Launching a Decentralized Autonomous Corporation: A Step-by-Step Guide

Businesses, as US presidential nominee Mitt Romney reminds us, are entities comprised of individuals. Whether or not you concur with the deductions that his supporters derive from that assertion, the statement certainly embodies a significant measure of truth. What constitutes a corporation, after all, if not a certain assembly of people collaborating under a specific framework of established rules? When a corporation possesses property, what this truly signifies is that there exists a legal agreement stipulating that the property may solely be utilized for specific purposes under the authority of those individuals who presently serve as its board of directors – a designation that itself can be altered by a designated group of shareholders. If a corporation undertakes an action, it is because its board of directors has consented to that action. If a corporation employs individuals, it signifies that those individuals have agreed to deliver services to the corporation’s clients under a particular set of guidelines, especially pertaining to compensation. When a corporation enjoys limited liability, it indicates that particular individuals have been endowed with additional privileges to act with diminished apprehension of legal prosecution by the state – a collective of individuals with more rights than ordinary individuals acting independently, but ultimately individuals nonetheless. In any case, it’s nothing more than individuals and agreements all the way down.

Nevertheless, a fascinating question emerges here: do we genuinely require the individuals? On one side, the response is affirmative: although in some post-Singularity era machines may be capable of functioning autonomously, in the foreseeable future some form of human involvement will simply be essential to interact with the physical realm. On the other hand, however, over the last two centuries, the answer has gradually become no. The industrial revolution enabled us, for the initial time, to start substituting human labor with machines on a grand scale, and now we possess sophisticated digitized factories and robotic arms that produce intricate products like vehicles entirely on their own. But this merely automates the foundational labor; eliminating the necessity for a large workforce of manual laborers, and substituting them with a fewer number of specialists to maintain the machines, while the company’s management remains unaffected. The real question is, can we tackle the issue from the contrary angle: even if we still require humans to carry out specific specialized roles, can we exclude management from the framework instead?

Most firms possess some version of a mission statement; often it revolves around generating profits for shareholders; at other times, it incorporates some ethical obligation associated with the particular product they are crafting, and various other objectives such as community assistance occasionally factor in, at least in theory. At present, that mission statement exists only to the extent that the board of directors, and ultimately the shareholders, interpret it. But what if, with the capabilities of modern information technology, we could encode the mission statement into software; that is, create an unbreakable contract that generates income, compensates individuals to perform a function, and secures the hardware it requires to operate, all without the necessity for top-down human guidance?

As Let’s Talk Bitcoin’s Daniel Larmier highlighted in his own investigation of this idea, in a way Bitcoin itself can be regarded as an early prototype of precisely such a construct. Bitcoin comprises 21 million shares, and these shares are owned by what could be identified as Bitcoin’s shareholders. It has employees and a protocol for compensating them: 25 BTC to one random member of the workforce approximately every ten minutes. It even boasts its own marketing division, consisting largely of the shareholders themselves. However, it is notably quite limited. It possesses almost no knowledge about the world beyond the present time, it lacks any capability to modify its function except for the difficulty, and it doesn’t actually perform any actions per se; it simply exists and relies upon the world to acknowledge it. The question remains: can we enhance this?

Computation

The initial challenge is evident: how could such a corporation genuinely make decisions? It’s straightforward to write code that, at least under predictable conditions, takes a specific input and computes a desired action. But who will operate the code? If the code merely exists as a computer program on a certain machine, what’s preventing the owner of that machine from shutting it all down, or even altering its code to redirect all its funds to themselves? To this dilemma, there is only one effective solution: distributed computing.

However, the type of distributed computing we seek here is different from the distributed computing found in initiatives like SETI@home and Folding@home; in those instances, there remains a central server accumulating data from the distributed nodes and issuing requests. What we require instead is the kind of distributed computing exemplified by Bitcoin: a set of rules that autonomously self-verifies its own computations. In Bitcoin, this is achieved through a straightforward majority vote: if you’re not contributing to computing the blockchain with the majority network power, your blocks will be disregarded and you will earn no block reward. The theory posits that no single adversary will possess enough computational power to undermine this mechanism, thus the only feasible strategy is essentially to “go along with the majority” and operate honestly to help sustain the network and obtain one’s block reward. So, could we simply implement this mechanism for decentralized computation? That is, could we ask every computer in the network to evaluate a program and then reward only those whose responses align with the majority vote? Regrettably, the answer is no. Bitcoin is a unique scenario because it is straightforward: it is simply a currency, possessing no properties or private information of its own. A virtual corporation, in contrast, would likely need to safeguard the private key to its Bitcoin wallet – a piece of information that should be accessible in its entirety to no one, not to everyone as Bitcoin transactions are. However, the private key must still remain usable. Thus, an effective system for signing transactions, and even creating Bitcoin addresses, must be computable in a decentralized manner. Fortunately, Bitcoin enables us to accomplish exactly that.

The initial solution that may spring to mind is multisignature addresses; given a cohort of a thousand computers that can be depended upon to likely persist in supporting the corporation, have each of them create a private key and generate a 501-of-1000 multisignature address among them. To utilize the funds, simply formulate a transaction with signatures from any 501 nodes and broadcast it onto the blockchain. The issue here is evident: the transaction would be excessively large. Each signature occupies around seventy bytes, so 501 of them would equate to a 35 KB transaction – which is extremely challenging to get accepted into the network as bitcoind by default refuses transactions with any script exceeding 10,000 bytes. Furthermore, this solution is specific to Bitcoin; if the corporation aspires to store private information for non-financial purposes, multisignature scripts become impractical. Multisignature addresses function due to the presence of a Bitcoin network evaluating them, and integrating transactions into the blockchain.depending on whether the assessment is successful or not. In circumstances involving private information, a comparable approach would fundamentally necessitate some decentralized entity to manage the data and distribute it only if a demand has 501 out of 1000 endorsements as required – bringing us right back to our original position.

Nevertheless, there remains optimism in an alternative approach; the overarching term utilized by cryptographers for this is “secure multiparty computation”. In secure multiparty computation, the inputs for a program (or, more accurately, the inputs into a simulated “circuit”, since secure multiparty computation cannot handle “if” clauses and conditional loops) are divided utilizing an algorithm known asShamir’s Secret Sharing, with a portion of the data assigned to each participant. Shamir’s Secret Sharing can be employed to break down any information into N segments such that any K of them, but not K-1, suffice to recover the original data – you decide what K and N are while executing the algorithm. 2-of-3, 5-of-10, and 501-of-1000 configurations are all viable. A circuit can then be processed on the fragments of data in a decentralized manner, ensuring that by the conclusion of the computation, each participant holds a part of the outcome of the calculation, yet at no stage during the computation does any individual gain even the slightest insight into the proceedings. Ultimately, the segments are reassembled to disclose the result. The computational complexity of the algorithm is O(n3), suggesting that the number of computational moves required to execute a computation is approximately proportional to the cube of the total number of participants; with 10 nodes, it incurs 1000 computational steps, and with 1000 nodes, it amounts to 1 billion steps. A straightforward billion-step loop in C++ requires around twenty seconds on my laptop, while servers can typically execute it in a fraction of a second, which means 1000 nodes is currently around the threshold of computational feasibility.

Interestingly, secure multiparty computation can facilitate the creation of Bitcoin addresses and authorize transactions. For address creation, the procedure is straightforward:

1. Everyone produces a random number as a private key.
2. Everyone computes the public key associated with the private key.
3. Everyone discloses their public key and utilizes Shamir’s Secret Sharing method to determine a public key that can be reconstructed from any 501 of the one thousand public keys disclosed.
4. An address is created from that public key.

Given that public keys can be added, subtracted, multiplied, and even divided by integers, surprisingly, this algorithm functions just as anticipated. If everyone were to subsequently formulate a 501-of-1000 private key in the same manner, that private key would be capable of accessing the funds sent to the address created by applying the 501-of-1000 method to the matching public keys. This succeeds because Shamir’s Secret Sharing is fundamentally an algebraic expression – in other words, it utilizes addition, subtraction, multiplication, and division, and this formula can be computed “over” public keys as easily as with addresses; thus, it is inconsequential if the private key to public key transformation occurs prior to or following the algebra. Authorizing transactions can be executed in a similar fashion, although the method is somewhat more intricate.

The elegance of secure multiparty computation is that its application extends beyond Bitcoin; it can just as adeptly be applied to execute the artificial intelligence algorithm that the corporation depends on for its operation. The term “machine learning”, commonly used to describe a set of algorithms that identify patterns in actual data and permit computers to model it autonomously without human involvement, is also “merely algebra” and can be implemented through secure multiparty computation. Truly, any computation can be executed if it is decomposed into a circuit based on the individual bits of input. There are, of course, limits to the complexity that can be handled; translating intricate algorithms into circuits often generates added complexity, and, as mentioned earlier, Shamir’s Secret Sharing can become costly in isolation. Hence, it should best be used to carry out the “core” of the algorithm; more sophisticated high-level reasoning tasks are better suited for external experts.

Enthusiastic about this subject? Anticipate parts 2, 3, and 4: how decentralized corporations can engage with the external environment, how certain fundamental secure multiparty computation circuits function on a mathematical level, and two instances of how these decentralized corporations can influence the real world.

See also:

http://letstalkbitcoin.com/is-bitcoin-overpaying-for-false-security/