Wednesday, June 23, 2010

Cryptographic accounting

The word "Cryptographic" comes from Cryptography (or cryptology; from Greek κρυπτός, kryptos, "hidden, secret"; and γράφω, gráphō, "I write", or -λογία, -logia, respectively. It basically means "ways of keeping written things secret".

I just invented the term "Cryptographic accounting". It means accounting that keeps things secret, sometimes intension, but sometimes just as a consequence of the way the accounting system is designed.

Cooked books

I know about two subtypes of cryptographic accounting. The first is the traditional "cooked books". The ledger that is modified to please the intended audience. I recently listened to an excellent podcast from LSE titled "Does Management matter?" by Professor Professor John Roberts from Stanford University where he talks about the textile industry around Mumbai. He reports that it is usual for these companies to keep three accounting books: One that they show the government for taxation purposes, another that they show to the bank to qualify for credit, and a third that they keep for themselves to know what's really going on. These practices
are well established but they are also clearly fraudulent and well known, so I won't say much more about them except to say that if you know how the books are cooked, you can get back to the real results, sometimes easily. In that sense this is a weak kind of cryptographic accounting, since it is in theory easy to find the secrets that are being hidden.

One Way Ledger

The second subtype is a bit more interesting since it makes use of a new invention that I call the "One way ledger". The one way ledger the characteristic that the numbers in it are alle true, no fraud anywhere, but if you try to use the numbers to find out anything of substance, it just won't work. A typical example is this: A company produces widgets and gadgets.
The ledger states how many widgets and gadgets are sold, and how much each was sold for, and consequently how much income was generated. However, the production cost is lumped togeter in a set of numbers called "production", "more production" and "even more production". Note that the identity of the products is lost when considering production costs. This means that while it is possible to know if the company itself is profitable, it is impossible to know if it is widges, gadgets or both that are contributing to the profit. The "one
way" aspect of this ledger means that you can read it from top to bottom, to figure out where the income is and where the expenses are, but you can't read it from bottom to top to figure out which product was actually contributing the most to profitability. The reason this
is a one way function is simply that two well established cryptographic mechanisms are employed: Diffusion and confusion (see wikipedia entries here and here, as well as Shannon's seminal article on the subject here) , The "diffusion" mechanism means that localized changes in the secret leads to changes in many locations in the encrypted document. For an one way
ledger this means that a change in the number of widgets produced affects many of the the production processes. The "confusion" part means that it should not be very obvious how changes in number of produced units affects production costs. Lumping more or less
unrelated costs together is a good way of doing this. One way to achieve this could be to lump "packaging" for all products into one number. After the costs have been summed for all products, it is impossible to find out which products contributed most to cost.

Untangling an one way ledger is really hard, even for organizations who wants to. The reason is that all reporting routines are made to fulfill the requirements for the official (one way) ledger, so it is rational for everyone in an organization to remove the information that is not in it (rational, since nobody will get any credit for reporting what isn't required by the reporting routines). This means that if you wish to find out what is going on, the reporting routines has to be changed, accounting systems has to be modified, auditors need to find ways to compare the new numbers with the old so the stockmarket won't be confused by the new accounting practice etc. This means that once established, there will be great institutional resistance to removing the one way ledger system. Consequently it will most likely stay in place until some external event (e.g. a competitor with better cost structure due to more appropriate accounting practices) disturbs the internal equilibrium between the organization units and gives incentives for reporting actually useful numbers.

Since it is really really hard to untangle ay established one way leger, this qualifies as a kind of "strong cryptographic accounting". It hides things really well.

No comments: