Tokens of my affection
In search of clarity on a difficult term
For all of the time we’ve spent thinking about monetary tokens over the last couple of years, it still is still rare that someone speaks clearly about what tokens actually are. Broadly speaking, one set of writers about digital assets tends to start from an uncritical Californian ideology: a fusion of technological maximalism, libertarianism, and hubris. From such a perspective, tokens are a foundational technological object, a primitive construct in any programming language, put to particular use in data security, and so it is hard to see that there is much to be explained.
Others, including myself, start instead from the existing monetary institutions. We have our own preconception for the idea of a token—a symbolic container for credit relationships. Even if such monetary tokens have value as material objects, that value is subordinate to their function as symbols. From such a perspective, tokens are a foundational monetary object, a primitive construct in any system of exchange, and so it is hard to see that there is much to be explained.
I propose that the two usages frequently overlap, so that neither side recognizes that the other side isn’t talking about the same thing. In an effort to point the way out of this trap, I offer in this post a translation, mostly in one direction: some ways to understand security tokens for those who start from a monetary point of view. (That’s security as in data security, not security as in securities dealer!)
Tokens and cryptography
The digitalization of finance is the current phase of the rise of networked communication as the infrastructure of economic life. Data plays a central role in this new world, including sensitive data that people may wish to keep private, anonymous or secret. Transmission of sensitive data over networks creates a problem, namely the risk that the data will be exposed.
The field of data security, meanwhile, has been busy constructing solutions to this problem. One of these is the security token. The idea is that sensitive information can be tucked away in a database, not passed around over channels that could turn out to be insecure. Instead only a token is passed around, an index or reference that points to the sensitive data without revealing it. Knowledge of the token is necessary but not sufficient to recover the original data. Such tokens typically take the form of largish numbers. When we see them written down, for example as part of an ungainly URL, they are frequently encoded into space-saving representations that use both letters and digits, but it is correct to think of them simply as numbers.
One important and by now ubiquitous technique involves a secret number (i.e., a private key), meant to be known only to the token’s legitimate owner, and a public number (e.g., a blockchain address) which can be shared widely. The private and public numbers are related, in that one can demonstrate knowledge of the private key without revealing it, by producing a third number, which anyone can check against the public number. The field of cryptography has ingenious techniques for providing one-way functions for this purpose, and for quantifying the computational resources that would be needed to run them in reverse. Such approaches are central to the consensus processes of distributed ledger systems.
Knowledge is possession
Private keys are thus something like a password, in which knowledge serves as proof: either you know the password, in which case the assets are yours, or you don’t, in which case they are not. Importantly, one can demonstrate knowledge of a private key without revealing it, which is an improvement over simpler passwords. However, to achieve this improvement, private keys end up having to be quite long, long enough that remembering them using only a human brain becomes a burden. Instead, one generally records them somewhere, using a device within one’s physical control, or in a networked service secured by a memorable password.
One consequential side-effect of this is that, in many systems, knowledge of the correct token becomes commensurate with ownership. One “owns” bitcoin, for example, only through knowledge of the private key associated with the address that received the tokens. If someone else knows the key, they can take the tokens; if you don’t have the private key, then you don’t really own the tokens: maybe you own something else, some kind of credit or promise, or maybe you own nothing at all. This is different from other conceptions of ownership, which are more likely to be based on identity. If you lose your bank password, you can call them up and prove your identity another way—though this seems to get more onerous with each passing month (try losing your mobile phone, for example).
With cryptographic tokens, “knowledge of” and “possession of” become fused: a person is entitled to spend a token if and only if they can demonstrate knowledge of the correct private key.
Nine-tenths of the law
Any financial instrument is a text which formally states the terms of a debt contract. In monetary theory, token captures the idea that a credit relationship can be represented by a symbolic instrument. In some cases, the instrument is made tradable, so that the possessor of the symbol is entitled to collect the proceeds, as with currency, casino chips, subway tokens and bearer bonds. Crypto tokens, which began life as data objects, as a form of security token, have been able to pass also as monetary tokens.
The decades-long tide of digitalization, whose benefits have been deemed compelling in many parts of the social and economic sphere, is now rising through the financial plumbing. In finance, the hypothesis that is that switching to a tokenized system, where asset ownership is mediated through the use of private and public keys, might permit more intense automation, and that this would be a good thing to do.
This remains a hypothesis. Some clarity on the competing uses of the concept of token will be needed to resolve it. This post, hopefully, is a useful provocation in that direction.