 Good evening from Spain and thanks for letting me be in here in this presentation I will talk about some requirements that public permission blockchain networks and I will explain what it is imposed to the underlying infrastructure most notably related to scalability and resiliency. So as we all know 12 years ago in the middle of the financial crisis and as a reaction to the centralized systems Bitcoin appears a peer-to-peer version of electronic cash providing the ability to transact among anonymous parties without requiring a central authority. As stated in the Bitcoin paper the objective was to implement non-reversible payments for non-reversible services because if there is a central entity with a known identity it is not possible to avoid mediating disputes and the corresponding need for trust. The problem is that in the real economy and the real society most transactions are not irreversible and this is not a technical limitation it's a core property embedded in the values of a modern society and despite some benefits one major drawback of public permissionless networks is that there is no records to any legal system when things go wrong and this is totally incompatible with consumer protection rules in advanced economies especially when business to consumer transactions are involved and this is even more apparent when we consider that businesses can never be anonymous in the real economy of a welfare state like for example the European Union. Later businesses willing to reap some benefits of the centralization but keeping normal citizens protected started using the blockchain technology in closed networks to be able to transact among reduced number of companies without requiring a central entity. Those networks are called private permission or more frequently private consortiums and they are typically banks with banks energy companies with energy companies or they are dedicated to a single use case like logistics or full trustability. By the way the theoretical decentralization aspects of public permissionless networks are lost over the years as has been already proven and they are in practice almost as centralized as private consortiums. The idea of a public permission network is to combine the best of both worlds to create a blockchain network which is permissioned but where the network is not controlled by any single company a cartel of companies or even a single government. The model resembles a common pool resource which is not controlled either by the state or by the hand of the market. In essence the blockchain technology and the associated governance model position this in the sweetest spot of the spectrum from fully centralized versus radical decentralization options. Now some notable examples of public pension networks are this. Alastria where I participate FC the European Blockchain Services Infrastructure which is promoted by the European Commission and Member States, LatinChain in Latin America and the Caribbean which is promoted by the Inter-American Development Bank and very recently FC the National Italian Blockchain Services Infrastructure and there are more national and regional networks appearing with this model. Now in order to explain the properties of this type of networks let me use this diagram because blockchain is a difficult technology to analyze because it is multi-faceted. If we look at the blockchain as an interconnection technology we would like some properties from the internet backbone most notably it is permissioned but in an inclusive and decentralized way. It is considered as a common good and in many cases as a fundamental right and everybody has the right to join and use the infrastructure according to the access rules which are fair, transparent and inclusive. It is even regulated and for example the European Union regulation says end users so have the right to access and distribute information and content use and provide applications and services and use terminal equipment of their choice irrespective of the end users or providers location or the location origin or destination of the information content application or service via their internet access service. So this is a multi-purpose infrastructure available everywhere to everybody. Blockchain has also some properties of the cloud which confuse many people for example many people especially in big companies expect the blockchain network to be managed and operated by a single company so they can sign a contract and service level agreement an SLA with one entity that they can make accountable for anything happening in the network. They fear or do not understand at all a blockchain network which is operated collaboratively by a group of entities and where none of them has really control of the network and this is clearly not compatible with the public permission model as an example in the decentralized governance model of FC the European blockchain service infrastructure it says consensus nodes orders in fabric should be evenly distributed among member states and no member state should be responsible for more than a given number of nodes. No technical provider should operate more than a given number of nodes especially consensus nodes and member states should coordinate to reduce the amount of share technical providers. Finally blockchain is much more difficult to scale than internet connectivity or cloud services do you need more internet bandwidth across continents put another submarine cable in parallel with the old ones existing applications and services are not affected and the companies using the internet may get even reduced latency if the cable goes near their destination like it's happening right now with the recent Ella Link subsea cable between Latin America and Europe however blockchain capacity essentially the throughput looks more like a scarce natural resource like irrigation water fisheries forest or even the whole earth where other exploitation of the resource brings complete disaster for the internet of value with pervasive networks multi-purpose open and inclusive that can be used for essential services in the real economy we need a proactive governance model which cannot be left to the invisible hand of the market to avoid extreme speculation coming from consensus algorithms being used in public permissionless networks and all of this can be summarized in the manifesto for public permission blockchain networks where I will not enter but you can see here the main points now what is required for this type of blockchain networks and I will address only two things of the many that are needed okay one is the consensus algorithm we need bison team fault tolerant consensus algorithm because CFT crash fault tolerance or raft for example as it is right now in fabric is not enough in such open and heterogeneous networks because in CFT one compromise note compromises the whole network and that means that normally one technical operator has to operate all consensus nodes and this is a typical approach but we need BFT consensus algorithms by something fault tolerant consensus are not just for technical reasons but also for government reasons and by the way this is one of the reasons why in FC the European blockchain network even though there are two technologies one which is Ethereum based with BFT and another which is fabric with raft the widely deployed one is going to be just the BFT based mechanics because with raft the European Commission is going to operate the nose and this does not fit with the decentralized governance model that the European Commission and the governments of the European Union want for the moment now in most implementations of BFT the criteria is to maximize resiliency for a given cost measure in number of nodes normally or the opposite minimize the cost for a given level of resiliency measure as a maximum number of by something node supported now that makes sense but in a private public permission network what we really need is to maximize participation for a given level of resiliency we would like to set F the maximum number of failures for example six by something nodes for any number of machines because we need to maximize participation for a given level of resilience as a set because the cost of consensus nodes the cost is not a limitation in public permission networks so we would like again that resiliency can be fixed it's a should be a parameter of the network and this should be independent of the actual number of nodes that can participate in the executing execution of consensus and one possible way to maximize participation is this basically let me put the laser pointer okay this is just one possible approach okay actually the one that we are trying to use right now in in our networks okay first there may be many machines willing to participate in consensus execution and I don't have time here to talk about incentives but it is not complex to achieve in the real economy okay the incentives to participate and this is what I call the basketball DFT consensus otherwise a generalization of Castro and Liskov's practical by something fault tolerance and proactive recovery basically there is a small team playing on the court at a given time to keep the right level of performance in consensus execution the players are rotated this is the green arrows are rotated proactively between the active and a standby sets eventually all players have a chance to participate okay so this is rotation the nodes are reboot safe refresh this is what it means okay they are reboot and refreshed in a safe way and if the rotation period is small enough the system supports an arbitrary number of bison team failures in the long term if a crash fault is detected for example a timeout of the leader or a given note not voting in several consecutive rounds then the node is taken out from the active set this is the yellow arrow okay so the note is taken out from the active set and put in suspicious state a manual diagnostic process and public declaration of conformity is needed to continue playing the game okay so like in a basketball when you are given a fault okay in a bison if a bison team fault is detected which is the red arrow okay but for example two blocks with the same block number the node is taken out from the active set and put in quarantine the red state the process to have this node again in the game is more involved than with crash faults because this is probably infected and it was controlled by a bad actor okay and very critical all the information related to the consensus execution all of these should be available to all participants in the network not just the consensus nodes in a way which is which cannot be censored by anybody and any participant should have transparent access to how well consensus nodes perform their roles so we also need a decentralized monitoring tool at least for the execution of the protocol by the consensus nodes to increase trust on the network from the regular or peer nodes we need radical transparency in the most important steps in the protocol normal BFT consensus implementations are designed to mask failures and continue working but we what we want is that those failures even if the network continues working those failures of the consensus nodes have to be visible to any participant in a network and to avoid possible censorship of that information probably some trace information will have to be piggybacked into the seals this allows the implementation by regular nodes of watchdogs monitoring bodies or failure detectors to collaborate in the resiliency and the neutrality of the network okay also something very important is that BFT assumes independent node failures and this assumption may not be true if all nodes run the same software configured in the same way public permission networks are permissioned but they are potentially much more vulnerable than private consortiums to common mode failures especially the ones that can be exploited by malicious actors because the network is generally below and is wide area it would be ideal to have one technical specification and several implementation from different vendors in different programming languages and if this is not possible because it's difficult to achieve it would be good to have automatic diversity generation mechanisms as the community is incentivized to follow recommendations good for them and this the consensus algorithm is one of the critical things that up to now fabric is lacking in order to implement the type of networks that we would like to implement public permissioned blockchain networks now we know that this is coming but this is early late yet and now something a little bit more provocative I would say okay this is a simple taxonomy of blockchain applications certification is basically about the proof of existence in the past of an object external to the blockchain like a diploma or most of the credentials or certifications that are needed in real life the centralized workflow is in reality a generalization of centralization of sorry of certification in the sense that it registers what each entity says about something done outside of the blockchain and all such certifications are tied together in a wall in a flow for example traceability of food and exchange of digital value is the most difficult problem to solve by the blockchain and involves the change of ownership of a good a digital good where the good and register only exist in the blockchain and this is in reality the initial problem that Bitcoin tried to solve something which is not obvious at first sight is that if the object is real that is belongs to the real economy and has an existence outside of the blockchain it's change of ownership can typically in most of the cases be implemented as a decentralized workflow and we do not require the complexity of the exchange of digital value type actually if we look at the real economy or government services we see that most problems where blockchain can help are related to the types marked in green this is over helping the number of use cases that we find in the real economy for example the European Commission announced last week the future availability of the European digital identity wallet for all citizens together with regulation for electronic ledgers this is the the official name they gave as trusted services this is based on the European self-subsubbing identity framework and the FC blockchain network that I mentioned before okay so this is the end result of the world that we have been doing there because I have the pleasure to to participate there and this is a good example of the certification pattern taking dearly directly from the regulation literally an electronic ledger combines time stamping of data and their sequencing with certainty about the data originator similar to electronic signing with the additional benefit of enabling and more decentralized governance which is suitable for multi-party cooperation data integrity is very important for the pulling of data from decentralized sources for self-soring identity solutions for attributing ownership of digital assets for recording business processes to all the compliance with sustainability criteria and for various use cases in capital markets those two sentences are in the regulation so you see what the European Union is trying to achieve okay and if you haven't looked at this I recommend that you look at the regulation because this is a proposal and this is exactly what the European Union is doing and this is a huge advance in blockchain technology in the European Union now to summarize the main requirements for certification and decentralized workflows are data integrity or in blockchain parlance immutability even though immutability does not exist in the real world okay but hype is the king here the unsensorability which is the availability of the information with a possibility for censorship by anybody even the originator and here comes the contentious issue in reality for most use cases where we can see the blockchain trying to be applied we don't really need global total order and for example the diploma the diploma is a trivial CRDT the conflict free conflict free replicated data type okay so diplomas issued by different universities to different people commute which means that in Germany one university can issue a diploma and in Spain another university can issue a diploma and we don't need a total order for those two facts objects register in the blockchain are unique and read only once created like the diploma the right ones you read many times for all your life copies can be created without problem even in different networks which means that in general double-spending is not a problem because you don't sell your identity basically okay or a diploma but typical CRDT and eventual consistency because they are related okay and this is eventual consistency implementation are not by something tolerant so we don't have any solution right now for solving those problems so we end up killing flies with cannons and using total global order or a strong consistency solution like BFT for example or aft for something that does not really need it and this affects scalability so the question is do we need something in the blockchain like database isolation levels and different consistency models but we will need this in the same infrastructure in runtime because we would like something like the Internet of value a blockchain infrastructure like the Internet but we would like to be able to tune consensus and consistency depending on the use case because some use cases may need eventually consistent systems others strongly consistent systems or even be able to specify per concurrent object type which means for example for a smart contract we even may need a virtual machine with optional commutative of operations and associated the smart contract language or our domain specific language okay which in most cases in my personal experience we don't really need to incomplete but of course that doesn't mean that for some use cases we need to incomplete systems okay so in the ideal work normal programmers can choose simple model with a strong consistency because it is very easy to reason about those systems and applications but experienced ones can choose consistency model appropriate for use case so basically the same thing that happens with databases you can have relational databases with strong consistency or no SQL databases with eventual consistency and depending on the use case you choose because for example if we have eventually consistent systems and this is some properties of the credential flow with with this type of blockchain systems okay we have incredible scale scalability because the main credential flow does not require blockchain transactions incredible performance because it's independent from the network incredible resiliency because it doesn't depend on the blockchain once they have been issued because verification can be done in any note and incredible robustness and this is something that can be achieved for most of the use cases that we really need in the real economy so and this is the last one okay in conclusion public permission network this is a common good or should be a common good like the internet and it has to be permissioned with decentralized governance and both things permissioning and decentralized governance are very difficult to put together but we really need that like in the internet it should be non-discriminatory multipurpose so once you access the network like in the internet you can use the network for whatever you want without asking permission to anybody has to be multipurpose and focus on the real economy so that means no extreme speculation because it has to be an infrastructure it has to smell and behave like infrastructure and we need a regulatory environment because this with the size of the network and the heterogeneity of the network plus bft it means that we can implement efficient peer-to-peek among companies not just about people okay because the network is going to be built by companies we need peer-to-peer among companies which is impossible with the centralized technology but it requires some of homogeneity in the regulatory environment for example recognition of identities and dispute resolution and this is exactly what the european union has announced last week but we are going to have an interoperable system of identities across all of the european union states and it may be this type of networks may there may be restricted to regions they may not solve the global problems okay but it may be restricted to europe which is one third of the GDP of the world to trade corridors like for example europe and canada or combinations but of course there are many many challenges ahead right now there is no solution compliant with all the requirements and it has just scratched the surface and this is the end so i will finish the presentation and then we have i hope enough time for questions because probably this is contentious okay i i saw one question uh the slides yeah i will i will upload the the slides let me go to the question Q&A and the question i have only one question okay so you mentioned monitoring the network for bison team fairers do you have plans for implementing something like that for your networks well actually we are implementing that yeah uh but of course uh if it is a bison team failure by definition uh a bison team failure a bison team behavior uh is completely arbitrary so we can only detect some bison team failures like for example the one that i mentioned two blocks with the same block number is clearly not a technical error okay because you have had to sign digitally sign the two blocks so this is a bison team failure uh but yes not just bison team failures but anything which is also cross crash fault torrent and again not just monitoring for the technical resiliency but monitoring to provide trust to the all the participants so for example in one network we have 180 nodes okay uh all of the nodes whether they participate in consensus or not they can see what the validators or orders or the consensus nodes as i want to call them are doing uh however we still don't have a fully decentralized monitoring system okay this is a challenge uh what i mentioned okay is not in my presentation is not something that we already have it's something that we need okay and uh i really know that uh it's very difficult to achieve okay so i don't know if there is going to be any more questions okay i see uh the first question from benedict uh in the in the chat okay that mere bft is production ready soon i really hope i really hope because this is going to be a breakthrough for us okay because for example in in alastria and the european commission and then let me let me just use the time uh in the in the european blockchain service infrastructure where we have 28 governments plus european commission we have basically at this moment two technologies one i mentioned is well both are hyper ledger by the way one is hyper ledger besu and another one is hyper ledger fabric now with fabric we have a problem and the problem is that given that the consensus because otherwise it's fantastic technology okay but given that uh this is wrapped uh i already explained why uh we cannot implement a system where all the orders are let's say decentralized the operation of the orders ideally uh has to be fully decentralized and in such a way that nobody has control of anything of anything in the network okay once the network is set up uh of course if all the governments agree on something they can stop the network okay they can censor but uh if you give if you live in the european union such is life okay actually uh is going to be much more difficult for the governments to collude in the blockchain network than uh in the real life okay and another property one single government is not going to be able to censor anything or to modify anything or to do anything uh in the blockchain so the blockchain network being operated by the member states by the way the blockchain network fc is not going to be limited to the governments it's going to be open to any public administration initially and also to the private sector okay so this is going to be in my in my words the backbone of the blockchain networks in europe because uh there's not going to be a single network there's going to be the future it's going to be a network of networks and they have to be interoperable okay and this is going to happen in europe and in the rest of the world so i don't see any questions i don't know if i playing the whole thing very clearly or okay so for the question is well there's one question here which says from benedict which bft algorithms are you using for the ethereum blockchain network this is ibft 2.0 okay this is this is uh basically besu and we also have qualm and we hope that they are going to be joined together okay because we need as as i said the diversity but this is ibft this is a variant of bft okay but the the actual bft implementation uh i would say does not really matter the most important thing is that is bison team and of course that it has the properties of this bison team for tolerant which is uh uh finality and so on okay and and i will okay thanks for the presentation we'd love to see their slides yeah i will i will upload the the slides uh in any case as i mentioned before let me let me just serve the screen again because as we have we have more time right yeah let me serve the screen again and one of the of the criticisms for bft okay is that they are not scalable because you can only run the consensus algorithm with a limited number of of nodes actually we don't see this a problem if you implement this scheme okay what we call the the the the basketball uh basketball team bft consensus tower okay this is not the official name okay basketball why because in reality what all the nodes want is to participate and eventually they are going to participate it's like in basketball okay only five people can play at a given time but for winning the championship you need the collaboration of every other so everybody has to put their part and by the way we can do something better than in basketball because in basketball teams normally have uh uh something like the preferred team the first team here you don't have the preferred team so everybody you can have here hundreds no problem but assuming that you are limiting this to for example 22 nodes even even 50 we have tried and and and it works perfect okay but it's approaching the limit with the current with the current technology but imagine that you have here uh 21 here you can have hundreds doesn't matter eventually given the rotation you rotate one every time then they all participate they are all going to be useful for supporting the network and the network the resiliency is given not just by bft but also by the rotation as as is explained in the in the paper from castral anglicos okay as i as i explained proactive recovery proactive recovery if you do this rotation uh fast enough then the bad guys because you do the the save refresh you do reboot from from safe memory basically from this syndrome for example okay and cryptographically verified booting uh you are eliminating any possible contamination or infection that a bad actor put in one node so if the time or if the rotation period is much lower than the time required by the bad actor to control one third of the nodes actually you are achieving two things the bad actor will never able to control one third and you are uh free from Byzantine filters for the long term okay and then again these two paths taking out the uh nodes is something that is not embedded in for example i bft in visual okay for the moment so we have to do this manually using the apis we would like to see this implemented in the consensus order okay because this is not the typical implementation of bft as i said is just okay because we are bft then we are resilient against failures but this is also governance okay so we want bft again for two things technically resilient technical resilience and governance and transparency those two things are very important in this type of okay and i would say that uh okay if there are no more questions then and the moderator does not or is not against this i think we can finish the presentation and i hope that it was interesting i will upload the the the the slides okay okay so thank you let me upload this okay so this is going to be provided by the speaker which is me in this link okay okay so thank you very much