On Monday, 22 July, the India’s Ministry of Finance published the long-awaited crypto regulatory report under the chairmanship of Secretary of Economic Affairs Subhash Chandra Garg. After going through the 108-page report cover to cover, we feel the committee has done some really good work and spent immense time in understanding the subject. However, having said that the report has several glaring irregularities due to lack of relevant high technical knowledge on the part of the committee (understandable for regulators) which in turn has resulted in a flawed conclusion in the report. We also note that the committee has said that this report is just a recommendation and the Government can appoint a standing committee to consider other aspects. This article is intended to promote constructive criticism and the facts that should be strongly considered by the government before signing this into law.

In summary, the committee supports and recommends exploring Distributed Ledger Technologies (DLT) while at the same time it tries to impose a ban on virtual currencies with a fine and/or jail term for holding, selling, generating, mining, dealing, issuing, or disposing cryptocurrencies. Although these are just recommendations and are a long way from being signed into law, we feel they are in stark contrast to PM Modi’s ethos: “Less Government, More Governance”. We believe that such heavy-handed regulations are coming in too early, and it should be left to the market to figure out what is best for itself. This should be especially considered for emerging technologies as the invisible hand of the market has incredible ways for adjusting itself to new disruptive technologies. Regulating them early in their life thwarts their growth.

This article is intended to give a point by point rebuttal to the cryptocurrency framework proposed by the Garg committee by analyzing the numerous flaws that we identified in the report. This is a technical breakdown, not a legal one. Given our limited understanding of legal aspects, we will not comment on the various legal provisions and acts mentioned in the report. All technology comparison is done with respect to Bitcoin.

Report Claim (pg.12): DLTs record changes in an immutable manner and prevent double spend. All transactions are updated on a ledger and the authenticity of the digital asset spent can be verified by users. Once a transaction is validated, it is grouped into a block, which contains details of the current transaction as well as that of the previous transactions. As more blocks are added to the blockchain, it becomes increasingly difficult to change the records and double- spend the asset.

Fact: Proof of Work (PoW) is what provides practical immutability to the data stored in the blockchain. Bitcoin never claims that the blockchain is immutable. It’s just that the cost that needs to be invested to roll back the chain is significantly higher than the benefits that can be derived from it. These costs come from the electricity and the compute power that needs to be invested to re-mine the blocks, a solution that is governed by economics. However, a DLT in most cases operate on a Byzantine Fault Tolerance (BFT) consensus mechanism, wherein the ledger is secured by votes from the participating members. If 1/3rd of the nodes collude against the system, the data is no longer reliable and immutable. If a particular state of the ledger is not favourable to 1/3rd of the members, they have an economic incentive to alter the state without any cost associated with it. This compares to economic cost associated in altering Bitcoin’s blockchain.

Report Claim (pg. 14): Internationally the applicability of DLTs is being explored in multiple areas. The Hong-Kong Monetary Authority commissioned a research study on the potential applications of DLTs. Use cases include trade finance, mortgage loan application, digital identity management, cross border fund transfer etc.

Fact: The security of the system is as strong as the weakest link in the chain. In DLT, the weakest link is the one through which the data is fed into the system. If the source of the data that is being fed to the DLT is compromised, then the entire security of the data is as good (corruptible) as its source. For example, the report states that KYC done by one bank can be fed to the DLT and used by other banks thus preventing duplication of the processes. However, if one of the banks involved in the KYC process is corrupt, then it reduces the security of all the banks involved. This is mitigated in Bitcoin as its consensus rules are predefined. This means only the data that confines by those pre-defined consensus rules can enter the blockchain. There is no voting involved. If the transaction does not meet the consensus requirements, full nodes reject such transaction and does not relay it forward. If a miner mines a block with an incorrect transaction or deviates from consensus rules, the Bitcoin full nodes will reject the block costing miner the block rewards and the electricity cost it has spent to mine the block.

Report Claim (pg. 16): The PoW puzzle is designed in such a way that the solution of the puzzle should partially have the same characters as the hashed output of transactions. This points to the validity of the transaction in the system while maintaining the pseudonymity of the details. The puzzle is randomised in nature, in order to spread evenly the probability of finding the solution. This entire concept is called proof of work and is the basis of enhancement of multiple blockchains across different cryptocurrencies. If a block is found to have invalid transactions, it is rejected by the participants. These participants, striving to find a solution to the puzzle, are known as Miners, and get a transaction fee and a unit of the cryptocurrency, that they are able to generate after solving the puzzle.

Fact: The claim is not entirely incorrect but has some inaccuracies. For example, maintaining consensus (transactions and blocks being valid) are enforced by the full nodes. When these nodes receive transactions broadcasted to the network, or blocks broadcasted by the miners they validate all the relevant transaction data within the block and ensure that they conform to the consensus rules. Blocks/transactions not conforming to the consensus rules are discarded by the full nodes and no longer relayed. A miner can very well mine an invalid block, but the fear of rejection by the full nodes and as a result the loss of block reward is what keeps the miner to act honestly. There are over 100,000 Bitcoin full nodes that help maintain these consensus rules.

PoW does not point to the validity of transaction. PoW just ensures that miners have put in enough work to generate the block. Bitcoin network is designed in a way to keep the block generation time at 10 minutes. If blocks are mined faster, the difficulty of finding the solution to the puzzle is increased upward and if block are mined slower, the difficulty is reduced.

Report Claim (pg. 17): Scalability and transaction speed: Current versions of permissionless DLTs presently have challenges with respect to scalability of blockchain i.e. both in terms of speed of validation and transaction volume. Existing permissionless blockchains have limited transaction speed.

Fact: Bitcoin was never designed to handle as much transaction volume as Visa or Mastercard. That is an incorrect way of thinking about Bitcoin. In a decentralized currency, security matters more than scalability. If users desire scalability, they can use Bitcoin’s Lightning Network implementation that achieves rapid transaction speed at minuscule fees without sacrificing the underlying decentralization.

Report Claim (pg. 18): Cyber-attack/ threat is still a big area of concern with respect to DLT systems. The technology does not ensure account or wallet security, unless encrypted strongly. Moreover, there are possibility of the network being compromised if 51% of nodes on the network are taken over by a malicious agent.

Fact: Bitcoin has never faced a 51% attack in its lifetime. The PoW consensus mechanism puts a very high cost in order to launch such an attack. However, there have been 51% attacks on other coins like Litecoin Cash, Verge, Bitcoin Gold and others in past because the hash rate of their network was not high enough to thwart a malicious actor from launching such attacks. Higher adoption results in increased value of network coins which in turn encourages miners to invest heavily in mining equipments. So, this is a virtuous cycle stemmed from higher network usage. So, we should promote the usage of the network rather than banning people from accessing it. Further down this document we include examples of Bitcoin’s superiority over fiat money and that is the reason why we should support it to thrive.

With regards to keys, Bitcoin was designed to ensure that users solely controls their funds, which means full control over the private keys. All of the thefts that have happened on exchanges are not because of flaws in Bitcoin, but because these exchange services do not implement the necessary security practices to keep the keys safe.

Moreover, the entire Bitcoin transaction is public the moment that they are signed and broadcasted to the network. Signing a transaction with a private key also involves signing the entire transaction data as a message. This means, if any node/ISP tries to change the contents of the transaction, they would invalidate the entire transaction thus ensuring that transaction data cannot be messed with even if it is not confirmed in the block.

Report Claim (pg. 18): Another major area of concern is with respect to the absence of a centralized infrastructure and a central entity to ensure effective governance of the overall distributed ledger infrastructure. Historically, financial sector regulators depended on effective governance arrangements on central infrastructure and other regulated entities. This issue becomes more problematic for permissionless DLT.

Fact: We have seen numerous malpractices from these ‘so called regulated’ entities in our lifetime. Despite being regulated, they are not devoid of scams and sometimes might seems like a black box to outsiders. Trustlessness is the most important characteristic of Bitcoin. Bitcoin governance emerges from users through the software they run on their computers. Nobody calls the shots. The entire Bitcoin code is public, and we can verify the entire program ourselves. The governance components also involve the decentralization and the security considerations that have been mentioned in previous sections. Also, Bitcoin developers have no special powers to make users switch to a new network. Even if the Bitcoin Core developers were to release a new version of the software to create such a new network, users of the older software implementations could simply ignore the update and continue using the existing protocol as they please. That is the power of decentralization.

Report claim (pg. 18): Consensus protocol provides immutable seals to the blockchain ledger. Changing the records of one transaction would require the entire history of transactions on the chain to be changed. However, the keys associated with recording or changing a transaction are susceptible to theft or loss. In such cases, the digital assets could become irretrievable.

Fact: That was the basis of Bitcoin. Not your keys, not your funds. Users should use hardware wallets and other cold storage options to ensure that their keys never enter a network connected device.

Report claim (pg. 19): Permissionless distributed ledger systems hide the identity of the members in the network by using public key encryptions. Such encryption mechanisms make it very difficult for permissionless distributed ledger systems to comply with AML/ CFT regulations of different jurisdictions.

Fact: Despite having strong AML and FATF regulations in place, Fiat money outpaces Bitcoin by 800:1 in terms of money laundering according to this report. We are, however, mindful that Bitcoin has a very small presence amongst the populace right now and as a result these numbers might appear skewed. But what we want to point out is that money laundering is currently prevalent even with fiat money and pinning the blame solely on cryptocurrencies is incorrect. We point out later in this document how Bitcoin actually offers ways to prevent such money laundering due to its public ledger.

Report claim (pg. 27): Virtual currency in itself does not have any of the benefits associated with a fiat currency.

Fact: Bitcoin is a programmable money. Which means we can set several spending conditions directly into the transaction, which encumbers the bitcoins to satisfying those spending conditions. Imposing such conditions cannot be achieved with fiat money without a ‘trusted’ intermediary. Moreover, we still have millions of people living in rural India who do not have access to formal banking system but have access to a smartphone with a high speed 4G connection. Bitcoin being internet native currency helps connect those people with the formal financing. They can now take the advantage of this revolution and use decentralized finance application for loans and other financing needs. For fiat money, we need to set up a brick and mortar branch in order for them to open accounts. Prevention of fake currency and saving costs to print new currency notes are another such use cases. There are many more advantages that Bitcoin offers.

Report claim (pg. 27): Such non-official digital currencies do not have the status of legal tender, and therefore have no inherent value beyond the utility their underlying technologies represent. Unlike fiat currencies, these cryptocurrencies do not have sovereign backing, nor do they have a formal, verified backing of bullion. It is possible that the cryptocurrencies might have functional benefits, such as some special functionality or tangible benefit that the cryptocurrency could provide. However, the market potential of these functionalities is subject to technological and behavioural changes, as well as the scope of financial investment that the cryptocurrencies can raise.

Fact: Gold has no inherent value beyond its usage in chemistry, electronics and dentistry. If we account for the value of gold based on those above use cases than its value will be minuscule to its current traded value. It is the psychology of the participants in the market that give gold its value in terms of its usage as jewelry, or as store of value. Despite that, gold is used as a bullion backing by central banks rather than banning it outright with an imprisonment for those possessing it.

Report claim (pg. 27): The large gap in transaction processing speed between cryptocurrencies (especially Bitcoin), and other electronic payment methods, hinders their ability to be used as medium of exchange. Moreover, large fluctuations in price preclude cryptocurrencies from being a suitable store of value.

Fact: Through Bitcoin’s Lightning Network, we can make transactions at a faster rate than the current Visa/Mastercard speed, with fees in order of few satoshis (1 Bitcoin = 10⁸ satoshis) as compared to 2–3% processing fees for the credit card operators. Moreover, the underlying decentralization is preserved, and all Lightning transactions are valid Bitcoin transactions, just that they are not broadcasted to the main chain.

Report claim (pg. 27): The volatility of the cryptocurrency to fiat exchange rates is large relative to even risky equities. These features are not in con- sonance with the essential characteristics of money, and hence cannot replace fiat currencies.

Fact: Various contemporary financial instruments like derivatives, swaps and others go a long way in ensuring price stability. When we have investors actively participating, we will have enough people on both sides of the trades helping keep the price in check and prevent wide swings. Short positions help prevent high peaks and low troughs. Instead of proposing a ban on cryptocurrency because of fluctuating prices, government should step in and create an atmosphere so that private players can develop complex financial instruments. Banning cryptocurrency is not going to help it.

Report claim (pg. 28 and 29): Need to protect consumers. Fraud, phishing scam and key management are cited as reasons to protect consumers

Fact: As I have mentioned in the opening paragraphs, I am not arguing about the value proposition of other coins and ICOs have turned into big scams recently. Government should regulate raising money through ICOs as many of them have turned into big scams. Here the committee is right in its understanding. However, pointing to phishing scams is incorrect as even large multinational corporations have fallen prey to phishing scams. Moreover, the committee points out that key management is a big concern. They aren’t incorrect, but that is the value proposition of Bitcoin. If you control the keys, you control the funds. Consumers can use cold wallets like hardware wallets (Trezor, Ledger etc.), or paper wallets to store their bitcoins. Moreover, they can use a custodian service that uses 2-of-3 keys approach to protect their bitcoins from lost keys.

Report claim (pg. 29): The mining of non-official virtual currencies is very resource intensive. The Bank for International Settlements ‟Cryptocurrencies: Looking Beyond The Hype” report states that to scale to a national level retail payments system, a virtual currency would require crippling levels of storage and processing power. Adding more users also makes virtual currencies more cumbersome to use

Fact: It seems the committee hasn’t done much reading on Layer 2 solutions like Lightning Network and its benefits as has been mentioned by me couple of time in this article previously. I would recommend them to read this introductory post on Bitcoin Stackexchange.

Report claim (pg. 30): Cryptocurrencies could potentially take up an enormous amount of energy in an already power-starved India due to its energy intensive Proof of Work consensus algorithm

Fact: We should leave this to the free market principal. This is because we expect market forces to move miners towards efficiency, thus they will not waste energy, only spend exactly enough to maintain the security of the coin. Miners are already setting up mines at locations where energy is being wasted (e.g. oil well gas flares, putting up solar panels instead of just letting sunshine pointlessly heat up their roofs, etc.), and channelling the wasted energy into productive activity. For example, Bitcoin mining is already helping oil companies reduce their carbon footprint. This is the opposite of becoming more energy wasteful. Thus, does the invisible hand of the free market abide. Also, we do not reign in on server farms that provide cloud computing alleging they are wasting nation’s ‘precious’ resources. If someone pays for the power, they have the right to use that power how they deem fit.

Report claim (pg. 30): Non-official virtual currencies could affect the ability of central banks to carry out their mandates. Central banks cannot regulate the money supply in the economy if non-official virtual currencies are widely used, as these are decentralised. This restricts their ability to stabilise the economy.

Fact: Central banks through their monetary ‘stimulus’ inject inflation in the economy. This in turn reduces the purchasing power of the money that we hold. After the great recession of 2008, numerous central banks in the USA, Europe and Japan started quantitative easing program wherein they printed money mercilessly thereby reducing the wealth of the common citizens. Deflationary economy as proposed by Austrian Economics is the way to go in order to ensure stability in the economy and prevent the economy from ‘heating up’.

Report claim (pg. 30): Virtual currencies can provide greater anonymity than mainstream non-cash payment methods, making them vulnerable to money laundering and use in terrorist financing activities.

Fact: According to the link we had posted in the previous section, fiat money outpaces Bitcoin 800:1 in terms of money laundering. RBI regulated banks have also come under severe flak recently for helping such money laundering activities. So, pinning the money-laundering blame solely on cryptocurrency is misleading. I would suggest making KYC process mandatory for exchange purchases as is done in many countries. After the KYC process, the government can check the flow of funds due to the pseudonimity and public nature of the Bitcoin blockchain. This would filter out 99% of the population that engages in honest transactions. Moreover, the committee agrees the technological innovation that can be spawned with cryptocurrencies but fears these dark market activities. I would point out the early internet age. In the early 1990s, we would have found majority of the internet content related to pornography and illicit drug trading. But that didn’t mean we should have banned the internet. Similarly, we should expect honest participants to outweigh the negative elements of the society by a huge margin in the coming future and spawning similar technological innovations that the internet has brought us.

The committee notes on pg. 33 and 34 that China banned crypto trading resulting in BTC/RMB volume falling from 90% to 1%. These 1% continue to trade using VPN services and Tor. This is exactly what we have pointed above. No matter the stringent practices we put in place, the malicious elements continue to carry out their activities as usual. The honest people are the ones that suffer from such stringent regulations.

Report claim (pg. 34): The Committee recommends that all private cryptocurrencies, except any cryptocurrency issued by the State, be banned in India. Moreover, from pg. 37 to pg. 43, the committee report dives into a central bank issued digital currency (CBDC).

Fact: That won’t be a cryptocurrency. It would just be a digital rupee no way different from PayTm or other wallet applications. The report claims that CBDC could be designed for anonymity, can be interest bearing and can be decentralized. To hit the points one-by-one, (1) if there is complete anonymity, then previous concerns of the committee on pseudonymity of Bitcoin is unfounded. However, if central bank thinks it will selectively allow certain participants to access the data, then there is centralization of data power in the hands of the few organizations thereby aggravating the problem we have today. (2) If the tokens are interest bearing, then it brings in additional trust centers as people will now have to trust the instruments that will be used to back such interest apart from trusting the currency itself. (3) Given the opposition to PoW, the central bank will be using other consensus mechanisms to protect such currency in case they decide to make it decentralized. However, apart from PoW, other consensus mechanisms are not backed in theory, and if they decide to go the permissioned way (selecting only a few nodes to validate by outsourcing the validation function, which is mentioned in report (pg. 41)), then that is the end of decentralization, security and privacy. Try reading my post on Libra on Bitcoin Stackexchange and you will get an idea what I’m trying to say (too big to paste here).

Report claim (pg. 47 to pg. 52): DLT can go a long way in changing the financial industry, especially in payments, KYC, loan issuance, insurance, securities & commodities, land records etc.

Fact: In this answer we want to highlight why DLTs by themselves are not safe and what differentiates the Bitcoin blockchain from DLTs in terms of security. As we have mentioned before, Bitcoin never claims that the blockchain is immutable. In fact, the protocol is designed to accept the longest chain in the network. It is the Proof-of-Work consensus mechanism that ensures there is cost involved to change historical data. To change data of some previous block, that entity will have to mine all the subsequent blocks following the block where they want to change the data. Moreover, they will have to race the entire network in making the longest chain, in other words, they will have to have higher hash power than the rest of the network combined (51% attack). The cost involved in changing prior data is what provides immutability to the blockchain. Moreover, what is allowed in the Bitcoin blockchain is predefined by consensus and only those things that abide by the consensus will be included in the blocks. So, it is not just the blockchain that provides Bitcoin its value proposition. It is the Proof-of-Work, consensus rules, blockchain and the decentralization with full nodes together that makes Bitcoin great.

Now coming to DLT, it is nothing more than a glorified database system as it is basically a database that is replicated across locations. The data in the DLT is as secure as the entity who is feeding the data in the ledger. Moreover, most DLTs operate on Byzantine Fault Tolerance (BFT) consensus and as such collusion of 1/3rd of the nodes can lead to complete corruption of data. In addition, since it is permissioned, the data and rules are decided only by the validators and they can change the rules at their whims and fancies through a majority. We would also like to point out that changing the state of the ledger in a private-permissioned DLT, does not involve any economic cost, but actually incentivizes the participants to change the state it in their favor. They just need 1/3rd support from the network, and the data is no longer reliable.

Acknowledgement: The author recognizes the valuable contributions from Rohit Alluri for helping improve the contents of this article.

Disclaimer: You are free to use the contents of this article but we value attribution. Contact me via email on ugamkamat1@gmail.com if you need permission for publication of this report as is elsewhere. You are also free to reach me out on my email-id for further clarity or description on any topics.