[bitcoin-dev] Implementing Investment Aggregation

ZmnSCPxj ZmnSCPxj at protonmail.com
Tue Jul 21 03:40:07 UTC 2020


Introduction
============

In a capitalist economic system, it is allowed for an entity to lend money out to another entity, as long as both agree upon the conditions of the loan: how long, how much interest, any collateral, etc.
This is a simple extension of basic capitalist economic thinking: that the owner of funds or other capital, is the one who should decide how to utilize (or not utilize) that capital, including the decision to lend (or not lend).

It has been observed as well that groups of people may have relatively small savings that they can afford to put into investment (i.e. loaning out for an interest rate), but as the technological capabilities of our shared civilization have expanded, the required capital to create new businesses or expand existing ones have grown much larger than most single individuals can invest in.

Thus, coordinators that aggregate the savings of multiple individuals, and then lend them out for interest to new or expanding businesses, have also arisen, in order to take advantage of the larger return-on-investment of more capital-intensive but high-technology businesses, capturing the long tail of small investors.
Traditionally, we call these coordinators "banks".

However, this typically involves delegating the work of judging whether a business proposal is likely to give a return on investment, or not, to the coordinator itself.
Further, the coordinator typically acts as a custodian of the funds, thus adding the risk of custodial default to the small-time investors in addition to loan default.
(In this view-point, central banks that provide fiscal insurance in case of loan default by printing new money, are no different from custodial default, as they degrade the monetary base in doing so.)

This writeup proposes the use of features that we expect to deploy at some point in the future, to allow for a non-custodial coordinator of multiple small investors.

This is not a decentralized system, as there is a coordinator; however, as the coordinator is non-custodial, and takes on the risk of default as well, the risk is reduced relative to a centralized custodial solution.

Note that custodiality is probably a much bigger risk than centralization, and a centralized non-custodial probably has fewer risks than a decentralized custodial setup.
In particular, a decentralized custodial setup can be emulated by a centralized custodial setup using sockpuppets, and without any decent sybil protection (which can be too expensive and price out investments by the long tail of small investors, thus leading to centralization amongst a few large investors anyway), is likely no better than a centralized custodial setup.
Focusing on non-custodiality rather than decentralization may be a better option in general.

A group of small investors may very well elect a coordinator, and since each investor remains in control of its funds until it is transferred to the lendee, the coordinator has no special power beyond what it has as one of the small investors anyway, thus keeping decentralization in spirit if not in form.

Non-custodial Investment Aggregation
====================================

In principle, if a small investor finds a potentially-lucrative business that needs capital to start or expand its operation, and promises to return the loaned capital with interest later, then that small investor need not store its money with anyone else: it could just deal with the business itself directly.

However, the small investor still needs to determine, for itself, whether the business is expected to be lucrative, and that the expected return on investment is positive (i.e. the probability of non-default times (1 plus interest rate) is greater than 1, and the absolute probability of non-default fits its risk profile).
We will not attempt to fix this problem here, only the requirement (as with the current banking system) to trust some bank **in addition to** trusting the businesses that are taking on loans to start/expand their business.

(again: not your keys not your coins applies, as always; investors are taking on risk of default.)

The coordinator need only do something as simple as find a sufficiently large set of entities that are willing to indicate their Bitcoin UTXOs as being earmarked for investment in a particular business.

The coordinator, upon finding such a set, can then create a transaction spending those UTXOs and paying unilaterally to the business taking the loan.
The business provides proof that the destination address is under its unilateral control (so that investors know that they only need to trust that the business itself will do everything in its power to succeed and pay back the loan, without having additional trust in the coordinator to hold their funds in custody).
Then the individual investors sign the transaction, releasing their funds to the business.

However, the issue now arises: suppose the business succeeds and is able to pay back its loan.
How does the business pay back the loan?

Thus, prior to the investors ever signing the loan-out transaction, they first prepare a loan-payback transaction.
This loan-payback transaction spends from a multisignature of all the investors, equal in value to the loan amount plus agreed-upon interest, and distributes the money to each of the involved investors.
Crucially, this loan-payback transaction is signed with a `SIGHASH_ANYPREVOUT` signature.

Now, in order for the business to pay back its loan, it only needs to gather enough Bitcoins to pay back the loan, and pay back the exact amount to the multisignature address of the investors.
Then, any of the investors can reclaim their funds, plus interest, by re-anchoring the loan-payback transaction to this transaction output and broadcasting it.

The coordinator, for its services, may extract a fee from the loan-payback transaction that all the investors can agree to; thus, it takes on as well the risk of default by the business (the coordinator exerts effort to locate investors and encourage them to invest, and would lose the fee paid for its efforts if the business it is proposing as a good investment does not pay back), which seems appropriate if it also serves as a basic filter against bad business investments.
Finally, by working in Bitcoin, it cannot have a lender of last resort, and thus must evaluate possible business investments as accurately as possible (as default risks its fee earnings).

(investors also need to consider the possibility that the purported "business" is really a sockpuppet of the coordinator; the investors should also evaluate this when considering whether to invest in the business or not, as part of risk of default.)

(the above risk is mitigated somewhat if the investors identify the business first, then elect a coordinator to handle all the "paperwork" (txes, transporting signatures/PSBTs, etc.) by drawing lots.)

Thus, ***if*** the business is actually able to pay back its loan, the coordinator is never in custodial possession of funds.

Cross-business Aggregation
==========================

Nothing in the above setup really changes if the investors would prefer to spread their risk by investing sub-sections of their savings into multiple different businesses.
This gives somewhat lower expected returns, but gives some protection against complete loss, allowing individual investors to adjust their risk exposure and their desired expected returns.

The batch transaction that aggregates the allocated UTXOs of the investors can pay out to multiple borrowing businesses.
And each business can be given a loan-payback address, which is controlled by the investors that extended their loans.
Investors generate an aggregate loan-payback transaction and signature for each business they invest in.

Collateralized Loans
====================

As observed in https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-July/018053.html, a Cryptographic Relay would allow collateralized loans.

Nothing prevents the "loan shark" in the collateralized loan example from being a MuSig of multiple small investors.
Practically, a coordinator would help facilitate construction of the necessary transactions and interaction with the loanee, but as long as ownership remains controlled by the individual investors, there should not be any custodial issues.

Of course, if the loan defaults, then the collateral needs to be sold in order to recoup the loss incurred in loan default case.
Coordinating this sale amongst the multiple small investors is now potentially harder.

An additional service may be willing to pre-allocate Bitcoin funds into a timelocked contract, where the amount can be claimed conditional on transfer of the ownership of the collateral to the service in the future, or if the fund is not so claimed, to be returned to the service with the collateral not claimed (as it might have been reclaimed by the loaner after successfully paying back its loan).
This additional service earns by arbitraging the time preference: in case of default, the investors would prefer to recoup their financial losses quickly, while the service is now in possession of the collateral that it can resell later at a higher rate.

Note that these are all operations that traditional banks perform; again, this idea simply removes the necessity for custodial holding of funds, in the way traditional banks do.


More information about the bitcoin-dev mailing list