[cryptography] Is BitCoin a triple entry system?
iang at iang.org
Mon Jun 13 09:03:59 EDT 2011
On 13/06/11 12:56 PM, James A. Donald wrote:
> On 2011-06-12 8:57 AM, Ian G wrote:
>> I wrote a paper about John Levine's observation of low knowledge, way
>> back in 2000, called "Financial Cryptography in 7 Layers." The sort of
>> unstated thesis of this paper was that in order to understand this area
>> you had to become very multi-discipline, you had to understand up to 7
>> general areas. And that made it very hard, because most of the digital
>> cash startups lacked some of the disciplines.
> One of the layers you mention is accounting.
Yes, so back to crypto, or at least financial cryptography.
The accounting layer in a money system implemented in financial
cryptography is responsible for reliably  holding and reporting the
numbers for every transaction and producing an overall balance sheet of
It is in this that BitCoin may have its greatest impact -- it may have
shown the first successful widescale test of triple entry .
Triple entry is a simple idea, albeit revolutionary to accounting. A
triple entry transaction is a 3 party one, in which Alice pays Bob and
Ivan intermediates. Each holds the transaction, making for triple copies.
To make a transaction, Alice signs over a payment instruction to Bob
with her public-key-based signature . Ivan the issuer then packages
the payment request into a receipt, and that receipt becomes the
This transaction is digitally signed by multiple parties, including at
least one independent party . It then becomes a powerful evidence of
the transaction .
The final receipt *is the entry*. Then, the *collection of signed
receipts* becomes the accounts, in accounting terms. Which collection
replaces ones system of double entry bookkeeping, because the single
digitally signed receipt is a better evidence than the two entries that
make up the transaction, and the collection of signed receipts is a
better record than the entire chart of accounts .
A slight diversion to classical bookkeeping, as replacing double entry
bookkeeping is a revolutionary idea. Double entry has been the bedrock
of corporate accounting for around 700 years, since documentation by a
Venetian Friar named Luca Pacioli. The reason is important, very
important, and may resonate with cryptographers, so let's digress to there.
Double entry achieves the remarkable trick of separating out mishaps
from frauds. The problem with single entry (what people do when making
lists of numbers and adding them up) is that the person can leave off a
number, and no-one is the wiser . We can't show the person as either
a bad bookkeeper or as a fraudulent bookkeeper. This achilles heel of
primitive accounting meant that the bookkeeping limited the business to
the size with which it could maintain honest bookkeepers.
Where, honest bookkeepers equals family members. All others, typically,
stole the boss's money. (Family members did too, but at least for the
good of the family.) So until the 1300s and 1400s, most all businesses
were either crown-owned, in which case the monarch lopped off the head
of any doubtful bookkeeper, *or* were family businesses.
The widespread adoption of double-entry through the Italian trading
ports led to the growth of business beyond the limits of family. Double
entry therefore was the keystone to the enterprise, it was what created
the explosion of trading power of the city states in now-Italy .
Back to triple entry. The digitally signed receipt dominates the two
entries of double entry because it is exportable, independently
verifiable, and far easier for computers to work with. Double entry
requires a single site to verify presence and preserve resiliance, the
signed receipt does not.
There is only one area where a signed receipt falls short of complete
evidence and that is when a digital piece of evidence can be lost. For
this reason, all three of Alice, Bob and Ivan keep hold of a copy. All
three combined have the incentive to preserve it; the three will police
Back to BitCoin. BitCoin achieves the issuer part by creating a
distributed and published database over clients that conspire to record
the transactions reliably. The idea of publishing the repository to
make it honest was initially explored in Todd Boyle's netledger design.
We each independently converged on the concept of triple entry. I
believe that is because it is the optimal way to make digital value work
on the net; even when Nakomoto set such hard requirements as no
centralised issuer, he still seems to have ended up at the same point:
Alice, Bob and something I'll call Ivan-Borg holding single, replicated
copies of the cryptographically sealed transaction.
With that foundation, we can trade.
> Recall that in 2005
> November, it became widely known that toxic assets were toxic.
In 2005, the SEC looked at my triple entry implementation, and....
> From late in 2005 to late in 2007, it was widely known that major
> financial institutions were walking dead, and yet strangely they
> continued to walk, though this took increasingly creative changes of the
...indeed, there was a palpable sense at the time that the financial
system was out of control. They were looking at this thing with worried
It's an open question as to whether triple entry in any of its variants
(Todd Boyle's, mine or Satoshi's designs) would have changed things for
the financial crisis of 2007 +/-. I think the answer is; it was way
too late to effect it. But, it wouldn't have hurt, and with other
things added in , the sum would have changed things, assuming
But (a) the list of needed innovations is not trivial, and all are
opposed by the financial institutions for the obvious reason.
Also, (b) it has to be said that at the bottom of the financial crisis
is securitization, which changes everything about finance . And I
do mean everything :) Without understanding the role that
securitization plays, talking about triple entry or toxic assets or
ratings agencies or bad behaviour or poor people or whatever is pretty
much doomed to irrelevance.
Which is how they like it!
> Today in 2011, there is still no audit that acknowledges that toxic
> assets were and are toxic.
This one winds all the way to  ...
> While doubtless a good monetary system should embrace all these aspects
> of knowledge, our existing monetary system does not.
 reliably here means to play its part in the overall security model
against attacks of fraud, etc.
 this rant is essentially a highly compressed version of:
 there is an intermediate step here where Bob can also sign the
payment into a deposit instruction, thus confirming acceptance. But
this can be optimised out.
 think here of European Notaries, responsible to both parties to
 crypto people would recall the term "non-repudiable" although that
is out of favour; "non-repudiation is repudiated :). BitCoin paper uses
the term "non-reversible." Finance prefers terms like "final
settlement. Legal people look for "evidence." I choose the legal term
here because in a dispute their opinion matters more.
 this is not really apparent on paper, only in code and
implementation (aka issues).
 all of this logic is applicable & analogous & consistent when the
bookkeepers are computers...
 accounting history does not accept this point as proven. Having
seen the difference of both double entry and triple entry in accounting
systems, I'd say its clear. But historians don't have the benefit of
seeing accounting systems stuff up in glorious fashion, they only have
the dry old parchments to work from.
 another of the things essential on the list is final settlement /
irreversibility / non-repudiation, as pioneered in many digital cash
schemes. c.f., Mutual Funds Scandal.
 Everything important about the financial crisis in 4 short essays,
More information about the cryptography