Corda技术白皮书.pdf

Corda An IntroductionRichard Gendal Brown, James Carlyle, Ian Grigg, Mike HearnAugust, 2016AbstractA distributed ledger made up of mutually distrusting nodes wouldallow for a single global database that records the state of deals and obli-gations between institutions and people. This would eliminate much ofthe manual, time consuming e ort currently required to keep disparateledgers synchronised with each other. It would also allow for greater lev-els of code sharing than presently used in the nancial industry, reducingthe cost of nancial services for everyone. We present Corda, a plat- which is designed to achieve these goals. This paper provides a highlevel introduction intended for the general reader. A forthcoming techni-cal white paper elaborates on the design and fundamental architecturaldecisions.1Contents1 Introduction 32 Context 33 Vision 53.1 End-State Principles . . . . . . . . . . . . . . . . . . . . . . . . . 54 Corda 74.1 Principal Features . . . . . . . . . . . . . . . . . . . . . . . . . . 74.2 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84.3 Consensus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.4 Business Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114.5 Core Financial Concepts . . . . . . . . . . . . . . . . . . . . . . . 114.6 Summary of the Corda Model . . . . . . . . . . . . . . . . . . . . 125 Comparisons with Other Plats 135.1 Comparisons to Bitcoin . . . . . . . . . . . . . . . . . . . . . . . 135.2 Comparisons to Ethereum . . . . . . . . . . . . . . . . . . . . . . 146 Roadmap 147 Conclusion 15Bibliography 1521 IntroductionAt R3, we believe that distributed ledger technology has the potential to trans- the nancial services industry to the bene t of its clients and participantrms alike. We envision a future where nancial agreements are recorded andautomatically managed without error, where anybody can transact seamlesslyfor any contractual purpose without friction. We believe markets will movetowards models where parties to nancial agreements record them once andcollaborate to maintain accurate, shared records of these agreements. Dupli-cations, reconciliations, failed matches and breaks will be things of the past.Isolated islands of asset representations will be no more.We aspire to de ne a shared ledger fabric for nancial services use-cases thatcan be deployed within existing legal frameworks and which relies on proventechnologies. Our philosophy can be broken down into three categories engi-neering for the requirements of institutions, a focus on non-functional require-ments, and extensibility.This paper introduces the design features of the Corda plat which webelieve make it an attractive choice for regulated nancial institutions.a2 ContextBanks were amongst the earliest adopters of ination technology and, con-trary to popular belief, they have done a good job in automating previously man-ual processes and in digitizing previously physical processes. However, there aresigni cant opportunities to improve the cost and e ciency of the architecturesthat emerged.In particular, each nancial institution maintains its own ledgers, whichrecord that rm’s view of its agreements and positions with respect to its cus-tomer set and its counterparts. Its counterparts, in turn, maintain their views.This duplication can lead to inconsistencies, and it drives a need for costlymatching, reconciliation and xing of errors by and among the various par-ties to a transaction. To the extent that di erences remain between two rms’views of the same transaction, this is also a source of risk, some of it potentiallysystemic.A plurality of nancial institutions drives competition and choice but theplurality of technology plats upon which they rely drives complexity andcreates operational risk. However, until recently, this was unavoidable exceptfor centralised market infrastructuresb, there were few e ective ways to consol-idate technology across rms without also consolidating the rms themselves.Centralised market infrastructure utilities have gone some way towards in-creasing the amount of data and business-logic sharing between rms but, over-aThe authors can be reached via email Richard Gendal Brown , JamesCarlyle , Ian Grigg , Mike Hearn bExamples of this include the Depository Trust errors and unwinds must be processedthrough a subsequent transaction. Firms will be under pressure to re-engineer their internal processes to increase accuracy and quality.Any authorized actor may, in principle, connect directly to the ledger anduse it to record agreements with its counterparts. No actor is compelledto deal with any other but we may see a decline in \tiered“ or hierarchicalmarket models.By promoting open standards and inclusive access, existing and new ser-vice providers can connect and compete to o er di erentiated services,promoting choice and competition.The only parties who should have access to the details of a nancial trans-action are those parties themselves and others with a legitimate need toknow.However, the vision encompasses the notion of interim states, such as thosethat focus rst on the sharing only of business logic. This is intended to ac-knowledge the reality that today’s systems will be with us for the foreseeablefuture, requiring co-existence, integration and migration paths as a fundamentalpart of the solution design. These interim states can also deliver considerablue whilst legal and other non-technical implications of the longer-term visionare addressed in parallel.5It should be stressed that the long-term vision of a global logical ledger isintended to set a direction of travel but that its realization may be in the of a multiplicity of ledgers. Perhaps this will take the of one ledger perasset class which would be autonomous, loosely coupled, providing functionaland operational independence between di erent business services.Architectural and strategic choices underpinning the vision includeRecords managed by this system will be accessible only to those actorswith a legitimate interest in the assets and agreements they manage.The behavior of agreements managed by the system will be described incomputer code that explicitly refers to and gains its legitimacy from over-arching legal prose.2Support for contract code upgrades and explicit reference to dispute res-olution procedures will be supported in order to provide certainty in thepresence of failed contracts. This is because contractual disputes can oc-cur, even in automated settings, as a result of both technical and humanfactors.Successful delivery of this vision will be through reduction of cost, riskand regulatory burden including capital, liquidity and operational obli-gations and through enabling of innovative new products and services.To gain wide adoption across the nancial community, portions of thesystem must and will be open open source, open development process,open standards.Although this vision talks in terms of a \plat“ or \system“, our beliefis that the design will actually be multi-layered with di erent providerspotentially competing/collaborating to deliver di erent pieces. Readersshould not assume that we envisage a monolithic vertically integratedapproach.The vision also includes the possibility that higher-level layers of the stackcan contain IP proprietary to individual rms or groups.This system will operate under the assumption of an adversarial securityenvironment the growing threat of cybercrime must be taken as a given.It is believed that the fundamental inventions needed to deliver this visionalready exist. These include, but are not limited to, robust cryptography, globalcommunications networks, standards for the de nition of nancial instrumentsand e ective algorithms to ensure consistency at a global scale.What makes this vision possible today is that the recent popular interestin distributed ledger and blockchain systems has created an environment inwhich such a vision can be openly discussed and that a collaborative alliancethrough which multiple nancial institutions can act together has been ed.It assumes an identity infrastructure between the participants in the network but6makes no assumption as to its sophistication or mode of operation. Regulatoryengagement is a key element of the design process.From our requirements analysis and assessment of existing distributed ledgerplats, we concluded that no existing plat met our needs. In essence, thethreat models underpinning the designs of traditional distributed databases wereunsuitable for our use-case of bringing mutually distrusting legal entities intoconsensus; and the architectures of existing blockchain systems were unsuitablefor our requirement of restricted and carefully speci ed data sharing at the levelof individual legal agreements. As a result we designed and began developmentof Corda.4 CordaCorda is a distributed ledger plat for recording and processing nancialagreements, designed to implement the vision contained in this document.The Corda plat supports smart contracts, matching the de nition ofClack, Bakshi, Braine.3 Our smart contract is an agreement whose cution isboth automatable by computer code working with human and control, andwhose rights and obligations, as expressed in legal prose, are legally enforceable.The smart contract links business logic and business data to associated legalprose in order to ensure that the nancial agreements on the plat are rootedrmly in law and can be enforced and that we have a clear path to follow in theevent of ambiguity, uncertainty or dispute.4.1 Principal FeaturesCorda is specialized for use with regulated nancial institutions. It is heav-ily inspired by blockchain systems, but without the design choices that maketraditional blockchains inappropriate for many nancial scenarios.Corda provides a framework to run smart contracts with these key activitiesand featuresRecording and managing the evolution of nancial agreements and othershared data between two or more identi able parties in a way that isgrounded in existing legal constructs and compatible with existing andemerging regulationChoreographing work ow between rms without a central controller.Supporting consensus between rms at the level of individual deals, not aglobal system.Supporting the inclusion of regulatory and supervisory observer nodes.Validating transactions solely between parties to the transaction.Supporting a variety of consensus mechanisms.7 Recording explicit links between human-language legal prose documentsand smart contract code.Using industry-standard tools.Restricting access to the data within an agreement to only those explicitlyentitled or logically privileged to it.These features contribute to the design of a plat appropriate for use incomplex, nancial services organizations. Note that this design does not use anative cryptocurrency or impose a global transaction speed limit.4.2 ConceptsWe begin with the idea of a global ledger a reliable single source. However, inour model, it is not the case that transactions and ledger entries are globallyvisible. In cases where transactions only involve a small subgroup of parties westrive to keep the relevant data purely within that subgroup.The foundational object in our concept is a state object, which is a digitaldocument which records the existence, content and current state of an agreementbetween two or more parties. It is intended to