[Crye]

Buckie, I'm in the process of reading your white paper on Kadena smart contracts, so it may answer this question. What is the purpose of a private block chain? Doesn't it become vulnerable due to available resource to out pace the block chain? Are there companies looking to secure intercompany transactions?

[buckie]

First, the pact paper needs to get updated to reflect the changes we made for the shift to public. For example, modules used to only be guarded by keysets (Pact doesn't have a notion of single-sig only constructs, anything using a sig supports multisig natively) and thus only support centralized upgrade governance mechanisms -- you don't need a decentralized vote in a private context -- so we generalized it to being a pass/fail (continue/error out) function that can do whatever it wants. e.g. you could have other contract functions record a weighted vote and have the governance function tally the vote (and run the upgrade only if it passes whatever threshold you set).

> What is the purpose of a private block chain?

Great question -- I get this all the time. First off, public and private blockchains are despite their names different beasts serving different needs. Private blockchains are more a meeting of the best that public blockchains have to offer with the best of what databases have to offer, dropping the inefficient/not so great parts from each.

The tl;dr is that a private blockchain is really the realization of a multi-administrative DB. They serve the specific need -- that no other system can -- of allowing two companies that don't fully trust each other to share a multual store of information of value. This gets extended to include logic, and thus workflows, which is where it gets really useful.

There's a ton more to the business reasons for why they make sense (or will, the B2B sale cycle is slow and this tech is still quite new) but I'll leave that for later. Instead, let's walk through what you would have to do to make a similar, non-blockchain distributed DB like consul and try to adapt it to meet the aforementioned requirement: be able to share some of the nodes with people you don't trust. NB: I'm not talking about ScalabeBFT here; the logic is similar but does a lot to more to get high performance @ scale.

## The consensus layer

Consul uses raft, so we have multi-node quorums with strong consistency + an append only ledger parts covered already. However, you have two problems when you share it: #1 a bad node can take down/halt the cluster and #2 the leader can mutate the transactions it sees before replication. #2 is a problem because trustless, which we fix by having signed transactions so the leader can't touch them pre-replication. Moreover, we don't want the leader to replicate an out of date node with bad info, so we make the append only ledger a blockchain (either blocks or inc. hashes work the same.)

#1 is a bigger problem -- it's a problem of the consensus mechanism itself. Raft isn't BFT which is what you need to protect the cluster from a subset of bad nodes... so we make the consensus layer BFT, which is quite hard. The main practical reason we NEED to do this is because in a multi-admin context I can't ssh into your part of the cluster and kill a bad node... so BFT also protects me from your crap IT dept. There are other reasons for BFT too that are probably more important theoretically, but this is the most straightforward and practically important one because it will happen in production.

## Logic/DB/SQL layer (i.e. smart contracts)

To solve #2 above, we needed to sign messages. Now how do we interpret/check that the key used is one that we allow to be used? There needs to be some layer that is checking the sigs and applying the logic to the DB. Here too, we have a problem: there are multiple entity-level users on the DB that don't trust each other so how do we make a system that acts like a DB but also enforces fine grained auth schemes.

There's more to the story of how that question ends at "you need a smart contract language" but I don't want to detail every step. Instead we'll just assume it's right (ask if you want more details but tedious) and justify it with 2 practical reason: (1) you need to protect the data/flows that you put into the system behind some auth mechanism and (2) if you don't have a generalized way of capturing inputs, reading the current state, representing business logic/workflows, writing to storage, and enforcing authorization generally+finely then the private blockchain just isn't that useful. It'd be easier to just make a standardized API to get/push data to and a network of users. It's the safe, on-chain code exec that makes it different + really useful.

## private blockchain feature swaps (public vs db features)

Adding smart contracts + an append only crypto log are the main DB features that get dropped when making a private blockchain (vs procedural SQL and mutable tables).

Merkle trees/proofs are out: you don't need to support light clients as (a) this system isn't open to the public and (b) when you query the system you hit your local nodes which are by definition trusted oracles.

Native Traditional DB integration is in: one of the big issues for enterprise EVM users is getting the damn data out of the system (to pipe to their downstream systems) without having to run a query on the EVM. As you don't need Merkle/Patricia trees, you just have the smart contract exec layer incr hash it's tx log (tracks reads, writes, updates per tx deterministically) and use those to compare for data corruption event for a given node. This allows you to directly integrate the contract language's backend with a traditional DB (we just integrate with ODBC).

PoW/PoS are out, deterministic BFT is in: Both invalid in private contexts for different reasons. Both rely on incentivization via an on-chain coin, and break down without it. As there isn't a market to sell the coin, there's no value. Instead, you just need a fully auditable and deterministic BFT consensus. The good news is that they are WAY faster. Bad news is that they have scaling problems (though ScalableBFT should be able to have ~5k nodes before it starts to slow down).

NB: a prod system of 5k nodes can't just be thrown together and hit ScalableBFT's top numbers of 8k/s... we'd need so serious messaging solutions like those used in HF trading because there isn't a good open source UDP-like broadcast messaging system and bandwidth will be a problem. Scalable was designed with broadcast being needed as scale in mind (though it works fine up to 500 nodes so long as you have fat enough pipes). Also, we measure performance inclusive of the smart contract code itself. Pact is fast (~10-100x faster than EVM and getting faster for similar workloads) but if you have heavy logic on chain, it will impede performance. There's no magic bullet, besides dep-graph drawing for parallel exec which only helps non-sequential workloads, to this problem.

## Business reasons besides just a multi-admin use case

1. On-click real-time reg oversite: just put a node (read only probably) in their data center and give them the right keys. They now have full oversite into the entire chain.

2. Servicing semi standardized markets: there are a bunch of use cases where a unified market/settlement tech stack hasn't been built because the assets in that market, unlike say equities, are all just a little bit different. Think exotic OTC derivatives contracts -- the deal you did today is pretty close to the deal you did yesterday, but not close enough (some new parameters or something) that you don't bother to build a unified stack for them. Instead, each party does their own thing. Not the best example because the best ones are ones we're working on actively.

3. Lower-bound for how bad a system can ever be: This is the longest-term possible market strategy where the tl;dr is that a private blockchain gives you SO MUCH by default that it makes sense to use one internally (like consul) from the start. It fully upfronts a massive amount (disaster recovery, high availability, distributed, perfect replication, etc. are all commoditized) that if we make the part the user sees simple and safe enough (Pact is really easy to write + is formally verifiable) + useful enough (the contract is your REST API + DB integration) that it becomes an attractive substrate to write apps on from day one. The market, and tech, will need to mature a lot before this happens though. See the most over powered todoMVC here: https://github.com/kadena-io/pact-todomvc

> Doesn't it become vulnerable due to available resource to out pace the block chain?

If you mean w.r.t. mining it would, but mining abjectly fails in private contexts http://kadena.io/blog/MiningInPrivate.html ; if you mean that it can't handle the throughput, then I'd say it's deterministic so you can shard out as needed (like we do in trading systems/everywhere today).

> Are there companies looking to secure intercompany transactions?

Yes, but you can do that with an API already. It's more about the added utility of having something so robust that you can also represent workflows directly on (vs having to make a new endpoint and a new service behind it every time).