top of page

Why the public/private key pair is holding back innovation in finance



The public/private key pair sits at the heart of DLT ideology – but is it holding back a transformation in the financial markets?


The obvious and easy-to-miss truth about the public/private key pair is that it is a perfect solution to the ideology of decentralisation. The goal of distributed ledger technology is to mitigate against interference from governments or banks and ensure sovereign ownership of an asset. Its most famous incarnation, Bitcoin, was originally created as an interference-free experiment in the creation of money as a public-resource. So, while the technical innovation of DLT gave us a newer and more efficient way of accounting, the ideology behind its main security system - the public/private key pair is actually creates a form of ‘password totalitarianism’, that is at serious odds with the world of regulated finance.


For close to half a decade now, the financial industry (FinTechs and incumbents) has been grappling with how distributed ledger technology can transform transactions and ownership of a multitude of asset types. But the likelihood of this triggering full paradigm shift in finance currently remains low because of the risk and undercutting of title law inherent in the absolute ownership model of the public/private key pair.

Putting aside the yawning problem of private key theft, challenges arise when a private key is not forthcoming. An owner that misplaced, lost or destroyed their key is effectively locked out of those assets forever. Stories abound of unfortunate investors who having discarded old hard-drives containing their private keys, have had to dig through rubbish dumps in an attempt to recover their lost assets. Without the private key, such lost bitcoins are likely to sit motionless on the blockchain indefinitely. Recent research suggests that up to as much as much as 3.7 million bitcoin have become inaccessible to the owners, and with a price over £40,000 (at time of writing) it is a total amount of over £150 billion.

This vulnerability also provides the cornerstone of a great number of lies and fabrications - people claiming the loss of a private key know that the technology helps them get away with the money in a way that would be impossible in the global banking system. While it occurs at scales both big and small, one of the best known examples is the implosion of Canada’s then-largest cryptocurrency exchange after the poorly documented ‘death’ of the founder meant that the private keys to $145M in the exchange were lost. A subsequent investigation uncovered systemic fraud at the exchange, but the fraudulent methods employed were largely enabled by the level of control the public / private key structure gave the (likely) mal-intentioned founder. 

The ICO spree of 2016/17 is another example of how messy the public/private key pair can make matters, but it also helped get the attention of more regulatory-minded actors. The ICO evolved into the STO (security token offering), which advances an innovative deployment of DLT, where distributed ledger based digital certificates of ownership are tied to real, registered assets, and regulated by the specific jurisdiction (although the offering party is allowed to pick which jurisdiction).

If we admit that only the private key is preeminent in authenticating transactions, we should not only be asking what happens when the private key has been lost, or purposely obfuscated, but also what happens when the owner of the key is either hidden or refuses to use it in accordance with their legal obligations?

In 2019, Spain’s multinational banking giant Banco Santander made headlines for issuing a $20 million bond on the public Ethereum blockchain on September 10, and making an early repayment on it a few days later, demonstrating how easily the blockchain could be used to manage the full lifecycle of a security. In this case, Santander was both the issuer and lender of the bond; in other words, the bank was completely secure about who was giving and receiving digital currency. When this circuit is opened up to the public, however, the KYC (know your customer) layer of the transaction becomes more complicated, as does the risk that a third party investor loses ownership of the asset in a court decision but refuses to comply. What action would Santander take if they receive a court order specifying an asset transfer but the underlying technology doesn’t allow them to comply? Although Santander’s foray into blockchain bond offerings made a splash in 2019, it is notable that the service has not been rolled out widely or publicly since.

At Hunit, the future of digitalised assets has zero tolerance for the loss of the private key or manipulation of transparency through it. In our minds, DLT becomes broadly transformative as it evolves beyond the public/private key pair model. We’re doing our part by helping to deliver natively Smart Legal Contracts that can power a distributed financial system that is fully compliant with existing regulatory and legal principles.

Comments


bottom of page