How cryptography and peer-to-peer networks contribute value to society

By: Omar Metwally, M.D.



To illustrate the utility of cryptography and peer-to-peer networking in protecting the authenticity, integrity, and availability of information.

1. Information is the useful synthesis of data.

Our email inboxes, phones, and hard drives are constantly filling up with data; however, collecting, organizing, and archiving the useful nuggets of information in an ocean of junk requires time, money, and energy. The number of useful emails in my inboxes is a small fraction of the total number of emails, which are mostly spam. I don’t pay for extra storage out of principle. Why fund a company whose spam filters are more likely to block important emails than spam? Why perpetuate the problem?

Similarly with the high-resolution photos which take up so much memory on my phone and hard disk: most of these photographs do not deserve the 2+ MB of memory they occupy on my phone and PC. I’ll commonly snap a photo of a beautiful landscape, a critter I encounter on a walk, or something I need to remember for a short period of time (for example, where I parked). Backing up every photo and video on my phone seems wasteful considering that, like my email inbox, only a small proportion are media that I actually want to preserve. The alternative, however, would be to manually go through each of my inboxes and every photo I take on my phone and make a conscious decision whether to keep or delete a file. This latter strategy often proves far too time-intensive to pursue on a consistent basis.

2. Data that exists in only one location is as good as gone.

I once asked a colleague how he backs up his digital information. “I’ve never needed to back up my data,” he answered. This is a fallacy. Every possible failure of a digital system will eventually and inevitably occur. Hard disks fail all the time. People accidentally delete and lose files. Important bits of information drown in oceans of spam and junk, to the extent that locating them becomes practically impossible. Networked systems get hacked. People lose or upgrade their phones and change platforms, only to realize years later that they never backed up their old Android or iPhone which is now resting in a landfill.

Preserving information in a way that facilitates future retrieval requires:

– a consistent schema for organizing files and directories

– multiple physical (e.g. HDDs and SSDs) and cloud-based storage systems

– a consistent version control schema

– consistency in backing up information to each of these media

In other words, if you really cherish your data, you need to be organized, anticipate what can (and inevitably will) go wrong, and back up consistently. If it’s important information, chances are you’ll also want to encrypt your disks in a way that prevents unauthorized parties from accessing the data, without accidentally losing access to your own data.

3. Cryptography is arguably one of the most useful and powerful technologies in modern-day computing.

Modern cryptography is the basis for digital tools that protect the authenticity and integrity of information. While information ends up in the wrong hands all the time, encryption ensures that only the intended recipient can “unlock” the information. To lay people, “encryption” may conjure messaging apps designed for protect one’s privacy. However, another compelling use case of cryptography, which may be unknown to lay computer users, is to mathematically prove the authenticity of digital information. Algorithms such as SHA256 [] can generate a mathematically unique string of numbers and letters, which can serve as a “fingerprint” for a file’s authenticity. Altering even the slightest letter in a document changes this cryptographic fingerprint.

Just like no two individuals have the same fingerprint, so do non-identical files yield unique cryptographic hashes. For instance, an attorney who needs to ensure the authenticity of a collection of evidence can use a cryptographic hashing algorithm such as SHA256 to prove beyond a doubt that the data do indeed represent what the attorney claims they do. However, it’s important to note that these hashing algorithms do not necessarily preserve the actual data to which they refer. It is still upon the attorney to back up the evidence in a secure and redundant manner. Furthermore, the attorney must ensure that each backup is identical. Although a small discrepancy may or may not be consequential in court (for instance, accidentally adding a space, period, or comma may or may not alter the interpreted meaning of a document), the cryptographic hash will be altered, negating the utility of the hashing algorithm.

4. Distributing and decentralizing information is a key value proposition of blockchain networks

Encryption and hashing preceded cryptocurrencies. Hash functions, which are defined by the National Institute of Standards and Technology, are generally free to use and are accessible via command line on any computer. Arguably the biggest value proposition of blockchain networks, on a technical level, is their capacity to add verifiable and tamper-proof timestamps to cryptographic hashes, by propagating a verifiable and identical chronological database across numerous peers around the world. Being able to reliably exchange information with thousands of computers across the world, spanning many different geographic areas, yields redundancy that would be implausible to replicate by entrusting any one party to create thousands of backups, spread them around the world, ensure that they can be accessed reliably, and also ensure the integrity of the original information. In reality, governments restrict access to online content all the time. People in affected locations can use tools such as VPNs to try and circumvent these limitations, but as long as a critical number of nodes is online, the information will not be lost, even if it is inaccessible from a certain geographic region due to inability to run a p2p client.

Cryptocurrencies create financial incentives for people to volunteer hard disk space, broadband, their time, skills, computing resources, and energy to contribute to a peer-to-peer network. Rather than relying on one party to ensure the integrity, authenticity, and availability of data (which is typically hosted in a relatively small number of geographic locations), blockchains are essentially distributed databases (also known as “distributed ledgers” when used in the context of exchanging digital value).

5. Ensuring information availability is another value proposition of blockchain networks

I have been experimenting with IPFS (“InterPlanetary Filesystem” []), a peer-to-peer file-sharing networking, since 2017. Each byte stored directly on a blockchain network is relatively expensive. While all blockchains are peer-to-peer networks, not all peer-to-peer networks are blockchain. IPFS, an example of a peer-to-peer network that is not a blockchain, allows users to easily upload directories and files to the network, where they are relayed from node to node. IPFS itself is free to use; that is, there is no subscription fee to cover hosting costs because volunteers around the world share in hosting the data. However, this utopian dream of “share everything, preserve everything” ignores the reality of the cost of hosting data. Bandwidth, disk space, processing power, and electricity cost money. Data hosted on IPFS can be “pinned” using a 3rd-party service, but this crosses the line of decentralization and places trust in a 3rd-party service to ensure the persistence of these data. Furthermore, it’s unclear to me why a 3rd-party service would volunteer their resources freely without charging a hosting fee.

Filecoin is a cryptocurrency developed by the creators of IPFS (Protocol Labs) which aims to solve this missing economic incentive. The Filecoin protocol aims to incentivize miners (people with a lot of computing power and storage capacity) to host others’ data by rewarding them with the Filecoin cryptocurrency in exchange for running software that can mathematically prove that the hosted data (1) exist on their hard drive(s), and (2) can be retrieved by the party that is paying Filecoin in exchange for their data to be hosted.

I downloaded the Filecoin client (“Lotus”) and spent several days running IPFS and Lotus in parallel in order to see if hosting a 113 MB file on Filecoin was a better alternative to using traditional cloud servers, and also to learn about the economics of the Filecoin ecosystem. I provide here my impressions of this limited experience without a recommendation for or against any cryptocurrency.

It took me a few hours to sync the Filecoin mainnet to completion. I had to download a snapshot of the chain in order to sync, and I could not locate a SHA256 checksum of the snapshot used to sync. I was unable to sync by connecting to peers directly. Using snapshots hosted on a centralized server which are not associated with published checksums is never best practice because there’s otherwise no way to ensure the authenticity or integrity of what one thinks they are downloading.

The Slack channels used by the Filecoin community are active, and I received timely answers to my questions by knowledgeable contributors. Once the Filecoin chain was synced, I proceeded to upload a 113 MB file using its IPFS hash (that is, the file was already uploaded to IPFS, and I used the IPFS hash to point to the data). The process of uploading data generally entails (1) identifying storage providers (miners) who are willing and able to host one’s data; (2) uploading the data to the storage providers; and (3) paying a transaction fee to upload the data. These transactions are referred to as “deals” and can range from 180 to 540 days in duration. Miners can specify parameters such as the minimum and maximum file size they are willing to host, duration of hosting, and their cost per Gigabyte per time period (in the case of Filecoin, per 30-second epoch). Retrieving data involves a separate set of processes, but I haven’t yet made it that far.

In Filecoin, miners host others’ data, which may or may not be encrypted. This is a potential legal gray area because miners generally don’t know what they’re hosting, and miners are often located in jurisdictions separate from the party seeking hosting services. Deals can be arranged on a Slack channel or third-party reputation marketplaces, but rarely does one know whom exactly they’re dealing with. What happens if a party is uploading content that is illegal in their jurisdiction? Or perhaps legal in their jurisdiction but forbidden in the miner’s jurisdiction?

The process of trying to host data on Filecoin is far more complex than using traditional cloud servers. The average person is unlikely to succeed without a strong commitment to the steep learning curve involved in using these command-line tools. Some of the complexities can theoretically be simplified using third-party services, but this can potentially negate the advantages of using an incentivized p2p network in the first place.

The Filecoin protocol incentivizes miners to contribute their computing resources (and time) to host others’ data by rewarding them for reliably hosting others’ data and financially punishing them by deducting penalties from the collateral they have to put up. Due to the relatively early stage of development of these tools, Filecoin documentation recommends making multiple deals with up to 10 different miners to ensure the availability of one’s data, in case one or more miners’ do not make good on their deal.

On my first attempt to upload a 113 MB file, the “deal” failed for unclear reasons, despite my attempts to troubleshoot the Lotus client’s behavior with the help of technical support volunteers. My starting balance was one Filecoin (1 FIL). Here are some numbers central to the (failed) transaction:

Initial wallet balance: 1 FIL

Cost of hosting 113 MB file with a particular miner for 180 days: 0.01296 FIL ($0.225504, at an exchange rate of $17.4 per FIL on March 12th, 2022).

Wallet balance after the escrow funds were returned to my wallet (i.e. after the deal failed):

0.996353443699298176 FIL

Difference between initial and final wallet balance = amount of “gas” burned (network transaction fees):

0.006646556300701767 FIL

Therefore, 51.285% of the original proposed cost of hosting the file (0.01296 FIL) was burned in the form of gas. In other words, 0.006646556300701767 FIL / 0.01296 FIL = 0.5128515664121734

While the amount of burned gas may seem trivial, it accounts for a majority of the cost of the failed deal (51.285%)! If the goal is to establish 10 deals with 10 different miners, then the cost of gas associated with failed deals can quickly add up.

6. Mathematical proof of data availability may or may not be necessary

There are certainly cases in which it’s necessary to prove mathematically not just the integrity and authenticity of data (for example, using hashing functions such as SHA256), but also the availability of the data. Filecoin aims to mathematically prove both the existence and availability of data hosted on a peer to peer network while incentivizing miners to uphold deals with parties who need data hosted. However, there are also many instances where a SHA256 checksum uploaded to a blockchain with an immutable timestamp is more than sufficient. In this latter case, the responsibility of organizing, archiving, and maintaining identical copies of these data falls upon the party willing to pay for the weight of this proof. As mentioned above, there are instances where entrusting miners to store and deliver content may be undesirable for legal reasons, privacy, or simply the need to trust that at least one miner with whom one conducts a deal will uphold their end of the deal.

In conclusion, cryptography and peer-to-peer networking are powerful technologies that can help protect the integrity of information and ensure its persistence. Various blockchain networks use financial incentives in different ways to provide a variety of value propositions to network participants. Clearly understanding one’s goals as the relate to information preservation/exchange, and clearly understanding each network’s value proposition, is key to making good investments of one’s time and resources.

How to connect 3+ Ethereum nodes in a private Ethereum network.

Omar Metwally, MD 
University of California, San Francisco 

Distributed Data Sharing Hyperledger (DDASH).
    Github repository
    Project website

How to create a private Ethereum Network, Part Deux

By: Omar Metwally, MD

Background and Prerequisites:  This tutorial picks up where part one (“How to create a private Ethereum network”) left off.


Numerous people have asked me how to connect 3+ nodes in a private network after reading my previous tutorial. There are scripts out there that will pseudo-automate the process, but I believe in understanding the fundamentals and building it yourself from the ground-up without obfuscating layers between you and your network. Many people got hung up on obtaining a machine’s enode address (basically your Ethereum client’s public key) using the bootnode application. Depending on which machine you’re running and how you installed geth (the Go Ethereum client), chances are you don’t have bootnode installed. I realized that most people out there are not running Linux machines and therefore are getting stuck here.

The good news is that creating a network with any number of peers is possible without having to install bootnode.

A crucially important difference between private Ethereum networks and the main Ethereum network

is that, unlike the main Ethereum network (where real money is used to power the Ethereum supercomputer, create contracts, and move money around the network), private Ethereum networks do not automatically let anyone join the network. In a private network, each peer must identify all other peers to which it wants to connect. In networking parlance, a node becomes a peer when it connects to a fellow node.

Nodes are identified via enode addresses, which are basically public keys.

To illustrate how to create a private network with 3+ nodes, I’ll use the private blackswan network I created to run one of our projects, called DDASH (Distributed Data Sharing Hyperledger). You’re welcome to follow along and join the blackswan network or take notes and create your own private network.

Step 1: Create a genesis block 

All peers must use the exact same genesis block specified by genesis.json:


For more information about the contents of this file, see my previous tutorial.

The exactly location of the genesis.json file will probably differ on your machine, depending on your operating system and how you installed geth.

Step 2: Clear old chain data

This will allow you to start from a blank slate and is necessary whenever you change the genesis block because you can’t merge two chains with different genesis blocks.

rm -r /Users/omarmetwally/Desktop/blackswan/data/geth

Step 3: Reinitialize the genesis block 

Again, this needs to be done on each node.

geth --datadir=/Users/omarmetwally/Desktop/blackswan/data init /Users/omarmetwally/Desktop/blackswan/genesis.json

Step 4: Discover each node’s enode address

To create a private network, each machine needs to know every other machine’s address.

geth --verbosity 1 --datadir=/Users/omarmetwally/blackswan/data console

Then type in:

> admin.nodeInfo

Copy the enode address, including quotation marks. It will look something like this (without the ellipsis):


Step 5: Create the static-nodes.json file on each node

This step is critical and a common point of failure for many people creating a private Ethereum network. This file identifies other network peers using their enode addresses. Create a file called static-nodes.json in the local geth data directory of each node, and paste the enode of every peer in your private network, such that it looks something like:





Note the quotation marks, the commas, and the format:  enode@ip_address:port.

Save this file as static-nodes.json in your local geth data directory, which in my case is:


Step 6: Launch your private network.

Run this command on each node

geth --verbosity 2 --datadir=/Users/omarmetwally/Desktop/blackswan/data --networkid 4828 --port 30303 --rpc -rpcport 8545 --etherbase "0xYourEthereumAddress" console

The flags in the above command are important.


The blackswan network id is 4828, but your own private network will contain its own identifying network id which you should create to be unique.


How much information geth will spew, which can help with troubleshooting or be too much unnecessary information cluttering your screen.


This must correspond to your own local geth data directory. You will not get a helpful error message if this does not correspond to a real directory on your machine, so be careful here.


This is your Ethereum address on the private network.

rpcport and port 

The port and rpcport flags are networking parameters which I will not get into here. Make sure that your firewall will not block the ports you’re trying to use, and be careful when opening your machine to the outside world. Be very careful when exposing the RPC API to the outside world to prevent theft of real Ether and loss of real money! Any real Ether you might own should be kept completely separate from your development environment.

Step 7: Mining on your private network

Mine Ether by running:

geth --verbosity 4 --datadir /Users/omarmetwally/Desktop/blackswan/data --networkid 4828 --port 30303 --etherbase "0xYourEthereumAddress" --mine --minerthreads=1 

Then open a new Terminal window (if you’re using a Mac) or new Terminal tab (Ctrl-tab) and check your balance:

geth attach /Users/omarmetwally/Desktop/blackswan/data/geth.ipc console

> web3.eth.getBalance(web3.eth.accounts[0])

You should see your account balance increase fairly quickly as you mine.


Royd Carlson’s (UC Berkeley) feedback was instrumental in conceiving this article. The comments and emails I receive from readers of this blog help make these articles relevant to the Ethereum community .

Knowledge is power, and my goal is to empower the readers of this blog with the information necessary to create blockchain applications with the potential to re-program institutions, level playing fields, and take a huge step toward more democratic societies. I’m humbled to welcome visitors to this blog, especially from nations where access to and dissemination of  knowledge is much more difficult than we sometimes take for granted in the Western world.

“…the poor catch up with the rich to the extent that they achieve the same level of technological know-how, skill, and education, not by becoming the property of the wealthy.”  (Thomas Piketty, Capital in the Twenty-First Century)

Building smart contract-based health insurance

This post elaborates on a 6/19/2014 presentation I gave at the BitTorrent HQ on decentralized autonomous health insurance, and on a prior blog post. My goals here are:

  • To quantify and qualify the problems with the US healthcare system, especially as they pertain to the payer system
  • To introduce my vision for decentralized autonomous health insurance
  • To outline key components of successful health insurance systems
  • To start laying the groundwork for applying these concepts in practice
1. The U.S. spends more on healthcare than any other country — for subpar health outcomes

1.1 The U.S. spends 17.7% of its GDP on health-related expenditures, with the Netherlands (11.9%), France (11.6%), and Germany (11.3%) landing a distant second, third, and fourth place, respectively (OECD Health Data 2013). 52.2% of U.S. healthcare spending is private rather than public. The United States, Chile, and Mexico are the only OECD countries whose health expenditures are less than 50% public (OECD Health Data 2013). Despite our country’s disproportionately high healthcare spending, life expectancy among Americans has fallen to about 81 years (as of 2011), comparable to Chile and the Czech Republic and lagging behind most other OECD countries.

1.2 To change individuals’ behavior, change their incentives. To create a sustainable system, align individuals’ incentives. I’ve identified below several flaws in US healthcare’s payer systems, all of which relate directly or indirectly to financial incentives, and discuss potential solutions later in this post.

(i) Large uninsured population. According to the US Census Bureau, the number of Americans without health insurance exceeded 48 million (15.7% of the population) in 2010.

 (ii) In the US, 2.5 physicians serve 1,000 people on average, compared to the OECD average of 3.2 physicians per 1,000 people. The American Medical Association projects a shortage of 124,000 physicians (46,000 primary care physicians) by 2015.

(iii) Physicians have traditionally been incentivized financially to perform procedures, not optimize health outcomes. A surgeon is reimbursed tens of thousands of dollars for resecting tumors resulting from lifelong smoking, while general practitioners are hardly reimbursed for taking time to counsel patients on smoking cessation.

(iv) Tort laws keep physicians on the defensive and incentivize them to err on the side of excessive testing.

(v) Uneven distribution of healthcare resources

(vi) Burdensome administrative overhead to perform tasks such as preadmission certification, utilization review, membership management, collection of funds and claims, and quality assurance. Operational hurdles are a common reason for health insurance systems to fail, according to the World Bank.

(vii) Discrimination based on medical diagnoses (“pre-existing conditions”)

(viii) Disparate attitudes toward end-of-life care. Healthcare spending in the last year of life is 6 times greater on average among Medicare patients: $39,975 versus $5,993.

2. Building a smarter healthcare system

An optimal health insurance system has yet to emerge in response to the Affordable Care Act. Social and national payer systems like those in Scandinavia, Germany, and Switzerland are good working solutions, but they’re imperfect systems. Smart contracts don’t promise a utopian solution; however they allow us to iterate toward an optimal set of parameters within a dynamic actuarial system. 

2.1 An insurance system in the era of smart contracts will admit its shortcomings in terms of knowledge and financial resources and instead focus on establishing malleable rules than can be updated iteratively based on outputs such as health and financial outcomes.

2.2 Each decentralized autonomous health insurance system will be constructed in a modular fashion with a uniform parameter set, such that each system represents an actuarial experiment based on community-generated contracts.

2.3 The parameters in 2.2 and aggregate financial/health outcomes will be available publicly to facilitate iterative refinement of these smart contracts governing decentralized autonomous health insurance.

2.4 Decentralized autonomous health insurance (DAHI) will shift influence away from private insurers and toward individuals. DAHI systems hold the potential to provide just and universal access to healthcare. These smart contract-based systems will not be burdened by administrative overhead and will not be victims of political consensus or lack thereof.

2.5 Decentralized autonomous health insurance will protect the socioeconomically disadvantaged. “Unless designed to be pro-poor, health insurance can widen inequity as higher income groups are more likely to be insured and use health care services,” warn Wong et al (World Bank Health Insurance Handbook). Existing health insurance tends to draw resources away from the poor. The World Bank identifies 3 mechanisms to protect vulnerable groups, including rural communities, self-employed individuals, informal workers (“black market”), small businesses, the homeless, and orphans:

(i) Compulsory universal coverage to prevent the rich opting out of the pool
(ii) Require redistribution among multiple fund pools
(iii) Financially incentivize providers to serve poor areas

The implementation of these mechanisms, however, has proven challenging because the rules governing private health insurance favor the affluent, both in their scope and execution. DAHI governed by smart contracts will enable the formation, and more importantly the automated enforcement of, fair rules ensuring the inclusion of socioeconomically disadvantaged groups.

2.6 The World Bank identifies several key considerations in designing a sustainable health insurance system:

(i) Political feasibility and political mapping

(ii) Sociocultural norms
These can strongly influence the ultimate success or failure of health insurance programs (boxes 2.2 and 2.3). In some societies, for instance, people believe that planning for inauspicious events can harbinger bad luck. A more germane example of the importance of sociocultural norms is the debate surrounding the end-of-life care in the United States.

(iii) Financial capacity
In the context of traditional government-funded health insurance, financial capacity is determined by the number of people who buy in, the size of the formal sector of the economy that is taxable, and per capital GDP (Wong et al). The World Bank also identifies the capacity to collect, pool, and spend funds efficiently and effectively as determinants of feasible and sustainable health insurance systems.

(iv) Provider capacity
The number of healthcare professionals available to provide healthcare services

3. Guiding principles
Early adoption of DAHI will rely to a large extent on a group’s social cohesiveness. As Wang and colleagues point out, social cohesiveness generally tends to correlate positively with the success of community-based microinsurance. Individuals may be more likely to buy-in if they know that risk is being shared among individuals in their communities, to whom they can relate on a personal level. Initially, smaller insured groups will mean fewer ways for the system to fail as well as greater agility in creating and modifying rules ad libitum. Associated with smaller groups however is greater financial risk. As these groups grow larger, they also become more financially insulated. Therefore, the gradual growth in the size of an insured pool translates into an opportunity to refine gradually the mechanisms governing DAHI, which are outlined below.

3.1 Health insurance based on smart contracts provides an opportunity for societies to engineer redistribution mechanisms that preserve socioeconomically disadvantaged individuals’ access to healthcare resources. The goal here is to establish rules that promote the amalgamation of insured groups, such that wealth and resources flow from the wealthy to the poor, from the healthy to the unhealthy. Each member pays according to how much she or he can afford to pay. These rules will also promote diversification of insured pools to further strengthen the group’s financial insulation. Without such rules, smart contract-based health insurance would only recreate the same inequities in access to healthcare that traditional insurance creates, namely the formation of wealthy insured groups with the exclusion of the poor. One example of a redistribution mechanism is a quota for the sponsorship of disenfranchised individuals, in which an insured group agrees to provide X% of its funds to cover for low-income individuals who could not otherwise afford health insurance.

3.2 The decentralized nature of smart contract-powered, community-based microinsurance bypasses the political roadblocks and administrative challenges that continue to hinder the implementation of the Affordable Care Act. It’s also central to the essence of DAHI as a series of actuarial experiments that allow societies to iteratively approach an optimal set of financial parameters that maximize the just distribution of healthcare resources. One question that arises, however, is the following: what will be the role of federal and state governments? Will they hinder its implementation? If DAHI does in fact become widespread, will it constitute health insurance in the eyes of the law? I believe that governments will play the important role of “the stick” by continuing to incentivize or even mandating membership in a health insurance group, akin the the Affordable Care Act. The mechanics of health insurance, however, are best left to algorithms.
3.3 Medical practice focused on health outcomes, rather than procedures, will require a corresponding shift in reimbursement. Accountable Care Organizations reflect this tendency, which is borne from the federal government’s recent reforms. Analogously, smart contract-based DAHI will be instrumental in incentivizing providers to practice health outcomes-based medicine.

3.4 This was already stated in 1.2, but because of its centrality to the concept of smart contract-based DAHI, I repeat it here. DAHI is based on the admission that no optimal solution to the current payer problem exists. There are numerous potential solutions. Each insured group in DAHI represents a controlled experiment in health economics and policy. Therefore, DAHI must be designed modularly with replicable components, a consistent set of parameters, and transparency of both inputs and outputs to allow iteration toward optimal parameter sets.

3.5 Buy-in from providers will rely foremost on their perceived value of cryptocurrency. This is a matter of time, in my opinion, as cryptocurrencies gradually become more accessible to the general public and more prevalent in commerce. Furthermore, the rate at which DAHI grows will depend to a large extent on legislators’ reaction to smart contract-based DAHI.

4. Proposed mechanisms

Sample Serpent code is available on my Github repository:
Each DAHI system will include a set of parameters including, but not limited to, the following;

(i) Maximum/minimum number of members

(ii) Percentage of member votes necessary for approval of an insurance contract in order to become active

(iii) Enrollment period start and end

(iv) Coverage period

(v) Cancelation penalty

(vi) Premium (either a range or a fixed amount)

(vii) Adjustment formula: this allows adjusting premiums based on individuals’ relative cost to a healthcare system – without ever excluding anyone. One possibility is creating an actuarial score, for example a ratio of benefits received to premiums paid over an individual’s lifetime, which can then be transferred from one contract to the next.

(viii) Maximum plan dollar limit

(ix) Terms of care provided, including access to specialists and physician reimbursement

(x) Utilization

(xi) Number of mid-level providers and physicians from each specialty, including a voting mechanisms to allow members to vote providers into or out of a group.

(xii) Reward pool to promote good health outcomes

4.1 Both beneficiaries and providers will be subject to a peer-based application process. This will be predefined in the contract’s rules, for instance as a minimum percentage of the vote, to safeguard against discrimination.

4.2 All financial and health outcomes (in anonymous aggregate) will be publically available to allow assessment of a group’s financial feasibility/sustainability, allow quality control of providers’ practices, and promote iterative refinement of the parameter set in subsequent groups. Quality control may also take the form of reputation systems for healthcare providers.

4.3 Both patients and providers will be rewarded for good health outcomes in the form of a bonus at the end of the coverage period.

5. From theory to practice
Smart contract-based decentralized autonomous health insurance, executed correctly, can provide citizens of developed and developing countries alike equitable access to healthcare resources. It has the potential to do what traditional health insurance has frequently failed to do, namely protect the interests of the most socioeconomically vulnerable, and politically weakest, individuals. While adoption of DAHI likely will be a slow process that depends upon the rate at which cryptocurrency becomes mainstream, implementation need not be an all-or-nothing process. First steps will include running simulations and eventually using DAHI in the context of coinsurance, or health insurance for specific contexts such as outpatient visits. A few interesting open questions include how existing health insurers will react to smart contract-based health insurance, and to what extent, if any, DAHI will be truly decentralized. Ultimately, federal and state legislation governing cryptocurrency and smart contracts will shape how smart contract-based insurance is implemented.


8. Actuarial anatomy

8.1 Risk pooling := collection of funds from members of a group to finance the cost of a catastrophic event (Wang et al, 11). This allows a group, rather than an individual, to bear the financial risk of paying for catastrophic costs. The larger and more diverse the group, demographically and economically, the more effectively the risk is spread (WHO 11). The concept of risk pooling is closely tied to moral hazard (see below): how can financial risk be distributed without corrupting individuals’ incentives to exercise precautions?

8.2 Risk aversion := converting a low-probability of a catastrophic event into a certain, low-burden event. Let’s say for instance that a dentist pays $40,000 to insure his hands over the course of 20 years. He has a 1% chance of losing one or both hands, but this would cost him $2 million in lost income. He can convert a 99% chance of making $2 million and keeping his hands (and a 1% chance of losing his hands and $2 million in income) into a 100% chance of losing $40,000.

8.3 Moral hazard : = when the behavior of an insured person changes – usually to become less risk averse – because they no longer bear the full cost of their behavior (Wang et al, 25). For example, let’s say that Larry has a family history of heart disease, and that the cost of treating a heart attack is $100,000. Given his family history, smoking habit, and sedentary lifestyle, his risk of a heart attack in the coming 10 years is 15%. Quitting smoking, losing weight, exercising, and regular checkups would reduce his risk of a heart attack to 7%. But what’s the point of going through all the hassle, Larry thinks, if his insurance will pay for it anyway? Possible solutions to the problem of moral hazard include:

(i) Coinsurance: the insured person still bears some of the costs and therefore retains incentive to adopt and maintain healthy behaviors

(ii) Preconditions to insurance: for instance, Larry’s health insurance requires him to get regular checkups and do an annual urine test to prove non-smoking status

8.4 Adverse selection := tendency of higher-risk individuals to be more likely to enroll in insurance. Unhealthy patients with worrisome family histories or concerning health findings buy health insurance, driving up the cost, whereas healthy individuals become less likely to purchase insurance as it becomes uneconomical.

9. Anatomy of health insurance
The following is an overview of actuarial terminology and common forms of health insurance.

9.1 Terminology
9.1.1 Coinsurance := health insurance plan in which the insured person pays a given percentage of medical expenses after the deductible amount, if any, is paid

9.1.2 Deductible := fixed dollar amount during the benefit period (usually one year) that an insured person pays before the insurer starts to make payments for covered medical services

9.1.3 Premium := fees paid for coverage of medical benefits per unit time

9.1.4  Copayment := health insurance plan requires insured person to pay a fixed dollar amount when a medical service is received; the insurer pays the rest
9.1.5 Gatekeeper: individual who coordinates and authorizes medical services, laboratory studies, specialist referrals, and hospitalizations. This is often the primary care provider.

9.2 Types of health insurance plans
9.2.1 Preferred provider organization (PPO)
Patients receive care from healthcare providers in a given network. Patients are incentivized to remain within the network by being charged premiums for heathcare services received from providers outside the network.

9.2.2 Health maintenance organization (HMO) is both insurer and healthcare system. This includes organizations such as Kaiser Permanente.

9.2.3 Accountable care organization (ACO). Federal or state governments pay ACOs a lump sum to provider care for X number of individuals in a given geographic area for Y units of time. This is a new reimbursement model that emerged from increasing pressure by the federal government on healthcare systems and providers to control costs and practice outcomes-focused medicine.

I’m grateful to Vitalik Buterin, Ethereum creator and recent recipient of the Thiel Fellowship, and to Christian Peel, who runs the Silicon Valley Meetup group, for their productive feedback.

  • OECD Health Data 2013.

  • United States 2010 Census.
  • Wang H. et al. Health Insurance Handbook: How to make it work. World Bank Working Paper No. 219, 2012.
  • Wood, Gavin. “Ethereum: a secure decentralised transaction ledger.”


Democratizing healthcare through decentralized consensus

The concept of cryptocurrency, and more broadly, of decentralized consensus, represents a shift away from the old-world paradigm of centralized authority. My parents’ generation (and their parents’ generation) grew up accustomed to confiding their trust in infallible governments, fail-safe banks, and reputable degree-granting academic institutions to which they paid decades’ worth of savings so that their children would have a better chance in society. Although decentralized consensus is silently changing the economic underpinnings of our society, I regard cryptocurrency and decentralized consensus as safeguards of the democratic ideals espoused by our constitution. The reality is that cryptocurrency is here to stay. Paradigm shifts are a constant in human history, and I believe that the emergence of decentralized consensus will mark one of the most momentous paradigm shifts in human history.

My friends and I went to hear Andreas Antonopolous, a cryptography and cryptocurrency guru, answer Bitcoin questions yesterday. If I were to summarize the 2-hour meetup in one sentence, it would be the following: the details of how cryptocurrencies are traded are still maturing, but the concept of decentralized consensus is here to stay. Decentralized consensus holds the promise of democracy 2.0, something that’s remained a Utopian dream except in the tiny country of Switzerland. Decentralized consensus holds the promise of a better world where governments and organizations don’t steal from politically weak, defenseless individuals. As Antonopolous points out, we’re fortunate enough to have a benevolent government in the United States, but the majority of the world is not so fortunate. Decentralized consensus holds the promise of empowering people to exercise the power of their vote to truly make healthcare a human right. Before I expound on this latter point, I want to outline some technical underpinnings for the uninitiated, so bear with me.

Satoshi Nakamoto’s most remarkable achievement with Bitcoin is the cryptocurrency’s success in solving the problem of a decentralized public ledger. In the case of the US Dollar or any other currency backed by a governmental body or bank, there exists a central authority that acts as the ledger. Bitcoin’s brilliance lies in the fact that the ledger is public, encompassing potentially everyone and anyone. The blockchain ledger is the communal ledger that lends cryptocurrencies their value. It’s characterized by the following 2 criteria [4]:

  • Blocks are very difficult to discover (Difficulty Factor * 2^32 hashes)
  • Blocks are easy to validate

A Bitcoin comes into existence when a “miner” uses her/his machine (and therefore computing resources, disk space, and electrical energy) to generate new blocks that record cryptocurrency transactions. The block chain with the most cumulative computational work is accepted by consensus as the valid block. In other words,  physical energy (electricity) is converted into Bitcoins. Keep that in mind if you ever find yourself wondering whether or not cryptocurrency is “a thing.” The reward for mining Bitcoins diminishes with time, as the horizontal asymptote of ~21 million BTC is approached (around 2024).

This setup has a few interesting results with regard to game theory. While mathematicians reading this will quickly pick up on the fact that wielding >50% of mining power holds the theoretical potential to manipulate the currency, game theorists should also note that this system strongly incentivizes cooperation and veracity [2] (I won’t get into the details here, but I’ll refer you to a suggested reading list at the end of the post).

The Bitcoin protocol is not Turing-complete. Enter Ethereum, a Turing-complete protocol for scripting contracts in the blockchain. Ethereum is big. If you’re not a believer yet in Vitalik Buterin and his work, I encourage you to check out the whitepaper for an interesting read. Ethereum uses a Python-like scripting language (Serpent) to convert contracts into cryptographic building blocks. For the first time in history, parties entering into agreements are not at the mercy of inherently biased third parties. Ethereum marks an era in which algorithms — not banks, governments, or individuals — hold the power to validate and execute contracts.

One interesting result of this decentralization is the so-called Decentralized Autonomous Organization (DAO), in which each member is represented as a cryptographic public key [1]. A contract that exists as lines of code in a Turing-complete language means that we can go beyond simple two-party agreements, like this prenuptial agreement written in Ethereum, to a corporate-like structure that automates redistribution of internal capital among participants in exchange for services provided, assets, or computational power. Transactions can contain information like votes, changes in the contract (such as amendments), or adding/removing members [1]. Most importantly, this is all automated without reliance on an escrow or central authority.

The U.S. healthcare crisis has demonstrated how lawmakers, insurance companies, and healthcare systems are struggling to figure out a way to fairly distribute access to healthcare. The U.S. healthcare system was hurt by an incentive system that rewards procedures rather than quality of care and health outcomes. Recent changes in CMS reimbursement are starting to change this, prompting the emergence of Accountable Care Organizations that receive payment in exchange for providing healthcare to a fixed population, rather than on a fee-for-service basis. The healthcare system failed for the same reason the financial industry lost its credibility in the 2008 financial crisis: third parties succeed in manipulating an easily manipulable system in their favor. People were robbed blind.

I’ll give a simple example of what I’ll call Decentralized Autonomous Health Insurance. Let’s say individuals A through J enter an agreement with physicians X and Y, in which X and Y agree to provide healthcare to individuals A-J. Let’s say in this simplified example that X and Y are not reimbursed for their services, but by A-J’s health outcomes (in ancient China, physicians were paid when their patients were healthy, not when they were sick). Let’s also say that X & Y have a practice that accepts cryptocurrency as payment. Then, A-J and X&Y can pen a virtual contract with the following stipulations:

  1. A-J pay 20 Bitcoins per year to receive care from X & Y’s practice.
  2. The cost to X & Y of providing healthcare to A-J is deducted from the pool of Bitcoins in (1)
  3. X & Y will receive a minimum reimbursement of 10 Bitcoins per patient per year.
  4. If the cost of providing healthcare is less than 10 Bitcoins per person per year, the surplus is shared evenly between providers (X & Y) and patients A – J. This incentivizes patients A – J to take care of their health so they get a bonus at the end of the year, and it incentivizes X & Y to adhere to primary/preventative medicine best practices (including taking time to counsel patients).
  5. A-J can vote annually on which providers they want to provide them with healthcare.
  6. A-J can vote annually on important decisions that affect the distribution of healthcare services.

We might even imagine a scenario in which each patient’s medical record is encoded and distributed in a decentralized manner such that it exists as undecipherable bytes among millions of computers around the world, rather than behind the walls of a single healthcare system. For example, a chip could keep track of our health habits and automatically append these data to our blockchain-based medical records. These data (such as smoking and exercise habits) could then be integrated into the communal contract, so that sedentary smokers have to pay more Bitcoins per year than active non-smokers in order to receive care from X & Y. In this model, individuals’ health (not access to healthcare!) is the internal capital. Everyone is both a payer and consumer of healthcare, and everyone has the power to vote on the bounds and conditions of care provided. This type of Ethereum-based Decentralized Autonomous Health Insurance would have no administrative overhead, no bureaucracy, and no board of directors to decide who is healthy enough to be insured.

I’m less interested in the exact economics of the hypothetical example above than in the broader concept of decentralized consensus and the self-fulfilling social contract. It’s time to decentralize health insurance the same way cryptocurrency is decentralizing currency.

Cryptocurrency and Ethereum are a new social and technological frontier, which haven’t really reached mainstream yet. These young protocols still have to pass several important tests (such as reliable security mechanisms) and prove their scalability before they become widely used, but I’m optimistic. The future will be one shaped by knowledge, and less so by historical inertia. Decentralized Autonomous Organizations hold the promise of just distribution of scarce resources, including the most vital one of all: access to healthcare.


  1. Ethereum Whitepaper
  2. Vitalik Buterin’s blog
  3. Bitcoin: Open source P2P money
  4. Brian Warner’s technical introduction to Bitcoin


[First published on my Quora blog on May 7th 2014]