Value of bitcoins; RBI on bitcoin; legality of bitcoin transactions in India

Bitcoins are numbers you can trade with. People would be ready to exchange goods and services with bitcoins as they value the bitcoin numbers. Compared to currency which is made out of thin air by a central bank, bitcoins and other digital tokens, require massive computational power to generate, and have a base in global energy prices.

This idea of using a set of protocol to transact and create new bitcoins securely was published by an Anonymous author using the pseudonym of Satoshi Nakamoto. The paper was titled: Bitcoin: A Peer-to-Peer Electronic Cash System by Satoshi Nakamoto

Continue reading “Value of bitcoins; RBI on bitcoin; legality of bitcoin transactions in India”

What is SBI doing with Blockchain technology? Intro to Bankchain

As per the latest reports, State Bank of India along with ten other commercial banks, is taking the lead in building the country’s first financial blockchain framework. Reportedly, Axis Bank, Central Bank of India, DCB Bank, Deutsche Bank, HDFC Bank, ICICI Bank, IDBI, Kotak Mahindra Bank and Saraswat Bank are the other players in this consortium. This framework built upon the blockchain technology is being developed for SBI by global technology giants IBM, Microsoft and KPMG, among others.1

 

What is blockchain?

Blockchain is a decentralised transactional record management system where exchange of value is independently managed by participants of the network.

The technology behind blockchain relies on the undeniable proof of mathematics. Identity and authority to make transactions on the blockchain medium is ascertained by mathematical functions.

As of now the most popular use case of blockchain is bitcoin. Currently, the publicly available ledger of bitcoin records each bitcoin transaction with little or no cost, and stores them permanently on an immutable chain of records called the blockchain. It provides for a traceable history of all transactions till the very beginning. This offers an ironclad proof of ownership. As there is no single trusted authority to maintain the database it is not susceptible to hacking and accounting errors.

However, blockchain can be used to transact in any goods or services. Like diamond2 and gold instead of bitcoins.

You may read quickly about bitcoin and the underlying technology blockchain in this detailed article: What are bitcoins / cryptocurrency / blockchain – what is so different than fiat money?

 

What is Bankchain?

The blockchain’s new found use case in the clearing and settlement of financial transactions is being taken seriously from the past 18 months. According to the consulting firm Oliver Wyman, clearing and settlement alone costs the global financial industry a whopping USD 50 billion annually.3 The structural inefficiencies and the traditional delay associated with clearing houses make for an industry ripe for disruption.

Initially started out as a secretive consensus-based ledger system exclusively for financial institutions, Bankchain is a project of industry leading bitcoin exchange – ItBit.

Chad Cascarilla, CEO, itBit

itBit was started by CEO Chad Cascarilla in 2012 as an early stage growth fund directed at bitcoin/digital currency-related startups. itBit was possible as Chad was a highly experienced manager and co-founder of the hedge fund Cedar Hill Capital Partners.

ItBit invited almost 100 participants including major banks, brokers and stock exchanges of the USA to its “Bankchain Discovery Summit” at Washington, D.C. on 27th April, 2015. This summit was especially closed to the press.

In later stages ItBit formed a product named Bankchain, a custom technology to meet the specific needs of the financial world. Bankchain then joined hands with Euroclear to create the Euroclear Bankchain4 which was to be specifically used in international gold transaction.

Euroclear group is a consortium of Euroclear banks. It is rated AA+ by Fitch Ratings and AA by Standard & Poor’s. The consortium includes Euroclear Belgium, Euroclear Finland, Euroclear France, Euroclear Nederland, Euroclear Sweden and Euroclear UK & Ireland. The group settled an equivalent of EUR 675 trillion in securities transactions in 2015, representing 191 million domestic and cross-border transactions. By December 2015, the group held EUR 27.5 trillion in assets for clients.

On December 20, 2016 a good number of participants performed 600 mock London bullion trade transactions in a pilot project with Bankchain. It was ascertained that Bankchain helped lower trade risk and simplify post-trade process. The next pilot and live service is scheduled to happen in 2017.

 

The technology behind itBit’s Bankchain

Bankchain is built upon protocols derived from the blockchain technology but not purely the same thing. It is built on some proprietary algorithms developed by itBit to create a permissioned blockchain where members require special permissions to transact.

“It’s a private network. You know who everyone is. You can sign legal agreements among everyone involved that lay out the rules, and create a variety of ways to establish trust among the known participants. This allows you to reach a much speedier consensus not based on work, but on the fact [that] you are in the system.” – Chad Cascarilla

Unlike blockchain which relies on public creation of tokens (bitcoins) through a mix of cryptography and economics, Bankchain is not open to public and can be populated only by verified actors and tokens. Here the incentive is not in mining or maintaining the blockchain for rewards, it is the simple need of cost savings, which faster processing speeds and reduced red tape bring.

Bankchain does not rely on proof of work like the blockchain did. Unlike solving difficult math puzzles Bankchain relies on a variety of ways to establish trust. In a private network where the identities of the parties are established, trust can be easily created by consensus.

Also in place of the original token on blockchain, Euroclear Bankchain tokenizes physical gold. Digitised gold tokens are standardised to an unit of physical gold. These units are redeemable against gold coins amongst each other.

Instead of bitcoins, digital gold tokens are issued and these units can then be traded against. For e.g. instead of 100 BTC I may hold 100 DGT (digital gold tokens). I would be then able to buy 100 Gold coins worth of goods and services from the members of the same network who will honor the agreement. The ingress and egress of the DGTs is also based on a mutually agreed method.

This helps in dynamic reduction of time taken for international settlement of trade. As of now it takes about two working days for Bombay Stock Exchange to settle a transaction, on this technology it would be instantaneous.

However, this altered version of blockchain still uses the most of the original technology to create inviolable and immutable transaction records which take effect instantly! Participants get to control their own data without any central point of failure. Ultimately, the core difference is control, something critical to financial institutions with fiduciary concerns.

 

SBI Bankchain – meaning for India

RBI’s research wing Institute for Development and Research in Banking Technology released a White Paper on Blockchain Technology – IDRBT on 6th January, 2017.

It talks about the technology and the mathematics behind bitcoins and presents use cases of the blockchain technology after explaining various concepts in bitcoin terminology. And finally, in chapter five it concludes with favourably putting the application of blockchain to Indian Banking and Finance.

Fast enough on 26th January, Dy Managing Director and CIO of State Bank of India, Mrutyunjay Mahapatra confirmed that 15 of India’s largest bank is coming together to make an interbank blockchain platform.

This platform would serve heavily in subverting scams like the ones of Harshad Mehta where a few banks issued bogus Bank receipts not backed by any security. An unified credit record can be established which would help in reducing Credit Card fraud. Current mechanisms like NEFT, IMPS cost banks a lot of money spent in interoperability, with Bankchain such problems would be non-existent.

However, Bankchain is only the probable technology they may use, the usage of the word in context to SBI does not mean they have settled upon the use of the proprietary technology owned by itBit. As of now, they have only invited technology companies and other banks to come together and devise ingenious ways to solve the Indian market conditions using blockchain.

 

If you liked the article please like and share it with your followers. If you have doubts or questions about any part of this article, please feel free to leave a comment below or ask questions directly to the author here: Ask Questions.

What are digital signatures? Signing and verification – Relevant Indian Laws

Digital Signatures are considered to be more secure than the traditional ink signatures we all are used to. This is because ink signatures can be copied manually and exact duplicates can also be created through various ways. However, digital signatures can not be extracted, copied, or even stored. This immutability of digital signatures accords them a more secure status than all prevalent modes.

In this article we will see what is a digital signature, how it is generated and verified, and what are the concerning legalities.

 

What constitutes a signature?

Anything which ascertains the identity of an individual is a signature. The prime application of signature is to authenticate and bind parties into an agreement. The signature is also a major component which enables honor of an agreement at a future date. Signatures can link documents to their authors, proving helpful in ascertaining legal liability.

For long the handwritten signatures of an individual were considered to be unique and irreproducible, however, we all know nothing creates more disputes than a dead man’s will.

 

What is a digital signature?

Many of us still think that taking a photo of our handwritten signature and pasting it on a word document will suffice as a digital signature. This is totally wrong. This keeps happening with computer terminologies as almost all of them are loanwords from English.

To understand how digital signatures work we would need to revisit my previous articles on:

  1. What is digital information and how does the computer work? For a lawyer
  2. What is digital fingerprint and hashing? And how is it generated?
  3. Understanding Asymmetric Cryptography, Public Key, Private Key and the RSA Algorithm

in the given order. These are very short and focused articles which may help you in understanding the technological and mathematical background.

A digital signature verified by a Certificate Authority on a PDF document

Digital signatures are digital codes which are generated and verified using hashing and asymmetric cryptography. It is attached to an electronically transmitted document to ascertain its contents and the sender’s identity. While the document is being transferred a certificate authority can verify the codes and link it with the legal identity of the owner. Just for the idea you need to know what it looks like.

This is what one actually looks like: 7t418gpx7ms74j9g6kf0xbvyka4n17qz

This code will be transmitted along with the document. Once it reaches the recipient, he will use a software which will read it and validate it. On validation by the software the document file will show an image and some text (like the one above, with details of location, day and time).

Digital Signatures are never constant, they keep changing with every document signed. Digital Signatures are therefore meaningless if they are copied or stored for later use. They can prove useful to verify only the document with which they are linked.

 

Generating a Digital Signature

Please go ahead only if you are in terms with asymmetric cryptography.

Once you are done with asymmetric cryptography there is a small but very important difference you need to know. You just need to remember that the public key as given in the RSA algorithm shall be referred to as the encryption key here, and the private key shall be referred to as the decryption key.

 

The Document

The document can be anything it can be a video file, a word or PDF document, or it can be also just a series of numbers.

Every document undergoes a transformation through which it is rendered into a series of alphanumeric characters. This is done to store the data in the computer memory.

 

Signing

Key Generation

The Signing requires asymmetric generation of two cryptographic keys, viz. an encryption key and a decryption key.1 The RSA algorithm can be used to generate both the keys.

Hashing of the document

A digital fingerprint or hash of the document2 being transmitted shall be required.

Encryption

The hash of the document will then be encrypted with the encryption key of the sender3 This encrypted hash of the document is called the digital signature.

Broadcasted or Stored

The digital signature can now be transmitted to the intended recipient or stored for later reference along with the document. The digital signature would also be accompanied by the decryption key while being presented for verification. In this method the private key is actually published and public key is kept safely.

Verification

The validity of the signature can be verified by decrypting the digital signature using the decryption key. The hash of the document revealed from the decryption shall be compared against the hash of the file, if the hashes match it proves a lot of things.

Firstly, only the sender of the document could encrypt it using the encryption key of the key pair. This is simple to understand as anything decryptable with the decryption key needs to be mathematically linked with the encryption key. And the mathematical link gives it an assurance on which governments and banks are ready to bet millions of dollars in insurance.

Food for thought an SSL certificate bought at 175 USD carries an insurance of 1.75 Million USD. 4

Secondly, if the decrypted hash matches with the hash of the received document it would mean that the document has not been tampered with during storage or transmission. It would therefore mean that the clauses in the document have not been changed. This irrefutable form of agreement gives electronic contracts an advantage over traditional forms, called non-repudiation.

 

Digital Certificate Authority (“DCA”)

Digital Signatures are and can be used in secret dealings without any involvement of a third party. However, in order to provide for a legal sanction the encryption and decryption key need to be owned by a person against whom the signature and all legal liabilities may be executed. The necessity of a third party then comes into picture.

The job of a public notary is to verify and attest that a signature on a piece of paper has been made by the same person as is claimed. Similarly, the DCA acts just like a notary attesting the validity of a digital signature.

While the decryption and the encryption keys are pure alphanumeric characters it is very difficult to assign a human name to it unless the signatory himself acknowledges. Thus it was pertinent to maintain a record of all encryption and decryption keys and their respective owners. This record of keys is maintained by an entity called the Digital Certificate Authority. DCAs need heightened security and enjoy government protection in multiple cases.

These DCAs ascertain the validity of a signature and testify ownership of a signature. The institution, management and modalities of a DCA are provided by the law. DCAs issue certificates called Digital Signature Certificate (“DSC”) which is a proof of having a registered pair of encryption and decryption key.

 

Application

Digital Signatures are necessary to sign digital documents. Digital Documents mostly in use and in popular business parlance are different e-filing documents required by the Ministry of Corporate Affairs and other ministries.

Documentation

This is what Digital Signature USB Drives look like

To be able to sign a document with your digital signature you will need to install a software given by the DCA on a USB thumbdrive. This software will merge with your Microsoft Office and Adobe Reader and will enable an option to digitally sign. This thumbdrive contains your pre-generated key pair.5

In your lifetime you will neither want to or get to know your encryption and decryption key, both your keys will remain secret in your USB Thumbdrive. Yet, every time you would plug the USB Thumbdrive in to digitally sign a document, the same key pair will be used to mathematically generate a digital signature specific to that document and append it to the document.

On reception of the same document the signature will require validation of ownership as much as the mathematical computation to find the link between the decryption key and the hash, as discussed earlier. Once the file is opened it would automatically verify the document and show a small representative image of verification (mostly a green tick or the signatory’s manual signature) on any part of the document.

Banking

Financial Transactions can be authorised over the internet using digital signature. Electronic wallets can use digital signature in future to go cashless (BitCoin).

World War III

Digital signatures will be used to authorise nuclear warfare.

 

Legalities

Global

The ESIGN Act of the United States6 and a similar directive in the European Union7 along with other legislations in most developed nations support the validity of digital signatures and regulate them.

India

The IT Act of India quite comprehensively covers the legalities of DSCs and DCAs. Section 5 of the IT Act gives digital signatures their legal character.8 It is therefore that digital signatures are lawful and binding in nature. Section 15, of the Act describes digital signatures by their usage.

Certifying Authority as provided in Section (2(1)(g)). “Means a person who has been granted a licence to issue a Digital Signature Certificate under Section 24 (issuance of certificates by Controller).”

The Ministry of Corporate Affairs launched the MCA-21 programme leading to a large scale increase in usage of digital signatures. It made E-filing mandatory for most of the documents required to be filed under the Companies Act and under the Limited Liability Partnership Act 2008.

Soon after this electronic filing of IT returns was made compulsory by the Income tax department. The Central Excise Act and Finance Act 1994 (dealing with service tax) also provides schemes for E-filing. Similarly, under the Foreign Contribution Regulations Act, application for registration is to made electronically.

Department of Commercial Taxes in Kerala has mandated e-filing of returns using digital signatures under the Kerala Value Added Tax Act 2003. C forms and F forms available on the website of the Department of Commercial Taxes can be filed using digital signatures. Other states are also following suit in amending VAT laws to make E-filing mandatory.

The Partnership Act 1932 provides that registration application for a new firm is to be filed electronically.

The Evidence Act was amended to include “electronic records” in definition of “evidence”.9 The opinion of a DCA as to the electronic signature of any person is a relevant fact10 and the court may also refer to the relevant DCA for forming an opinion.11

Section 67A waives the burden of proof of establishing ownership of a specific digital signature (secure electronic signature).