Prediction Markets: Real world data feeds

This lecture brought out a completely new topic of prediction markets. It made the case for why alternative coins may be necessary who had be built to solve different problems and allow for newer solutions.

  • Can real world data be brought into Bitcoin?
  • What is a prediction market?
  • What parts of prediction markets can you build on Bitcoin?
  • What about an altcoin?

Real World Data Consequences

Getting real world data opens the door to sow many new applications. The main topic is getting a mechanism to assert real world events. Once you get this into the system, the lecturer mentioned bet and hedge results using smart contracts (programmable pieces of logic) and opens the door to more complex financial products like forwards, futures, and options on Bitcoin. The general formulation is known as prediction markets though.

Prediction Market

A prediction market is pretty straightforward. It’s a market where you can trade shares in a potential future event. Shares are worth some money if the event happens, and zero is not. The current price / x = estimated probability. Before the event, the price may fluctuate based on people’s expectation of the end result. The lecturer spoke about two examples the World Cup 2014 and the 2008 Election between Obama and McCain. Thus as the tournaments progressed the markets changing belief of the winner impacted the probability. The key element that differentiates pure betting, is that one can trade even prior to an event happening. Thus over a hype cycle you can profit and short sell quickly and exit prior to the event even occurring. However, in the long term they will have accurate results.

Thus prediction markets are loved by economists since they reveal all the knowledge about the future. In addition, they allow for profit from accurate predictions and end up beating experts claims. Not sure I believe the bottom quote, but it definitely reveals the confidence placed in prediction markets.

“The most heeded futurists these days are not individuals, but prediction markets, where the informed guesswork of many is consolidated into hard probabilities…The Economist: The Future of Futurology    

Intrade

Intrade was a prediction market company that did all this in a more centralized way. It was founded in 1999 and was a web-based prediction market company. They allowed members to take positions (trade ‘contracts’) on whether future events will or will not occur. The company ran into several regulatory issues in the United States even though it was a Ireland based company. So much so that in 2012, the CFTC filed a civil suit again them for unregulated trading of commodities. In 2013, they had to suspend trading for US investors. Finally, in 2014, they closed shop. Interestingly, their website actually points to a decentralized exchange known as Augur which is built on an Ethereum, an altcoin network. That’s wild in my eyes as really this lecture from 2015 kinda projected the future of this space.

Decentralized Prediction Markets

Bicoin or other public blockchain provide that decentralized service.

  • Decentralized payment and enforcement
  • Decentralized arbitration
  • Decentralized order book

Decentralized payment

This requirement is the easiest according to the lecturer. This can be achieved by Bitcoin and trusted arbiters. Escrow transaction can exist.

Decentralized Arbitration

The alternative would be to use an altcoin that had built in support for arbitration. The lecturer then describes the mechanism for some of the custom transaction types. There should be a BuyPortfolio and SellPortfolio. Lastly, there would be a TradeShares() where you can exchange shares for each other or currency. This means that you essentially buy a share in every possible outcome. Then you would trade the shares to reflect your beliefs on the future outcome. Arbitration has its own mechanism as well. With Bitcoin, you could use trusted arbiters mean that allows anybody to define and open a market and the risk of an incorrect arbitration would be absconding. Users essentially vote which requires incentives. Thus the users are would vote on the outcome thereby tying they a sufficient number of them were honest. This may not be as easy if there was collusion or something. Miners who vote may be disinterested though. Note sure why we’d ask them to take on this role.

There is a company who did this known as Realitykeys, a certificate authority for facts. I think the company is now called Realit.io. Essentially one can sign information on Bitcoin or on Ethereum. Realitio verify real-world events for smart contracts and provide some guarantees. From there website it looks like they’re a decentralized application that can answer questions.

Decentralized Orderbook

An orderbook is a data structure that separates bids and asks while a matching engine actually matches the best bid and ask offers together. it allows the orders to be matched up or split the difference. Usually if there is a space, some party known as a market maker may step in to help facilitate the trades. Centralized order books have issues in that there could be front-running in that someone gets more information about the buys and sells and artificially can profit from this information. Thus they also require regulation, auditing, and monitoring.

Decentralized order books have slightly different issues. You give the orders to miners, and they match any possible trade. The spread is retained as a transaction fee by the miner. The spread is greater than the transaction fee and thus not profitable for the miner. Front running is not considered profitable. Overall, the system may be less efficient as there will be high fees and slower trades.

Wrap-Up

Overall much of this lecture has actually been done in reality. Gnosis and Augur are two examples of prediction markets that live on the Ethereum blockchain. As mentioned this lecture served more as a segue to discuss some of the limitations with Bitcoin and open the door to new possibilities with these alternative chains.

Bitcoin as a source of randomness

The goal of this lecture was to give examples on how bitcoin could be used as a public randomness protocol. This lecture builds on the previous such that instead of each person generating their own randomness and combing it together, you have more convincing randomness to the public.

  • What is public randomness?
  • What are examples in the real world of public randomness?
  • What is the NIST beacon and Bitcoin beacon?
  • How can Bitcoin be used as public randomness?

Public Randomness

Public randomness in cryptography seems to not have been formally introduced until 1992. Randomness is super useful to create simpler, or more efficient algorithms. It’s also useful in the construction of cryptographic primitives. Public randomness seems to mean that the random bits are accessible to all parties enacting the primitive and to any adversary trying to break the primitive.

The proper definition I found from this paper, Public Randomness in Cryptography is “A source of random bits is public for a primitive if it can be read by all the parties enacting the primitive and any adversary trying to break the primitive. The public random string is always chosen uniformly. This line from the paper, i found a bit contradictory, “Although the public random bits are known to an adversary, it turns out that these bits often plays a crucial role in ensuring that the primitive is secure”.

NBA Draft Lottery

The lecturer then transitions to talking about the NBA draft lottery. Honestly this was completely irrelevant segment though highly entertaining. 30 teams come together and randomly choose some weighting based on teams past performance the year prior who has first pick to draft top amateur player in the country. This began in 1985 with the Knicks getting Patrick Ewing. Prior a coin toss was used to get the first pick. Apparently people saw this as a conspiracy and that it wasn’t truly random. I google “conspiracy theory Knicks Patrick Ewing” and have shared some of the results. There was some deliberation over the envelope could have been tampered with. It’s strange that May 14, 2019 many of the news media posted new articles about this, guessing this was due to an anniversary of sorts. It’s interesting that the entire draft lottery was actually full televised as the NBA were trying to get publicity. The lottery is still done every year and people still cal foul but perhaps not to the same degree as 1985.

1969 Vietnam Conscription Lottery

This was a higher stakes lottery though isolated to the United States as before. The lottery was to determine which men would be sent off to ware with Vietnam. Congressional people dropped all dates  in blue plastic capsules into a metal drum and took turns reaching in to remove blue capsules out. Based on the date drawn, it would indicate priority of being conscripted. These numbers wold be broadcast on live TV and radio broadcasts to share with the American public. That to me seems terrifying. This was seen as fair as birthdays were being chosen at random.

Though looking at the results, it was unfortunately botched. Birthdays that were late in the year had lower priority than those found earlier. The cause was explained how they were rotating the drum and even number of times so that the capsules initially put on the top were still more likely to be picked.

Cryptographic Beacons

The two example showed that this problem is actually needed. Getting the public onboard is difficult and people will always come out if they don’t think its fair. This reduces to a more abstract idea.

The idea is cryptographic beacons, which is a service to regularly publish random data As discussed above, it must follow the features of public randomness. Thus the applications could help for lotteries, auditing, ZKP, and cut and choose protocols. The beacons must be cheap, easy, and simple to understand. Though it’s difficult to make this trustless. So the public lottery may not work remotely and distributed, and thus the lecturer provides some modern day solutions

NIST Beacon

NIST does something similar where they have quantum-mechanical randomness that they give to the public. Interoperable Randomness Beacons is what’s on their website and was started in 2011. In 2019 they have a reference for randomness beacons that they’ve published. I’ve provided the diagram reference similar to what the lecturer showed: https://www.nist.gov/image/belltestillo900png. I don’t know what a loophole-free Bell test but that’s what the NIST beacon uses. Full taken from wikipedia, “Bell’s theorem, also referred to as the Bell inequality or Bell test in actual experimentation,[1] proposes a testable construct for resolving the disparity in causality and locality that exists between quantum mechanics and classical physics models, specifically the concept of quantum entanglement.” Every 60 seconds they publish random data (512 bit) and sign it. Downside to trying to use this, is that one must trust NIST. They could be lying to you… was the one con for this. It’s interesting they have a warning on their website about WARNING: Do NOT use Beacon generated values as cryptographic secret keys! This is line with the the lecturer as you want ot use the public randomness for other mechanisms but not secret key generation.

Natural Phenomena instead

Thus the idea is instead of using one person who needs to be trusted to produce data, one uses natural phenomena instead. Examples of natural phenomena were sun sports, cosmic background radiation, and weather data. Because they can be read all over the world publicly, these are observable but also random data that nature produces. The issues the lecturer brought up was that this data was slow and needed a trusted observer as collecting this data isn’t that easy.

Stock-market beacon

Thus the next idea is to use stock market prices as a beacon. Prices are generated regularly, and the claim is they are costly to manipulate. Though, there could be slow insider attacks though. This was fairly short section and I could only find one academic source about this. The paper covered that these random bits were sound for post-election audits in E2E elections so there was a very specific use case for this data.

Remove central trust: Bitcoin nonces

Nonces are somewhat random. Thus minders finding the random nonce could be that source of randomness. One benefit is these nonces are found every 10 minutes and published pubicly to all miners. At this point, there is no way to predict the next nonce with significant probability as that would give people a mining shortcut. Current there are about 66 bits of randomness which is difficult to predict. Then we discuss how this acually works.

Using the blocks to become a beacon isn’t too difficult. Each time a block is published, the block header data is run through an extractor function that essentially hashes all the data into a unique output. This unique output is a uniform string which anyone could compute. Then we examine the potential security vulnerabilities. The vulnerability would depend on the cost of manipulation which is this case would be the block reward. The attack vector would be manipulating a miner to either throw out a computed block or nonce and not get their block reward. Thus you don’t want to use this randomness beacon on say a NBA lottery where its impact is more expensive then an outputted block reward. The cost of manipulation was pretty simple match.

Bernoulli Trial: forcing a beacon outcome with probability p requires discarding 1/p-1 blocks and discarding a block costs the block reward (12.5 BTC). Thus for an N-party lottery it’s (block_reward) (n-1).

The downsides are those key features to BTC. Timing is slightly imprecise as every 10 minutes isn’t actually true. If you’ve ever looked at block times leading up to or after a fork they tend to fluctuate. Also, this way of randomness is only temporary. As the block reward halves at each section, the randomness mechanism will likely only to be done for cheaper and cheaper lotteries. That said, it could be useful and at least provides a manner of how a public blockchain could be used.

Beacon support using Bitcoin script

New idea is chosen to try to resolve the previous constraints. This one adds an opcode to BTC for a beacon call. The advantage is that it can build multi-party lotteries in only one round without any bonds and no time delays for refunds. So this beacon call would use the previous block’s randomness within its input.

Bitcoins as “smart property”

This lecture brought bitcoin into the real world space, or meat space as some call it. In that these unspent UTXOs can represent something else.

Questions answered in this Post:

  • What characteristics allow calling it “smart property”?
  • What does it mean bitcoin has a trace history?
  • What is one example of authenticating bank notes?
  • What are colored coins?
  • What are some applications using Bitcoin? What is Namecoin?

Transfer of Value

Bitcoin is a transfer of value has definitely stuck. The phrase holds weight to many circles. While the real owners may be anonymous, it is possible to track the transactions of bitcoin throughout time. Even more companies like Chainalysis and Ciphertrace because of their ties to exchanges and crypto trading exchanges know the identities of the bitcoin holders. Likely you can track an unspent UTXO all the way back to when it was minted. It’s public and anyone can view.

Trace History

Thus the lecturer brings up the point, bitcoin is actually unique. While value may be fungible current, each unspent transaction output in unique. Though if there is some reason that one history can separate it from another, perhaps they are no longer fungible. This is a negative for anonymity which isn’t new and allows for bitcoin blacklisting. Though this trace history can open up in opportunities for applications. You could make the argument that same thing holds true for certain fiat currency. A U.S. two dollar bill may be worth more than two dollar due to the rarity of the items. Similar remarks can be made for a silver dollar and certain pennies minted in specific years.

The lecturer brings up the point that without limitation or issuance, it is just a novelty which is true. Having a forged signature by a famous actor may hold the same value as real signature, as it is difficult and requires expertise to tell the difference. Having the claim authenticated is how one would add real value ie authenticated metadata for currency.

Using bank notes for baseball tickets

The idea is pretty simple. Venues can mention a specific serial number could give permission to anyone entering an event. In the slides, Bill #L11180916G stands for given entry to a Yankees game in 2014. To add validity, there can be a signature signed with a message and game number. Thus you’re now assigning more value to something that may have had intrinsic value.

Consequences

The consequences are pretty wide. Currency can now represent some thing else. In addition, anti-counterfeit can build upon the protections that fiat currency already has on it. There is still trust in the system in that their is trust in the issuer. Better question, is it possible the issuer, can revoke that they’ve given additional value to currency? Yes. In addition, echoing the phrase, “You can’t teach an old dog new tricks”. Assigning additional value may not be well understood. Which according to the lecturer may not be a bad thing. It’s fine for their to be a temporal weight and then the dollar bill goes back into circulation.

Assign properties to Bitcoin: Colored Coins

So taking the above example, something similar can be done with bitcoin. Colored coins can track a specific color. The definition in the Bitcoin wiki is it’s an example of methods for tracking real world assets on top of the Bitcoin blockchain. Bitcoin still have their value but you’ve added additional meaning withe metadata for these “colored” coins. How it works, is via a single transaction, one can inject additional metadata thereby injecting meaning to the unspent transaction outputs. This metadata essentially issues new colored coins. There is a protocol for using this known as “Open Assets Protocol“. Coins are issued by passing through P2SH address. A special unspendable marker is outputted. Thus you match colored inputs to outputs.

Pros and Cons Breakdown

Pros

  • Compatible with bitcoin
  • Flexible to represent any asset
  • Can be ignore by community, in that doesn’t require work from miners

Cons

  • small cost of un-spendable markets
  • must check every previous transaction (because miners aren’t really doing anything)
  • harder to use this on smaller memory locations like phone, so think SPV would not be applicable

Applications

Then he mentioned certain applications for this. First up was stock certificates. Thus you wouldn’t need centralized exchanges for stock and could actual have that be peer-to-peer. The second was deed for real estate. The third was cars. He discussed something about real world sharing and driving of cars. Lastly was ownership of domain names. Domain names are interesting and he mentions a project known as Namecoin.

namecoin logo
Namecoin Logo

Namecoin is known as the basis for a decentralised domain name system. It’s the same code as Bitcoin just forked. This would fight online censorship. NMC (namecoin) seems to have died Dec 19, 2018 according to this article. The article goes on to mention that Namecoin was actually a though creation of Satoshi via the paper, “BitDNS and Generalizing Bitcoin,”. Moving to 2019, I see IPFS and potential ENS as the way forward for decentralized name servies.

IPFS (Interplanetary Filesystem) along with the other protocols allow for the sharing of information on the internet peer-to-peer. ENS (Ethereum Name Service) allows one to host and launch websites linked to an Ethereum address on the Ethereum main network.

Nonoutsourceable Puzzles

Here is another lecture on alternative puzzles regarding non-outsourcable puzzles. I don’t know too much about this topic. It was really fascinating and took me a bit longer to understand it though.

Questions answered in this Post:

  • What is a non-outsourcable puzzle?
  • Why are mining pools potentially non-outsourcable?
  • Vigilante Attack and improved vigilante attack
  • What are the mining mechanic changes?
  • Will this be the future?

What is a non-outsourcable puzzle?

Simply. Puzzles that discourage the consolidation of mining power.

Are mining pools are risk?

Previous lectures, this class has talked quite a bit about mining pools and even have shown graphs pointing to how Bitcoin mining is concentrated. The lecturer then starts a discussion on how mining pools could be a threat. Pool operators may become central targets for coercion or hacking. However, this isn’t how mining pools were initially describe in the previous lectures. In that the participants or the mining pool don’t really trust each other or the pool operator. And that’s an observation that the lecturer goes into. The pool operates being of the “shares” protocol which distributes profits throughout all the members transparently and fairly. Guess, that ties up that discussion, to be no. The incentive structure that allowed mining pools to get so large opposes this idea of collusion and trust among members and operators.

What about vigilante attacks?

Vigilante attack, again have been discussed before. The purpose of the attack is one member of the pool is angry with the pool operator and thus wants to hurt the operator. A vigilante attack is based on someone trying to act maliciously while part of a mining pool. If a vigilante finds the block rewarded with the pool operators public key, they don’t end up sharing it with the pool operator. The result is the pool output decreases as they likely missed a block reward which in turn also hurts the vigilante. From the description, I’m still unclear why someone would want to do this attack as if they care about maximizing return, this is not that. The lecturer mentions though the vigilante is only losing a little as he’s still gaining other members profits from share block rewards.

Miller then mentions about how one cannot rely on vigilantes for doing this attack. I’m still not sold why they would do this in the first place. So this is now where the non-outsourcable puzzle comes in. How do you devise the right incentives to make the vigilante attack more appealing

Improved Vigilante Attack

The improved attack is that the vigilante takes the entire block reward for themselves. Thus, this would make them more likely to make this attack if they can. So if the vigilante can be everyone, why isn’t everyone out there running this attack? Jumping ahead, we’re now going over the mechanics of the puzzle.

Mining mechanics

Instead of just hashing, search now requires signing. Signing implies there is a private key and thus one can spend the reward via this known private key. This mechanism further drives the point, will there be no mining pool, as right now this puzzle doesn’t make sense for the operator or the participants. Lastly, the lecturer discusses a practical implementation of this which is not too different form the current mining problem. There are two signatures though. The first signatures is used with computing a hash in addition to a previous hash, nonce, and public key. The second signature is used only if its within the target and then you use the Merkle root. Then you can choose which transactions will be included into the next block.

Should we all jump on the bandwagon?

Maybe not. As I had mentioned before, if this puzzle gets used, harmless decentralized P2Pools are also at risk. People with not have any incentive to participate. From there, the lecturer mentions they may go towards other centralized features like hosting mining. Hosted mining, I think, means that you pay someone else to mine for you.

Further Research

Andrew Miller, the lecturer, has written about this topic further. I’ve linked some additional resources that discussed using the non outsourable puzzles. From what I can tell/ my minimal Google searching, haven’t seen evidence that people have discussed this post 2016. With the move to Proof of Stake for Ethereum and growth of ZKP, my take are there are other areas people are using to tackle this issue with mining outside of the non-outsourcable puzzles.

What to Decentralize?

Basically this post will explore the different possibilities for blockchain. I thought the breakdown was good and also gave a reasonable way to frame even the newer blockchain solutions. Also several of the projects that were mentioned in the lecture either still exist or variations on the theme have popped up, thus I enjoyed taking some time to research them.

Categories

  • digital things
  • real things represented digitally

Digital Things

Heads up: I wrote this prior to the NFT sale for 69 million dollars by Beeple and before Saturday Night Live did a skit on NFT. I do see the value and that that value is understandable by all involved.

If the things don’t exist in the real world, why not just store them in a blockchain! When Cryptokitties was introduced on Ethereum, they took the Ethereum world by storm. The were tradeable digital cats that you were able to breed and get enjoyment out of seeing what new features could be produced. Several companies have popped up to create virtual baseball cards and other assets. In addition, these new virtual cards allowed for online auctions to get created as well thus supporting a healthy market system. In October 2020, Decrypt did an article about an asset that sold for over $33000 (some representative ether) called “Vitalik Buterin Legendary”.

When these assets first came out, I didn’t really believe in them. For context, I don’t play video games nor do I enjoy collecting things (stamps, coins, wines). However at this point, I’m not surprised and believe that this is one area of digital assets, that may have longevity. First, I didn’t realize this, but a lot of computer games, Fortnite by Epic, have digital assets frequently built into them. These digital assets have legitimate monetary value in and out of the game. Second, these players don’t have to be sold on the notion of owning digital things. Their videos games already did the selling of the concept. Blockchain digital assets are just second nature. Third, people who trade also think of most assets as just pieces of values. While they want real funds at the end of the day, the market maker trading oil, corn, or cattle futures, will never really take possession of these assets. It’s a game of hot potato to buy and sell without every keeping any of these assets. Overall, there are people who can buy and sell as long as there are markets as well as also a market of people who see value in holding these assets. To me, that gives more hold to these assets than say other cryptocurrencies where no one values them except degenerate gamblers ( and yes I think of myself as a degenerate gambler with some FOMO trades).

Name Mapping

Name mapping is using a blockchain as a place of record to store information as well as any updates. One example is Namecoin which is a mapping between human readable names and addresses. Alternatively, this could also be public shareable pieces of information like birth, death, or even housing records.

Storage and Proof

Storj and Sia are two projects that deal with storage, though in two slightly different ways. Self explanatory, one is paying for storage while the other is paying for computation. Storj means that an “agent” lives in the cloud that that make some decision. The agent can rent cloud computing service and then clients can essentially rent the cloud storage space for some time interval.

These were just a few of many examples for representing digital items. Other examples are random number generation and lotteries.

Real things represented digitally

This lecture just touched the surface of the real items that could be represented. Some examples were real currencies, stocks, and other assets. The lecturer brings back colored coins as a core example. However fast forward to 2021, there have been more experiments for this such as digital land.

US Dollar

I think of all the US Dollar equivalents specifically USDC, GUSD, Tether, and DAI that are on Ethereum. Essentially, each have mechanisms that allow holders have confidence that each of these currencies can be turned in for US Dollar. USDC is backed by a consortium with regulated financial institutions where there is actual US Dollars backed and stored. GUSD is similar though instead of multiple organizations its backed by Gemini Trust Company. Tether has had a bit of controversy but again it has a similar story. DAI is different in that the value is held in a collatoralized debt position where Ether is the currency held rather than US Dollar. There are oracles, mechanisms that bring in real world information to a blockchain, and an intricate algorithm that keeps the price of Dai closely aligned to the dollar.

Blockchain as a vehicle for Decentralization

Technically, this was the start of the last lecture called the Future of Bitcoin. Later, the course included a 12th lecture. It felt like a look back through the course where this time we looked at the consequences bitcoin could have outside of just technology. Decentralization is one component. Personally, I’d never really heard the term or used it until 2016. When studying computer science, I knew about distributed systems, those big grand messy data system that big tech companies were using to wrangle their big data ie Twitter and Facebook. This simple idea is that data could be stored partially in multiple locations. This improves resliency and removes single points of failure because not all data was stored on a central server. On the flip side, the systems are challenging to keep in sync with each other as different data can be updated and fetched from different servers and potentially have different results. Though with the rise of managed and hosted solutions, many developers don’t need to care as much about the upkeep and implementation details and can just use these systems. When Bitcoin came in, it was just that, another distributed system from my point of view. But it’s not just that. Bitcoin and other blockchains could be used for other purposes then just wrangling data. That’s how this lecture spoke to me. Ok, enough rambling and onto the lecture!

decentralizeallthethings

The lecturer throws out a number of application that blockchain could be used in: stocks, bonds, and property. However this talk focused on the “should you aspect”. So trying to frame the conversation as a “Should you decentralize X with blockchain?” 

Motivating Example: Smart Property

To begin, we start with smart property where the property in question is a car. The lecturer introduces new features when designing smart property. The ownership of a car can be tied to owning the car. That’s slightly different from modern mechanics, but we’ll go with the flow here. Some new properties with smart property are that the car could be opened via bluetooth via a signed message being sent to the car. The car is controlled by a cryptographic key. Additionally, the car has to be monitoring the blockchain and be able to react to changes, such as change in ownership of the car. That may be difficult in remote areas but not impossible. A sale of a car could be a single bitcoin transaction where there is an exchange of payment as well as a shift of ownership of the car. Thus it would be atomic and is binding.

The case where everyone is acting properly seems to be solvable. What happens if there are disputes? A potentially solution was discussed earlier with escrows. Essentially you need to bring in a third-party to act as the mediator and make a 2 of 3 escrow. This may still be decentralized in that perhaps each transaction could have a different third party acting as a mediator though that feels unwieldy. Traditionally, if there is a dispute in today’s age, the courts handle it. It’s a normal procedure where both parties would accept the assessment of the judge. One advantage to the court system versus blockchain is that funds are not locked up in escrow during the dispute. Counter to that, blockchain disputes may be shorter because of less people are involved and people’s funds are locked.

Key Insights – What are the disruptions from the above example?

Disintermediation – removing the middle man

In the example, the sale of the car and ownership of the car was coupled. No one had to register with the central registry ie the Department of Motor Vehicles (DMV) for the United States (US) that the car had changed hands. Instead this was automatically propagated through the blockchain network and thus is is known by the necessary parties. The transfer process was just a technological step and no central governance bodies were at play.

There is the counter question of should blockchain be allowed to do this? Is removing the middle man even legal? That’s a common discussion point even today. From there the discussion turns to, can we bake the legal and regulatory guidelines into the transactions on the blockchain. Again you follow the path to alternative blockchains that can support programmable logic like the public Ethereum or maybe something more private and centrally controlled like Hyperledger. Or maybe the argument is yes, yes blockchain should be able to do this and leave it as is.

Key areas when building solutions with a blockchain network

Representation

To model something from one medium to another, you need to translate it or create a comparable model. You want to represent real world transactions on a blockchain which can be tricky. You have a much more limited set of transaction types to use then what one could find in a legal contract. Additionally, legal documents are some times several thousands of pages for transactions related to companies. If that context isn’t represented on a blockchain, is just the monetary movement good enough? Additionally, visualization of this transfer while technically transparent is not really transparent? It’s only easy to understand for a small part of the population which is true of the current system.

Atomicity

Atomicity is like an all or nothing clause. Within relational databases, ACID is a popular acronym with the first term being atomicity. The transactions that need to take place, they need to be coupled. This strengthens the security guarantees especially since it’s not easy or even possible in some cases to reverse a decision.

Security

Security can be critical depending on what you’re integrating to a blockchain. Also bitcoin itself does come with several security guarantees. Security does not have to be achieved just through cryptography. It can be achieved through social reputation. Atomicity and escrows also help achieve security. Lastly trusted hardware like Intel SGX or like a ledger wallet are built to a high standard of requirements that make then less susceptible to malicious attacks. Because there’s no enforcement or regulation, debt cannot be easily tracked or maintained. One interesting quote was, “lack of trust is a starting point, not a goal.”

Motivating Example 2: Crowdfunding

Kickstarter is a fantastic company. They allow individuals to crowdfund their own projects on their site. People can browse these kickstarter campaigns and then pledge money to projects they align with and potentially get some reward in the end such as early access if it’s a physical product. Now let’s flip that is there a way to decentralize this. Entrepreneurs can raise money for their projects without going through a centralized place. Technically its pretty straightforward with Bitcoin. The entrepreneur can create a transaction with an arbitrary number of inputs and one output (target raise amount). Others can support the cause by signing with their input and output and the transaction is signable only if the total input is greater than the output.

Routes to blockchain integration

  1. Bitcoin
  2. Embedding
  3. Sidechains (see here)
  4. Altcoins – another blockchain

Just use an existing blockchain network. Bitcoin

Simplest approach is to use an existing blockchain network. As of this lecture, the only option that made sense was bitcoin. However, it’s 2020, and that has changed. You now have quite a few options though in terms of dev commitment it feels like Ethereum, Cosmos, Tezos and Polkadot have top of mind. 100% sure I’m missing a ton. The point is that using an existing network and its resources as long as it doesn’t require modifications to the blockchain, it is the most straightforward. It does mean that when designing your application, you’ll need to take into account the specifics of the blockchain network such as latency or security guarantees. also, the transaction will also need to be catered to the blockchainn so representation may be limited.

Slightly more complex. Embedding.

In this case, you’re still using the existing network, Bitcoin without modification to the core protocol. Explained earlier as Colored Coins, in this case, you can almost filter the Bitcoin blockchain based on your needs. You can put in an arbitrary marker in the OP_RETURN and use that to track certain types of transactions like car transfers. You get to use more complex transactions. However, there is still a lack of doing exactly what you want since you’re still limited by bitcoin. Also another downside would be the extra bloat added to bitcoin.

Way more complex with bitcoin. Sidechains

Sidechains seem complex and do require modifications to the existing Bitcoin blockchain on like a protocol layer. It removes the bloat added to bitcoin though.

Solution that the world has picked. Altcoins

Altcoins have been the solution chosen by the world. Most blockchain integrations are done using an altcoin: Ethereum, Hyperledger, Tezos, Cosmos, maybe something else. The lecture focuses on Ethereum and at this point in 2020, we’re seeing large adoption in people building decentralized financial products. Ethereum provides a general purpose smart contract language that gives people wider representation. The lecturer brings up points that will this chain have enough computing power and adoption. The answer is Yes!

Summary

Decentralization can happen using a blockchain. It may look and feel different than what is currently in place. Ownership, deeds, and accounting may have to be redefined terms depending on how transactions are stored on a blockchain. Also, decentralization is a spectrum. Single mandatory intermediary all the way to no intermediaries. Using representation, blockchain integration, level of decentralization, and security is a framework the lecturer proposed to evaluate decentralized projects.

Bitcoin-backed Altcoins, or Sidechains

 

This lecture was more theoretic. It discussed a potential solution for having a pegged altcoin with Bitcoin as well as a new manner to efficiently validate transactions. I thought the topics discussed were worth exploring but still remained a bit too abstract for general consumption. As of today, there are no widely used decentralized sidechains. The paper,“Enabling Blockchain Innovations with Pegged Sidechains”, and the work was funded by a private company known as Blockstream. They currently provide a federated sidechain. Some of the authors have even suggested that the solution proposed was not feasible given breaks in the security model.

Questions answered:

  • What is the purpose of a side-chain?
  • What is a side-chain?
  • What requirements are needed to support a sidechain?
  • What was a gist of the research?

Side Chain Goals

Sidechains are a solution in response on how to enable bitcoin or other ledger based assets to be transfered across other blockchains, ie altcoin with bitcoin. Bilateral peg allows for someone to take a risk to transfer into an altcoin and still have the opportunity to transfer out to bitcoin without losing value. Token sales and token drops are unilateral meaning that once someone exits bitcoin there is no path back as well as it can add to the volatility of the altcoin. Some chunk of the lecture was spent describing what do the two chains need to support to allow this interoperability.

Side Chain Reqs

The requirement seem logical. To transfer into bitcoin, you want to lock the bitcoin up in some way that the other chain recognizes that some amount of the altcoin needs to be minted. In reverse, you need to burn or destroy the altcoin in a way that unlocks the bitcoin. Ok, now this isn’t as simple as doing an escrow payment where a lawyer locks up  funds in one account and then gives you back funds after some event. Essential two independent worlds ie networks need to know enough about each other to do the locking and unlocking. By know enough, it’s that bitcoin would need to be able to validate the transactions that occurred on the altcoin to ensure you’re unlocking the right amount. The lecturer makes the claim that this would not be possible without modifying bitcoin in some manner by a soft-fork.

The most straightforward though costly would be to encode all the sidechain’s rules to Bitcoin and thus Bitcoin could always keep track of the sidechain’s transactions. There are some tricks to make this not necessary though. One is called the SPV trick.

SPV Proofs

SPV is the Simplified Payment Verification and this enables lightweight clients to validate just enough transactions that they’re accurate but not too many that it becomes cumbersome. SPV only verify block headers and worry about the longest valid chain. The lecturer suggests that one could extend the Bitcoin’s script on how to verify a proof that a specific transaction occurred in the sidechain. As discussed this requires tracking the longest chain and looking at all the block headers. Specifically, to reference a sidechain transaction in Bitcoin, you need to check that the sidechain transaction in the sidechain block and the sidechain block headers had received enough confirmations. The work suggests that instead of verifying that you have the longest chain, one will wait to allow other users to present evidence it’s not the longest chain. Thus, essentially you’re requiring that additional participants need to be correctly incentivized to present evidence. Additionally, the guarantees of the system are that Bitcoin will not be damaged but makes no claim about the sidechain. Thus, if you care more about the sidechain security, you’d need to take similar considerations. There is a second consideration given that block rates on sidechains may be different from bitcoin.

Research Work

As I’ve discussed earlier, blockchains like Litecoin and Ethereum have significantly shorter block rates. That’s one of the benefits the sidechains could provide. That said, lower block rates could make verifying SPV proofs too onerous for Bitcoin nodes. Thus, it would be clever if there was a way to decrease the amount of computation such that the number of verify N block confirmations grew slower than linear.

Thus this was the work discussed by the lecturer and the paper. The lecturer proposed using a datastructure known as skiplist which could allow for compact SPV proofs. The work is less about the datastructure but providing evidence that you need to do a fourth less verification work given the distribution of the hash values. This is where I’m going to stop since the vagueness isn’t too useful for the reader.

Interactions between Bitcoin and Alts

Constantly, the experts talk about correlation between the assets. In addition, at least within Ethereum, there exists synthetic assets that model other assets such as Bitcoin, called WBTC. On a completely separate note, there are alto “cross-chain bridges” that allow one to move assets between the two chains. I did love that he started off the lecture by stating “All the altcoins and Bitcoin, in a sense, compete with each other”. After spending any amount of time on reddit or cryptotwitter, at least the participants see the rivalry.

What this lecture covers:

  • Mining attacks
  • Merge Mining
  • Atomic Cross Chain Swaps

mine-2269513_1280
mining

Mining Attacks

The first topic was mining attacks. The implication was that a larger miner or mining pool in a large network can destroy a small altcoin that used the same hashing puzzle. The lecturer then brings up examples where it occurred in 2012 and 2013. Interestingly, searching “mining attacks” into Google didn’t shows this type of mining attack. Instead it brought up web mining where public machines are hijacked into mining for a coin for another malicious actor. Additionally, there are records where attacks due to holes in container configurations on cloud infrastructure have been perpetrated.

Narrowing the search to find out about CoiledCoin had me stumble on 51% attacks instead. This seems to be what the lecturer was talking about. The actual attack meant that a mining entity on Bitcoin could direct their resources to another altcoin that used the same mining puzzle. This entity would then mine blocks that end up disrupting the network such as mining blocks that reversed (thereby unwinding history) and mining empty blocks. This was so disruptive that users of the network went elsewhere and the altcoin ceased to exist. 51% attacks are not just in the past, a fairly modern one was against ETC. This article from Coindesk dials more into it. In Jan 2019, Chinese blockchain security firm SlowMist and American company Coinbase detected at 51% attack. Coinbase ended up halting all ETC trades for some time in addition to alerting the ETC moderators. Additionally CZ, from Binance, suggested launching such an attack to re-org Bitcoin in May 2019 as stated in the Coindesk article. I suppose it’s less of an attack and more of a suggestion on how to fix the 7,000 BTC that were stolen. As quickly as this topic was discussed, the lecturer jumped to merge mining

Merge Mining

I described earlier a bit about merge mining.  Simple idea is that a miner could mine two coins at the same time without decreased efficiency where one coin is a major coin like Bitcoin while the other would be an altcoin. This is one way to mitigate the bootstrapping problem by not forcing a miner to choose which coin to support. Thus every puzzle attempt for Bitcoin can also be a puzzle attempt for the altcoin as well. The altcoin effectively uses the Coinbase ScriptSig in Bitcoin header to host the altcoin merkl root. Because this tag is ignored by Bitcoin, anything can be reasonably filled there. This mechanism can hopefully work for other coins and chains. It’s not all rainbows and unicorns though with merge mining for these altcoins. While it’s easy to get adoption you run the risk for 51% attacks like CoiledCoin as well as miners could just not validate transactions. From there we jump to a topical topic, cross chain atomic swaps.

Cross chain atomic swaps

This topic seems hard and yet it’s not too bad. As mentioned different cryptocurrencies are sometimes on different networks as well as different blockchains. Thus, the state of blockchains and balances aren’t necessarily well known easily. Prior to oracles (ways to get real world information onto a blockchain) on Ethereum, it wasn’t easy to correctly know the price of USD and even now some of those oracles are only updated per hour. Wouldn’t it be cool if there was an algorithm/process that facilitated moving or trading coins between chains?

Without this technology, you could think about a central exchange. How do they do this? If two people were trading one for Bitcoin and the other for ethereum, the central exchange may just give each party an IOU, temporary agreement to pay you back. The reason this works is that users have already deposited their funds to the exchange and thus they expect the exchange to correctly move the funds on its own internal ledger and settle it correctly. Cross atomic swaps lets you do it a bit more trustlessly.

Thus, you want a paradigm where the transaction succeeds or fails but in no way should any party lose their coins. This is also known as atomic. As an example, let’s say Adam has 1 BTC and Betsy has 2 LTC and they decide to trade regardless of price issues. If Adam were to send one BTC to Betsy, it’s possible that Betsy can just run away and not pay Adam back or vice versa. That would not be good.

Welcome the Tier Nolan protocol which is what the lecturer is describing. This solution involves cryptographic commitments and time-locked deposits. The link I just put is to Bitcoin Talk. It always surprises me the depth of information found there. Interestingly the lecturer also makes an appears as socrates1024.

  1. Alice generates a secret x, and the hash of x (hashx).
  2. Alice then creates a pair of transactions, DepositA and RefundA
    1. The first is called a “DepositA” which does not get published yet. This transactions deposits her Bitcoin so that the Bitcoin can be spent in 1 of 2 ways.
      1. If Bob takes it, Bob must publish the secret value x. This is the way to protocol will happen if the protocol completes.
      2. The second way requires a signature from both Alice and Bob. Alice generates the deposit transaction but she keeps it unpublished. She then generates that other called RefundA.
    2. This second one is called RefundA which she has to get Bob’s signature on it. Once Bob signs RefundA, she publishes DepositA but doesn’t publish RefundA. It is timelocked to some time in the future known as T+2.
  3. Bob similarly creates a pair of transaction, DepositB and RefundB.
    1. DepositB does not get published but it can be spent in 1 of 2 ways.
      1. Alice can claim the Bitcoin at T+1, which reveals X to Bob
      2. Bob can get his Bitcoin refund at T + 2.
    2. He creates RefundB and gets Alice’s signature on it
    3. Once Alice sign’s RefundB, he publishes DepositB but doesn’t publish RefundB. It it timelocked to T+1.

So it’s like a well synchronized dance between two parties. The names of each of the transactions aptly indicate what they do. The Deposit transactions are internally locking the respective funds until a certain time. I wrote this out such that Alice claims Bob’s coins at T + 1 and Bob claims Alice’s tokens at T + 2. If Alice didn’t claim Bob’s coins at T+ 1 then essentially the transaction is rolled back. This is where that Refund transaction comes into play. Bob can reclaim his tokens at T + 1 and then Alice can claim her tokens at T + 2.

CrossAtomic

 

As of 2015, the lecturer that this has not been seen in the wild. he brings up good points that it is a bit complex as well as slow. One has to wait for the block times per chain. Additionally, denial of service is an unfortunately repercussion, since while atomic, there may be extra transaction fees and loss of time. Fast forward to 2020, things have changed. I’ll list some of the projects pushing and implementing the change, maybe I can go into some of them later.

    1. Polkadot
    2. JellySwap
    3. Many centralized exchanges got into this via creating their own chains that still need to interact with main cryptocurrency chain, ex Binance

 

Altcoins: Namecoin, Peercoin, and Dogecoin

It’s been a while but I’m back and ready to write about Altcoins!

Questions answered in this post

  • Namecoin and DNS
  • Merge-mining with Bitcoin
  • Peercoin
  • Dogecoin
  • Metrics to compare altcoins

boxes-1834406_1920

Namecoin and DNS

The first altcoin discussed was Namecoin. I wrote about Namecoin in an earlier post here. This was the first altcoin launched in April 2011. It was created for the purpose of decentralizing Domain Name Registration. As mentioned in previous lectures, this could have been done with Bitcoin purely. Having an altcoin mean that the rules would be inviolable, enforced by miners. If you want to learn about how traditional DNS works, check here.

Namecoin was solving a legitimate problem that many people have worried about. DNS is essential to organizations and infrastructure of websites. It allows people to use an IP address and convert it into a usable and sharable name. Namecoin was created to work with a browser plugin where you’d be able to type in a url of http://example.bit. It would cost about 0.01 NMC (NameCoin) which at the time of the article was $0.01. There were not renewal fees but required that the url had to be accessed every 6 months. The names and subdomains could be transferred or sold.

In addition, it supported “merge-mined” with Bitcoin. Merge mining is a protocol that allows users to mine multiple cryptocurrencies at the same time. This works when there are multiple currencies using the same algorithm. They both use the SHA-256 algorithm for their “puzzle”. The benefits of merge-mining is that mining two coins does not slow the process of mining for the primary cryptocurrency. It allows low-hash cryptocurrencies to increase their network hashing power by bootstrapping with a more dominant coin.
An evolution of Namecoin is now an decentralized application on Ethereum known as ENS (Ethereum Name Service). ENS while present only in Ethereum, allow you to have a human readable domain that tracks back to an address. This can be use for both DNS purposes as well as for identifying your public ether address. ENS is still going fairly strong and is integrated to work with over 40 wallets.

Litecoin

Litecoin was launched in 2011. Litecoin has consistently been popular as well as the lecturer mentioned it has been forked more times than Bitcoin itself. As mentioned, when we described scrypt, I had mentioned that Litcoin used this mining puzzle. One goal of Litcoin as mentioned was to provide a GPU-resistance altcoin. Unfortunately, the puzzle has been broken and now ASICs have been created. On the upside, Litecoin had enough adoption that has allowed it to stay active which is more than can be said for other altcoins. There are a few parameter changes even though its a fork in that blocks are every 2.5 minutes as opposed to 10 minutes. In addition, many patches and improvements that have been put into Bitcoin have found their way into Litecoin.

PeerCoin

PeerCoin was launched after NameCoin and LiteCoin in late 2012. It was the first proof-of-stake mining altcoin. According to this lecturer, Sunny King and Scott Nadal invented Proof-of-Stake. I found their paper hosted at decred.org called “PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake”. Proof-of-stake mining was discussedbefore. Peercoin was referred to as a hybrid coin meaning that one can mine new coins with proof-of-work but this transaction is not used to determine the longest chain and thus reduces the power. This coin combined both PoW and PoS though. People who create the blocks in Peercoin are called minters rather than miners. Proof-of-stake allows owners of the coin to have influence over the network, produce new blocks and secure the chain. At a high level, this seems reasonable as people have skin-in-the-game.

Time is actually how Peercoin emulates proof-of-word computation. The longer a minter has coins in their wallet is called coin age. Coin age + some randomization is how the next minter is selected where those with higher coin ages have higher probabilities. Also, minters must hold coins in their wallets for a minimum threshold prior to starting to mint new blocks. There is a maximum age of 90 days so that once minter’s stake reach maturity, their probability of minting a new block gets maxed out.

The lecturer brought up an interesting feature of the coin. PeerCoin also has administrators which means that the protocol is not decentralized. These administrators have a trusted public key which they use to assign checkpoints  of “blessed” blocks. These “blessed” blocks are used to safeguard against forking attacks. This term “blessed” blocks was not that clear so I ended up going to the peercoin.net website for more information. However I did not see this terms used.

Afterwards I just looked for checkpoints and this seems to be a way to prevent double spending attacks. Checkpoints serve as a protection of history where they act as a safety switch. It was considered a temporary measure put in place to protect the network against attacks. Thus for at least Peercoin, one cannot use it as an example for creating a more secure decentralized currency.

DogeCoin

The last coin discussed was DogeCoin which apparently was created by pure humor. The coin is a close fork of Litecoin and was created in 2013. Jackson Palmer, was one of its creators. The point of DogeCoin was silliness and less for technical changes. The Doge refers to an amusing Internet meme of a Shiba Inu dog.

dogedog

The community has values in tipping, generosity, and not taking cryptocurrency so serious and thus they raised money for the Jamaica National Bobsled Team in 2014. The values of Dogecoin has run similar to other altcoins but it’s popularity lies with the Doge dog. Seriously this coin has lasted longer than so many other altcoins. In addition the “Doge Dog”was a prime guest at Devcon, Ethereum main developer conference in 2019.

Outside of all these marketing pieces, what else is Dogecoin? It has something called “random block rewards” This means that each block is random and thus the block bonus is pseudorandom function of the previous block hash. This means that if a miner only cared about profit, they could switch to another altcoin. Thus the Dogecoin chain could have become stuck. Unsurprisingly this feature was remove in March 2014. In addition, the block reward halving occurs faster. The reward rate is cut every two months. The lecturer pointed out that at the last two halvings that occurred in 2014, the network hash rate also decreased substantially. However this behavior is not consistent across all cryptocurrencies which brings us to the next section. Bitcoins has always been overall increasing. It has had increases and decreases but in general moves to more difficult.

Metrics: Comparing Cryptocurrencies

Hashpower can be compared directly for altcoins that use the same mining puzzle. Thus, Ethereum and Bitcoin cannot be compared. Comparing altcoins using a second order such as hashrate over time may be a factor worth using. The lecturer classified this could be seen as the participation in the network. This was the first metric but also looking at total hashpower for similar puzzles could be useful.

Price is also another value that could be used as well. The lecturer showed a price chart comparing Dogecoin and Litecoin. Something that I thought was interesting was that this correlated well with the hashrate changes over time. Afterwards he listed several other mechanisms which personally I think people use for more speculative reasons. This is also because these two metrics are also used to trading other assets like stocks and options.

The first metric is Market Cap(itlization) which is calculated by multiplying the price by the total number of coins. This metric requires that you have a solid way to determine price as well as number of coins. It would be an overestimate as well. It doesn’t account for lost coins but in general if you have a currency that is frequently created and then burned, this would be important. The second metric is Exchange Volume. Exchange volume may have to be aggregated if there is no one market that dominates the volume to ensure you’re not getting an exchange bias. As the lecturer mentions, this can be heavily manipulated especially for coins with low market cap.

The last metric is based on merchant support and usage. This could be very difficult because you would need transparency from payment processors, exchanges as well as market participants. At least with Bitcoin, given that address can be changed per transaction its difficult to aggregate this. These metrics give a sense on how to navigate the cryptocurrency space when there are thousands of options. Then the lecture ended foreshadowing more altcoins will be discussed.

Secure Lotteries in Bitcoins

  • Real world lottery
  • Doing a trust less lottery
  • Hash Commitments
  • Timed Hash Commitments

Setup offline

As always there are two parties, Alice and Bob who want to take a bet with each other over a fair coin toss. There are two parts. First Alice mentions a price and determines if Bob is interested. Bob accepts and then takes a side usually when the coin is in the air. There are a lot of assumptions to ensure fairness and there is trust that the loser will pay. The goal of this lecture is to describe a way to run an online lottery without trust.

Online lottery without trust

Thus it’s a similar setup in that there are two parties but these parties are connected along a network such as the internet. However, there are several reasons that the offline approach will not work. Because both Alice and Bob are remote, it’s more difficult for each of them to verify the fairness of the coin flip. In addition, final payment requires more setup to ensure that the loser just doesn’t walk away and not pay. Lack of trust hurts these setups.

Alice and Bob want to bet on a coin flip remotely.

The solution that the lecturer brings up is hash commitments. A hash commitment allows one to store a fixed value that is know but hidden and later reveal it without modifying this fixed value. There are specific characteristics for publishing some commitment of x. Thus inputting x essentially reveals the commitment at the end.

  1. Can’t find an x’ != x later such that H(x’) = H(x)
  2. H(x) reveals no information about x assuming the space of possible is bug.

Hash Commitment lottery – 2 Phase

Thus we now have a new example. There are three parties: Alice, Bob, and Carol and each choose a random number, nonce, respectively x, y, z. Each person must keep this random number to themselves and in round one each will publish some hash using their nonce. By the one-way uniqueness property, publishing the hash of their nonce reveals zero information about their actual nonce. Later the participants will reveal their actual nonce values. Finally, to determine the winner, a function can take in x, y, and z put it into another hash that is known or XOR can be done. This value can then be mod’d by the number of participants, 3 to find the winner. Now we can reason why this solution works.

Everyone can run through the protocol themselves. They guarantee that no one could have lied about their x, y, and z values since in round one, each person had committed the one-way hash result. Thus each person can run the hash function to ensure these values lined up. Furthermore, the final reveal part to get the mod value can also be checked. Because all these functions are known prior to the final run, a participant can choose not to submit their input because they know they’re guaranteed to loser. Thus, this schema is insufficient by itself to create this trustless lottery. Now we are introduced to a slightly better schema, timed hash commitments.

Timed Hash Commitments

As obvious, given this entire lecture are giving uses for bitcoin, use bitcoin blockchain. A timed hash commitment requires that x must be revealed by a certain timestamp. A transaction gets created in a multisig script that will pay the entire bond to one party either if the time expires or the revealed hash indicates a different behavior. Thus if Alice determine she will lose and thus does not participate, Bob can still withdraw funds. Thus the loss to Alice should equal how much she may have won with the lottery. Similarly, the same schema can be used with Alice, Bob, and Carol with each person using a Bond. Unfortunately, ti’s time complexity and bond issue may make it more difficult.

Bitcoin as an append-only log

Lecture 9 is here. This lecture discussed many of the applications that can be built on top of Bitcoin based upon different characteristics such as append-only log.

Questions answered in this post

  • What does append-only log mean?
  • How can Bitcoin be used for secure time stamping?
  • What are three different ways this can be done on the base layer?
  • What is an overlay currency?
  • How does Mastercoin work on top of Bitcoin?

Append-only Log

Append-only means just what it sounds like; you can only make it larger and add lines to the log and cannot remove elements. One benefit of bitcoin being an append-only log means we know something came before something else. For Bitcoin, it’s less about time and more about which block they were written to.

That sounds pretty simple if you’re working with one machine or list and you see everything that is going on. As a simple extension, imagine instead of one machine you have 24 students in a classroom with computers writing to the same log. Things become a bit more complicated but at least you can coordinate the group since it’s all localized. Things become crazier when maybe you have 1000 people all working at the same company but distributed all over the world. Now it’s not so straightforward how each person and machine correctly coordinate events happening unless they all kept to the same time clock and had a notion of strict ordering. Blockchain ie bitcoin can accomplish this via strict timestamping.

Strict Timestamping

Goal: Prove knowledge of x at time t.

If desired, without revealing x at time t but instead be able to reveal it later. Evidence should be permanent.

Simple example for this could be an auction or more generally a guessing game. Essentially the operator can take every person’s input and it’s fair and secure as not even the operator knows the guesses. Then once time is up, then you find the winner and can prove this knowledge.

This becomes a reality through hash commitments. If you publish H(x) and it should be one way it’s a commitment to x. H(x) should reveal no information about x as is guaranteed by hash functions. Then once time is up, you can reveal x to allow a system to compute H(x) and thus input is validated.

Secure timestamping application

  • proof of knowledge – patent
  • proof of receipt – commitment that you received a msg
  • Hash-based signature schemes – Guy Fawkes signature scheme

Can’t use secure timestamp for proof of clairvoyance.

Timestamping in Bitcoin

Three different ideas are discussed below.

First Idea: Specify the hash of your data instead of a valid public key

Send 1 satoshi to the address. You want it to be 1 satoshi as that is the smallest spendable amount. The overhead with this is that miners are tracking an unspendable UTXO forever.

Second Idea: Commit Coin is a slightly better way in that there is no UTXO bloat but it is more expensive.

Third Idea: Provably unspendable commitments where you put your data into an unspendable script.

CommitCoin (Clark, Essex 2012)

Idea: Brute-force to find a key that meets requires ie a public key and signature starting with the first n bits of your data hash.

Pros: compatible, invisible to miners, no UTX0 bloat

Cons: More expensive, low data rate

Provable unspendable commitments

Pro: cheap, no UTXO bloat

Cons: not a standard transaction

Examples for this being a business

40-byte for 1 tx fee

The best approach is via a provable un-spendable commitments. There are startup and websites that have made their business this way as well. It’s not that bad in that you can get a 40-byte into the blockchain. A downside is that if you can write any data, there is a risk that illegal content could be written. Thus if you relay the blockchain you may technically be storing said content which in itself is a crime. There is a way to reduce this attack by forcing everyone to use pay-to-script-hash but it’s more expensive.

Overlaying currencies

Observation: timestamping is all we need to open the door to creating overlay currencies.

Bitcoin can be the underlying blockchain and then you can write new data to the blockchain without requiring new mining or consensus schemes. Invalid transactions are included but the nodes parsing the information would need to understand them. Thus there would need to be certain nodes or new rules to ensure valid transactions are written and parsed.

Master Coin

Mastercoin (Omni) is one example of this. It’s an overlay currency with a richer transaction set which has more features and faster development. There are smart property and smart contracts. However, it is reliant on Bitcoin.

PHP Code Snippets Powered By : XYZScripts.com