Libra: Politically Correct Review

Gints Dreimanis
George Agapov
Friday, June 21st, 2019

If you’ve been on the Internet the last few days, you’ve probably heard of Libra, Facebook’s new venture into blockchain technology. Their goals are far-reaching — “to enable a simple global currency and financial infrastructure that empowers billions of people”.

While the white paper has only been out for several days, it has already received wildly contrasting opinions. Some say it will bring crypto into the mainstream and empower people all around the world, others point to several innate faults in the blockchain and lack of trust in Facebook as a company.

Together with our software engineer George Agapov, we’ve decided to skip the hot takes and controversy (no mentions of Orwell below) and review the blockchain from the technical side.

Some questions that we will answer: what are the main features of Libra, are the technical choices made there reasonable, and what do they say about the future of this project.

Brief Overview of Libra

Libra has two main features that distinguish it from blockchains you are used to seeing.

First, it is permissioned. Facebook has partnered with several other companies (including Visa, Stripe, Uber) to create the Libra Association. Right now, its members are the only ones who will be able to validate transactions on the network and have a voice in determining the future of the protocol. Libra plans to start moving to being permissionless in about 5 years or so, but there isn’t any detailed info about it.

Second, Libra is a stablecoin. The Libra Association will store a reserve of low-risk instruments which will back the value of the coin and provide income to sustain operation of the blockchain (users of Libra won’t receive any return from those instruments).

Libra also features a very interesting programming language for transaction processing and smart contracts, Move. Move is inspired by Rust and its resource control. We will expand more on Move in the corresponding section.

Libra Blockchain: Nothing New under the Sun

The creators of Libra have taken a safe and predictable path in their technical choices. They use a custom BFT protocol based on VMware’s HotStuff, use a variation of Merkle trees to store transactions with their history (and they have a clear strategy on how to prune all the history, retaining only a snapshot of the blockchain).

Several problems are solved by the closed quorum. For example, the intuition about 1000 transactions per second seems fair and reasonable because there are a lot of old tricks to achieve that amount of transactions if consensus is handled by a small number of entities.

The white paper states that they don’t have a solution for solving these problems in a permissionless blockchain right now, so it is unclear how and whether the transition will proceed in the future.

Move: Nice Twist on Smart Contract Languages

Move language is the most interesting part of Libra for us. And not only because we have recently been working on smart contract languages for Tezos.

Basically, Move is a contract language with an execution model close to that of Ethereum. It’s compiled to typed assembly, similarly to Michelson.

The most innovative part of it is that it applies techniques for resource control at compile time (similar to those in Rust). These are a part of Move’s type system and help prevent the creation of faulty smart contracts.

To show an example, below is some Move code from the white paper. The main idea is that the coin can be only moved (not copied like payee) and that can happen only once. Anything else will be rejected by the type system.

public main(payee: address, amount: u64) {
let coin: 0x0.Currency.Coin = 0x0.Currency.withdraw_from_sender(copy(amount)); 
0x0.Currency.deposit(copy(payee), move(coin)); 
} 

This use of linear logic matches the semantics of financial contracts nicely, although the syntax they use seems overcomplicated (it’s not entirely clear whether all the complexity from Rust is necessary).

Overall, innovations in this space are welcome and necessary, because smart contract languages in use right now are far from perfect. Bitcoin script is elegantly simple, but hard to use and easy to make mistakes with. Solidity is notorious for its design flaws. Even Michelson has some strange semantics. Move doesn’t look like anything that will be miles above the rest, but this feature will make it stand out.

Conclusion

Is Libra a magnificent failure like some say? Probably not, at least technically. It’s wonderful to see large companies trying out blockchain solutions and even innovating in some places.

The solutions used seem reasonable and suitable for their goals. Whether Libra will fulfill its promises of becoming open, we will have to see. Right now, we can only wish Zuckerberg the best of luck in fighting the regulators.