Why Security Token Need a Different Type of Consensus?

Last week I published a two-part essay(part I, part II) that outlined a series of non-conventional thoughts about security tokens that can help present a different perspective about the space. One of the topics highlighted in the second part was the idea that security token platforms might require a new type of consensus mechanism. The idea sparked an intellectually and technically deep debate with a few people in the blockchain community that I thought could be the basics for today’s post.

The thought of a new consensus model for security tokens might seem ludicrous at a time in which the industry is struggling to get through basic tokenization scenarios. Furthermore, blockchain runtimes supporting security tokens already support more consensus protocols that we need at this point:

With all this technological support there must be a consensus model that is well equipped to support the dynamics security tokens. And yet there is none. While models like proof-of-authority include some relevant mechanisms for security token transactions, crypto-securities introduce a second layer of transaction validation mechanics that is not the focus of the current wave of tier-1 consensus protocols.

What Matters in Security Token Consensus?

Tier-1 consensus protocols such as proof-of-work(PoW) or proof-of-stake(PoS) are concerned with asserting the validity of a transaction in a blockchain network and avoid challenges like double spending. That level of transaction validation is required but not sufficient to ensure the correctness of a security token exchange. Fundamentally, there are three key facts that need to be validated during the security token transaction:

· Identity: Are you who you say you are?

· Asset-Ownerships: Do you own what you claim you own?

· Compliance: Is the transaction valid in the current regulatory context?

In a typical security token architecture, the underlying blockchain tier will resolve the consensus for the financial validation of the transaction while the security token layer should arrive to consensus in terms of identity, asset-ownership and compliance.

Identity as the Great Simplifier

One of the important differences of security token transactions compared to mainstream blockchain interactions is that in the former the identities of the participants are well-know. Having an identity layer simplifies and, in some cases, removes the need for computationally expensive consensus mechanisms at the security token level. If security token platforms were running on platforms other than Ethereum, they will be able to perfectly adapt to a world without PoW or PoS.

No-Consensus: Centralized Validation in Security Token Transfers

Today, security token platforms are fundamentally focused on enforcing identity in the form of know-your-customer(KYC) or anti-money-laundering(AML) validations in security token transactions. Most of the current architectures enforce KYC/AML in a centralized model in which the security token issues a validation call to a specific endpoint in order to assert some information about the token holder.

The proponents of this centralized validation model for security tokens argue that its simpler enough for the first generation of token issuances. It’s hard to argue otherwise at the time in which security tokens are basic digital wrappers on some form of share. However, I get concerned when I see companies trying to build standards out of this centralized approach.

The centralized validation model to security token transfers introduces many security vulnerabilities and requires trust mechanisms that neglect many of the benefits of blockchains.

A Consensus Model for Security Token Transfers

In the future, security token platforms should evolve from the centralized-validator model to a decentralized consensus mechanism for validating security token transactions. Let’s imagine a security token network with a series of validator nodes that enforce different types of compliance checkpoints: KYC/AML, asset-ownership verification, risk assessment, capital requirements. The validators will look at a security token transaction and publish computational assertions that can be used to ultimately validate the transaction.

Decentralized consensus models for security token transactions will allow third parties to build validator nodes that can run as part of a security token network. Ultimately, this seems like a more natural way to evolve an ecosystem rather than relying on centralized platforms to build every single validation checkpoint. Building a consensus model for security token transfers doesn’t require ground-breaking research either. Protocols such as proof-of-authority provides many principles that can be adapted to the security token world.

Proof of Authority with a Twist

Proof-Of-Authority(PoA) is a type of consensus mechanism that relies on identity as a first class citizens. In PoA networks, consensus is achieved by referring to a list of validators (referred to as authorities when they are linked to physical entities). Validators are a group of accounts/nodes that are allowed to participate in the consensus; they validate the transactions and blocks.

PoA doesn’t require solving computationally expensive puzzles to commit a transaction. Instead, a transaction simply has to be signed off by the majority of validators, in which case it becomes a part of the permanent record.

In the context of security tokens, we can imagine a PoA network of validators that “validate” different aspects of a transaction such as KYC/AML, capital or jurisdictional requirements. I believe the basic forms of PoA might not be sufficient to enable some of the more complex security token scenarios that resemble securitized products in today’s markets. The right answer might be combining PoA with voting/staking mechanisms such as quadratic voting to avoid game theoretic attacks. Let’s save those headaches for a future post 😉

The Risks of Ignoring Consensus in Security Tokens

When comes to security tokens, I feel consensus mechanism is like the elephant in the room. While we continue building security token solutions on top of existing blockchains, its imperative to introduce new consensus models for the validations that are specific to security tokens. The centralized approach of ignoring consensus is a good way to get the industry started but I don’t believe is sustainable.

Let me leave you with a blunt statement: if we continue building a universe of centralized validators for security token transfers, over time we are taking the risk of recreating the same messy and full-of-middle-man architecture of financial systems that we are trying to reimagine today.