Project Khokha 2 was launched to explore the implications of tokenisation in financial markets through a proof-of-concept (PoC) which issued a South African Reserve Bank (SARB) debenture on distributed ledger technology (DLT) and enabled payment with a wholesale central bank digital currency (wCBDC), in the primary market, and a wholesale digital settlement token (wToken) i.e. a commercial bank issued stablecoin, in the secondary market. One of the key technical objectives for the project was to test interoperability between different tokenised assets and different DLT networks. But what is interoperability and why is it important in the DLT-based financial networks? The authors have explored aspects of interoperability and integration between DLT-based networks in different projects, including Project Khokha. This blog will share some of our collective insights surrounding interoperability and its importance.​

The need – the need to speak​

To explain the importance of DLT-based networks speaking to each other we will start with a picture of a possible future with tokenised markets. This picture was painted by David Birch in 2017 where five Cs could potentially issue digital (or tokenised) money, namely: (i) central banks; (ii) commercial banks; (iii) companies; (iv) cryptography (basically crypto-based money issued by private firms); and (v) communities (Birch, 2017: 184). In this future scenario, the wallets on smartphones use artificial intelligence to negotiate and price and trade between different tokenised forms of money depending on a user's needs at a point in time (Birch, 2017: 2020-221). For instance, a user may need to trade central bank digital currency (CBDC) for a stablecoin, which is more beneficial in a decentralised finance (DeFi) platform, or a game-based money token. Such a future is only possible if these different digital value networks can talk to each other, i.e. are interoperable.

More pragmatic considerations include that closed-loop systems may be seen as exclusionary on the one hand, while also reducing benefits to users who can only perform transactions on that network. Metcalfe's law[1​​​​]supports the idea that utility increases exponentially with the number of users on a network. Interoperability can create utility for users on a DLT-based network resulting in increased user numbers stemming from the increased value of each network.

Interoperability and integration

In considering how DLT-based networks could speak to each other, Chen, Doumeingts, and Vernadat (2008) make the distinction between interoperability as 'loosely coupling' coexisting separate environments, and integration as 'tightly coupling' and complex coordination. In other words, between merely exchanging and using information from another network on the one hand versus more direct coordination and linking of processes on the other. We will briefly consider two DLT-network integration methods first and then two interoperability methods.

The World Economic Forum (WEF) sets out the two DLT integration options, namely application programming interface (API)-based integration, and shared notary schemes (2020). Readers may be more familiar with API integration as APIs are already widely used. API-based integration requires trust between networks and handoff points, that is, integrated networks must perform as expected – which typically implies some sort of shared governance or scheme. This method is also useful for integration with traditional, non-DLT, payment and other financial ecosystems.

Shared notary scheme integration utilises shared nodes across a hierarchy of, or horizontally integrated, distributed ledgers to ensure consensus on ledger entries across different DLTs. This method allows the spanning of identities (addresses) and logic across chains whilst still enabling non-repudiation, smart contract dependant consensus, and atomic transactions. Further, advanced logic and conditional processing (smart contracts) and atomic transactions are automatically enforced by the system. Shared notary schemes, therefore, integrate core DLT benefits in a trustless environment. This method enables loosely coupled integration and enables financial innovation, across disparate and non-traditional networks.

The two interoperability methods are pinning and hashed time locked contracts (HTLCs) and may be used in addition to APIs or shared notary schemes, or when the first two methods are not possible/feasible. Pinning uses 'proofs' for off-ledger transactions (non-ref​utable proof of something in another DLT network as part of a transaction) and does not require permission. It programmatically links the execution of a DLT transaction to other ledger transactions. HTLCs tie up, or reserve, value on one ledger and is only released after a specific period of time or once some logical condition is met. Both interoperability methods are powerful and do not require setting up trust structures.

Interoperability in Project Khokha 2

Moving from general methods we will now look at the methods used on PK2 – first looking at the design of the PoC. In order to deliver on the scope of the project, namely debenture tokens; a wCBDC; and a wToken the team built two DLT networks, namely the wCBDC Zone (R3 Corda) and the Khokha Hub (BitFair, a Cosmos implementation). The Khokha Hub was a token trading platform where decentralised applications or modules could be implemented enabling the issuance of the debenture tokens and wToken. This design enabled the exploration of interoperability utilising two methods.

The first method used, was a software bridge which is a similar process used in DeFi to, for instance, create wrapped Bitcoin to port, or bridge, Bitcoin to Ethereum. The team was able to port wCBDC from the wCBDC Zone to the Khokha Hub. The second method was the technology used for the Khokha Hub, which could be described as a blockchain-of-blockchains. Its modular architecture consists of two types of DLT, namely hubs and zones with the hub being a central DLT platform which connects multiple independent DLTs or zones. The technology not only enabled connection to the wCBDC Zone, but also to multiple DLT zones set up by the participating banks in order to share value between the networks.

Mis(sed) communication – interoperability challenges

A DLT promises transparency and confidence to its participants through a shared ledger and sharing proofs of calculations between all parties so they may be self-verified – however establishing integration and interoperability between multiple DLTs does present some challenges.

The larger system context must be considered when crossing between DLTs in order to assess the risk involved. For instance, is there a commonly trusted party (or parties), such as a regulator or common authority, operating across both DLTs which can provide the service of a bridge or notary scheme. Another consideration is whether one or more of the end points of the bridge is in an untrusted or public environment, which means that such transfers are reliant on the implementation of cryptographic proofs provided by unknown third parties.

Considering the bridging of tokenised value between public networks, the media coverage of cybersecurity exploits such as that of Solana's Wormhole bridge and Axie Infinity's Ronin bridge are unfortunately commonplace[2]​. Even bridges based on notary schemes which have completed public security audits have been compromised because of dependencies on out-of-date underlying or third-party software libraries, exploitation of privileged and trusted user privileges, or even human error.

The impact on participants and the consequences for the perpetrator in the event of compromise may differ for bridges between public networks and bridges between permissioned and regulated networks, which in turn affects the risks involved in both. 

In public networks the impact of an attack may be expected to be permanent since obtaining a consensus from the majority of network operators on a course of remedial action has historically proven infeasible. One example of remedial action is the collective rolling back of the ledger to a state prior to the exploit in order to undo all transactions since that point – as was most famously attempted in 2016 when the 'The DAO'[3] on the Ethereum network was compromised. While many hackers may therefore initially escape with their illicit gains, there are an increasing number of examples that the getaway may not be complete. For example,  in the apprehension of the actors behind the $3.6 billion stolen in Bitcoin during the 2016 hack of Bitfinex – a crypto asset exchange, as reported during February 2022. This shows that law enforcement can 'follow the money', even years after the fact, and seize it. In this way, the DLT may itself be a powerful tool which may be used in investigating financial crime and to support regulation and oversight.

The impact on users in private and permissioned networks can often be mitigated by the network participants agreeing on more sophisticated remedial actions – such as freezing stolen tokens and crediting users who were impacted with new tokens to reimburse the loss.  Such actions however do require exceptional care and planning as it compromises what many believe to be the foundational tenet of DLTs, i.e. that transactions are immutable and deterministic – even if it resolves what may appear to be a more pertinent and immediate issue. However, the emerging concept of national DLTs/blockchains presents a framework whereby regulators can implement these interventions without compromising the immutable nature of DLTs. In such regulated environments the identities of all actors are required to be recorded, which makes it much more difficult for an actor to escape consequences. Over and above the likelihood that their tokens will be frozen and access to their DLT accounts terminated, perpetrators may face civil or criminal prosecution within the relevant regulatory jurisdiction.

The risk to users is therefore substantially greater in bridging to and from public networks than doing the same within a permissioned or private network context – and a great example of how regulated networks protect users of these technologies by reducing or removing such risks. In a multi-DLT environment, the integration between regulated private or permissioned networks and unregulated public networks must be subject to regulation for it to be effective, as such integration could introduce the same public risks to private and permissioned networks if not implemented with care and caution.

Concluding thoughts

With the use of DLT based approaches, new integration and interoperability opportunities are presented, however it also raises risks which must be addressed, including through the specific governance arrangements. Governance mechanisms, including regulation, must ensure safe and efficient integration, particularly within the formal financial sector. Not only can these mechanisms transform how digital money is utilised, opening numerous possibilities, but it can also bridge the gap between existing ecosystems and DLT-networks to create an integrated experience and unique utility for the network participants and its customers.​

Bibliography

Birch, D (2017) Before Babylon, beyond bitcoin – From the money that we understand to the money that understands us. London Publishing Partnership.  

Chen, D., Doumeingts, G. and Vernadat, F. (2008), Architectures for enterprise integration and interoperability: Past, present and future. Computers in Industry, 59(7), 647–659.

World Economic Forum - WEF (2020), Inclusive Deployment of Blockchain for Supply Chains: Part 6 – A Framework for Blockchain Interoperability. Available at: https://www.weforum.org/whitepapers/inclusive-deployment-of-blockchain-for-supply-chains-part-6-a-framework-for-blockchain-interoperability.

Notes

[1] ​Metcalfe's law is attributed to Robert Metcalfe and states that the value of a telecommunications network is proportional to the square of the number of connected users. It is often used in the context of the internet and other platforms to highlight network effects gained through being able to connect more entities to a network.

[2] ​As we were getting ready to finalise this blog for publication details started to emerge surrounding a third big bridge exploit with hackers potentially taking control of a Harmony multi-signature wallet to steal $100 million in multiple crypto assets. See: https://www.theblock.co/post/154029/harmonys-100-million-hacker-took-control-of-its-multi-signature-wallet-analysts-say

[3]​ DAO in general means a decentralised autonomous organisation, but this particular implementation was called 'The DAO'.

​​​...............................................................................................................................................................................................................................................................................................

SHARE THIS BLOG

​​​

Discla​imer: As the IFWG we are enthusiastic to include diverse voices through our media content. The opinions of participants do not necessarily represent the views of the IFWG and their respective organisations.