DLC Consulting International

Archives

How to start a lawyer career Featured

Governance of Public Interest Task Force in San Francisco on how Rocket Lawyer’s online platform has modernized the delivery of legal services and lowered the cost of legal services for millions like Lawyer in the effort to expand access to justice will holding a public hearing.

Read More

How to start a lawyer career

European Central Bank launches instant payments system

The European Central Bank (ECB) has launched a pan-eurozone instant payments system, following growing consumer demand for this kind of service.

What does this mean?

The new service, called Target Instant Payments Settlement (TIPS), is available to consumers and businesses across the 19 states in the eurozone and will offer near real-time payments via smartphones, PCs and in-store payment points.

“In launching TIPS, the Eurosystem is acknowledging the changing reality that digitalisation is erasing the borders between wholesale and retail. TIPS offers final and irrevocable settlement of instant payments in euro, at any time of day and on any day of the year,” said Yves Mersch, Member of the Executive Board of the ECB at the launch event in Rome on 30 November.

Many banks have launched instant payment services for domestic use but there is currently no such services for cross-border transactions.

The ECB hopes that TIPS will solve this by offering a single, borderless solution, which is connected to central bank funds and therefore avoiding some of the settlement processes that can inhibit instant payments.

“Banks in the eurozone are under pressure” from tech rivals, said Marc Bayle de Jesse, head of market infrastructure and payments at the ECB.

“TIPS is a way for them to not give up the game to these digital players,” he added.

TIPS will initially be open to any person, bank or business in the eurozone but could in future be expanded to other countries and currencies.

To take part and be able to offer the service to customers, commercial banks will have to open a dedicated TIPS account with their national central bank.

Participating banks will also have to forgo the benefits of having the liquidity from an in-progress money transfer on their books, as well as losing out on sometimes hefty customer fees depending on the type of transaction.

So far, eight banks are participating in the project, but the ECB said the convenience of the service and the expected high demand will convince other banks to sign up.

The ECB plans to charge banks a transaction fee of €0.0020 until at least November 2020 and the first 10 million payments made by each TIPS participant before the end of 2019 are free of charge.

TIPS operates on a full cost-recovery and not-for-profit basis and there are no entry or account maintenance fees.

Fortify Smart Contracts

Fortify Smart Contracts

Formal verification uses math to specify and analyze a program for errors in logic. However, because of the time and cost involved, formal verification is best reserved for situations where human life or large sums of money are at stake.

Currently, formal verification is used to verify the correctness of high-risk code in transportation, the military, and cryptography. Chip companies use it to fortify algorithms before embedding them in silicon. And banks use it to develop financial algorithms.

Applied to blockchain technology, formal verification could provide assurances that self-executing transactions known as smart contracts will work as intended, eliminating some of the bugs and financial losses that come as a result of coding errors.

This year alone, bugs in Ethereum’s Parity wallet accounted for $180 million in losses. Last year, a bug in a virtual organization known as The DAO enabled a hacker to siphon $50 million from the Ethereum smart contract.

Platforms like Cardano and Tezos are already working on smart contract languages specifically designed to facilitate formal verification. Ethereum is also working on bringing formal verification to its smart contracts.

But what is formal verification? How does it work? And why is software so difficult to get right in the first place?

To Err Is Human

The software is inherently unforgiving. If you are constructing a building, you can leave out a nail or a screw, and the structure still stands. But when it comes to software, something as simple as a single typo can cause the entire program to stop working.

“Programming languages are incredibly powerful,” Gerard Holzmann, a former lead scientist at NASA, explained in an interview with Bitcoin Magazine. “As a programmer, you have to deal with a lot of detail, and unless you get every detail right, there is some effect.”

The traditional approach to getting the software right is testing. After you write an algorithm, you input a variable and check to see if it gives back the correct output. But how do you test every single input? You can’t. There are too many to test, and there could be errors lurking in the cases that you do not test.

“There are so many possible executions that really when you test or execute, you just scratch the surface of what is possible,” Holzmann said.

Put another way, testing only looks for the presence of bugs, not the absence of bugs, and one small mistake could have devastating results.

“If you take any failure of a system, like Fukushima and Three Mile Island, and look at the sequence of events that led to that failure, it is always fascinating because there are so many things that nobody could have predicted that would happen in a particular accommodation,” said Holzmann. “Same as in software; so many things can happen.”

In contrast, instead of testing one situation at a time, formal verification is a way to test that a program works in every situation. What you care about is whether the logic holds true, and the best way to check that logic is with a computer.

“A formalism for me has the purpose that you can reason about things, and the most useful way of reasoning about things is if you can program a machine to do the reasoning for you,” said Holzmann.

Making a Plan

Generally, the first step in formal verification is to create a mathematical model. The math needed is not complicated; it’s just basic logic written up in a so-called “formal language” that is machine checkable.

Typically, the process of specifying a model begins with a stakeholder who understands what the system needs to do. In the case of a medical device, the stakeholder might be a doctor; in the case of a smart contract, it might be a lawyer or a banker, or both.

The job of a stakeholder is to convey the information in her head to a requirements engineer who collects that information and creates the model. The process begins informally with discussions and abstractions, but ends formally with a precise mathematical specification.

This is not easy. It is a time consuming, iterative process that can take months, depending on the situation, but it often brings a clarity to a situation that was not there before because it forces programmers to think deeply about the behavior of a software.

“You can think of it as laws and regulations,” said Andreas Zeller, professor of software engineering at Saarland University in Saarbruecken, Germany, who likens creating a formal specification to developing a plan for a building.

“You refine the regulations,” he told Bitcoin Magazine. “But if you do not have regulations in the first place, your building crashes, and that is when you realize, you had better make a plan.”

Checking the Logic

Once a model is specified, the next step is to verify the model’s logic with proofs. This is a critical step in the process. “If you do not have a proof, you do not have a guarantee that the model, as it is, will work,” explained Zeller.

But because you have to make explicit every single logical step, proofs can be immensely long and complex. In the past, this made formal verification agonizingly difficult. Even the simplest statement could require dozens of theorems and lemmas.

Fortunately, these days, many formal systems use automated theorem provers, like CoqIsabelle or Metamath, that can check or even partially construct a formal proof.

Once a model is proven to work, the next step is building your program. But you still must make sure the software you build conforms to the specification.

This is where functional programming languages like ML, Haskell, OCaml or F# enter into the picture. Because these languages are closer to algebra in their expressiveness, they are a better match for formal verification than languages like C, Java, or JavaScript.

For this reason, Tezos is written in OCaml and Cardano is written in Haskell, so changes to the protocol are easier to formally verify. (A formal specification for Ouroboros Praos, the next generation of the consensus algorithm powering Cardano, is already in the works.) Similarly, Tezos’ smart contract language Michelson is based on OCaml; Cardano’s smart contract language Plutus is based on Haskell.

Pros and Cons

On the plus side, formal verification allows computer scientists greater assurances in developing software. On the negative side, because of the rigor involved, formal methods can be a time-consuming, costly undertaking for projects developing the code.

Because of this, formal methods are best used to guarantee smaller building blocks of code that get reused over and over. You would not use it for, say, an entire operating system, but only those parts of a system that require the highest safety or security assurances.

Naturally, any type of security comes at a cost. The question is, how much security will blockchain and smart contract developers be willing to pay for?

If you want something that is error free, “you had better be prepared to spend tens to hundreds of thousands of dollars for people who will provide a full proof,” cautioned Zeller.

On the other hand, for smart contracts securing tens of millions of dollars in funds, those costs may be well worth it. Looking at it another way, in a competitive environment, formal verification could make smart contracts more appealing to the consumer.

If, for instance, you had the choice of entrusting your funds to a smart contract that had been formally verified versus one that has not, which one would you choose?