Expert Column PUF Application

“To be or not to be?” & “To be what?” those are two big questions for Libra!

Abstract:

Facebook has revealed plans to launch its new cryptocurrency Libra in 2020. This breaking news has raised the attention of financial regulators all over the world. As the number of cyberattack incidents targeting different cryptocurrencies surged over the years, Facebook is facing suspicions from specialists and companies and it is not yet clear if Libra can be successfully launched in 2020. Nonetheless, by diving deep into words of David Marcus, the head of Calibra and by studying the differences of Libra with WeChat Pay and other cryptocurrencies, we just might be able to tell. Although it is a little bit too early to conclude whether we should be negative or positive towards Libra, the one thing both the US Government and Facebook are sure is that cryptocurrency is the future.

Introduction

Since its debut on June 18, the fate of Facebook’s Libra has been going up and down like riding a roller coaster. The pro-Libra camp hailed that “Libra will empower fans in underserved markets by enabling financial inclusion”, and “From in God we trust (US$) to in FB we trust (Libra)”. While the con-Libra camp criticized and accused “Libra in particular and cryptocurrencies more broadly could offer the opportunity or have been exploited to support billions of dollars of illicit activity like cyber crime, tax evasion, extortion, ransomware, illicit drugs and human trafficking.” by U.S. Secretary of Finance Mnuchin, and “Facebook Libra’s ‘virtual currency’ will have little standing or dependability. If Facebook and other companies want to become a bank, they must seek a new banking charter and become subject to all banking regulations, just like other banks.” by U.S. President Trump.

As stated in the Libra White Paper, the goal for Libra is as follows: A stable currency built on a secure and stable open-source blockchain, backed by a reserve of real assets, and governed by an independent association. Superficially speaking, the goal sounds very noble with very good intents, however, if we examine it more closely and thoroughly, we will find it very controversial and pretty difficult to achieve its goal, since it is not only at odds with the world’s financial orders and monetary systems, but also invasive to the sovereignty of the hosting country’s legal tender (or fiat money) system.       

Although G7 finance ministers have warned that “crypto currencies such as Libra risk upsetting the world’s financial system if they are not regulated tightly” and Facebook’s Marcus has also promised “Facebook will not offer the Libra digital currency until we have fully addressed regulatory concerns and received appropriate approvals”, there are still a lot of uncertainties surrounding Libra’s future. The key questions focus on the security, privacy and trust related concerns of Libra as well as whether and how Libra could provide sufficient assurance that it fully meet all banking regulations such as required in FinCEN (Financial Crime Enforcement Network) and BSA (Bank Secret Act) including issues like KYC (Know Your Customer), AML (Anti Money Laundering), CFT (Combating the Financing of Terrorism), …,etc. Therefore, it is worthwhile to discuss the following interesting topics regarding Libra including:

  1. What is Libra & Calibra?
  2. Is Libra a crypto currency?
  3. If Libra could be launched, can Libra become a major crypto currency?
  4. If Libra is approved as a payment instrument, could it become a primary one?
  5. What are the major security, privacy and trust related obstacles need to be overcome before Libra can obtain appropriate approvals?
  6. The future prospects of Libra in particular and crypto currency in general.    

After the Introduction section, this articles will start with a review of security incidents and criminal activities happened in crypto-currency industries. Next, a synopsis of Libra & Calibra will be presented. Third, a comparison between Libra and other major crypto-currencies like Bitcoin, as well as between Libra and other key leading payment instruments like WeChat Payment and AliPay will be addressed. Fourth, the security, privacy and trust related issues of Libra and possible remedy solutions will be proposed. Finally, a conclusion will be drawn on the possibility of Libra to become either a major crypto-currency or a primary payment instrument as well as the prospects of crypto-currency.

What went wrong in Cryptocurrency Industry?

There are numerous cyberattacks, data breaches, vulnerabilities, and cases of fraud to strike the cryptocurrency space over the previous years and the most high-profile ones happened in 2018 as reported in [1]. Also, the Crimes News in [2] reported that the most common cryptocurrency crimes until the end of 2017 have been as follows:

  1. Initial Coin Offerings (ICO) related crimes, which were conducted by frauds and by stealing money from electronic wallets and storages through hacking or fraudulently-obtained information
  2. A lot of users’ money was stolen when using unverified exchanges and making transactions through suspicious services
  3. People lost money by joining financial cryptocurrency pyramids. Per Kaspersky Lab estimate in [3] the crypto-crime losses from 2018 totaling $1.7 billion, up 400% from 2017.

That is why Kaspersky Lab and other well-known security firms advocated that “Why ICO security is a must” and [3] also pointed out the four major areas of risk for crypto token sales are: smart-contract vulnerabilities, staff wrongdoings, phishing attacks on investors, and operations security.

To the cryptocurrency believers, it is a system for electronic transactions without relying on “trust” but via code backed by blockchain. However, from both a software engineering and an information security perspective, this belief is not only a bit naive but also a bit shaky and risky as well.

Blockchain systems including nodes and wallets comprising of the data structures and protocols are just software. In a nutshell, Blockchain technology provides a distributed ledger, which is made up of blocks of data that are chained together with cryptography that makes it almost impossible to make changes once something is recorded. The key concepts of a blockchain include:

  1. No central authority as opposed to centrally managed databases
  2. Distributed ledger which is a shared record of transactions recording what happened and in what order
  3. The distributed consensus algorithm (i.e., mining), which is a way to ensure all the copies of the ledger are the same without trusting any particular node in the consensus network
  4. The use of “currency” or “digital token” that has value and is publicly traded and transactions involving these tokens are stored on the ledger
  5. Cryptographically using “hashes” to ensure secure, authenticated & verifiable transactions
  6. Trust is provided through immutable, time-stamped records.

As commented by Bruce Schneider in [4], “What blockchain does is shifting some of the trust in people and institutions to trust in technology” and “one needs to trust the cryptography, the protocols, the software, the computers and the network that make up the blockchain system absolutely because they’re often single points of failure”. Superficially, blockchain based cryptocurrency can save the cost of certain trusted intermediaries (e.g., bank processing fees). Actually, blockchain type of trust is even more costly despite of the fact that the cost is just hidden. Take Bitcoin as an example, the electricity and computing cost associated with the additional bitcoin mined, the transaction fees, and the enormous environmental waste is extremely expensive. Also, when trust turns out to be misplaced or trust mechanisms are compromised, there is no recourse in cryptocurrency systems. As discussed at the beginning of this section, there are many ways cryptocurrency crimes could occur including bitcoin exchange or bitcoin wallet gets hacked, the coin-owners forget their login credentials, bugs in smart contract code, etc. In all of those cases, one may lose all of his/her crypto money!

Per CoinDesk trade data, the current market price of Bitcoin is around US$9,000 which shrinks about 1/3 of its peak value at US$13,000 this year, and the Bitcoin trade volumes dropped to only half of the previous averages are largely due to the recent negative publicity again Libra. There is a cryptocurrency paradox reported in [5] as follows: “Crypto investors buy and hold crypto because they want their crypto to appreciate in value, but unless they use their crypto the value will not go up” & “Unless the crypto is used, the value of the crypto will keep falling, and investors will start unloading their investment to avoid further losses.” Because of this paradox, [5] concluded “no cryptocurrency is likely to be successful until investors can be persuaded to actively use their crypto, and not simply hold on to it and speculate that it goes up in value.” Two primary barriers to increasing cryptocurrency usage are:crypto’s high volatility, and the possibility or likelihood of widespread price manipulation. There is also a fundamental problem that “there is no means available (such as taxes) to incentivize investors to quit holding for speculation and actually use large amounts of crypto for mercantile activities.” as discussed in [5].

Facebook’s Libra is fully aware of the barriers and problems of cryptocurrency and came up a clever design to solve both “acceptance” (how many merchants will take the crypto in exchange for goods or services) and “usage” (how many owners are spending their crypto in exchange for goods or services) issues of cryptocurrency raised in [5]. 

In summary, there is a general belief that investors bought into Bitcoin and other cryptocurrencies because they want to get rich and quick by speculating on their values rapidly appreciating. However, due to the cryptocurrency paradox and the  inevitable “death cycle” lead by it, many leading economists such as Nouriel Roubini and others have predicted that Bitcoin and other cryptocurrencies are failing badly and will sooner or later return to a value near zero which will hurt the speculative investors very badly! Thus, it is logical to conclude that “cryptocurrencies are useless” [4] as both an idea and an investment. However, in the dark world and speculative investment market, cryptocurrencies are still widely used by:

  1. Speculators looking for quick riches
  2. People who don’t like government-backed currencies
  3. Criminals who want a black-market way to exchange money
  4. Citizens mining various preexisting cryptocurrencies as part of an effort to mitigate the effects of a hyper-inflating national currency
  5. Countries use cryptocurrencies as means to fight sanctions imposed on them, etc. [4,10].

A Synopsis of Libra & Calibra

Facebook unveiled an ambitious plan in June 18 to create a new global digital currency called “Libra” and a financial infrastructure to transform the way money moves around the world including buy things or send money to people with nearly zero fees, and it will work not just on its own apps. Per Libra white paper, “Libra is a simple global currency and financial infrastructure that empowers billions of people.” In summary, there are five essential components in Libra:

  1. Built on a secure, scalable, and reliable blockchain.
  2. It is a stablecoin which is backed by a reserve of assets.
  3. It is governed by the independent Libra Association.
  4. Uses the Libra BFT consensus mechanism.
  5. Smart contract coding is done through “Move” programming language.

The basic of Libra including “cash in a local currency, get Libra, spend them like dollars without big transaction fees or your real name attached, cash them out whenever you want” is summarized in [6] and detailed in [7,8]. After its proposed public launch in the first half of 2020, one could pseudonymously buy or cash out one’s Libra online or at local exchange points like grocery stores, and spend it using interoperable third-party wallet apps or Facebook’s own Calibra wallet that will be built into WhatsApp, Messenger and its own app.

A synopsis of Libra & Calibra is as follows [6,7,8,9]:

Initially, Libra will use a “permissioned” blockchain where only entities that fulfill certain requirements are admitted to a special inner group that defines consensus and controls governance of the blockchain. Every Libra payment will be permanently written into a public online ledger called Libra Blockchain designed to handle 1,000 transactions per second. The speed of this blockchain is much faster than Bitcoin’s 7 transactions per second or Ethereum’s 15 per second. Furthermore, the Libra blockchain is operated and constantly verified by a total of 100 targeted founding members of the Libra Association, which each invested $10 million or more for a seat in the cryptocurrency’s governance and the ability to operate a validator node.      

When a transaction is submitted, each of the validator nodes runs a calculation based on the existing ledger of all transactions. Thanks to a Byzantine Fault Tolerance system using a Practical Byzantine Fault Tolerance (PBFT) algorithm, just two-thirds of the nodes must come to consensus that the transaction is legitimate for it to be executed and written to the blockchain. A structure of Merkle Trees in the code makes it simple to recognize changes made to the Libra Blockchain. With 5KB transactions, 1,000 verifications per second on commodity CPUs and up to 4 billion accounts, the Libra Blockchain should be able to operate at 1,000 transactions per second if nodes use at least 40Mbps connections and 16TB SSD hard drives.

Facebook claimed that “Libra has all the merits of Bitcoin but none of the shortcomings of Bitcoin”. The arguments are based on the following facts:

  1. Libra is a partially decentralized “permissioned” blockchain compared to the fully decentralized public blockchain of Bitcoin
  2. Libra has only 100 validator nodes, while Bitcoin has more than 10 thousand minor nodes worldwide
  3. Libra employs a highly efficient PBFT algorithm to reach a consensus among 100 validator nodes on whether a transaction is legitimate and written to a 100 nodes Libra blockchain, while Bitcoin uses a very inefficient and costly mining algorithm to reach a consensus among 10K+ nodes to decide whether a transaction is legitimate to be executed and duplicated 10K+ copies in each of the 10K+ nodes if it is validated
  4. The transaction processing speed is 1000 per section for Libra but 7 for Bitcoin. Thus, Libra is more likely to replace traditional “fiat” currency system and becomes a global digital currency than Bitcoin.    

The details of Libra other important features including the underlying technology, the association that governs it, and the wallets one will use, the way payments work etc. could be found by referencing [6,7,8,9].

Comparisons between Libra and its major Competitors

The comparison between Libra and its major competitors includes both “A Comparison between Libra and Bitcoin” and “A Comparison between Libra and China mobile-based Digital Payments” in section 4.1 and 4.2 respectively.

A Comparison between Libra and Bitcoin

Although both Bitcoin and Libra are crypto assets that can be transacted as digital currencies, they are different in many ways, from the goals, structure, technology behind them to the way they’re used [11,12,13].

Many experts question whether Libra can even be called a “cryptocurrency” because of its use of a permissioned ledger and its reliance on a trusted issuer to hold and manage a fund of assets that back the currency [12].

The differences between Libra and Bitcoin are summarized in the following key areas:

  1. Goals: Bitcoin is a virtual currency used as a peer-to-peer payment system, allowing people to exchange money without going through a bank while Libra is primarily to be used in cross-border payments and money transfers. The Libra is tied to a basket of government-backed currencies and other assets, to avoid the volatile swings often seen in cryptocurrencies like Bitcoin and Ether.
  2. Structure: Libra is governed by the independent Libra Association a not-for-profit organization, which oversees the development of the token, the reserve of real-world assets that gives it value and the governance rules of the blockchain. In contrast, Bitcoin is a totally decentralized architecture employing a distributed public ledger in which transaction verifications are handled by 10K+ miner nodes in using an decentralized architecture of verification.   
  3. Technology: With Bitcoin, transactions are recorded anonymously on a blockchain based distributed public ledger. It’s essentially a database maintained by a network of 10K+ node computers, on which transactions are secured in such a way that makes it virtually impossible to tamper with. While Libra also uses a relatively centralized blockchain governed by the Libra Association to keep transactions fast and scalable. But unlike Bitcoin, Libra’s blockchain is permissioned which requiring transactions can only be added to it by a group of 100 trusted parties. Furthermore, Libra employs a highly efficient PBFT algorithm as a consensus scheme, while Bitcoin still uses the original Satoshi Nakamoto inefficient and costly mining algorithm to reach a consensus for deciding whether a transaction is legitimate.
  4. Use Cases: Libra is a stablecoin backed by a reserve of assets which is primarily used in cross-border payments and money transfers. While Bitcoin is permissionless, fully decentralized, deflationary and volatile cryptocurrency speculative investors to get rich quickly by speculating on their values rapidly appreciating. Libra is governed by “supply and demand”. That means Libra Association can adjust the supply to match a quantity of other assets held in reserve, effectively maintaining a stable price even when demand changes. However, Bitcoin has a fixed supply. It is well-known that the total number of Bitcoins that will ever be minted is “hard-capped” at 21 million. Thus, Bitcoin supply is fixed and cannot react to the market’s demand, while Libras are created or burned when one of Libra’s authorized resellers deposit or withdraw money from its reserve.

In conclusion, there is a general consensus among the worldwide finance community that cryptocurrencies like Bitcoin could not be viewed as securities. Currently cryptocurrencies including Bitcoin are primarily used as speculative investment assets rather than daily currency for payments. However, many experts don’t consider Libra as a cryptocurrency at all. Instead, Libra is viewed and treated more like a bank note or security since its value depends on what fiat currency it’s backed by and can only be used in peer-to-peer transactions if approved by the backers. Although as late as end of July 2019, it is not optimistic whether Facebook and its partners could manage to overcome the regulatory hurdles that have accompanied Libra. However, if they would, then Libra will undoubtedly have an enormous impact on the global economy. In a worst case scenario, if they wouldn’t, but Libra is still allowed to launch in a revised format in 2020, then Libra will still take a great step forward for digital currency as long as Libra could start to convince people there are “other ways” of storing value than using fiat currencies like the U.S. dollar.

A Comparison between Libra and China Mobile-based Digital Payments

Initially, Facebook claimed Libra both as a cryptocurrency as well as a payment mechanism that mimics what WeChat does in China. However, Libra has been disputed that it is not a cryptocurrency at all, since it’s a centralized system maintained by “nodes” that are administered by a centralized Libra Association, and one has to register using one’s real name. Libra has not met the qualifications of a cryptocurrency! Thus, recently Facebook has emphasized that Libra will never compete with legal fiat currency and it is neither a security nor an ETF [14]. Libra appears more like a commodity and Facebook expects it to emerge as a cross border payment instrument.

From the experts who are familiar with digital currency in China, they firmly believe even if Libra overcomes all the hurdles and receives the approvals to be launched in 2020, it won’t be able to compete with AliPay or WeChat Payment in Chinese payment domain in the near future due to the following observations:

  1. China has already led the rest of the world in mobile payment field. The top two Chinese payment giants AliPay and WeChat Payment have won the recognition of many world-wide merchants especially in EU countries like Germany.
  2. Even in Asia, Japan and Korea have imported and accepted AliPay and WeChat Payment for a long time. Libra will have a hard time to catch them up in short period of time.

In conclusion: Libra and Calibra are not WeChat, and they may never be! [15]

Security and Privacy Issues of Libra and Possible Remedy Solutions

The Trust, Security and Privacy concerns of Libra & Calibra can be summarized by the following seven specific questions asked by U.S. Senate Banking Committee and the answers given by the head of Calibra, David Marcus before the U.S. Senate on July 16, 2019 recaptured as follows [16,17]:

First, the seven questions:

  1. How would this new cryptocurrency-based payment system work, and what outreach has there been to financial regulators to ensure it meets all legal and regulatory requirements?
  2. What privacy and consumer protections would users have under the new payment system?
  3. What consumer financial information does Facebook have that it has received from a financial company?
  4. To the extent Facebook has received consumer financial information from a financial company, what does Facebook do with such information and how does Facebook safeguard the information?
  5. Does Facebook share or sell any consumer information with unaffiliated third parties?
  6. Does Facebook have any information bearing on an individual’s (or group of individuals’) credit worthiness, credit standing, credit capacity, character, general reputation,    personal characteristics, or mode of living that is used (either by Facebook or an unaffiliated third party) to establish eligibility for,  or marketing of a product or service related to 1) credit, 2) insurance, 3) employment, or 4) housing?
  7. How does Facebook ensure that information bearing on an individual’s       (or group of individuals’)     creditworthiness, credit standing, credit       capacity, character, general reputation, and/or        personal characteristics is not used in violation of the Fair Credit Reporting Act?

Next, the collective answers given by Marcus [17]:

  1. The U.S. should “absolutely” lead the world in rulemaking for cryptocurrencies.
  2. The Libra Association chose to be headquartered in Switzerland “not to evade any responsibilities of oversight” but since it’s where international financial groups like the Bank for International Settlements, though Calibra will be regulated by the U.S. Department of the Treasury’s Financial Crimes Enforcement Network.
  3. “Yes,” Libra will comply with all U.S. regulations and not launch until the U.S. lawmakers’ concerns have been answered.
  4. “You will not have to trust Facebook” because it’s only one of 28 current and potentially 100 or more Libra Association members and it won’t have special privileges
  5. “Yes I would” accept compensation from Facebook in the form of Libra as a show of trust in the currency.
  6. It is “not the intention at all” for Calibra to sell or directly monetize user data directly, though if it offered additional financial services in partnership with other financial organizations it would ask consent to use their data specifically for those purposes.
  7. Facebook’s core revenue model around Libra is that more online commerce will lead businesses to spend more on Facebook ads.
  8. When repeatedly asked why Facebook is pushing Libra to happen, Marcus noted that blockchain technology is inevitable and if the U.S. doesn’t lead in building and regulating it, the tech will come from places “out of reach of our national security apparatus,” raising the spectre of China.

It appears Marcus didn’t clearly answer some critical questions about Libra and Calibra at both the Senate Banking Committee and the next-day hearing at the House Financial Services Committee. A set of unanswered questions are described in [17] and the possible remedy solutions are suggested as follows as a minimum:

Facebook should conduct a massive overhaul of its consumer privacy practices and re-establish its trust and reputation as a responsible and law-abiding social media giant where consumers could keep their personal information truly private.

  1. Facebook should provide sufficient assurance that data collected about transactions made with Calibra which are made on Facebook won’t be “cross-referenced” or “correlated” with the data currently collected by Facebook if that transaction happens over their social networks.  
  2. The Libra Association should be able to guarantee that it would be able to freeze the digital assets if terrorist organizations or other cyber criminals were identified.
  3. The Libra Association should take a pro-active role in actively vetting its developers so that the risks of having crooked developers stealing users’ money and/or users’ data could be prevented.
  4. The Libra Association should provide highly secure Libra wallets (e.g., American Calibra wallets) and education programs to protect users from scamming attacks and educate users on how to avoid scams.

Conclusion

Libra has been perceived as Facebook’s entrance into the largely unregulated cryptocurrency market. Per Facebook white paper, the idea behind Libra is as simple as to make sending money to a friend or paying for something as easy as sending a Facebook Message. However, in doing so Libra will have severe implications both for consumers and global financial systems, since 1). Allowing a Big Tech company like Facebook which doesn’t have a good privacy protection record to take over the payment system and/or also trust Facebook to lead the way on a major new fintech regulation that could fundamentally change global financial systems would be a huge mistake; 2). If Libra were to become such a widely used medium of exchange, then it could compromise both the Fed’s and International monetary authorities’ abilities to enact monetary policy.

The fact that U.S. and international regulators and lawmakers don’t trust Facebook and the FTC’s recent record-breaking $5 billion fine against Facebook for breaking their privacy promises makes whether Libra will be made available in a timely manner in 2020, or at all a very pessimistic prospect. However, even if Libra fails to launch at all does not mean the end of life for cryptocurrency because it seems there is only one thing the US Government and Facebook agree on: “cryptocurrency is the future.” Furthermore, there is also a strong consensus that “The U.S. should “absolutely” lead the world in rule-making for cryptocurrencies” and “There are tremendous potential benefits in blockchain technologies and cryptocurrencies” among the U.S. digital currency stake holders. Therefore, there are some hopes that U.S. will assume leadership on developing a framework for managing cryptocurrencies and future fintech innovations. Also, giving Facebook’s firm belief in the digital currency’s potential benefits and Facebook’s willingness to work with regulators on its implementation, some experts like Kris Marszalek, CEO at Crypto.com believes firmly that “Facebook will find a way to capture this tremendous opportunity in a compliant manner: if not via Libra, then via investments and M&A.” Whether his prediction will come true, only time can tell!

Reference

  1. https://www.zdnet.com/article/2018s-most-high-profile-cryptocurrency-catastrophes-ico-failures-and-cyberattacks/
  2. https://cointelegraph.com/tags/crimes
  3. https://www.kaspersky.com/blog/ico-security/26811/
  4. https://www.schneier.com/blog/archives/2019/02/blockchain_and_.html
  5. https://fortune.com/2019/04/24/bitcoin-cryptocurrency-crime/
  6. https://techcrunch.com/2019/06/18/facebook-libra/?renderMode=ie11
  7. https://blockgeeks.com/guides/understanding-facebooks-cryptocurrency-libra/
  8. https://blockgeeks.com/guides/what-is-facebook-libra-cryptocurrency-the-most-comprehensive-guide-part-2/
  9. https://www.cnbc.com/2019/06/17/facebook-announces-libra-digital-currency-calibra-digital-wallet.html
  10. https://cointelegraph.com/news/us-sanctions-on-iran-crypto-mining-inevitable-or-impossible
  11. https://www.pcmag.com/news/369418/crypto-comparison-why-bitcoin-and-libra-are-vastly-differen
  12. https://www.cnbc.com/2019/07/19/bitcoin-vs-libra-how-facebooks-cryptocurrency-is-different.html
  13. https://www.digitaltrends.com/computing/facebook-libra-vs-bitcoin/
  14. https://seekingalpha.com/article/4271247-facebooks-libra-vs-bitcoin-5-key-differences?ifp=0
  15. https://www.pymnts.com/cryptocurrency/2019/if-facebook-wants-to-be-wechat-why-did-it-launch-libra/
  16. https://www.banking.senate.gov/download/facebook-letter-to-crapo-brown
  17. https://techcrunch.com/2019/07/16/libra-in-messenger-whatsapp/?renderMode=ie11
  18. https://www.consumer.ftc.gov/blog/2019/07/what-ftc-facebook-settlement-means-consumers

Leave a Reply

%d bloggers like this: