying: “Anyone who knows the secret key matching the following public key owns one cryptocoupon”.

Suppose Bob owns a coupon, and decides to transfer half of it to Carol, and keep the other half for himself. Bob and Carol each generates a pair of private and public keys. Bob creates a new ledger entry with his current public key, his new public key, and Carol’s public key, saying: “I, the owner of the private key matching the first public key, do hereby transfer ownership of the corresponding coupon to the owners of the private keys matching the next two public keys”. Spending one of Alice’s cryptocoupons is like breaking a $20-dollar bill into two $10-dollar bills: the old coupon is consumed and replaced by two distinct coupons of smaller value. (This structure is called the unspent transaction output (UTXO) model in the literature.)

Next, Alice must decide how to manage her blockchain. Alice does not want to do it herself, because she knows that potential customers might not trust her. She has a clever idea: she will crowdsource blockchain management by offering additional coupons as a fee to anyone who volunteers to be a miner, that is, to do the work of running a consensus protocol. She sets up a shared bulletin board (sometimes called a peer-to-peer network) to allow coupon aficionados to share data. Customers wishing to buy or sell coupons post their transactions to this bulletin board. A group of volunteer miners pick up these transactions, batch them into blocks for efficiency, and collectively execute repeated consensus protocols to append these blocks to the shared ledger, which is itself broadcast over the bulletin board. Every miner, and everyone else who cares, keeps a local copy of the ledger, kept more-or-less up-to-date over the peer-to-peer bulletin board.

Alice is still worried that crooked miners could cheat her customers. Most miners are probably honest, content to collect their fees, but there is still a threat that even a small number of dishonest miners might collude with one another to cheat Alice’s investors. Alice’s first idea is have miners, identified by their IP addresses, vote via the Byzantine fault-tolerant consensus algorithm [4] used in the frozen yogurt example.

Alice quickly realizes this is a bad idea. Alice has a nemesis, Sybil, who is skilled in the art of manufacturing fake IP addresses. Sybil could easily overwhelm any voting scheme simply by flooding the protocol with “sock-puppet” miners who appear to be independent, but are actually under Sybil’s control.

We noted earlier that the frozen yogurt supply chain blockchain was not vulnerable to this kind of “Sybil attack” because parties had reliable identities: only Alice, Bob, and Carol were allowed to participate, and even though they did not trust one another, each one knew they would be held accountable if caught cheating. By contrast, Alice’s Restaurant’s cryptocoupon miners do not have reliable identities, since IP addresses are easily forged, and a victim would have no recourse if Sybil were to steal his coupons.

Essentially the same problem arises when organizing a street gang: how to ensure that someone who wants to join the gang is not a plain-clothes police officer, newspaper reporter, or just a freeloader? One approach is what sociologists call costly signaling [21]: the candidate is required to do something expensive and hard to fake, like robbing a store, or getting a gang symbol tattoo.

In the public blockchain world, the most common form of costly signaling is called proof of work (PoW). In PoW, consensus is reached by holding a lottery to decide which transaction is appended next to the ledger. Here is the clever part: buying a lottery ticket is a form of costly signaling because, well, it is costly: expensive in terms of time wasted and electricity bills. Sybil’s talent for impersonation is useless to her if each of her sock puppet miners must buy an expensive, long-shot lottery ticket.

Specifically, in the PoW lottery, miners compete to solve a useless puzzle, where solving the puzzle is hard, but proving one has solved the puzzle is easy (see sidebar). Simplifying things for a moment, the first miner to solve the puzzle wins the consensus, and gets to choose the next block to append to the ledger. That miner also receives a fee (another coupon), but the other miners receive nothing, and must start over on a new puzzle.

As hinted, the previous paragraph was an oversimplification. In fact, PoW consensus is not really consensus. If two miners both solve the puzzle at about the same time, they could append blocks to the blockchain in parallel, so that neither block precedes the other in the chain. When this happens, the blockchain is said to fork. Which block should subsequent miners build on? The usual answer is to build on the block whose chain is longest, although other approaches have been suggested [19].

As a result, there is always some uncertainty whether a transaction on the blockchain is permanent, although the probability that a block, once on the blockchain, will be replaced decreases exponentially with the number of blocks that follow it [8]. If Bob uses Alice’s cryptocoupons to buy a car from Carol, Carol would be prudent to wait until Bob’s transaction is fairly deep in the blockchain to minimize the chances that it will be displaced by a fork.

Although PoW is currently the basis for the most popular cryptocurrencies, it is not the only game in town. There are multiple proposals where cryptocurrency ownership assumes the role of costly signaling, such as Ethereum’s Casper [2] or Algorand [9]. Cachin and Vukolic [3] give a comprehensive survey of blockchain consensus protocols.


3.1 Discussion

The distinction between private (or permissioned) blockchain systems, where parties have reliable identities, and only vetted parties can participate, and public (or permissionless) blockchain systems, where parties cannot be reliably identified, and anyone can participate, is critical for making sense of the blockchain landscape.

Private blockchains are better suited for business applications, particularly in regulated industries, like finance, subject to know-your-customer and anti-money-laundering regulations. Private blockchains also tend to be better at governance, for example, by providing orderly procedures for updating the ledger protocol [11]. Most prior work on distributed algorithms has focused on systems where participants have reliable identities.

Public blockchains are appealing for applications such as Bitcoin, which seek to ensure that nobody can control who can participate, and participants may not be eager to have their identities known. Although PoW was invented by Dwork and Naor [6] as a way to control spam, Nakamoto’s application of PoW to large-scale consensus was a genuine innovation, one that launched the entire blockchain field.



Most blockchain systems also provide some form of scripting language to make it easier to add functionality to ledgers. Bitcoin provides a rudimentary scripting language, while Ethereum [7] provides a Turing-complete scripting language. Such programs are often called smart contracts (or contracts) (though they are arguably neither smart nor contracts).

Here are some examples of simple contract functionality. A hashlock h prevents an asset from being transferred until the contract receives a matching secret s, where h = H(s), for H a cryptographic hash function (see sidebar). Similarly, a timelock t prevents an asset from being transferred until a specified future time t.

Suppose Alice wants to trade some of her coupons to Bob in return for some bitcoins. Alice’s coupons live on one blockchain, and Bob’s Bitcoin live on another, so they need to devise an atomic cross-chain swap protocol to consummate their deal. Naturally, neither one trusts the other.

Here is a simple protocol. Let us generously assume 24 hours is enough time for anyone to publish a smart contract on either blockchain, and for the other party to detect that that contract has been published.

• Alice creates a secret s, h = H(s), and publishes a contract on the coupon blockchain with hashlock h and timelock 48 hours in the future, to transfer ownership of some coupons to Bob.

• When Bob con rms that Alice’s contract has been published on the coupon blockchain, he publishes a contract on the Bitcoin blockchain with the same hashlock h but with timelock 24 hours in the future, to transfer his bitcoins to Alice.

• When Alice confirms that Bob’s contract has been published on the Bitcoin blockchain, she sends the secret s to Bob’s contract, taking possession of the bitcoins, and revealing s to Bob.

• Bob sends s to Alice’s contract, acquiring the coupons and completing the swap.

function withdraw(uint amount) {

client = msg.sender;

if (balance[ client ] >= amount} {

if ({

balance[ client ] −= amount;


Fig. 1. Pseudocode for DAO-like contract

function sendMoney(unit amount) {

victim = msg.sender;

balance += amount;

victim . withdraw(amount)


Fig. 2. Pseudocode for DAO-like exploit

• Bob sends s to Alice’s contract, acquiring the coupons and completing the swap.

If Alice or Bob crashes during steps one or two, then the contracts time out and refund their assets to the original owners. If either crashes during steps three and four, then only the party who crashes ends up worse off. If either party tries to cheat, for example, by publishing an incorrect contract, then the other party can simply halt and its asset will be refunded. Alice’s contract needs a 48-hour timelock to give Bob enough time to react when she releases her secret before her 24 hours are up.

This example illustrates the power of smart contracts. There are many other uses for smart contracts, including offchain transactions [16], where assets are transferred back and forth off of the blockchain for efficiency, using the blockchain only to settle balances at infrequent intervals.


4.1 Smart Contracts as Objects

A smart contract resembles an object in an object-oriented programming language. A contract encapsulates long-lived state, a constructor to initialize that state, and one or more functions (methods) to manage that state. Contracts can call one another’s functions.

In Ethereum, all contracts are recorded on the blockchain, and the ledger includes those contracts’ current states. When a miner constructs a block, if fills that block with smart contracts and executes them one-by-one, where each contract’s final state is the next contract’s initial state. These contract executions occur in order, so it would appear that there is no need to worry about concurrency.


4.2 Smart Contracts as Monitors

The Decentralized Autonomous Organization (DAO) was an investment fund set up in 2016 to be managed entirely by smart contracts, with no direct human administration. Investors could vote on how the fund’s funds would be invested. At the time, there were breathless journalistic accounts explaining how the DAO wold change forever the shape of investing [17, 20].

Figure 1 shows a fragment of a DAO-like contract, illustrating a function that allows an investor to withdraw funds. First, the function extracts the client’s address (Line 2), then checks whether the client has enough funds to cover the withdrawal (Line 3). If so, the funds are sent to the client through an external function call (Line 4), and if the transfer is successful, the client’s balance is decremented (Line 5).

This code is fatally flawed. In June 2016, someone exploited this function to steal about $50 million funds from the DAO. As noted, the expression in Line 3 is a call to a function in the client’s contract. Figure 2 shows the client’s code. The client’s contract immediately calls withdraw() again (Line 4). This re-entrant call again tests whether the client has enough funds to cover the withdrawal (Line 3), and because withdraw() decrements the balance only after the nested call is complete, the test erroneously passes, and the funds are transferred a second time, then a third, and so on, stopping only when the call stack overflows.

This kind of re-entrancy attack may at first glance seem like an exotic hazard introduced by a radically new style of programming, but if we change our perspective slightly, we can recognize a pitfall familiar to any undergraduate who has taken a concurrent programming course.

First, some background. A monitor is a concurrent programming language construct invented by Hoare [14] and Brinch Hansen [10]. A monitor is an object with a built-in mutex lock, which is acquired automatically when a method is called and released when the method returns. (Such methods are called synchronized methods in Java.) Monitors also provide a wait () call that allows a thread to releases the monitor lock, suspend, eventually awaken, and reacquire the lock. For example, a thread attempting to consume an item from an empty bu er could call wait () to suspend until there was an item to consume.

The principal tool for reasoning about the correctness of a monitor implementation is the monitor invariant, an assertion which holds whenever no thread is executing in the monitor. The invariant can be violated while a thread is holding the monitor lock, but it must be restored when the thread release the lock, either by returning from a method, or by suspending via wait () .

If we view smart contracts through the lens of monitors and monitor invariants, then the re-entrancy vulnerability looks very familiar. An external call is like a suspension, because even though there is no explicit lock, the call makes it possible for a second program counter to execute that contract’s code concurrently with the first program counter. The DAO-like contract shown here implicitly assumed the invariant that each client’s entry in the balance table reflects its actual balance. The error occurred when the invariant, which was temporarily violated, was not restored before giving up the (virtual) monitor lock by making an external call.

Here is why the distributed computing perspective is valuable. When explained in terms of monitors and monitor invariants, the reentrancy vulnerability is a familiar, classic concurrency bug, but when expressed in terms of smart contracts, it took respected, expert programmers by surprise, resulting in substantial disruption and embarrassment for the DAO investors, and required essentially rebooting the Ethereum currency itself [5].


4.3 Smart Contracts as Read-Modify-Write Operations

The ERC20 token standard is the basis for many recent initial coin offerings (ICOs), a popular way to raise capital for an undertaking without actually selling ownership. The issuer of an ERC20 token controls token creation. Tokens can be traded or sold, much like Alice’s Restaurant’s coupons discussed earlier. ERC20 is a standard, like a Java interface, not a particular implementation.

An ERC20 token contract keeps track of how many tokens each account owns (the balances mapping at Line 3), and also how many tokens each account will allow to be transferred to each other account (the allowed mapping at Line 5). The approve() function (Lines 9-13) adjusts the limit on how many tokens can be transferred at one time to another account. It updates the allowed table (Line 10), and generates a blockchain event to make these changes easier to track (Line 11). The allowance () function queries this allowance (Lines 14-16).

The transferFrom function (Lines 17-23) transfers tokens from one account to another, and decreases the allowance by a corresponding amount. This function assumes the recipient has su cient allowance for the transfer to occur.

Here is how this specification can lead to undesired behavior. Alice calls approve() to authorize Bob to transfer as many as 1000 tokens from her account to his. Alice has a change of heart, and issues a transaction to reduce Bob’s allowance to a mere 100 tokens. Bob learns of this change, and before Alice’s transaction makes it onto the blockchain, Bob issues a transferFrom () call for 1000 tokens to a friendly miner, who makes sure that Bob’s transaction precedes Alice’s in the next block. In this way, Bob successfully withdraws his old allowance of 1000 tokens, setting his authorization to zero, and then, just to spite Alice, he withdraws his new allowance of 100 tokens. In the end, Alice’s attempt to reduce Bob’s allowance from 1000 to 10 made it possible for Bob to withdraw 1100 tokens, which was not her intent.

In practice, ERC20 token implementations often employ ad-hoc workarounds to avoid this vulnerability, the most common being to redefine the meaning of allow () so that it will reset an allowance from a positive value to zero, and in a later call, from zero to the new positive value, but will fail if asked to reset an allowance from one positive value to another.

The problem is that approve() blindly overwrites the old allowance with the new allowance, regardless of whether the old allowance has changed. This practice is analogous to trying to implement an atomic decrement as shown in Figure 4. Here, the decrement method reads the shared counter state into a local variable (Line 4), increments the local variable (Line 5), and stores the result back in the shared state (Line 6). It is not hard to see that this method is incorrect if it can be called by concurrent threads, because the shared state can change between when it was read at Line 4 and when it was written at Line 6. When explained in terms of elementary concurrent programming, this concurrency flaw is obvious, but when expressed in terms of smart contracts that ostensibly do not need a concurrency model, the same design flaw was immortalized in a token standard with a valuation estimated in billions of dollars.


4.4 Discussion

We have seen that the notion that smart contracts do not need a concurrency model because execution is single-threaded is a dangerous illusion. Sergey and Hobor [18] give an excellent survey of pitfalls and common bugs in smart contracts that are disguised versions of familiar concurrency pitfalls and bugs. Atzei et al. provide a comprehensive survey of vulnerabilities in Ethereum’s smart contract design.



Radical innovation often emerges more readily from outside an established research community than from inside. Would Nakamoto’s original Bitcoin paper have been accepted to one of the principal distributed conferences back in 2008? We will never know, of course, but the paper’s lack of a formal model, absence of rigorous proofs, and lack of performance numbers would have been a handicap.

Today, blockchain research is one of the more vibrant areas of computer science, with the potential of revolutionizing how our society deals with trust. The observation that many blockchain constructs have underacknowledged doppelgängers (or at least, precursors) is not a criticism of either research community, but rather an appeal to each side to pay more attention to the other.



Modern cryptography is based on the notions of matching public and private keys. Any string encrypted by one can be decrypted by the other. Encrypting a message with Alice’s public key yields a message only Alice can read, and encrypting a message with Alice’s private key yields a digital signature, a message everyone can read but only Alice could have produced.



A cryptographic hash function H(·) has the property that for any value v, it is easy to compute H (v ), but it is infeasible to discover a v′ ≠ v such that H(v′) = H(v).



Here is puzzle typical of those used in PoW implementations. Let b be the block the miner wants to append to the ledger, H(·) a cryptographic hash function, and “·” concatenation of binary strings. The puzzle is to find a value c such that H(b · c) < D, where D is a difficulty setting (the smaller D, the more difficult). Because H is difficult to invert, there is no way to find c substantially more efficient than exhaustive search.

contract ERC20Example {

// Balances for each account

mapping(address=>uint256) balances;

// Owner of account approves the transfer of an amount to another account

mapping(address=>mapping(address=>uint256)) allowed;

// other fields omitted


// Allow spender to withdraw from your account , multiple times, up to the amount .

function approve(address spender, uint amount) public returns (bool success) { allowed[msg.sender][spender] = amount; // alter approval Approval(msg.sender, spender, amount); // blockchain event

return true;


function allowance(address tokenOwner, address spender) public returns ( uint remaining) {

return allowed[tokenOwner][spender]; }

function transferFrom(address from, address to, uint tokens) public (bool success) { balances[from] = balances[from].sub(tokens );

allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens );

balances[to] = balances[to].add(tokens);

Transfer(from, to, tokens);

return true; }

... // other functions omitted


Fig. 3. ERC20 Token example

class Counter {

 private int counter;

 public void dec() {

  int temp = counter;
   temp = temp + 1;
   counter = temp; 



Fig. 4. An incorrect atomic decrement operation 

To view the original PDF of this article including References, click here.

How Ethos Cryptocurrency Wallet Smart Keys Keep Money Secure

Ethos Smart Keys: How Cryptocurrency Enables Consumers to Protect and Own Their Money

Ethos Cryptocurrency Wallet Smart Keys

How the Universal Cryptocurrency Wallet Smart Keys Enables Consumers to Protect and Own Their Money


Cryptocurrencies, such as Bitcoin and Ethereum, bring unique benefits to the world of personal finance by pairing the ability to own and store your digital assets in a cryptocurrency wallet, with the ability to cheaply, securely and almost instantly transfer them to others.

A blockchain, simply put, is an open record keeping system that’s maintained by a peer-to-peer network where everyone has access to read and potentially write data. Because of the open nature of blockchain, it’s absolutely necessary that all the data on the chain is verifiable as authentic and can’t be manipulated after the fact. To guarantee that all of our transactions are authentic, we turn to cryptography which gives us the ability to generate digital signatures and fingerprints.

The Ethos Cryptocurrency Wallet Smart Key is a unique digital signature that is used to verify the authenticity of transactions originating from your wallet. Any time a digital asset is transferred out of your Ethos Universal Multi Cryptocurrency Wallet, your Smart Keys will provide the authorization needed to execute the transaction. Ethos Keys are “Smart” because your one key represents all of your funds, regardless of what form of cryptocurrency you are using. This allows you to backup and restore all of your wallets with a single key phrase.

How safe is it?

Ethos leverages well-tested cryptographic standards and methods to ensure that your Universal Wallet uses an extremely high degree of security. The passphrase is 24 words (vs the 12 word standard used in many wallets) and the keys themselves are 256 bit, meaning uncrackable.

As discussed in the next few sections, the bulk of the security offered by the Ethos Universal Cryptocurrency Wallet and Smart Keys comes from modern cryptographic techniques, such as public-key and elliptic-curve cryptography, and their ability to generate secure and verifiable digital signatures and fingerprints. Let’s first consider some background to fully understand the mathematical magnitude of the protection.

Ciphers, Hashes, and Digital Fingerprints

The concept of a cipher is fundamental to cryptography. The roots of cryptographic hashing go back to 50 BC, during the reign of Julius Caesar and the Roman Empire. At that time, the official means of communication was a courier service that was highly vulnerable to espionage and interception. To throw off their enemies, the emperor and his consul would communicate by scrambling the letters of their messages before sending them. Upon receipt of a message, the letters would have to be unscrambled to reveal the original message.

One method of doing this was to shift every letter over by one, so that every instance of the letter ‘a’ would be replaced by ‘b’, ‘b’ would be replaced by ‘c’, and so on. This now commonly referred to as a Caesar Cipher, or a Shift Cipher, because the method to conceal the message is simply shifting each letter over one.

In this case the message ‘hello’ would become ‘ifmmp’ and the courier tasked with delivering it would ideally not be aware of the method used to scramble the message. Anyone who intercepted this message would also not know what to make of the seemingly nonsensical message. The “key” in this example is the method of encoding the message.

Over the next two thousand years, this idea of a cipher was further developed into that of a cryptographic hash, which in simple terms is a more sophisticated way of scrambling a message so that it’s very difficult to reverse. Hashes also have the property of, given some data, being able to reliably create a unique digital fingerprint of that data.

Everytime you submit a transaction to the blockchain, a fingerprint of your transaction is created and used to link the blocks in the blockchain, ensuring that the data in each block hasn’t been manipulated. For example, if you spend one bitcoin and someone tries to go back and manipulate the record to say you spent 10 bitcoin, it would invalidate all of the fingerprints in the blockchain leading back to that transaction.

Digital Signatures

Public Key Cryptography

Equally fundamental to the field of modern cryptography is the concept of Public Key Cryptography. In Public Key Cryptography there is the notion of a shared public-key that can be used by anyone to encrypt a message; then only you, with the corresponding private-key can decrypt to read the original message.

One of the most important properties of Public Key Cryptography is that, given a key-pair, its possible to generate a signature, digital proof of ownership of addresses that derive from your key. So whenever you send a transaction to the blockchain, it includes a signature proving that you are the owner of that address and therefore authorized to make that transaction. If the signature doesn’t match the public wallet address, the transaction is deemed to be unauthorized and is rejected by the network.

Elliptic Curve Cryptography

Elliptic Curve Cryptography is a type of Public Key Cryptography that makes private and public key generation even more secure due to the mathematical properties of elliptic curves that make it extremely difficult to reverse engineer the private key from the public keys.

Ethos Smart Keys are created from a cryptographically random number known as a seed. Sometimes seeds are created by a random number generator. However, this isn’t 100 percent secure because sometimes a hacker can re-generate a random number by knowing when it was generated and using a timestamp.

To ensure a higher degree of randomness, you generate your seed with a combination of a random number and another random number created by shaking your phone the first time you open the app. The unique signal from this process ensures that no one will be able to guess a non-random seed like your birthday, phone number, or a timestamp.

This seed is then used to generate private and public key-pairs on a secp256k1 Elliptic Curve, the results of which are hashed several times and encoded to reveal your public wallet addresses. By creating your Smart Keys this way, you can safely share your public keys and rest assured that only you have access to spend the funds in those wallets with your private key.

A Brave New World

Now that you know a little bit about the technology we use to secure your Universal Cryptocurrency Wallet app, you might want to know exactly what we’re protecting you against. The follow are the most common exploits that are used by “bad actors” to gain control of your funds.

Jailbreaking and Mobile Security

Jailbreaking is a popular method of unlocking non-standard features on your mobile device. While this can be an easy and fun way to personalize your phone, doing so goes around some very important security features of your phone, and can give unauthorized apps the ability to snoop around your phone and potentially sniff out your keys.

While the Ethos Universal Cryptocurrency Wallet does everything it can to secure your keys on your phone, it’s very important that you never jailbreak your phone or install apps that aren’t approved by the app store. We can’t emphasize enough how important it is that you never use the Ethos Universal Wallet on a jailbroken phone.

Dictionary Attacks: Cracking Passwords

Someone who wants to gain unauthorized access to your cryptocurrency funds is going to be most interested in finding out your private key. To crack a password, or in this case a key, a hacker would typically use a “brute force” method and employ what is commonly known as a “Dictionary Attack.” This method involves a linear search through a dictionary of common words, comparing passwords systematically against each word until a match is found. While this may sound like a lot of work, remember that an average computer alone can execute billions of operations per second.

Hypothetically, say someone were to chose the very insecure password “castle”. A dictionary attack on this password would take about 3 seconds, which is the time it would take a computer to try all of the words in the dictionary before “castle” is found as a possible password.

Let’s add a little bit more complexity to this password by adding a random number to the end of it, for example, “castle123”. This seemingly more complex password still takes only 27 seconds to hack.

Stringing together dictionary words, ie, “castleone” would take considerably more time to hack (11 days, 8 hours) but still within the realm of possibility for a properly motivated hacker with the right equipment.



Good News: There’s Safety in Numbers

As demonstrated, adding just one additional word to a password provides an exponential increase in its security. If we take this idea to the next level, we can quickly generate a password that would take an unimaginable amount of time and energy to guess, with even the most sophisticated computers available.



Even considering that every 18-months, new computers with twice the computational power are released at half the price, a 12-word password will still be secure for generations to come. And to be extra secure, Ethos uses 24-word passwords.

Introducing the Ethos Cryptocurrency Wallet Smart Keys

An Ethos SmartKey is a unique 256-bit key signature that is yours and yours only. It is generated and secured on your mobile device, and should also be written down on a piece of paper, aka “paper wallet”, and stored in a safe place or memorized.



When you open the Ethos Universal Multi Cryptocurrency Wallet App for the first time, you are asked to shake your phone to create your first wallet. The shaking motion generates a random number that is impossible to recreate, and your key is generated on your phone based on that random number.

Your key is then automatically mapped to a 24 word phrase that gives you the convenience of backing up and restoring your wallets with an easy to read mnemonic. It’s very important that you physically write this phrase down and keep it in a safe place in case you lose your phone. When you get a new phone you can restore all of your wallets easily by entering the backup-phrase.


Important SmartKey Safety Tips

  • Write your backup phrase down in a private place away from any cameras or windows.
  • Never copy / paste your private key, always type it in.
  • Do not store private keys on services like Google Drive or Dropbox
  • Never share your private keys.
  • Reputable firms will never ask for your private keys via email, phone or chat.

How many SmartKeys are there?

SmartKeys are generated with a unique 256-bit signature. There are over 340 trillion trillion trillion different possible SmartKey combinations. To put this number in perspective, that’s more than the number grains of sand on Earth. That’s even more than the number of known stars in our universe. That’s over forty-five octillion possible SmartKeys for every man, woman and child on planet earth; So there are plenty to go around.

SmartKeys and Hierarchical Deterministic Wallets

Under the hood, the Ethos Universal Wallet is built on the BIP-32: Hierarchical Deterministic Wallet specification developed by the Bitcoin developer community. While many Bitcoin exchanges have been hacked, generally with phishing or database hacks, no one has yet to mathematically break or reverse engineer a BIP-32 wallet despite hundreds of billions of dollar equivalent as bait. The underlying algorithms have been battle-tested with trillions of dollars of transactions. In other words, its among the most secure cryptographic standards on earth.


Ethos Universal Cryptocurrency Wallet and Smart Keys:

  • Generates an astronomically complex, and cryptographically secure key that prevents anyone from spending from your wallet.
  • Maps this key to a set of 24 words enabling you to restore your wallet easily.
  • Stores multiple types of digital assets including Bitcoin, Ethereum and ERC20 Tokens.


The Ethos Universal Cryptocurrency Wallet is designed for you to store and secure a wide variety of coins/tokens with a single Smart Key and backup-phrase. We leverage decades of cryptographic research in addition to widely used industry standards that enable the self-custody of your assets, as well as their safe transmission and backwards compatibility with popular devices such as the Ledger Nano S and Trezor hardware wallets.

Blockchain Finance Disrupting Traditional Financial Frameworks & Enabling Self-Custody

Hey Everyone!

Shingo here this time for the Ethos Educational Series to talk to you a little bit about custody & blockchain finance. On the previous segment of this series, Stephen Corliss talked about many ideas relating to the legal framework of how a “decentralized digital asset based system” fits into the wider capital markets scene from a regulatory perspective. There are a ton of big ideas in that piece, but one of the most important that we will continue to highlight is the issue of custody.

Myself and Stephen engage every day on Telegram and answer big questions relating to the vision and mission of Ethos. We at Ethos believe in community engagement and in educating our audience. In the spirit of Socrates and the format of Telegram, this piece is structured as a dialogue for you to better understand the complex issues that surround the traditional industry and how the crypto industry is poised to change it all.

Scientia sit Potentia – “Let Knowledge be Power”

Hey Shingo, so what is custody?

Well, the legal definition of custody is in rule 206(4)-2(c)(1) which is defined as the following:

“Custody means holding, directly or indirectly, client funds or securities, or having any authority to obtain possession of them. You have custody if a related person holds, directly or indirectly, client funds or securities, or has any authority to obtain possession of them, in connection with advisory services you provide to clients.“

For an example of this we turn to the SEC who states, “advisers have custody where the adviser has possession of client funds and securities or has power of attorney to sign checks on a client’s behalf, to withdraw funds or securities from the client’s account, including fees, or to otherwise dispose of a client’s assets for any purpose other than authorized trading.”

While this is the U.S. definition, OECD (Organisation for Economic Co-operation and Development) jurisdictions, which include many of the world’s developed economies, follow similar definitions. With the legal definition in mind, the concept of custody is quite simple.

Think of a custodian as anyone who holds assets which aren’t theirs. Banks custodize funds that you deposit with them. Your brokerage has custody over the securities you buy. Qualified Custodians are an integral component of existing capital markets and collectively hold very large sums of wealth. It is very likely that unless you hold all of your money in cash or cryptocurrency and live completely detached from the financial system, that you have some percentage of your assets are stored with a custodian.

…and that isn’t necessarily a bad thing! Custodians provide many important services that power traditional capital markets which are unlikely to go anywhere anytime soon.

Ok… so if custodians aren’t going away, then why is custody such an important issue for cryptocurrency?

Thought you would never ask! Custody is one of the most important contemporary issues within the financial industry. The reason there are so many legal controls and regulations around custody is because of all the mishaps that can occur when you entrust another party with your assets. If you have a system where you hope someone will act ethically with zero accountability… well, if human nature has taught us anything, regrettably sometimes they don’t. Understandably, this is an issue that the SEC has had to prosecute and enforce on numerous occasions,,,,,,….. making any solution that can comprehensively tackle this problem quite attractive.

Crypto & Blockchain Finance is exciting in that it enables forms of custody that are impossible in the traditional world. Cryptocurrencies and Distributed Ledger Technology (DLT) disrupt traditional trust paradigms and maintain enforceability. Crypto and DLT can reduce or even eliminate conflicts of interest by disintermediating trust and enabling people to self-custodize their own assets. While one way of reducing conflicts of interest is to separate custodians and advisers, or broker dealers, and ensure “operational independence” (an idea that becomes particularly important when we encounter nontraditional key management schemes), a more ideal way would be to utilize the technology that crypto offers in order to eliminate conflicts of interest altogether and make fraud impossible. When you don’t have access to assets at all, it is impossible for others to utilize them fraudulently or recklessly.

Crypto and DLT are often more open and transparent than existing fiat currency structures, through crypto’s use of public ledgers, an immutable transaction history, and an auditable chain of transaction IDs. This technology has the power to provide everyone additional protections through a regulatory framework that compels individuals and institutions to be more ethical and transparent in an open financial ecosystem – a future that is truly for everyone.

That sounds great! You and Stephen often talk a lot about “self-custody” – how does that fit into these custody issues?

Very broadly, the idea of self-custody is quite simple and familiar. Self-custody is when each individual user is the custodian of their assets rather than an advisor, investment company, broker-dealer, exchange or other qualified custodian. The idea behind self-custody is nothing new; People have hidden money or golden doubloons under their mattresses for centuries before cryptocurrencies and DLT came along. Hiding money or gold under one’s mattress often came with many issues, most notably that it is quite difficult to spend and transact using the money that is hidden under the mattress. In digital self-custody, individuals gain all the benefits of directly owning an asset while being able to remain connected to the wider economy.

This point, as highlighted in the previous educational piece by Stephen, is particularly important as there are many direct and indirect benefits of owning an asset that have been taken away from the individual and moved to the intermediary. This often makes the true “beneficial owner” the institution even if you are the real “owner” of a given asset.

Wait… What do you mean I’m not the beneficial owner? When I put my assets somewhere, I still own them right?

For the most part, you do “own” the asset, but it is a bit more nuanced than that. Every day, you give up the benefits of direct ownership over your assets. When you deposit money with a bank, you are giving that bank permission to lend out your money for a profit so long as they keep your money accessible when you need it. In return, they provide you with all sorts of banking services which include value transfer mechanisms (Wire/ACH), commerce infrastructure (Debit/Credit cards) and loans to finance your own businesses or endeavors. While these services undoubtedly have many benefits, it is an issue when participation in this system is mandatory if one wishes to partake in the wider financial system.

Another way of looking at the issue of the unbanked is to look at people who don’t have access to traditional custody schemes which are currently required to participate in the larger financial ecosystem. A way to solve this issue would be to architect an alternate financial ecosystem that has the ability to service these individuals. This is a philosophical and ethical allure that cryptocurrencies hold and is something that is deeply woven into the mission and vision of Ethos.

Traditional custody has surreptitiously transferred the beneficial ownership of an asset from the individual to the institution with no tangible benefits to the investor whose capital is at risk.

That doesn’t sound too great, but what are these beneficial ownership rights and what happens to them?

This issue is quite complex and not as cut-and-dry as “intermediaries are stealing from us” which is often the narrative pushed by many crypto communities. Intermediaries do, and always will, have a role to play in servicing the investor. Just like you aren’t going to go out and make your own ketchup because Heinz is stealing from consumers, you’re not going to go out and create your own ETF because you want nothing to do with the financial industry. What crypto and DLT can do is make the financial system more transparent, ethical, fair and accessible to the individual.

Paraphrasing Stephen from the previous educational piece:

“Over-intermediation has acted as a transfer mechanism where most benefits of asset ownership have shifted from the consumer to financial industry participants. Consumers and investors have unknowingly lost valuable rights associated with share ownership. The Securities Financing Market is a significant example of how financial intermediaries derive value from customer’s assets on their balance sheet in collateralized transactions. New commingled fund structures transfer shareholder influence away from individual consumers to financial intermediaries. Individual shareholder voices have been muted and replaced by financial intermediaries. It is important to educate the individual and encourage every participant to exercise their rights as this is an extremely effective avenue for large scale, sweeping, corporate change.“


So what happens to the custodians?

The custodians will still be doing what they do best – taking custody of assets. In the new economy, however, custodians, and in particular consumer banks, won’t be a requirement to participate. Each individual will be able to self-custodize their own assets in a digital wallet (like the Ethos Universal Wallet!) and securely transact and participate with the world economy. Commercial banking won’t be going away, but will rather become a service that people can opt into to in order to keep their assets safe with a trusted third party.

Although Stephen will cover this in a follow-on piece, as a society we must not overlook the critical importance of placing our assets back into the economy, rather than keeping them hidden entirely under our mattresses. In capital markets, this process is known as monetary policy transmission and involves the movement of capital from depositors to borrowers through lending that occurs throughout the financial system.

Commercial/Investment banks, clearinghouses and qualified custodians should be largely unaffected by self-custody as they are necessary participants for a sophisticated financial ecosystem. However, the over-intermediation that exists within the financial industry will be eased which should reduce costs for investors and provide consumers with additional rights and privileges that are associated with direct ownership over an asset.

And Ethos?

Ethos is building the infrastructure for this economic ecosystem. Starting from the Universal Wallet which will allow users to self-custodize all their digital assets and expanding out to a robust set of technologies that will power the next generation of financial applications.

At Ethos, our mission is to build a financial ecosystem that is open, safe and fair for everybody, because the future, is for everyone.

Thank you,

Shingo Lavine
Founder and CEO

Decentralized Digital Asset Legal Framework: Crypto, Blockchain & Financial Industry Participants

Decentralized Digital Asset Legal Framework: Crypto, Blockchain & Financial Industry Participants

Part IV of our Strategy Series with Ethos Chief Global Strategist, Stephen Corliss

The concept of a decentralized digital asset based system in global capital markets and financial services has unsurprisingly caused major concerns amongst global lawmakers, regulators, central banks and financial industry participants. Some of this concern is driven by the Crypto and Blockchain Industry itself by continuous and often imprudent appeals for the immediate removal of trusted parties across all industries. However, it appears most of the current concerns stem from a lack of understanding by industry leaders of how these capabilities can be carefully applied to existing market infrastructures. In order to dispel the rumors and misinformation, this continues a series of articles that will provide context on how companies like Ethos are applying Distributed Ledger Technology & Cryptocurrency solutions across global finance and capital markets in a compliant and prudent manner, while also preserving the many benefits to consumers afforded by them.

We begin by first describing how Ethos applies this concept of a “decentralized digital asset based system” on a dynamic platform to create the first hybrid asset financial ecosystem. The Ethos Platform will be an open ecosystem, powered by the ETHOS Utility Token, where dynamic financial products and services involving both traditional and crypto assets are offered and delivered directly to consumer balance sheets in a hybrid self-custodied model. What this means is Ethos delivers a new multi-sided barter protocol, or utility, that enables economic actors, Households, Firms (or Developers) and Governments, to transact in a p2p / p2b / b2b manner. Notice I specifically refer to “consumer balance sheets” as consumers will truly be reaping the rewards of owning and holding an asset.

In this model, rather than relinquishing control of personal assets to financial stewards as part of the current intermediated system, Households maintain control, or rights with regards to traditional assets, over their personal or household balance sheets in a hybrid self-custodied model, allowing asset owners to maximize their own utility. The Ethos platform will enable users to either exchange goods (tangible property) directly with one another via the ETHOS token or exchange goods (tokens or other representational assets) for products and services (intangible property) directly with Producers (or Firms), in both a trustless or trusted manner. This blends the best of both traditional and crypto frameworks into an all-inclusive hybrid solution that can fit every participant’s needs.

Although this may appear complex at first glance, this new paradigm in global finance and capital market structures consists of one central difference, which involves the shift of asset stewardship from financial firms to households. This basic shift is powerful for consumers and society at large, as it maximizes asset owners’ ability to increase their economic utility, recognizable not only from satisfaction associated with consumption of products and services driven by form, time, place and possession – but rather a broad sense of well being stemming from less recognizable “social benefits incidental to financial asset-ownership”.

We will return to this concept of “social benefits incidental to financial asset ownership” in a later more in-depth article, but before moving on it is important to understand some of the motivations for why many consumers, households, or investors desire the ability to have self-custody their own assets. Whether as a result of unintended consequences from the 1960’s Paperwork Crisis, regulation, new products, or competitive forces, it is indisputable that the over-intermediation of the financial industry has acted as a transfer mechanism where most benefits of asset ownership, aside from dividends and price appreciation or depreciation, have shifted from the consumer to financial industry participants. The Securities Financing Market is a basic yet significant example of how financial intermediaries derive value from customers assets held on their balance sheet where intermediaries borrow or lend cash or securities associated with customer accounts (i.e. cash deposits, retail margin accounts, ETF’s & Mutual Funds etc.) in a collateralized transaction. This market has experienced pronounced revenue and volume growth over the last several decades, however, most retail customers receive no direct financial benefits whatsoever from these activities.

More importantly, however, consumers and investors have also unknowingly lost valuable rights associated with share ownership as a result of the tremendous growth of Mutual Funds and Exchange Traded Funds that began in the 1970’s. These new commingled fund structures by virtue of their design caused the transfer of shareholder influence away from individual consumers to financial intermediaries. As a result of these fund structures, individual shareholder voices have been muted and replaced by financial intermediaries who now act as societies social barometer when assuming the role of gatekeeper over proxy voting, corporate board governance and behavior. It is important to educate the individual and encourage every participant to exercise their rights as this is an extremely effective avenue for large scale, sweeping, corporate change.

Whether intended or not, the transformation of the financial industry over the last several decades has resulted in a pronounced shift away from the industry’s primary roles of facilitating the efficient allocation of capital and provision of accessible financial products and services across the world, to a more convoluted, cost-inefficient model involving countless activities unrelated to delivering financial or investment services to the public. This fact pattern cannot be overlooked as it is one of several potential drivers that has caused many consumers to grow disenchanted with the global financial industry, forcing consumers to begin searching for new alternatives.

When we begin to understand why consumers are feeling as they do, it should become easier for all of us to understand why and how the Crypto and Blockchain Industry has caught the imagination and support of many citizens across the globe. We at Ethos have been listening to this global community of citizens desiring a new way forward, and believe that cryptocurrency and distributed ledger technology offers the financial industry a significant opportunity to reimagine how to more efficiently allocate capital and provide essential financial products and services to all of society, rather than just those with means.

With much of the above as our backdrop, it was immediately apparent to us that a Hybrid Multi-Sided Investment Platform could only be viable if it was operated in a safe and sound manner and considered the needs and demands of all constituents on the platform, including consumers, financial intermediaries and other stakeholders. From a consumer perspective, all of our product and service designs begin and end with a few critical themes including consumer protection, privacy, transparency and security. This is essential for many reasons, especially when involving financial related digital products and services.

With regards to financial intermediaries, we also understood that there were many business, legal and regulatory risks we would have to tackle in order to ensure vibrant support and engagement by global financial service providers. To begin solving these complex issues we knew we would have to ensure several critical intermediaries within the standard financial stack could operate in a controlled and compliant manner, including Custodians, Clearers, Investment Advisors & Managers, Investment Companies, Broker Dealers, Exchanges and Central Counterparties (CCP’s). With this list in hand, we immediately began to detail how each of the models associated with a particular intermediary operates today and how it would need to operate on the Ethos Platform. It is important to recognize that traditional financial intermediaries will not be “put out of business” by distributed ledger technology as some may lead you to believe. These financial intermediaries will evolve, through the assistance of progressive crypto firms like Ethos, to better serve the needs of the financial industry as well as the individual investor.

In order for the industry to understand our vision and solutions, we have embarked on this multi-part series of informational articles that we believe will help our industry peers across Financial Services, DLT and Crypto better understand how they can operate and apply this transformative technology in a safe and regulatory compliant manner. Although we are introducing the concept of a hybrid self-custody model that bridges both digital and traditional assets, this series will primarily focus on financial industry applications of blockchain technology, including the concept of a self-custodied first model for cryptocurrencies. In our next article we will focus exclusively on Custody before moving on to Investment Advisory and Investment Company Services.

Thank you,

Stephen Corliss
Chief Global Strategist

Ethereum & Ethos: A Tale of Two Cryptocurrencies

Check out this new piece from Founder and CEO Shingo Lavine over on our Medium page about the strengths, similarities and differences between Ethereum and ETHOS.

Global Reach for a Global Mission: Custody & Clearing Services

Global Reach for a Global Mission: Custody & Clearing Services

Part III of our Strategy Series with Ethos Chief Global Strategist, Stephen Corliss

Today the Ethos Investment Committee is excited to announce that Ethos will be expanding the initial focus of our Global Strategic Partner Program to include market participants offering Custody & Clearing Services across Europe, Africa, South America, Asia & Australia – to provide essential crypto, traditional and fiat asset custody services to our global user community as part of Ethos’ mission to unlock the New Economy on a global scale.

As many of you are aware, Ethos is on track to deliver our first release, the Universal Wallet, in Q1 2018. We are very excited for this release as our wallet will create the foundation for a new financial ecosystem powered by the ETHOS token. The initial phase of this overall mission focuses on delivering a global multi-asset wealth management solution that seamlessly connects consumers with investment advisors, wealth managers, broker dealers, custodians, digital asset exchanges, merchants and developers — to make wealth management accessible to all.

In support of the existing efforts that are well underway with regards to our US Custody partner contract negotiations, the Ethos Investment Committee is expanding our global selection process for providers of Custody and Clearing Technology and/or Services internationally. Broadening our search internationally is an essential component of the overall program as it allows Ethos to locate valuable partners able to provide diverse asset servicing capabilities to serve the Ethos member community in those regions who need it most.

Partners through this program will also be expected to enhance, support or advance Ethos’ own transformative “Cognitive Advisor” offering, while providing our retail and business users with new dynamic and secure hybrid capabilities spanning cryptocurrencies, traditional and fiat assets covering global markets. Ethos will also be collaborating with key Custodian partners to help define and build both the legal and technology requirements for crypto asset custody to meet the demands of the Ethos Community.

We’re excited to continue to progress these efforts forward on all fronts as we move closer to delivering a transformative new financial ecosystem — powered by cutting edge tech, a functional token, and innovative partnerships.

Why is this important to the Ethos Platform?

As a financial ecosystem, Ethos must build an infrastructure that supports the critical aspects of a capital market system. Rather than build this structure with a top-down approach, we have chosen a bottom-up approach that begins at the foundation, with you, the retail consumer. From an investment perspective, the next layer in the stack after the portfolio construction and management layer is the safekeeping layer, which are processes performed by Qualified Custodians and/or Clearing Firms.

What is a Custodian or Clearing Firm?

A custodian bank, or simply custodian, is a specialized financial institution responsible for safeguarding a firm’s or individual’s financial assets and is not typically engaged in “traditional” commercial or consumer/retail banking such as mortgage or personal lending, branch banking, personal accounts, automated teller machines (ATMs) and so forth. The role of a custodian in such a case would be to:

  • Hold in safekeeping assets/securities such as stocks, bonds, commodities such as precious metals and currency (cash), domestic and foreign
  • Arrange settlement of any purchases and sales and deliveries in/out of such securities and currency
  • Collect information on and income from such assets (dividends in the case of stocks/equities and coupons (interest payments) in the case of bonds) and administer related tax withholding documents and foreign tax reclamation
  • Administer voluntary and involuntary corporate actions on securities held such as stock dividends, stock splits, business combinations (mergers), tender offers, bond calls, etc.
  • Provide information on the securities and their issuers such as annual general meetings and related proxies
  • Maintain currency/cash bank accounts, administer deposits and withdrawals and manage other cash transactions
  • Perform foreign exchange transactions
  • Often perform additional services for particular clients such as mutual funds; examples include fund accounting, administration, legal, compliance and tax support services

Stephen Corliss
Chief Global Strategist

blockchain finance financial ecosystem

Blockchain Finance: Creating a Frictionless Global Investment & Wealth Management Ecosystem

Part II of our Blockchain Finance Series with Ethos Chief Global Strategist, Stephen Corliss

In case it isn’t clear yet, Ethos is about much more than building a next generation Universal Wallet for cryptocurrencies. While our wallet technology is the centrepiece of our platform — combined with Fiat Gateway, it actually serves as the heart for something much greater. Today we’re excited to make several important announcements to help framework our unique approach, as part of our continuous effort to deliver on our mission to democratize wealth and make the cryptocurrency and traditional markets safe and accessible for all.

Ethos believes that the best way to achieve our mission is to deliver a unified and global multi-asset wealth solution, that seamlessly connects consumers with investment advisors, wealth managers, broker dealers, custodians, digital asset exchanges, merchants and developers via the Ethos Platform.

As part of this effort, Ethos felt it was essential to form an Investment Committee, whose primary objective would be to oversee the creation of a frictionless Global Investment and Wealth Management Ecosystem. The committee’s mandate is a multifaceted program focused on locating the best partners for the Ethos Platform, including all essential aspects of the investment process.

To this end, one of the first actions taken by the “Ethos Investment Committee” was to launch a Global Strategic Partner Program in our search for additional strategic partners offering Investment Manager and Advisory Services & Technology — to provide essential investment services to our global user community as part of Ethos’ mission to unlock the New Economy on a global scale.

Partners through this program will also be expected to enhance, support or advance Ethos’ own development of a transformative next-generation robo-advisor or “Cognitive Advisor” offering, which will also be offered through a dynamic partnership.

We’re excited to continue to progress these efforts forward on all fronts as we move closer to delivering a powerful new financial ecosystem.

What is the Ethos Investment Committee?

The Investment Committee (IC) is an essential element of Ethos’ overall vision, as it will provide ongoing governance over every aspect of the Ethos Platform to ensure we maximize benefits to the entire Ethos Community. The IC will initially focus its attention on securing strategic partnerships covering specialist financial service partners including, Investment Management & Investment Advisory, Custody and Clearing, Merchant Services, KYC, Liquidity, and AI & Investment Data Vendors. Although much of this work has been ongoing for months now, we felt it was important to add a proper governance structure over all of these efforts to ensure full optimization of all the products and services to be offered on the Ethos Platform.

Why is this important to the Ethos Platform?

As a financial ecosystem, Ethos must build an infrastructure that supports the critical aspects of a capital market system. Rather than build this structure with a top-down approach, we have chosen a bottom-up approach that begins at the foundation, with you, the retail consumer. From an investment perspective, the next layer in the stack involves the portfolio construction and management layer, which are processes performed by Investment Managers or Investment Advisors.

What is an Investment Manager?

An investment manager is a person or organization that makes investments in portfolios of securities on behalf of clients, in accordance with the investment objectives and parameters defined by these clients.

What is an Investment Advisor?

An investment advisor is defined by the Investment Advisers Act of 1940, as any person or group that makes investment recommendations or conducts securities analysis in return for a fee, whether through direct management of client assets or via written publications.

Stephen Corliss
Chief Global Strategist

Ethos Token Classification System

The Ethos Token Classification Framework

Today we are introducing "Ethos Token Classification Framework" - a proposal for how consumers and the industry can classify and organize tokens.  We also believe this Token Classification Framework (TCF) will play an integral role in providing essential information to Ethos users when assessing the types of coins and tokens to be added to their decentralized Ethos Universal Wallets. The TCF will also be an essential component of the overall risk framework Ethos will use during the on-boarding process for all coins/tokens in determining which assets can be included in our Basket and Liquidity related services.

We developed the TCF in conjunction with the Ethos Product Council.  It is still a work in progress, but we wanted to open the idea up to public feedback.

The TCF organizes tokens into Classes and Categories based on specific criteria.  Here's what the system looks like:

Although we would like to make all coins/tokens available to customers when using our Basket and Liquidity products and services, each coin or token must first clear a thorough risk assessment before it can be included in certain products or services on the Ethos Platform. This risk assessment is essential to ensure neither Ethos, or our customers, are exposed to unnecessary risks stemming from fraud, ponzi-schemes or legal and regulatory issues associated with the issuance and operation of non-compliant coins or tokens, whether knowingly or unknowingly by other firms in our industry.

This framework is essential for any Platform offering products and services involving coins and tokens as it is one of the essential tools every firm must deploy to appropriately mitigate risks to our business and those customers utilizing our platforms.  This video discussing TCF provides a high level overview of this framework and captures some of our thoughts as to how the framework will operate:

Note that this Classification system is still in draft format, and subject to revision.

Looking forward to hearing thoughts from the community.