When Permissioned Blockchains Deliver More Decentralization Than Permissionless

Permissionless blockchain systems inspired by Bitcoin and related crypto-ecosystems are frequently promoted as the enablers of an open, distributed, and decentralized ideal. They are hailed as a solution that can “democratize” the economy by creating a technological imperative favoring open, distributed, and decentralized systems, platforms, and markets. We argue that such claims and expectations, while they may be fulfilled under certain circumstances, are frequently exaggerated or even misguided. They illustrate a tendency to equate open access with decentralized control in distributed architectures, an association that while possible is far from guaranteed. When enterprise, social and economic activities are “put on the blockchain” in order to avoid centralized control, permissioned governance may offer a more decentralized and more predictable outcome than open permissionless governance offers in practice.

Back to Top

Access and Control in Distributed Systems

Information systems can be characterized on three key dimensions: architecture, which can be concentrated or distributed,¹⁷ access, which can be permissionless or permissioned,¹ and control (that is, the locus of decision rights), which can be centralized or decentralized.⁷ These dimensions are not binary, and the associated labels should be thought as endpoints of a continuum.

Permissionless systems do not restrict who has access, and thus are also referred to as open-access.^a For instance, in principle anyone can post source code on GitHub, edit a Wikipedia article, or validate bitcoin transactions. Permissioned systems only grant access to qualified users. The distinction for control focuses on who gets to make decisions. Centralization implies that decisions are made by a single person or a small group; decentralization means that decision rights are widely distributed.⁷

It has long been argued that concentrated architectures favor permissioned access and centralized control because these types of access and control reinforce the benefits of these architectures;⁷ see for instance early arguments about Grosch’s law for computer hardware,⁶ or the administration of early databases. However, as technology evolved to enable or even favor distributed system architectures, open access and decentralized control emerged as feasible alternatives.

In this column, we examine the issues of open vs. permissioned access and centralized vs. decentralized control in distributed systems, focusing on blockchain implementations. We argue that while distributed architectures may enable open access and decentralized control, they do not preordain these outcomes. Furthermore, while open access and decentralization are frequently thought as complementary,¹⁴ experience from real-world applications suggests that the opposite can also be true: open access may result in essentially centralized control, while permissioned systems may be able to better support decentralized control.

Back to Top

How Permissioned Systems Can Be More Decentralized

While this possibility may seem counterintuitive at first, it can be understood as a consequence of the need to provide appropriate incentives to system participants, especially the ones that operate the technology after its implementation. The economic theory of Incomplete Contracts^10,11 shows that when an agent’s actions affect the value of an asset, such as an information system, but these actions cannot be contractually specified (for example, because the necessary behaviors cannot be adequately verified), the agent should be given corresponding control or ownership to maximize agent incentives. Van Alstyne, Brynjolfsson, and Madnick¹⁸ apply this argument to derive design principles for databases; for instance, when maintenance of data quality is important, any independent local data partitions should be locally controlled.

These considerations apply to systems beyond databases, however. In the block-chain context certain system participants can be indispensable in the sense that the system’s operation and value generation will depend on actions that cannot be contractually specified. In such cases, the need to incentivize these participants will likely lead to outcomes where they effectively control the parts of the system over which they are indispensable. Depending on the particular situation, this can lead towards either centralized or decentralized control. For instance, in an open access and fully distributed environment it may be infeasible to incentivize participants to adequately provide functions like quality control or coordination of system development and evolution. To address this problem, centralized solutions emerge de facto, such as the hierarchy of the small number of developers controlling open source projects,⁵ or the hierarchy of editors in Wikipedia.¹⁶ This is because expertise, reputation, time, or money can all be required to take advantage of open access and decentralized control. The higher these costs are, the fewer the people that want to participate, which contributes to this centralization in practice.⁹

It is thus important to distinguish between how governance is envisioned and how it is enacted. Without this distinction, the potential for decentralization in open-access systems is often overstated, while the potential of permissioned systems in achieving decentralization is not fully recognized. Open-access systems in principle allow for arbitrary decentralization, but cannot guarantee decentralization at any level, as the actual level of decentralization is the result of individual decisions. This ambiguity of outcome is important when open access and decentralization are desirable or even the reason technologies like blockchain are adopted, for instance when there is a goal to promote “democratization,” to avoid intermediaries that are in a favorable position to extract economic rents, or when there are no parties that can be trusted with regulating permissioned access or making decisions for the majority of users.

Back to Top

The Case of Blockchain

Blockchain technology provides a prominent illustration: While blockchain systems are distributed architecturally, control can be centralized and/or access can be permissioned. Permissionless blockchains such as Bitcoin’s do not restrict who can validate transactions. Permissioned blockchains, however, only grant these rights to selected agents.³ With the growing interest in permissioned blockchains, it is crucial to understand whether these blockchains can actually deliver on the promise of decentralization.

The Bitcoin ideal¹⁵ has created the expectation for blockchain technology to universally deliver open, decentralized, “democratic” systems that bypass controlling intermediaries. Real-world applications of blockchain systems, however, show that this ideal is the exception rather than the rule.⁸ While permissionless blockchains like Bitcoin do not restrict who can validate transactions, and thus can allow access close to the permissionless ideal, often control is far from decentralized. In the absence of formal checks for the underlying centralization forces, centralization emerges in practice, for instance exercised by large emergent mining pools with de facto operational power.² This means that the promise of blockchain to remove trusted third parties remains unfulfilled. For example, in May 2018 alone, five open-access block-chains were compromised due to overt centralization.¹²

Permissioned blockchains have been criticized for not being truly decentralized (for example, Beedham⁴) in contrast to open-access blockchains. This is because they restrict who can become a validator, which is decided by a gatekeeper giving permissions. In Libra, a cryptocurrency spearheaded by Facebook, gatekeeping is the task of the Libra Association, which is governed by a council of all existing validator nodes. Therefore, the existing validator nodes jointly serve as a gatekeeper and decide whether a new validator is allowed to join the network.¹³ The gatekeeper can often also encourage participation through off-blockchain channels.

Back to Top

Designing for Decentralization

While not fully decentralized by design, the governance structure of permissioned systems can guarantee a certain level of decentralization. For instance, consensus mechanisms for permissioned blockchains can be designed in a way that guarantees a large number of nodes get a say in the validation process. Moreover, a large number of validators can be guaranteed through off-blockchain negotiation, enforcing their participation. In open-access blockchains however, this is impossible to guarantee—decentralization (or indeed, centralization) can only emerge as a potential outcome of free individual decisions.

Creating a permissioned blockchain that offers more decentralization than an open-access blockchain requires careful design. For instance, the power to grant and especially to revoke validation rights is central, and thus in order to promote decentralization in permissioned blockchains it is necessary to decentralize the gatekeeping function. If a central gatekeeper can arbitrarily revoke validation rights, it could easily take over and centralize the entire blockchain. While it is possible to guarantee a certain degree of decentralization, it is crucial to get the blockchain governance right.

Back to Top

Conclusion

The case of blockchain technology highlights an important consideration for the governance of distributed systems. System designers must account for the interactions between access and control, and make design choices based on their goals. As illustrated in the figure, if the primary objective for a distributed system is decentralization, a well-designed permissioned system may be better positioned to achieve it in practice.

Figure. Decentralization in permissioned and permissionless blockchains.