summaryrefslogtreecommitdiff
path: root/13/b9bf3b307d2120d95e2f42de611a43124a15d1
blob: bb3492a4dea755e456749fefc9f44f7a90d01244 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
Return-Path: <fresheneesz@gmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 1A18DC000E
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed,  7 Jul 2021 03:21:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 567C14049F
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed,  7 Jul 2021 03:21:01 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -0.888
X-Spam-Level: 
X-Spam-Status: No, score=-0.888 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, MONEY_FRAUD_5=1.21,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
 autolearn=no autolearn_force=no
Authentication-Results: smtp2.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id jF6PNLrZ1TVt
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed,  7 Jul 2021 03:20:57 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com
 [IPv6:2a00:1450:4864:20::631])
 by smtp2.osuosl.org (Postfix) with ESMTPS id 0D02E401D3
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed,  7 Jul 2021 03:20:56 +0000 (UTC)
Received: by mail-ej1-x631.google.com with SMTP id nd37so970722ejc.3
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 06 Jul 2021 20:20:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=MF+yfL00d3w/2bxpk3qbB78BGo+ufxuVpIzbvWQsHh8=;
 b=XnIPCMDtm1SqaE1BLk0KAzEKnce2BkZjVTJfW9tMOf4Vuds93ZD8caBF3IQ9oNxjpr
 jrPxL6AgoO3p/h3UB2pAiLa3a9m9QzDXmZlEzDnNkcl2SwqF94Ltgkbm9bT4cqsL7XsE
 /0O5WN3Cxsu6wrg9e7ZSjPJCQV65yW0PL13QgTBycHWe+o8/Tr5oCq7tyH7B8YB+FeZ0
 Jh509UWhNqdsVGNl4HS7QJwjTFCIj109TU0Zi+aFkqCTVmvcZ7hp9VpUsLBZ0xIHtYzZ
 kFwiS4wmXIDtKcRQU0qO9ZrvXaeDOPnPRNInFiICsKnSn37QYtVqwQZBiKALZ6EpG2g7
 5NvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=MF+yfL00d3w/2bxpk3qbB78BGo+ufxuVpIzbvWQsHh8=;
 b=QrF4zSwWHSe+uMoQ/o4lrY4ZFzrs1ae9TxiWHSiYsHcmbtJYPw8jsZvh6xueex1ZbN
 PRmzIqAaqvEalvDtX69jygEm/L0Ogyg46oFedG9cDRoKiCtdmXbstBNzfZsHW/xvnCGg
 groAnvSyFHDbv7jbvaCWiefZ19amKZTOVOTMsqbCjhaEgRucEV14IbU0/dk5yfXqtwKF
 Wq1lAfHfzTQfmbrCorJjLFdsOo/n7nFsfCsClxrGbj6jF89IJM1h3pDKfmK7m9O1YQ3q
 Xg0B60vblOGbrMzdP8MLEMcssierHJs+pdikl4v1AMv564WYUY4maLBY+F4xur87flKJ
 uobQ==
X-Gm-Message-State: AOAM532CyRq8IuhdTdsQShcJ7bvNKaJuTpIjoaaBlAYShW8tnfn4bKnF
 7Ig7PmSOIYVfyJeSyRZuK7Pltq8W5+5HYkIS4iM=
X-Google-Smtp-Source: ABdhPJx7cKziLa+QVAtkSFTcVJQ8MtQEi7BCaiwDih7/fnAd0939X6nrCAFyYFuQS00QTP4Xd4UxHL0c/ABXJvOA5ec=
X-Received: by 2002:a17:907:7708:: with SMTP id
 kw8mr22278710ejc.111.1625628055057; 
 Tue, 06 Jul 2021 20:20:55 -0700 (PDT)
MIME-Version: 1.0
References: <bea8122aea550f1141170829aac252af@riseup.net>
 <CADvTj4q42bQ0mTWwdMyJM9UpW57pV0feZk-vYynPu91N_aZSZw@mail.gmail.com>
 <CAGpPWDZtRnnv-Hinn4x=9ukJcuHkZv-6Yt32AK-9e+BJ=6r-kA@mail.gmail.com>
 <f46159f0286fe48720bc3f3fead1b575@riseup.net>
 <CAJowKgKELBmLdA-w5ghGoiWe5RQdNkKsV3OGRFbDJCOeA04AWw@mail.gmail.com>
 <d8b3ba5b940473165ad72d689a01602a@riseup.net>
 <CAGpPWDYAJE4jh=G2g=KSRuLLucEAyZGAD+r4XMpcmw6nk4+Wbg@mail.gmail.com>
 <e843b5c28690557402b72fcd158dc1c2@riseup.net>
In-Reply-To: <e843b5c28690557402b72fcd158dc1c2@riseup.net>
From: Billy Tetrud <billy.tetrud@gmail.com>
Date: Tue, 6 Jul 2021 20:20:38 -0700
Message-ID: <CAGpPWDYPutiURUtenkU_zr4nW_tZVe5oWykXxWCDyROwqTdW5Q@mail.gmail.com>
To: raymo@riseup.net
Content-Type: multipart/alternative; boundary="000000000000c2371205c680064a"
X-Mailman-Approved-At: Wed, 07 Jul 2021 08:20:40 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Boost Bitcoin circulation,
 Million Transactions Per Second with stronger privacy
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2021 03:21:02 -0000

--000000000000c2371205c680064a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

>  As far as I know the =E2=80=9Cclaw back=E2=80=9D mechanism doesn=E2=80=
=99t exist in Bitcoin
system, and probably most Bitcoiners won=E2=80=99t be agree on it.

It certainly doesn't. And it would definitely be a hard sell.

> It looks the miners still can abuse Sabu, but as I told before the miner
or better say the mining pool must be issuer .. or must be creditor .. or
collaborate one of them in a
conspiracy.

Yes. But it certainly incentivizes miners to become creditors and scam
people. Even if a small miner who mines one block a year does this, they
can mine all Guarantee Transactions in their possession. Larger miners that
mine one block every few days can scam that much more often. Even with $5
credits, that could be an extra $9000 gained in a block. That's pretty
substantial when fees are totaling around $45,000 per block.

> would be resolved by a slightly upgrade in Bitcoin protocol by applying
the BIPxxx =E2=80=9Cfor flagging/unflagging promised UTXOs=E2=80=9D

As others have mentioned tho, doing something like that would be at very
least quite complex, and at worst impossible to do securely. The whole
reason why bitcoin's blockchain exists in the first place is to be a single
source of truth for transactions. The mempool is not a source of truth for
consensus. The Sabu network could not be a source of truth either for
consensus, without some serious innovations (that may not be possible). It
isn't as simple as you seem to be thinking.

>  The new transaction will use same 40,000 UTXO as input and the outputs
will be 6,500 Sat for creditor (he pays 2,500 Sat for transaction fee)
4,500 Sat for creditor 2

This is the part I was unable to find/understand quickly enough in the
original write up. So for creditor 1 to pay creditor 2, a new main
transaction and guarantee transaction are created that credit the
appropriate people, right? FYI, the MT and GT acronyms make it harder for
me to read/understand, so I'm preferring to write them out. But that helps.
Let me write this out in a different (more compact) way:

1. Creditor A $5 -> Issuer

2. Issuer creates and shares transactions:

Main Transaction (40k sats):
* Issuer: 19k sats
* Creditor A: 11k sats
* Fee: 10k sats (4k from creditor, 6k from issuer)

Guarantee Transaction (40k sats):
* Issuer: 13,300 sats
* Creditor A: 1650 sats
* Fee: 25,050 sats

3. Creditor A, 6k sats -> Creditor B. Issuer creates and shares
transactions:

Main Transaction (40k sats):
* Issuer: 19k sats
* Creditor A:  6,500 sats
* Creditor B:  4,500 sats
* Fee: 10k sats (4k from creditor, 6k from issuer)

Guarantee Transaction (40k sats):
* Issuer: 13300 sats
* Creditor A: 975 sats
* Creditor B: 675 sats
* Fee: 25050 sats

Is this right?

> The miner attack is just a failed plan as I explained before

I thought you acknowledged that the miner attack is an issue above. No?

>> Sabu has slightly greater risk comparing lightning
> It is not true,

What I mean is that a violation of trust results in more damaging effects
with Sabu than with lightning. In lightning, if your channel partner
cheats, at worst you must simply pay a normal transaction fee. With Sabu,
if a creditor cheats, you will likely pay an abnormally large transaction
fee. This is what I mean by "greater risk". Some attackers are what's known
as griefers - these are people willing to spend time and money hurting
someone else, even if they don't make a profit from it (other
than schadenfreude). It seems clear there is a greater risk of being
griefed in Sabu than in lightning.

Furthermore, while in lightning, if you perform the protocol properly, your
funds can never be stolen except in very extreme circumstances (eg
widespread long-running network congestion that prevents confirming a
revoke transaction). By contrast, Sabu has a significant likelihood that a
cheating transaction could be mined instead of the guarantee transaction.
Perhaps the likelihood is approximately 2 seconds / 10 minutes (0.3%
chance), but a 0.3% is clearly larger than approximately 0% chance in
lightning. Again, this is another part of what I mean by "higher risk".

These are both real counterparty risks that you shouldn't simply ignore. It
may be true that no rational actor will attempt an attack, however not all
actors are rational. People also make mistakes, write buggy software, etc
etc. The existence of risk doesn't ruin your idea - every protocol has
risks. But identifying the specific risks is the only way to compare the
properties against alternatives (like on chain transactions or the
lightning network). I think its important to acknowledge these risks in
your write up.

> I explained before this kind of attacks will not happened never

If people use your protocol, some will inevitably use it wrong. Those that
use it wrong should be the ones that pay the price for it - but it is a
downside of the protocol if the counter party of the person that makes a
mistake (or attempts something malicious) is harmed as a result. Again,
these kinds of trade offs are ok, but you should not be assuming that
attacks like this will never happen. They will happen sometimes. You must
assume that. The question is what is the result when an attack is
attempted? And how will that affect what kinds of actors will attempt an
attack (malicious, profit seeking, honest, stupid, wreckless, incompetent,
other types of actors etc etc)?

> I didn=E2=80=99t find any case Lightning can compete with Sabu.

As I explained above related to risk, there are trade offs. I would like to
see in your write up a clear list of these trade offs. The additional risk
(as I explained it above) is one trade off. It sounds like there are limits
in which a creditor or issuer can safely rely on incentives to prevent
attacks. Did you specify what those limits are? The Lightning network also
has limits - eg a lightning node can't allow its channel partner to spend
100% of their coins without taking on additional risk of attack. How do
those limits compare in Sabu? For example, an issuer couldn't allow any
creditor to spend so much of their credited bitcoin that their credit goes
below the amount they would receive in any past Guarantee Transaction
without taking on the risk that the creditor would post that guarantee
transaction and receive coins they shouldn't own anymore. I would love to
see a more detailed comparison of Sabu to lightning.

If your protocol works out, there are obvious benefits: transactions that
could be done with no on-chain footprint. However, even if the protocol
works out, there are trade offs and those trade offs should be made very
clear. Even if the comparative downsides are small.

~BT

Hi Billy
> > high-level overview of how all the pieces (How Sabu protocol works).
> > how normal transactions happen in their entirety.
> Ok, lets re-explain Sabu. In Sabu protocol we have two type of actors.
> The issuers who own Bitcoin (they own UTXOs on Bitcoin blockchain), and
> the creditors who will own Bitcoins (the UTXOs on Bitcoin blockchain),
> if the issuer or the creditor sends the prepared transaction to Bitcoin
> network. But for know creditors have the transaction in their hand.
> Before sending this transaction to Bitcoin network it acts (in Sabu
> protocol and Sabu network) as a liability of issuer.
> The story always starts from issuer, the person who get money or goods
> or services from a creditor and in exchange creates and sings a valid
> Bitcoin transaction by which the issuer spends his UTXO and as a one of
> the outputs of the transaction, there will be an output for creditor=E2=
=80=99s
> address equal to the money issuer already get paid.
> This transaction is a valid transaction which is signed =E2=80=9Conly=E2=
=80=9D by
> issuer. The outputs of transaction are just and exact balance of the
> parties (issuer and creditor).
> Lets, imagine the creditor payed 5$ (almost equal to 15,000 Sat) to
> issuer. Thus, issuer will create and sign a transaction by which he
> spends 40,000 Sat and the outputs will be
> 11,000 for creditor (the creditor has to pay 4,000 Sat in favor of
> transaction fee),
> 10,000 for Bitcoin-transaction-fee (4,000 by creditor and 6,000 by
> issuer) and
> 19,000 change back to issuer account address.
> It is our Main Transaction (MT) which is a pretty normal and valid
> transaction.
> Alongside the MT, issuer creates and signs a Guarantee Transaction (GT).
> In GT issuer spends same 40,000 Sat UTXO as input, and as outputs
> the creditor will get 15% of his 11,000 Sat in Main Transaction. Thus
> the creditor output will be 1,650 Sat and the rest of creditor=E2=80=99s =
money
> (11,000 =E2=80=93 1,650 =3D 9,350 Sat) will be added to transaction fee.
> In GT also issuer will lose a part of his money. New output for issuer
> will be 19,000 * 70% =3D 13,300 and the rest will be added to transaction
> fee (19,000 =E2=80=93 13,300 =3D 5,700 Sat)
> Thus, the new transaction fee in GT will be 10,000 + 9,350 + 5,700 =3D
> 25,050 Sat
> Now the creditor has 2 valid transactions (MT and GT) in his hands. He
> can send either MT or GT or both to Bitcoin Network. But in all cases,
> he will lose a portion of his money in favor of transaction fee (miner=E2=
=80=99s
> income). So, rationally he will never send transactions to Bitcoin
> network unless he wants consciously hurt himself.
> The creditor always prefers to spend his credit inside the Sabu
> protocol. It is =E2=80=9Chow normal transactions happen in their entirety=
.=E2=80=9D
> Creditor has equal to 15,000 Sat credit. Say he wants to buy a caffe
> worth 6,000 Sat. He has to ask the issuer to nullify previous MT and GT,
> and create and sign new transaction and cut 6,000 Sat from his credit
> and transfer it to a new creditor (say C2).
> The new transaction will use same 40,000 UTXO as input and the outputs
> will be
> 6,500 Sat for creditor (he pays 2,500 Sat for transaction fee)
> 4,500 Sat for creditor 2 (he has to pay 1,500 Sat for transaction fee as
> well)
> 10,000 for Bitcoin-transaction-fee (4,000 by two creditors and 6,000 by
> issuer) and
> 19,000 change back to issuer account address.
> This is the new MT, and as you can see the C1 and C2 have their new
> credit in transaction.
> You can calculate the new GT as well.
> Note: due to simplicity I just rounded the numbers and skipped the
> Sabu-transaction-fee
> I just wrote this long story to explain how creditors just transfer
> money in between.
> If we take a snapshot of Sabu network, we will see millions of valid
> transactions flowing in network and none of the issuers or creditors
> will send these transactions to Bitcoin network due the transaction fee,
> while in Bitcoin blockchain nothing is changed! The UTXOs are untouched,
> and no one can say which UTXO is promised to who.
> It is a pretty secure off-chain protocol.
> Although I expected more Bitcoiners to react about Sabu proposal and
> comment for or against it, so far, I have not seen any serious criticism
> or real threat about protocol.
> The miner attack is just a failed plan as I explained before.
> > Sabu has slightly greater risk comparing lightning
> It is not true, since creditors can manage they risk, and limit their
> credit to 5, 10 or 20 Dollar or 50$. It is totally up to creditor to
> accept more liability from issuers or not.
> The creditor can keep his credit around a fix number. That is, the
> creditor spends a part of his credit and then again increase its credit.
> Let imagine you already payed 5$ to a issuer and you got 15,000 Sat
> credit in your wallet. So, you will spend this 15,000 Sat (buy coffee,
> ice-cream, etc.) till your wallet run out of Satoshi and again you will
> pay another 5$ to issuer and get new 15,000 sat credit. Since all of
> these transactions has near zero cost you are not obliged to charge your
> wallet 200$ in one shot.
> It is absolutely low risk deal. In worst case the creditor (you) will
> lose 5$. And as I explained before this kind of attacks will not
> happened never. And as you told Sabu provides cheaper and a larger
> number of transactions.
> > This would be essentially worse than the lightning network in some ways=
,
> Disagree! Please explain the scenario exactly. I didn=E2=80=99t find any =
case
> Lightning can compete with Sabu.
> > ledger of accounts and their balances, along with proof that the entity
> owns=E2=80=A6
> It is almost what I designed in Sabu. They are doc-watcher servers. They
> are a set of records of UTXOs and the proper Merkle root hash of related
> transaction in Sabu network. The intention was stopping issuer from
> spend and promises same UTXO to different people (that they are not
> aware of the existence of the other). So, any individual creditor (or
> their software) could verify that total liabilities (in account
> balances) are less than the half of the total bitcoins the entity owns.
> And if something doesn't match up, they won=E2=80=99t yell, instead they =
refuse
> the deal in first place, or send the GT to Bitcoin network and hurt the
> cheater issuer by slashing his money. it is =E2=80=9CTit-for-tat=E2=80=9D=
.
> > I think it likely has critical security holes. Perhaps you can fix them=
!
> There is no critical security hole. Please refer it by facts, numbers
> and proves.
> I think I already fixed all critics.
>
> Billy! I am actively working on this proposal and if no one cannot show
> a real problem or security issue in the project, I will start
> implementing it.
> Just imagine people regularly using Sabu protocol and send/receive
> Bitcoin (Satoshi) in billions of small amount transactions every day.
> This protocol will outspread Bitcoin and will attract a new crowd of
> penny investors to Bitcoin. The people who can afford 20$ or less
> monthly to invest on Bitcoin.
> Sabu brings Bitcoin to a whole new life.
> It will be the true scalable and mass adaption, and I do not know how to
> attract more real Bitcoin fans to this proposal!
> Guys! Here is the Bitcoin renascence.
> Maybe you can help it.
> Regards
> Raymo



On Sat, Jul 3, 2021 at 1:02 AM <raymo@riseup.net> wrote:

> Hi Billy,
>
> > What if it was possible for the creditor to claw back the funds
> As far as I know the =E2=80=9Cclaw back=E2=80=9D mechanism doesn=E2=80=99=
t exist in Bitcoin
> system, and probably most Bitcoiners won=E2=80=99t be agree on it.
> Even if we want to add claw back to Bitcoin in general, and Sabu in
> particular, it would add too complexities and uncertainty to Bitcoin.
> So, it would be better to not touch that part, instead focusing on
> reduce the cheating risk by putting some penalty for both issuers,
> creditors and miners.
> We already have the penalties for both issuers and creditors.
> It looks the miners still can abuse Sabu, but as I told before the miner
> or better say the mining pool must be issuer (to be able to sign the
> promised UTXO in cheating way) or must be creditor (in order to have a
> copy of GT and not lose his money in favor of a stranger miner. Remember
> the fact that creditor will lose 70% of their money in favor of Bitcoin
> transaction fee in a typical GT) or collaborate one of them in a
> conspiracy. Otherwise, there will be no economic benefit in this attack.
>
> All these 3 cases of the attacks, theoretically could be happened, but
> the risk to reward ratio is enough high to hinder potential malevolent
> from a practical act.
> Even this very small risk of miner attacks (which don=E2=80=99t care the =
attack
> costs, since he is not interested in economic benefit, but he wants to
> ruin Sabu), would be resolved by a slightly upgrade in Bitcoin protocol
> by applying the BIPxxx =E2=80=9Cfor flagging/unflagging promised UTXOs=E2=
=80=9D.
> I am not in rush to apply this upgrade on Bitcoin protocol, instead I am
> actively working in order to realize the Sabu protocol and Gazin wallet.
> Later the Sabu community will carry the BIPxxx.
>
> Best
>
> On 2021-07-02 17:57, Billy Tetrud wrote:
> > Thanks for the details Raymo. A thought occurred to me. Given the fact
> > that miners can abuse this system without penalty, it would be useful
> > to be able to fix this. What if it was possible for the creditor to
> > claw back the funds even if the cheating transaction was mined instead
> > of the guarantee transaction? Let's say there was a way to sign a
> > transaction that gives the receiver of that transaction the ability to
> > override any other transaction that uses the UTXO? If this were
> > possible, the issuer could give the creditor this kind of transaction
> > as the guarantee transaction, and in the case a cheat was done, the
> > creditor could still use the GT to reallocate that UTXO to themselves.
> >
> > Now there are issues with this. First of all, it could give anyone the
> > ability to double spend. So it would be prudent to limit this in some
> > way. The revocation probably should only be valid for up to 6 blocks,
> > such that if the transaction has 6 confirmations, it can no longer be
> > reallocated (thus preserving the 6 block finality rule). It could also
> > be required that the UTXO be marked as opting into this behavior (so
> > receivers would know about the possibility it could get revoked). This
> > second requirement would require Sabu issuers to make an on-chain
> > transaction to set themselves up as an issuer.
> >
> > Another issue is that this would make it possible for transactions to
> > expire. Any claw-back transaction would expire 6 blocks after the
> > initial transaction happened. This has been generally avoided in
> > bitcoin, but I think the relevant issues are solvable. You can find
> > additional discussion of that in this thread [1].
> >
> > I would imagine this kind of ability would be pretty controversial,
> > but since it can close out the possibility for miners to escape
> > punishment, it could make this protocol viable.
> >
> > On Thu, Jul 1, 2021 at 3:15 PM <raymo@riseup.net> wrote:
> >
> >> Hi Erik
> >>
> >> Please correct me if I misunderstood.
> >>
> >>> email is fully compromised.
> >>
> >> What I got is:
> >> Email is not good because the sender and receiver are compromised.
> >> Email is not good because the message content is revealed.
> >> I can claim same argue about any other client/server model. Since
> >> the
> >> server (website) service provider will ask some sort of KYC. And
> >> even if
> >> the server uses end-to-end encryption, the provider company still
> >> can
> >> read the packets content.
> >> In my model the passive listener only can discover who is
> >> communicate to
> >> whom and make a graph of connections. Although it is a threat for
> >> privacy but the server/client model has this flaw inherently, since
> >> provider already knew everything about everyone. In my model at
> >> least
> >> users can make some fake connections and send some fake emails in
> >> order
> >> to inject noise to communications.
> >> Please note the fact that entire communication between mobile
> >> wallets
> >> (via emails) are asymmetric PGP encrypted. The PGP keys are
> >> controlled
> >> by end users unlike ALL pretending secure messengers (e.g whatsApp,
> >> signal, zoom,=E2=80=A6).
> >> If you are worried about the way of exchanging PGP public key, you
> >> are
> >> right. The most secure way is in-person PGP key exchanging.
> >> After that for payments the wallets communicate in pgp encrypted
> >> messages and they can transfer Bitcoin address through an PGP
> >> encrypted
> >> cipher, thus no revealing Bitcoin address to public would occur.
> >> Neither
> >> the amounts of transactions will be reviled.
> >> There for it would be a good practice for shops to put their email
> >> and
> >> PGP public key on shop website and/or PGP public key servers,
> >> instead of
> >> putting Bitcoin address on website or using 3rd parties services to
> >> hide
> >> their Bitcoin payment addresses.
> >>
> >> If I missed some points about =E2=80=9Cfully compromised=E2=80=9D plea=
se write
> >> it to me.
> >>
> >>> public keys / addresses are sent
> >> As I told before ALL communication in Sabu are PGP encrypted.
> >>
> >>> other routing data encrypted with public keys
> >>> (not sure how data is routed in sabu)
> >>
> >> Sabu is not responsible for routing at all. It simply sends emails.
> >> Indeed the wallets peer-to-peer network in Sabu is pretty straight
> >> forward. Each mobile wallet has one email address as its handler and
> >> identifier in mobile-wallets-network. Each mobile can send message
> >> to
> >> another mobile by knowing its email address and the PGP public key.
> >> This information can be prepared in first face-to-face contact of
> >> mobile
> >> owners, or later (something like signing the other=E2=80=99s public ke=
y in
> >> web
> >> of trust) when a creditor wants to spend his money and transfer it
> >> to
> >> another creditor. The creditor1 send the signed money transfer
> >> request
> >> alongside the email and public key of creditor2 all in a PGP
> >> encrypted
> >> message to issuer.
> >>
> >>> separate the Sabu protocol from the app... allow others to
> >> implement
> >>> desktop version, or other versions that use other routing systems
> >>
> >> Indeed, it is my approach too. As I told before users will decide
> >> between an unstoppable, permission less, self-sovereignty and
> >> decentralized pure peer-to-peer communication network (with some
> >> resolvable privacy issues) or some efficient, privacy-mimic central
> >> limited network.
> >>
> >>> you can allow direct-entry of a BIP-word-representation
> >>> of a public key/address to avoid privacy/central system concerns
> >> Agree. Actually, I was thinking about an easy mechanism to share
> >> your
> >> public key like what you suggested here.
> >> But what I consider for a =E2=80=9Ccentral system concerns=E2=80=9D is=
 the
> >> ability of
> >> communication without dependency to any company.
> >> As an example, what can you do if the twitter bans your account?
> >> Nothing! Your content and entire connections will be lost.
> >> But if you form your friends list in your mobile (or computer) and
> >> have
> >> their PGP public keys and they have yours, and use email as a dual
> >> purpose tool. First as a handler (the tool for finding and to be
> >> found
> >> in internet) and second as a communication tool.
> >> Thus, no one can stop you, ban you or limit you to send/receive
> >> transaction to/from anyone.
> >> What I am trying to say is using email is far better than account
> >> (username) in a limited central service like twitter, Facebook,
> >> telegram... or even in future Sabu servers!
> >> You have your connections under your control in your phone. You can
> >> easily change your email and use a new email or even a new service
> >> provider without losing your connections and your control over it.
> >> You just sign your new email address and send it to your friends
> >> circle
> >> and notify them about changes.
> >> Of course, email is not good for millions of followers but it is
> >> obviously good for managing your payment network of hundreds of
> >> people
> >> (either issuers or creditors).
> >>
> >> Best
> >> Raymo
> >>
> >> On 2021-07-01 20:49, Erik Aronesty wrote:
> >>> your protocol should always assume the email system is fully
> >>> compromised, and only send public information over email:
> >>>
> >>> - public keys / addresses are sent
> >>> - other routing data encrypted with public keys (not sure how data
> >> is
> >>> routed in sabu)
> >>>
> >>> your end user should be able to verify public keys  / addresses
> >>>
> >>> - use QR-codes
> >>> - phone calls with users reading BIP words out loud
> >>> - other in-person information exchange
> >>>
> >>> separate the Sabu protocol from the app... allow others to
> >> implement
> >>> desktop version, or other versions that use other routing systems
> >>>
> >>> -  you can allow direct-entry of a BIP-word-representation of a
> >> public
> >>> key/address to avoid privacy/central system concerns
> >>>
> >>> On Thu, Jul 1, 2021 at 4:20 PM raymo via bitcoin-dev
> >>> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> >>>>
> >>>> Hi Billy,
> >>>> Sorry for late reply. Let=E2=80=99s jump in proposal.
> >>>>
> >>>>> Some more information about the benefits of this approach vs
> >> alternatives (mainly lightning)
> >>>> The most important different is unlike the lightning, in Sabu no
> >> one
> >>>> have to open a channel and pay Bitcoin transaction fee,
> >> subsequently no
> >>>> one has to close channel and pay another Bitcoin transaction fee.
> >> It is
> >>>> the huge improvement since it drops the overhead cost of
> >> transactions.
> >>>> So, it will be more convenience to trade under Sabu protocol.
> >>>> In Sabu none of parties of a transaction are obliged to block
> >> money in
> >>>> any kind of smart contract or any other m of n signature accounts
> >>>> on-chain, so it provides more privacy.
> >>>> Since Sabu protocol is designed to motivate people to circulate
> >>>> transactions (AKA debt documents) in Sabu network, if every actor
> >> act
> >>>> rationally no one will aware how much money transferred from who
> >> to
> >>>> whom.
> >>>> In case of fraudulent activity by issuer, the creditor will send
> >>>> Guarantee Transaction (GT) to Bitcoin network in order to
> >> recapture the
> >>>> part of his credit. So, in this case the transaction is literally
> >>>> recorded on bitcoin blockchain.
> >>>> There is only one another reason to recording transaction on
> >> Bitcoin
> >>>> blockchain. Where one creditor eager to pay Bitcoin transaction
> >> fee in
> >>>> order to aggregate thousands or even millions different small
> >> amount
> >>>> debt-documents in a single transaction on Bitcoin blockchain.
> >>>> despite these two cases, the rest of transactions all occur in
> >> the Sabu
> >>>> network (supposed to be over 99%). Thus, no footprint no
> >> bottleneck and
> >>>> no over process.
> >>>>
> >>>> Another important power point of Sabu is its pure-peer-to-peer
> >> network
> >>>> architecture. In Sabu the mobile wallets communicating to each
> >> other
> >>>> directly without any central server. There is no centralization
> >> at all.
> >>>> As a result, there will be no routing as well.
> >>>> Since only issuer and creditors are aware of the content of
> >> transaction
> >>>> (who pay how much to whom) it is a huge privacy improvement,
> >> which
> >>>> doesn=E2=80=99t exist in other layer 2 solutions.
> >>>>
> >>>> About the usability of Sabu, although the protocol based on the
> >>>> collaborating 2 different peer-to-peer network and 3 classic
> >>>> server/client networks, but the end user (mobile wallet user)
> >> doesn=E2=80=99t
> >>>> see any of these complexities.
> >>>> The end user simply installs the mobile/desktop wallet and add
> >> her/his
> >>>> friends to his phonebook by adding their email address or
> >> scanning their
> >>>> email (and/or PGP public key). After that s/he can immediately
> >> start to
> >>>> send/receive Bitcoin through Sabu network. Entire communications
> >> between
> >>>> wallets are PGP encrypted.
> >>>> Another good point in Sabu design is, the 12 seed words are using
> >> for
> >>>> both Bitcoin wallet private key and the PGP private key. So, it
> >> is the
> >>>> key of user wealth and its identity as well. For more details,
> >> please
> >>>> read my previous answer to Alex Schoof.
> >>>> The issuer, by using his UTXOs and selling them to creditors earn
> >> money.
> >>>> the issuer creates the debt document (transaction) by which
> >> promises to
> >>>> creditor an amount of satoshi. These debt documents are valid
> >> Bitcoin
> >>>> transaction. The only difference is these transactions are
> >> intended to
> >>>> circulate in Sabu protocol instead of sending to Bitcoin
> >> blockchain.
> >>>> Each transaction is a small money transfer. 40,000 Satoshi as
> >> input and
> >>>> maximum 20,000 Satoshi as credit and minimum 10,000 Satoshi as
> >> Bitcoin
> >>>> transaction fee.
> >>>> The creditors will use these received transactions as money and
> >> will pay
> >>>> it in exchange of goods or services. For each transaction the
> >> creditor
> >>>> pays 10 Satoshi as Sabu-transaction-fee to issuer.
> >>>> Sabu is not custodial service and the UXTOs are always under
> >> issuer
> >>>> control, unless issuer or creditor send the signed transaction to
> >>>> Bitcoin network. When the transaction was recorded in Bitcoin
> >>>> blockchain, the creditor can spend proper UTXO in Bitcoin
> >> network.
> >>>> Imagine million people use their UTXOs in Sabu, they are issuer
> >> and
> >>>> issue/update/cancel million transactions per second. All they
> >> need is a
> >>>> mobile wallet. On the other hand, every one by knowing an issuer
> >> can buy
> >>>> some Satoshi (whit absolutely no KYC), even 1 Dollar or less, and
> >> spend
> >>>> it, this time Alice really can buy caffe by Bitcoin ;)
> >>>> The Bar can install the mobile wallet and every day receives
> >> thousands
> >>>> of debt documents (transactions), each worth maximum 20,000
> >> Satoshi in
> >>>> exchange of coffee. And every evening aggregates those small
> >>>> transactions to one single transaction and send it to Bitcoin
> >> network.
> >>>>
> >>>>
> >>>> The security model of Sabu is pretty straight forward.
> >>>> Issuer is the owner of UTXO(s) which will be used in
> >> transactions. The
> >>>> issuer is and will the only person who creates transactions and
> >> sign
> >>>> them. The transactions are valid transaction which either issuer
> >> or
> >>>> creditor can send them to Bitcoin network, but they will never
> >> send
> >>>> these transactions to Bitcoin network, because of the high
> >> Bitcoin
> >>>> transaction fee for each single transaction.
> >>>> Since issuer is the only one who can sign transaction (spend
> >> UTXOs),
> >>>> there is a risk of issuer cheating. And no one can stop issuer
> >> from
> >>>> cheating, because these are his UTXOs and he has the proper
> >> private
> >>>> keys.
> >>>> The Sabu solution is Guarantee transaction. It is a valid
> >> transaction
> >>>> that issuer has to sign it alongside the Main transaction. In GT
> >> both
> >>>> issuer and creditor cut a part of their output in favor of
> >> Bitcoin
> >>>> transaction fee.
> >>>> We suppose miners always seeking for more profit, thus in a case
> >> there
> >>>> are 2 or more transaction are spending same UTXO as input, miner
> >> will
> >>>> choose transaction with highest feeRate. There is no economically
> >>>> benefit for issuer to cheat creditors and pay less transaction
> >> fee
> >>>> simultaneously. So rationally the issuer won=E2=80=99t cheat credito=
r.
> >>>> It was the simplest explanation of Sabu security model.
> >>>>
> >>>>> I agree with others that using email is probably not
> >> appropriate for a protocol like this. I would highly recommend
> >> making your protocol transport-agnostic, allowing users of your
> >> protocol to use any transport they want.
> >>>> Indeed, the protocol is transparent-agnostic, if I insist of
> >> email as a
> >>>> user identifier and communicating tool is because of the idea of
> >>>> reforming part of internet architecture and make it more
> >> decentralized.
> >>>> The wallet users can choose classic architecture. In this case
> >> mobile
> >>>> wallets will connect to a central server and communicate through
> >> that
> >>>> server (pretty much like all existed mobile wallets). While some
> >> users
> >>>> decide to use a pure peer-to-peer communication. I knew email has
> >> some
> >>>> privacy issues but as always it is a tradeoff. Users can decide
> >> between
> >>>> an unstoppable, permission less, self-sovereignty and
> >> decentralized pure
> >>>> peer-to-peer communication network (with some resolvable privacy
> >> issues)
> >>>> or some efficient central limited network.
> >>>> Let me know the critics about email. Hopefully this would lead us
> >> to
> >>>> improve email instead of letting it die. I strongly suggest email
> >>>> because it is the ONLY neutral, free =E2=80=9Cnonproprietary=E2=80=
=9D and
> >> open
> >>>> protocol/technology for communication in the world that its
> >>>> infrastructure is well-established and is accessible all over the
> >> glob.
> >>>>
> >>>> I tried to explain it more, hope was useful. By the way the
> >> complete
> >>>> explanation is here
> >>>>
> >>
> >
> https://raymo-49157.medium.com/time-to-boost-bitcoin-circulation-million-=
transactions-per-second-and-privacy-1eef8568d180
> >>>>
> >>>>
> >>>>
> >>>> Regards
> >>>> Raymo
> >>>>
> >>>>
> >>>>
> >>>> On 2021-06-22 18:20, Billy Tetrud wrote:
> >>>>> I would be interested in seeing some more information about the
> >>>>> benefits of this approach vs alternatives up front in this
> >> write up.
> >>>>> Eg how does the security, cost, usability, and privacy compare
> >> to the
> >>>>> lightning network, which would be the most likely competitor to
> >> this
> >>>>> idea. It seems clear that there is more counterparty risk here,
> >> so it
> >>>>> would probably also be very helpful to compare against
> >> traditional
> >>>>> custodial solutions as well. If you have specific claims on how
> >> this
> >>>>> system is better than eg lightning in certain contexts, it
> >> would be
> >>>>> far easier to evaluate the protocol against those claims, and
> >> would
> >>>>> also be a lot easier for readers to be motivated to read the
> >> whole
> >>>>> protocol and do a more full analysis.
> >>>>>
> >>>>> I agree with others that using email is probably not
> >> appropriate for a
> >>>>> protocol like this. I would highly recommend making your
> >> protocol
> >>>>> transport-agnostic, allowing users of your protocol to use any
> >>>>> transport they want.
> >>>>>
> >>>>> On Sat, Jun 19, 2021 at 7:00 PM James Hilliard via bitcoin-dev
> >>>>> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> >>>>>
> >>>>>> I think you're making a number of assumptions about mining
> >> that are
> >>>>>> not accurate.
> >>>>>>
> >>>>>>> First of all, how much chance in finding next block the
> >> corrupted
> >>>>>> miners have? One percent of all Bitcoin hash powers? Or
> >> maximum 5
> >>>>>> percent or 10? The cheaters must come up in dividing that 1.2
> >>>>>> Bitcoin between. After all the risk/reward must fit them. They
> >> can
> >>>>>> not be a big mining pool since there is no benefit, so they
> >> will be
> >>>>>> small miners with low hash rate. If they solve the puzzle and
> >>>>>> broadcast the block, no one in the entire Bitcoin network has
> >> block
> >>>>>> transactions or seen it before in their mempool!
> >>>>>>
> >>>>>> You're making the assumption that miners won't build on top of
> >> a
> >>>>>> block
> >>>>>> with transactions they have not seen before or transactions
> >> that may
> >>>>>> contain double spends of unconfirmed inputs, this is not how
> >> mining
> >>>>>> works, as long as the block passes the consensus rules
> >> effectively
> >>>>>> all
> >>>>>> miners will mine on top of it by default, this behavior is
> >>>>>> fundamental
> >>>>>> to how mining currently works and is fairly deeply baked into
> >> the
> >>>>>> current mining infrastructure.
> >>>>>>
> >>>>>>> Will they accept this block? In theory it is possible and
> >> have
> >>>>>> 0.01 percent chance but we can eliminate this small
> >> possibilities by
> >>>>>> a simple BIP for miners.
> >>>>>>
> >>>>>> What would this BIP look like? I don't see how this could work
> >> in a
> >>>>>> decentralized way as you would need another way of reaching
> >>>>>> consensus
> >>>>>> on what defines a valid block. Right now the chance is nearly
> >> 100
> >>>>>> percent that a miner will mine on top of the latest valid
> >> block,
> >>>>>> many
> >>>>>> pools(most last I checked) will even mine on the next block
> >> before
> >>>>>> they validate the latest block fully(ie validationless mining)
> >> to
> >>>>>> reduce their orphan rates.
> >>>>>>
> >>>>>>> We suppose the miners always control transactions with
> >>>>>> doc-watchers and avoid accepting transaction with same UTXO
> >> but
> >>>>>> different output.
> >>>>>>
> >>>>>> Miners have different mempool policy/rules for what
> >> transactions
> >>>>>> they
> >>>>>> themselves mine but all miners must mine on the most work
> >> chain of
> >>>>>> valid blocks otherwise they risk their own blocks being
> >> orphaned,
> >>>>>> any
> >>>>>> miner that does not do this is effectively guaranteed to have
> >> their
> >>>>>> block orphaned right now.
> >>>>>>
> >>>>>>> Because of high Bitcoin transaction fee, this guarantee
> >>>>>> transaction will take place in next block, even if other
> >> transaction
> >>>>>> which are using the same UTXO as input existed in mempool.
> >>>>>>
> >>>>>> When a new transaction is broadcast miners do not immediately
> >> start
> >>>>>> mining on a block template that includes that transaction, the
> >>>>>> template won't even be generated immediately when it enters a
> >> miners
> >>>>>> mempool in practice, for bandwidth/network efficiency reasons
> >> mining
> >>>>>> pools batch update the stratum templates/jobs they mine
> >> against so
> >>>>>> there can be significant latency between the time a
> >> transaction is
> >>>>>> actually broadcast and hits the miners mempool and the time
> >> the
> >>>>>> miners
> >>>>>> actually switch to mining on top it, these batched updates are
> >>>>>> essentially like point in time snapshots of the mempool and
> >>>>>> typically
> >>>>>> remain valid(as in the pool will accept shares submitted
> >> against
> >>>>>> that
> >>>>>> job as valid) until the bitcoin network finds the next block.
> >> I
> >>>>>> don't
> >>>>>> think these batch updates are done more often than every 30
> >> seconds
> >>>>>> typically, while often it is on the order of multiple minutes
> >>>>>> depending on the pool.
> >>>>>>
> >>>>>> Regards,
> >>>>>> James
> >>>>>>
> >>>>>> On Thu, Jun 17, 2021 at 2:14 PM raymo via bitcoin-dev
> >>>>>> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>> I have a proposal for improve Bitcoin TPS and privacy, here
> >> is the
> >>>>>> post.
> >>>>>>>
> >>>>>>
> >>>>>
> >>
> >
> https://raymo-49157.medium.com/time-to-boost-bitcoin-circulation-million-=
transactions-per-second-and-privacy-1eef8568d180
> >>>>>>> https://bitcointalk.org/index.php?topic=3D5344020.0
> >>>>>>> Can you please read it and share your idea about it.
> >>>>>>>
> >>>>>>> Cheers
> >>>>>>> Raymo
> >>>>>>> _______________________________________________
> >>>>>>> bitcoin-dev mailing list
> >>>>>>> bitcoin-dev@lists.linuxfoundation.org
> >>>>>>>
> >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >>>>>> _______________________________________________
> >>>>>> bitcoin-dev mailing list
> >>>>>> bitcoin-dev@lists.linuxfoundation.org
> >>>>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >>>> _______________________________________________
> >>>> bitcoin-dev mailing list
> >>>> bitcoin-dev@lists.linuxfoundation.org
> >>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >
> >
> > Links:
> > ------
> > [1]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019050.=
html
>

--000000000000c2371205c680064a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">&gt;=C2=A0

As far as I know the =E2=80=9Cclaw back=E2=80=9D mechanism doesn=E2=80=99t =
exist in Bitcoin<br>system, and probably most Bitcoiners won=E2=80=99t be a=
gree on it.<div><br></div><div>It certainly doesn&#39;t. And it would defin=
itely be a hard sell.</div><div><br></div><div>&gt; It looks the miners sti=
ll can abuse Sabu, but as I told before the miner</div>or better say the mi=
ning pool must be issuer ..=C2=A0or must be creditor .. or collaborate one =
of them in a<br>conspiracy.<div><br></div><div>Yes. But it certainly incent=
ivizes miners to become creditors and scam people. Even if a small miner wh=
o mines one block a year does this, they can mine all Guarantee Transaction=
s in their possession. Larger miners that mine one block every few days can=
 scam that much more often. Even with $5 credits, that could be an extra $9=
000 gained in a block. That&#39;s pretty substantial when fees are totaling=
 around $45,000 per block.=C2=A0</div><div><br></div><div>&gt; would be res=
olved by a slightly upgrade in Bitcoin protocol by applying the BIPxxx =E2=
=80=9Cfor flagging/unflagging promised UTXOs=E2=80=9D</div><div><br></div><=
div>As others have mentioned tho, doing=C2=A0something like that would be a=
t very least quite complex, and at worst impossible to do securely. The who=
le reason why bitcoin&#39;s blockchain exists in the first place is to be a=
 single source of truth for transactions. The mempool is not a source of tr=
uth for consensus. The Sabu network could not be a source of truth either f=
or consensus, without some serious innovations (that may not be possible). =
It isn&#39;t as simple as you seem to be thinking.=C2=A0</div><div><br></di=
v><div>&gt;=C2=A0

The new transaction will use same 40,000 UTXO as input and the outputs will=
 be 6,500 Sat for creditor (he pays 2,500 Sat for transaction fee) 4,500 Sa=
t for creditor 2<div><br></div><div>This is the part I was unable to find/u=
nderstand quickly enough in the original write up. So for creditor 1 to pay=
 creditor 2, a new main transaction and guarantee transaction are created t=
hat credit the appropriate people, right? FYI, the MT and GT acronyms=C2=A0=
make it harder for me to read/understand, so I&#39;m preferring to write th=
em out. But that helps. Let me write this out in a different (more compact)=
 way:</div><div><br></div><div>1. Creditor A $5 -&gt; Issuer=C2=A0</div><di=
v><br></div><div>2. Issuer creates and shares transactions:</div><div><br><=
/div><div>Main Transaction (40k sats):</div><div>* Issuer: 19k sats</div><d=
iv>* Creditor A: 11k sats</div><div>* Fee: 10k sats (4k from creditor, 6k f=
rom issuer)</div><div><br></div><div>Guarantee Transaction (40k sats):</div=
><div>* Issuer: 13,300 sats</div><div>* Creditor A: 1650 sats</div><div>* F=
ee:=C2=A025,050 sats</div><div><br></div><div>3. Creditor A, 6k sats -&gt; =
Creditor B. Issuer creates and shares transactions:</div><div><div><br>Main=
 Transaction (40k sats):</div><div>* Issuer: 19k sats</div>* Creditor A:=C2=
=A0=C2=A06,500=C2=A0sats<br>* Creditor B:=C2=A0 4,500 sats</div><div><div>*=
 Fee: 10k sats (4k from creditor, 6k from issuer)</div><div><br></div><div>=
Guarantee Transaction (40k sats):</div><div>* Issuer: 13300 sats</div>* Cre=
ditor A: 975 sats<br>* Creditor B: 675 sats<div>* Fee:=C2=A025050 sats</div=
></div><div><br></div><div>Is this right?=C2=A0</div><div><br></div><div>&g=
t; The miner attack is just a failed plan as I explained before</div><div><=
br></div><div>I thought you acknowledged=C2=A0that the miner attack is an i=
ssue above. No?</div><div><br></div><div>&gt;&gt; Sabu has slightly greater=
 risk comparing lightning<br>&gt; It is not true,=C2=A0</div><div><br></div=
><div>What I mean is that a violation of trust results in more damaging eff=
ects with Sabu than with lightning. In lightning, if your channel partner c=
heats, at worst you must simply pay a normal transaction fee. With Sabu, if=
 a creditor cheats, you will likely pay an abnormally large transaction fee=
. This is what I mean by &quot;greater risk&quot;. Some attackers are what&=
#39;s known as griefers - these are people willing to spend time and money =
hurting someone else, even if they don&#39;t make a profit from it (other t=
han=C2=A0schadenfreude). It seems clear there is a greater risk of being gr=
iefed in Sabu than in lightning.=C2=A0</div><div><br></div><div>Furthermore=
, while in lightning, if you perform the protocol properly, your funds can =
never be stolen except in very extreme=C2=A0circumstances (eg widespread lo=
ng-running network congestion that prevents confirming a revoke transaction=
). By contrast, Sabu has a significant likelihood that a cheating transacti=
on could be mined instead of the guarantee transaction. Perhaps the likelih=
ood is approximately 2 seconds / 10 minutes (0.3% chance), but a 0.3% is cl=
early larger than approximately 0% chance in lightning. Again, this is anot=
her part of what I mean by &quot;higher risk&quot;.</div><div>=C2=A0=C2=A0<=
/div><div>These are both real counterparty risks that you shouldn&#39;t sim=
ply ignore. It may be true that no rational actor will attempt an attack, h=
owever not all actors are rational. People also make mistakes, write buggy =
software, etc etc. The existence of risk doesn&#39;t ruin your idea - every=
 protocol has risks. But identifying the specific risks is the only way to =
compare the properties against alternatives (like on chain transactions or =
the lightning network). I think its=C2=A0important to acknowledge=C2=A0thes=
e risks in your write up.=C2=A0</div><div><br></div><div></div><div>&gt; I =
explained before this kind of attacks will not happened never</div><div><br=
></div><div>If people use your protocol, some will inevitably use it wrong.=
 Those that use it wrong should be the ones that pay the price for it - but=
 it is a downside of the protocol if the counter party of the person that m=
akes a mistake (or attempts something malicious) is harmed as a result. Aga=
in, these kinds of trade offs are ok, but you should not be assuming that a=
ttacks like this will never happen. They will happen sometimes. You must as=
sume that. The question is what is the result when an attack is attempted? =
And how will that affect what kinds of actors will attempt an attack (malic=
ious, profit seeking, honest, stupid, wreckless, incompetent, other types o=
f actors etc etc)?</div><div><br></div><div>&gt; I didn=E2=80=99t find any =
case Lightning can compete with Sabu.</div><div><br></div><div>As I explain=
ed above related to=C2=A0risk, there are trade offs. I would like to see in=
 your write up a clear list of these trade offs. The additional risk (as I =
explained it above) is one trade off. It sounds like there are limits in wh=
ich a creditor or issuer can safely rely on incentives to prevent attacks. =
Did you specify what those limits are? The Lightning network also has limit=
s - eg a lightning node can&#39;t allow its channel partner to spend 100% o=
f their coins without taking on additional risk of attack. How do those lim=
its compare in Sabu? For example, an issuer couldn&#39;t allow any creditor=
 to spend so much of their credited bitcoin that their credit goes below th=
e amount they would receive in any past Guarantee Transaction without takin=
g on the risk that the creditor would post that guarantee transaction and r=
eceive coins they shouldn&#39;t own anymore. I would love to see a more det=
ailed comparison of Sabu to lightning.</div><div><br></div><div>If your pro=
tocol works out, there are obvious benefits: transactions that could be don=
e with no on-chain footprint. However, even if the protocol works out, ther=
e are trade offs and those trade offs should be made very clear. Even if th=
e comparative downsides are small.</div></div><div><br></div><div>~BT</div>=
<div><br></div><div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Bi=
lly<br>&gt; high-level overview of how all the pieces (How Sabu protocol wo=
rks).<br><span class=3D"gmail-im" style=3D"color:rgb(80,0,80)">&gt; how nor=
mal transactions happen in their entirety.<br></span>Ok, lets re-explain Sa=
bu. In Sabu protocol we have two type of actors.<br>The issuers who own Bit=
coin (they own UTXOs on Bitcoin blockchain), and<br>the creditors who will =
own Bitcoins (the UTXOs on Bitcoin blockchain),<br>if the issuer or the cre=
ditor sends the prepared transaction to Bitcoin<br>network. But for know cr=
editors have the transaction in their hand.<br>Before sending this transact=
ion to Bitcoin network it acts (in Sabu<br>protocol and Sabu network) as a =
liability of issuer.<br>The story always starts from issuer, the person who=
 get money or goods<br>or services from a creditor and in exchange creates =
and sings a valid<br>Bitcoin transaction by which the issuer spends his UTX=
O and as a one of<br>the outputs of the transaction, there will be an outpu=
t for creditor=E2=80=99s<br>address equal to the money issuer already get p=
aid.<br>This transaction is a valid transaction which is signed =E2=80=9Con=
ly=E2=80=9D by<br>issuer. The outputs of transaction are just and exact bal=
ance of the<br>parties (issuer and creditor).<br>Lets, imagine the creditor=
 payed 5$ (almost equal to 15,000 Sat) to<br>issuer. Thus, issuer will crea=
te and sign a transaction by which he<br>spends 40,000 Sat and the outputs =
will be<br>11,000 for creditor (the creditor has to pay 4,000 Sat in favor =
of<br>transaction fee),<br>10,000 for Bitcoin-transaction-fee (4,000 by cre=
ditor and 6,000 by<br>issuer) and<br>19,000 change back to issuer account a=
ddress.<br>It is our Main Transaction (MT) which is a pretty normal and val=
id<br>transaction.<br>Alongside the MT, issuer creates and signs a Guarante=
e Transaction (GT).<br>In GT issuer spends same 40,000 Sat UTXO as input, a=
nd as outputs<br>the creditor will get 15% of his 11,000 Sat in Main Transa=
ction. Thus<br>the creditor output will be 1,650 Sat and the rest of credit=
or=E2=80=99s money<br>(11,000 =E2=80=93 1,650 =3D 9,350 Sat) will be added =
to transaction fee.<br>In GT also issuer will lose a part of his money. New=
 output for issuer<br>will be 19,000 * 70% =3D 13,300 and the rest will be =
added to transaction<br>fee (19,000 =E2=80=93 13,300 =3D 5,700 Sat)<br>Thus=
, the new transaction fee in GT will be 10,000 + 9,350 + 5,700 =3D<br>25,05=
0 Sat<br>Now the creditor has 2 valid transactions (MT and GT) in his hands=
. He<br>can send either MT or GT or both to Bitcoin Network. But in all cas=
es,<br>he will lose a portion of his money in favor of transaction fee (min=
er=E2=80=99s<br>income). So, rationally he will never send transactions to =
Bitcoin<br>network unless he wants consciously hurt himself.<br>The credito=
r always prefers to spend his credit inside the Sabu<br>protocol. It is =E2=
=80=9Chow normal transactions happen in their entirety.=E2=80=9D<br>Credito=
r has equal to 15,000 Sat credit. Say he wants to buy a caffe<br>worth 6,00=
0 Sat. He has to ask the issuer to nullify previous MT and GT,<br>and creat=
e and sign new transaction and cut 6,000 Sat from his credit<br>and transfe=
r it to a new creditor (say C2).<br>The new transaction will use same 40,00=
0 UTXO as input and the outputs<br>will be<br>6,500 Sat for creditor (he pa=
ys 2,500 Sat for transaction fee)<br>4,500 Sat for creditor 2 (he has to pa=
y 1,500 Sat for transaction fee as<br>well)<br>10,000 for Bitcoin-transacti=
on-fee (4,000 by two creditors and 6,000 by<br>issuer) and<br>19,000 change=
 back to issuer account address.<br>This is the new MT, and as you can see =
the C1 and C2 have their new<br>credit in transaction.<br>You can calculate=
 the new GT as well.<br>Note: due to simplicity I just rounded the numbers =
and skipped the<br>Sabu-transaction-fee<br>I just wrote this long story to =
explain how creditors just transfer<br>money in between.<br>If we take a sn=
apshot of Sabu network, we will see millions of valid<br>transactions flowi=
ng in network and none of the issuers or creditors<br>will send these trans=
actions to Bitcoin network due the transaction fee,<br>while in Bitcoin blo=
ckchain nothing is changed! The UTXOs are untouched,<br>and no one can say =
which UTXO is promised to who.<br>It is a pretty secure off-chain protocol.=
<br>Although I expected more Bitcoiners to react about Sabu proposal and<br=
>comment for or against it, so far, I have not seen any serious criticism<b=
r>or real threat about protocol.<br>The miner attack is just a failed plan =
as I explained before.<br>&gt; Sabu has slightly greater risk comparing lig=
htning<br>It is not true, since creditors can manage they risk, and limit t=
heir<br>credit to 5, 10 or 20 Dollar or 50$. It is totally up to creditor t=
o<br>accept more liability from issuers or not.<br>The creditor can keep hi=
s credit around a fix number. That is, the<br>creditor spends a part of his=
 credit and then again increase its credit.<br>Let imagine you already paye=
d 5$ to a issuer and you got 15,000 Sat<br>credit in your wallet. So, you w=
ill spend this 15,000 Sat (buy coffee,<br>ice-cream, etc.) till your wallet=
 run out of Satoshi and again you will<br>pay another 5$ to issuer and get =
new 15,000 sat credit. Since all of<br>these transactions has near zero cos=
t you are not obliged to charge your<br>wallet 200$ in one shot.<br>It is a=
bsolutely low risk deal. In worst case the creditor (you) will<br>lose 5$. =
And as I explained before this kind of attacks will not<br>happened never. =
And as you told Sabu provides cheaper and a larger<br>number of transaction=
s.<span class=3D"gmail-im" style=3D"color:rgb(80,0,80)"><br></span><span cl=
ass=3D"gmail-im" style=3D"color:rgb(80,0,80)">&gt; This would be essentiall=
y worse than the lightning network in some ways,<br></span>Disagree! Please=
 explain the scenario exactly. I didn=E2=80=99t find any case<br>Lightning =
can compete with Sabu.<br>&gt; ledger of accounts and their balances, along=
 with proof that the entity owns=E2=80=A6<br>It is almost what I designed i=
n Sabu. They are doc-watcher servers. They<br>are a set of records of UTXOs=
 and the proper Merkle root hash of related<br>transaction in Sabu network.=
 The intention was stopping issuer from<br>spend and promises same UTXO to =
different people (that they are not<br>aware of the existence of the other)=
. So, any individual creditor (or<br>their software) could verify that tota=
l liabilities (in account<br>balances) are less than the half of the total =
bitcoins the entity owns.<br>And if something doesn&#39;t match up, they wo=
n=E2=80=99t yell, instead they refuse<br>the deal in first place, or send t=
he GT to Bitcoin network and hurt the<br>cheater issuer by slashing his mon=
ey. it is =E2=80=9CTit-for-tat=E2=80=9D.<span class=3D"gmail-im" style=3D"c=
olor:rgb(80,0,80)"><br></span><span class=3D"gmail-im" style=3D"color:rgb(8=
0,0,80)">&gt; I think it likely has critical security holes. Perhaps you ca=
n fix them!<br></span>There is no critical security hole. Please refer it b=
y facts, numbers<br>and proves.<br>I think I already fixed all critics.<br>=
<br>Billy! I am actively working on this proposal and if no one cannot show=
<br>a real problem or security issue in the project, I will start<br>implem=
enting it.<br>Just imagine people regularly using Sabu protocol and send/re=
ceive<br>Bitcoin (Satoshi) in billions of small amount transactions every d=
ay.<br>This protocol will outspread Bitcoin and will attract a new crowd of=
<br>penny investors to Bitcoin. The people who can afford 20$ or less<br>mo=
nthly to invest on Bitcoin.<br>Sabu brings Bitcoin to a whole new life.<br>=
It will be the true scalable and mass adaption, and I do not know how to<br=
>attract more real Bitcoin fans to this proposal!<br>Guys! Here is the Bitc=
oin renascence.<br>Maybe you can help it.<br>Regards<br>Raymo</blockquote><=
div class=3D"gmail-yj6qo gmail-ajU" style=3D"outline:none;padding:10px 0px;=
width:22px;margin:2px 0px 0px"><br class=3D"gmail-Apple-interchange-newline=
"></div></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Sat, Jul 3, 2021 at 1:02 AM &lt;<a href=3D"mailto:raymo@=
riseup.net">raymo@riseup.net</a>&gt; wrote:<br></div><blockquote class=3D"g=
mail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204=
,204,204);padding-left:1ex">Hi Billy,<br>
<br>
&gt; What if it was possible for the creditor to claw back the funds<br>
As far as I know the =E2=80=9Cclaw back=E2=80=9D mechanism doesn=E2=80=99t =
exist in Bitcoin<br>
system, and probably most Bitcoiners won=E2=80=99t be agree on it. <br>
Even if we want to add claw back to Bitcoin in general, and Sabu in<br>
particular, it would add too complexities and uncertainty to Bitcoin. <br>
So, it would be better to not touch that part, instead focusing on<br>
reduce the cheating risk by putting some penalty for both issuers,<br>
creditors and miners. <br>
We already have the penalties for both issuers and creditors. <br>
It looks the miners still can abuse Sabu, but as I told before the miner<br=
>
or better say the mining pool must be issuer (to be able to sign the<br>
promised UTXO in cheating way) or must be creditor (in order to have a<br>
copy of GT and not lose his money in favor of a stranger miner. Remember<br=
>
the fact that creditor will lose 70% of their money in favor of Bitcoin<br>
transaction fee in a typical GT) or collaborate one of them in a<br>
conspiracy. Otherwise, there will be no economic benefit in this attack.<br=
>
<br>
All these 3 cases of the attacks, theoretically could be happened, but<br>
the risk to reward ratio is enough high to hinder potential malevolent<br>
from a practical act.<br>
Even this very small risk of miner attacks (which don=E2=80=99t care the at=
tack<br>
costs, since he is not interested in economic benefit, but he wants to<br>
ruin Sabu), would be resolved by a slightly upgrade in Bitcoin protocol<br>
by applying the BIPxxx =E2=80=9Cfor flagging/unflagging promised UTXOs=E2=
=80=9D. <br>
I am not in rush to apply this upgrade on Bitcoin protocol, instead I am<br=
>
actively working in order to realize the Sabu protocol and Gazin wallet.<br=
>
Later the Sabu community will carry the BIPxxx.<br>
<br>
Best<br>
<br>
On 2021-07-02 17:57, Billy Tetrud wrote:<br>
&gt; Thanks for the details Raymo. A thought occurred to me. Given the fact=
<br>
&gt; that miners can abuse this system without penalty, it would be useful<=
br>
&gt; to be able to fix this. What if it was possible for the creditor to<br=
>
&gt; claw back the funds even if the cheating transaction was mined instead=
<br>
&gt; of the guarantee transaction? Let&#39;s say there was a way to sign a<=
br>
&gt; transaction that gives the receiver of that transaction the ability to=
<br>
&gt; override any other transaction that uses the UTXO? If this were<br>
&gt; possible, the issuer could give the creditor this kind of transaction<=
br>
&gt; as the guarantee transaction, and in the case a cheat was done, the<br=
>
&gt; creditor could still use the GT to reallocate that UTXO to themselves.=
<br>
&gt; <br>
&gt; Now there are issues with this. First of all, it could give anyone the=
<br>
&gt; ability to double spend. So it would be prudent to limit this in some<=
br>
&gt; way. The revocation probably should only be valid for up to 6 blocks,<=
br>
&gt; such that if the transaction has 6 confirmations, it can no longer be<=
br>
&gt; reallocated (thus preserving the 6 block finality rule). It could also=
<br>
&gt; be required that the UTXO be marked as opting into this behavior (so<b=
r>
&gt; receivers would know about the possibility it could get revoked). This=
<br>
&gt; second requirement would require Sabu issuers to make an on-chain<br>
&gt; transaction to set themselves up as an issuer. <br>
&gt; <br>
&gt; Another issue is that this would make it possible for transactions to<=
br>
&gt; expire. Any claw-back transaction would expire 6 blocks after the<br>
&gt; initial transaction happened. This has been generally avoided in<br>
&gt; bitcoin, but I think the relevant issues are solvable. You can find<br=
>
&gt; additional discussion of that in this thread [1].<br>
&gt; <br>
&gt; I would imagine this kind of ability would be pretty controversial,<br=
>
&gt; but since it can close out the possibility for miners to escape<br>
&gt; punishment, it could make this protocol viable. <br>
&gt; <br>
&gt; On Thu, Jul 1, 2021 at 3:15 PM &lt;<a href=3D"mailto:raymo@riseup.net"=
 target=3D"_blank">raymo@riseup.net</a>&gt; wrote:<br>
&gt; <br>
&gt;&gt; Hi Erik<br>
&gt;&gt;<br>
&gt;&gt; Please correct me if I misunderstood.<br>
&gt;&gt;<br>
&gt;&gt;&gt; email is fully compromised.<br>
&gt;&gt;<br>
&gt;&gt; What I got is:<br>
&gt;&gt; Email is not good because the sender and receiver are compromised.=
<br>
&gt;&gt; Email is not good because the message content is revealed.<br>
&gt;&gt; I can claim same argue about any other client/server model. Since<=
br>
&gt;&gt; the<br>
&gt;&gt; server (website) service provider will ask some sort of KYC. And<b=
r>
&gt;&gt; even if<br>
&gt;&gt; the server uses end-to-end encryption, the provider company still<=
br>
&gt;&gt; can<br>
&gt;&gt; read the packets content.<br>
&gt;&gt; In my model the passive listener only can discover who is<br>
&gt;&gt; communicate to<br>
&gt;&gt; whom and make a graph of connections. Although it is a threat for<=
br>
&gt;&gt; privacy but the server/client model has this flaw inherently, sinc=
e<br>
&gt;&gt; provider already knew everything about everyone. In my model at<br=
>
&gt;&gt; least<br>
&gt;&gt; users can make some fake connections and send some fake emails in<=
br>
&gt;&gt; order<br>
&gt;&gt; to inject noise to communications.<br>
&gt;&gt; Please note the fact that entire communication between mobile<br>
&gt;&gt; wallets<br>
&gt;&gt; (via emails) are asymmetric PGP encrypted. The PGP keys are<br>
&gt;&gt; controlled<br>
&gt;&gt; by end users unlike ALL pretending secure messengers (e.g whatsApp=
,<br>
&gt;&gt; signal, zoom,=E2=80=A6).<br>
&gt;&gt; If you are worried about the way of exchanging PGP public key, you=
<br>
&gt;&gt; are<br>
&gt;&gt; right. The most secure way is in-person PGP key exchanging.<br>
&gt;&gt; After that for payments the wallets communicate in pgp encrypted<b=
r>
&gt;&gt; messages and they can transfer Bitcoin address through an PGP<br>
&gt;&gt; encrypted<br>
&gt;&gt; cipher, thus no revealing Bitcoin address to public would occur.<b=
r>
&gt;&gt; Neither<br>
&gt;&gt; the amounts of transactions will be reviled.<br>
&gt;&gt; There for it would be a good practice for shops to put their email=
<br>
&gt;&gt; and<br>
&gt;&gt; PGP public key on shop website and/or PGP public key servers,<br>
&gt;&gt; instead of<br>
&gt;&gt; putting Bitcoin address on website or using 3rd parties services t=
o<br>
&gt;&gt; hide<br>
&gt;&gt; their Bitcoin payment addresses.<br>
&gt;&gt;<br>
&gt;&gt; If I missed some points about =E2=80=9Cfully compromised=E2=80=9D =
please write<br>
&gt;&gt; it to me.<br>
&gt;&gt;<br>
&gt;&gt;&gt; public keys / addresses are sent<br>
&gt;&gt; As I told before ALL communication in Sabu are PGP encrypted.<br>
&gt;&gt;<br>
&gt;&gt;&gt; other routing data encrypted with public keys<br>
&gt;&gt;&gt; (not sure how data is routed in sabu)<br>
&gt;&gt;<br>
&gt;&gt; Sabu is not responsible for routing at all. It simply sends emails=
.<br>
&gt;&gt; Indeed the wallets peer-to-peer network in Sabu is pretty straight=
<br>
&gt;&gt; forward. Each mobile wallet has one email address as its handler a=
nd<br>
&gt;&gt; identifier in mobile-wallets-network. Each mobile can send message=
<br>
&gt;&gt; to<br>
&gt;&gt; another mobile by knowing its email address and the PGP public key=
.<br>
&gt;&gt; This information can be prepared in first face-to-face contact of<=
br>
&gt;&gt; mobile<br>
&gt;&gt; owners, or later (something like signing the other=E2=80=99s publi=
c key in<br>
&gt;&gt; web<br>
&gt;&gt; of trust) when a creditor wants to spend his money and transfer it=
<br>
&gt;&gt; to<br>
&gt;&gt; another creditor. The creditor1 send the signed money transfer<br>
&gt;&gt; request<br>
&gt;&gt; alongside the email and public key of creditor2 all in a PGP<br>
&gt;&gt; encrypted<br>
&gt;&gt; message to issuer.<br>
&gt;&gt;<br>
&gt;&gt;&gt; separate the Sabu protocol from the app... allow others to<br>
&gt;&gt; implement<br>
&gt;&gt;&gt; desktop version, or other versions that use other routing syst=
ems<br>
&gt;&gt;<br>
&gt;&gt; Indeed, it is my approach too. As I told before users will decide<=
br>
&gt;&gt; between an unstoppable, permission less, self-sovereignty and<br>
&gt;&gt; decentralized pure peer-to-peer communication network (with some<b=
r>
&gt;&gt; resolvable privacy issues) or some efficient, privacy-mimic centra=
l<br>
&gt;&gt; limited network.<br>
&gt;&gt;<br>
&gt;&gt;&gt; you can allow direct-entry of a BIP-word-representation<br>
&gt;&gt;&gt; of a public key/address to avoid privacy/central system concer=
ns<br>
&gt;&gt; Agree. Actually, I was thinking about an easy mechanism to share<b=
r>
&gt;&gt; your<br>
&gt;&gt; public key like what you suggested here.<br>
&gt;&gt; But what I consider for a =E2=80=9Ccentral system concerns=E2=80=
=9D is the<br>
&gt;&gt; ability of<br>
&gt;&gt; communication without dependency to any company.<br>
&gt;&gt; As an example, what can you do if the twitter bans your account?<b=
r>
&gt;&gt; Nothing! Your content and entire connections will be lost.<br>
&gt;&gt; But if you form your friends list in your mobile (or computer) and=
<br>
&gt;&gt; have<br>
&gt;&gt; their PGP public keys and they have yours, and use email as a dual=
<br>
&gt;&gt; purpose tool. First as a handler (the tool for finding and to be<b=
r>
&gt;&gt; found<br>
&gt;&gt; in internet) and second as a communication tool.<br>
&gt;&gt; Thus, no one can stop you, ban you or limit you to send/receive<br=
>
&gt;&gt; transaction to/from anyone.<br>
&gt;&gt; What I am trying to say is using email is far better than account<=
br>
&gt;&gt; (username) in a limited central service like twitter, Facebook,<br=
>
&gt;&gt; telegram... or even in future Sabu servers!<br>
&gt;&gt; You have your connections under your control in your phone. You ca=
n<br>
&gt;&gt; easily change your email and use a new email or even a new service=
<br>
&gt;&gt; provider without losing your connections and your control over it.=
<br>
&gt;&gt; You just sign your new email address and send it to your friends<b=
r>
&gt;&gt; circle<br>
&gt;&gt; and notify them about changes.<br>
&gt;&gt; Of course, email is not good for millions of followers but it is<b=
r>
&gt;&gt; obviously good for managing your payment network of hundreds of<br=
>
&gt;&gt; people<br>
&gt;&gt; (either issuers or creditors).<br>
&gt;&gt;<br>
&gt;&gt; Best<br>
&gt;&gt; Raymo<br>
&gt;&gt;<br>
&gt;&gt; On 2021-07-01 20:49, Erik Aronesty wrote:<br>
&gt;&gt;&gt; your protocol should always assume the email system is fully<b=
r>
&gt;&gt;&gt; compromised, and only send public information over email:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; - public keys / addresses are sent<br>
&gt;&gt;&gt; - other routing data encrypted with public keys (not sure how =
data<br>
&gt;&gt; is<br>
&gt;&gt;&gt; routed in sabu)<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; your end user should be able to verify public keys=C2=A0 / add=
resses<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; - use QR-codes<br>
&gt;&gt;&gt; - phone calls with users reading BIP words out loud<br>
&gt;&gt;&gt; - other in-person information exchange<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; separate the Sabu protocol from the app... allow others to<br>
&gt;&gt; implement<br>
&gt;&gt;&gt; desktop version, or other versions that use other routing syst=
ems<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; -=C2=A0 you can allow direct-entry of a BIP-word-representatio=
n of a<br>
&gt;&gt; public<br>
&gt;&gt;&gt; key/address to avoid privacy/central system concerns<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; On Thu, Jul 1, 2021 at 4:20 PM raymo via bitcoin-dev<br>
&gt;&gt;&gt; &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" t=
arget=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; Hi Billy,<br>
&gt;&gt;&gt;&gt; Sorry for late reply. Let=E2=80=99s jump in proposal.<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; Some more information about the benefits of this appro=
ach vs<br>
&gt;&gt; alternatives (mainly lightning)<br>
&gt;&gt;&gt;&gt; The most important different is unlike the lightning, in S=
abu no<br>
&gt;&gt; one<br>
&gt;&gt;&gt;&gt; have to open a channel and pay Bitcoin transaction fee,<br=
>
&gt;&gt; subsequently no<br>
&gt;&gt;&gt;&gt; one has to close channel and pay another Bitcoin transacti=
on fee.<br>
&gt;&gt; It is<br>
&gt;&gt;&gt;&gt; the huge improvement since it drops the overhead cost of<b=
r>
&gt;&gt; transactions.<br>
&gt;&gt;&gt;&gt; So, it will be more convenience to trade under Sabu protoc=
ol.<br>
&gt;&gt;&gt;&gt; In Sabu none of parties of a transaction are obliged to bl=
ock<br>
&gt;&gt; money in<br>
&gt;&gt;&gt;&gt; any kind of smart contract or any other m of n signature a=
ccounts<br>
&gt;&gt;&gt;&gt; on-chain, so it provides more privacy.<br>
&gt;&gt;&gt;&gt; Since Sabu protocol is designed to motivate people to circ=
ulate<br>
&gt;&gt;&gt;&gt; transactions (AKA debt documents) in Sabu network, if ever=
y actor<br>
&gt;&gt; act<br>
&gt;&gt;&gt;&gt; rationally no one will aware how much money transferred fr=
om who<br>
&gt;&gt; to<br>
&gt;&gt;&gt;&gt; whom.<br>
&gt;&gt;&gt;&gt; In case of fraudulent activity by issuer, the creditor wil=
l send<br>
&gt;&gt;&gt;&gt; Guarantee Transaction (GT) to Bitcoin network in order to<=
br>
&gt;&gt; recapture the<br>
&gt;&gt;&gt;&gt; part of his credit. So, in this case the transaction is li=
terally<br>
&gt;&gt;&gt;&gt; recorded on bitcoin blockchain.<br>
&gt;&gt;&gt;&gt; There is only one another reason to recording transaction =
on<br>
&gt;&gt; Bitcoin<br>
&gt;&gt;&gt;&gt; blockchain. Where one creditor eager to pay Bitcoin transa=
ction<br>
&gt;&gt; fee in<br>
&gt;&gt;&gt;&gt; order to aggregate thousands or even millions different sm=
all<br>
&gt;&gt; amount<br>
&gt;&gt;&gt;&gt; debt-documents in a single transaction on Bitcoin blockcha=
in.<br>
&gt;&gt;&gt;&gt; despite these two cases, the rest of transactions all occu=
r in<br>
&gt;&gt; the Sabu<br>
&gt;&gt;&gt;&gt; network (supposed to be over 99%). Thus, no footprint no<b=
r>
&gt;&gt; bottleneck and<br>
&gt;&gt;&gt;&gt; no over process.<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; Another important power point of Sabu is its pure-peer-to-=
peer<br>
&gt;&gt; network<br>
&gt;&gt;&gt;&gt; architecture. In Sabu the mobile wallets communicating to =
each<br>
&gt;&gt; other<br>
&gt;&gt;&gt;&gt; directly without any central server. There is no centraliz=
ation<br>
&gt;&gt; at all.<br>
&gt;&gt;&gt;&gt; As a result, there will be no routing as well.<br>
&gt;&gt;&gt;&gt; Since only issuer and creditors are aware of the content o=
f<br>
&gt;&gt; transaction<br>
&gt;&gt;&gt;&gt; (who pay how much to whom) it is a huge privacy improvemen=
t,<br>
&gt;&gt; which<br>
&gt;&gt;&gt;&gt; doesn=E2=80=99t exist in other layer 2 solutions.<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; About the usability of Sabu, although the protocol based o=
n the<br>
&gt;&gt;&gt;&gt; collaborating 2 different peer-to-peer network and 3 class=
ic<br>
&gt;&gt;&gt;&gt; server/client networks, but the end user (mobile wallet us=
er)<br>
&gt;&gt; doesn=E2=80=99t<br>
&gt;&gt;&gt;&gt; see any of these complexities.<br>
&gt;&gt;&gt;&gt; The end user simply installs the mobile/desktop wallet and=
 add<br>
&gt;&gt; her/his<br>
&gt;&gt;&gt;&gt; friends to his phonebook by adding their email address or<=
br>
&gt;&gt; scanning their<br>
&gt;&gt;&gt;&gt; email (and/or PGP public key). After that s/he can immedia=
tely<br>
&gt;&gt; start to<br>
&gt;&gt;&gt;&gt; send/receive Bitcoin through Sabu network. Entire communic=
ations<br>
&gt;&gt; between<br>
&gt;&gt;&gt;&gt; wallets are PGP encrypted.<br>
&gt;&gt;&gt;&gt; Another good point in Sabu design is, the 12 seed words ar=
e using<br>
&gt;&gt; for<br>
&gt;&gt;&gt;&gt; both Bitcoin wallet private key and the PGP private key. S=
o, it<br>
&gt;&gt; is the<br>
&gt;&gt;&gt;&gt; key of user wealth and its identity as well. For more deta=
ils,<br>
&gt;&gt; please<br>
&gt;&gt;&gt;&gt; read my previous answer to Alex Schoof.<br>
&gt;&gt;&gt;&gt; The issuer, by using his UTXOs and selling them to credito=
rs earn<br>
&gt;&gt; money.<br>
&gt;&gt;&gt;&gt; the issuer creates the debt document (transaction) by whic=
h<br>
&gt;&gt; promises to<br>
&gt;&gt;&gt;&gt; creditor an amount of satoshi. These debt documents are va=
lid<br>
&gt;&gt; Bitcoin<br>
&gt;&gt;&gt;&gt; transaction. The only difference is these transactions are=
<br>
&gt;&gt; intended to<br>
&gt;&gt;&gt;&gt; circulate in Sabu protocol instead of sending to Bitcoin<b=
r>
&gt;&gt; blockchain.<br>
&gt;&gt;&gt;&gt; Each transaction is a small money transfer. 40,000 Satoshi=
 as<br>
&gt;&gt; input and<br>
&gt;&gt;&gt;&gt; maximum 20,000 Satoshi as credit and minimum 10,000 Satosh=
i as<br>
&gt;&gt; Bitcoin<br>
&gt;&gt;&gt;&gt; transaction fee.<br>
&gt;&gt;&gt;&gt; The creditors will use these received transactions as mone=
y and<br>
&gt;&gt; will pay<br>
&gt;&gt;&gt;&gt; it in exchange of goods or services. For each transaction =
the<br>
&gt;&gt; creditor<br>
&gt;&gt;&gt;&gt; pays 10 Satoshi as Sabu-transaction-fee to issuer.<br>
&gt;&gt;&gt;&gt; Sabu is not custodial service and the UXTOs are always und=
er<br>
&gt;&gt; issuer<br>
&gt;&gt;&gt;&gt; control, unless issuer or creditor send the signed transac=
tion to<br>
&gt;&gt;&gt;&gt; Bitcoin network. When the transaction was recorded in Bitc=
oin<br>
&gt;&gt;&gt;&gt; blockchain, the creditor can spend proper UTXO in Bitcoin<=
br>
&gt;&gt; network.<br>
&gt;&gt;&gt;&gt; Imagine million people use their UTXOs in Sabu, they are i=
ssuer<br>
&gt;&gt; and<br>
&gt;&gt;&gt;&gt; issue/update/cancel million transactions per second. All t=
hey<br>
&gt;&gt; need is a<br>
&gt;&gt;&gt;&gt; mobile wallet. On the other hand, every one by knowing an =
issuer<br>
&gt;&gt; can buy<br>
&gt;&gt;&gt;&gt; some Satoshi (whit absolutely no KYC), even 1 Dollar or le=
ss, and<br>
&gt;&gt; spend<br>
&gt;&gt;&gt;&gt; it, this time Alice really can buy caffe by Bitcoin ;)<br>
&gt;&gt;&gt;&gt; The Bar can install the mobile wallet and every day receiv=
es<br>
&gt;&gt; thousands<br>
&gt;&gt;&gt;&gt; of debt documents (transactions), each worth maximum 20,00=
0<br>
&gt;&gt; Satoshi in<br>
&gt;&gt;&gt;&gt; exchange of coffee. And every evening aggregates those sma=
ll<br>
&gt;&gt;&gt;&gt; transactions to one single transaction and send it to Bitc=
oin<br>
&gt;&gt; network.<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; The security model of Sabu is pretty straight forward.<br>
&gt;&gt;&gt;&gt; Issuer is the owner of UTXO(s) which will be used in<br>
&gt;&gt; transactions. The<br>
&gt;&gt;&gt;&gt; issuer is and will the only person who creates transaction=
s and<br>
&gt;&gt; sign<br>
&gt;&gt;&gt;&gt; them. The transactions are valid transaction which either =
issuer<br>
&gt;&gt; or<br>
&gt;&gt;&gt;&gt; creditor can send them to Bitcoin network, but they will n=
ever<br>
&gt;&gt; send<br>
&gt;&gt;&gt;&gt; these transactions to Bitcoin network, because of the high=
<br>
&gt;&gt; Bitcoin<br>
&gt;&gt;&gt;&gt; transaction fee for each single transaction.<br>
&gt;&gt;&gt;&gt; Since issuer is the only one who can sign transaction (spe=
nd<br>
&gt;&gt; UTXOs),<br>
&gt;&gt;&gt;&gt; there is a risk of issuer cheating. And no one can stop is=
suer<br>
&gt;&gt; from<br>
&gt;&gt;&gt;&gt; cheating, because these are his UTXOs and he has the prope=
r<br>
&gt;&gt; private<br>
&gt;&gt;&gt;&gt; keys.<br>
&gt;&gt;&gt;&gt; The Sabu solution is Guarantee transaction. It is a valid<=
br>
&gt;&gt; transaction<br>
&gt;&gt;&gt;&gt; that issuer has to sign it alongside the Main transaction.=
 In GT<br>
&gt;&gt; both<br>
&gt;&gt;&gt;&gt; issuer and creditor cut a part of their output in favor of=
<br>
&gt;&gt; Bitcoin<br>
&gt;&gt;&gt;&gt; transaction fee.<br>
&gt;&gt;&gt;&gt; We suppose miners always seeking for more profit, thus in =
a case<br>
&gt;&gt; there<br>
&gt;&gt;&gt;&gt; are 2 or more transaction are spending same UTXO as input,=
 miner<br>
&gt;&gt; will<br>
&gt;&gt;&gt;&gt; choose transaction with highest feeRate. There is no econo=
mically<br>
&gt;&gt;&gt;&gt; benefit for issuer to cheat creditors and pay less transac=
tion<br>
&gt;&gt; fee<br>
&gt;&gt;&gt;&gt; simultaneously. So rationally the issuer won=E2=80=99t che=
at creditor.<br>
&gt;&gt;&gt;&gt; It was the simplest explanation of Sabu security model.<br=
>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; I agree with others that using email is probably not<b=
r>
&gt;&gt; appropriate for a protocol like this. I would highly recommend<br>
&gt;&gt; making your protocol transport-agnostic, allowing users of your<br=
>
&gt;&gt; protocol to use any transport they want.<br>
&gt;&gt;&gt;&gt; Indeed, the protocol is transparent-agnostic, if I insist =
of<br>
&gt;&gt; email as a<br>
&gt;&gt;&gt;&gt; user identifier and communicating tool is because of the i=
dea of<br>
&gt;&gt;&gt;&gt; reforming part of internet architecture and make it more<b=
r>
&gt;&gt; decentralized.<br>
&gt;&gt;&gt;&gt; The wallet users can choose classic architecture. In this =
case<br>
&gt;&gt; mobile<br>
&gt;&gt;&gt;&gt; wallets will connect to a central server and communicate t=
hrough<br>
&gt;&gt; that<br>
&gt;&gt;&gt;&gt; server (pretty much like all existed mobile wallets). Whil=
e some<br>
&gt;&gt; users<br>
&gt;&gt;&gt;&gt; decide to use a pure peer-to-peer communication. I knew em=
ail has<br>
&gt;&gt; some<br>
&gt;&gt;&gt;&gt; privacy issues but as always it is a tradeoff. Users can d=
ecide<br>
&gt;&gt; between<br>
&gt;&gt;&gt;&gt; an unstoppable, permission less, self-sovereignty and<br>
&gt;&gt; decentralized pure<br>
&gt;&gt;&gt;&gt; peer-to-peer communication network (with some resolvable p=
rivacy<br>
&gt;&gt; issues)<br>
&gt;&gt;&gt;&gt; or some efficient central limited network.<br>
&gt;&gt;&gt;&gt; Let me know the critics about email. Hopefully this would =
lead us<br>
&gt;&gt; to<br>
&gt;&gt;&gt;&gt; improve email instead of letting it die. I strongly sugges=
t email<br>
&gt;&gt;&gt;&gt; because it is the ONLY neutral, free =E2=80=9Cnonproprieta=
ry=E2=80=9D and<br>
&gt;&gt; open<br>
&gt;&gt;&gt;&gt; protocol/technology for communication in the world that it=
s<br>
&gt;&gt;&gt;&gt; infrastructure is well-established and is accessible all o=
ver the<br>
&gt;&gt; glob.<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; I tried to explain it more, hope was useful. By the way th=
e<br>
&gt;&gt; complete<br>
&gt;&gt;&gt;&gt; explanation is here<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;<br>
&gt; <a href=3D"https://raymo-49157.medium.com/time-to-boost-bitcoin-circul=
ation-million-transactions-per-second-and-privacy-1eef8568d180" rel=3D"nore=
ferrer" target=3D"_blank">https://raymo-49157.medium.com/time-to-boost-bitc=
oin-circulation-million-transactions-per-second-and-privacy-1eef8568d180</a=
><br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; Regards<br>
&gt;&gt;&gt;&gt; Raymo<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; On 2021-06-22 18:20, Billy Tetrud wrote:<br>
&gt;&gt;&gt;&gt;&gt; I would be interested in seeing some more information =
about the<br>
&gt;&gt;&gt;&gt;&gt; benefits of this approach vs alternatives up front in =
this<br>
&gt;&gt; write up.<br>
&gt;&gt;&gt;&gt;&gt; Eg how does the security, cost, usability, and privacy=
 compare<br>
&gt;&gt; to the<br>
&gt;&gt;&gt;&gt;&gt; lightning network, which would be the most likely comp=
etitor to<br>
&gt;&gt; this<br>
&gt;&gt;&gt;&gt;&gt; idea. It seems clear that there is more counterparty r=
isk here,<br>
&gt;&gt; so it<br>
&gt;&gt;&gt;&gt;&gt; would probably also be very helpful to compare against=
<br>
&gt;&gt; traditional<br>
&gt;&gt;&gt;&gt;&gt; custodial solutions as well. If you have specific clai=
ms on how<br>
&gt;&gt; this<br>
&gt;&gt;&gt;&gt;&gt; system is better than eg lightning in certain contexts=
, it<br>
&gt;&gt; would be<br>
&gt;&gt;&gt;&gt;&gt; far easier to evaluate the protocol against those clai=
ms, and<br>
&gt;&gt; would<br>
&gt;&gt;&gt;&gt;&gt; also be a lot easier for readers to be motivated to re=
ad the<br>
&gt;&gt; whole<br>
&gt;&gt;&gt;&gt;&gt; protocol and do a more full analysis.<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; I agree with others that using email is probably not<b=
r>
&gt;&gt; appropriate for a<br>
&gt;&gt;&gt;&gt;&gt; protocol like this. I would highly recommend making yo=
ur<br>
&gt;&gt; protocol<br>
&gt;&gt;&gt;&gt;&gt; transport-agnostic, allowing users of your protocol to=
 use any<br>
&gt;&gt;&gt;&gt;&gt; transport they want.<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; On Sat, Jun 19, 2021 at 7:00 PM James Hilliard via bit=
coin-dev<br>
&gt;&gt;&gt;&gt;&gt; &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundatio=
n.org" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrot=
e:<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; I think you&#39;re making a number of assumptions =
about mining<br>
&gt;&gt; that are<br>
&gt;&gt;&gt;&gt;&gt;&gt; not accurate.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; First of all, how much chance in finding next =
block the<br>
&gt;&gt; corrupted<br>
&gt;&gt;&gt;&gt;&gt;&gt; miners have? One percent of all Bitcoin hash power=
s? Or<br>
&gt;&gt; maximum 5<br>
&gt;&gt;&gt;&gt;&gt;&gt; percent or 10? The cheaters must come up in dividi=
ng that 1.2<br>
&gt;&gt;&gt;&gt;&gt;&gt; Bitcoin between. After all the risk/reward must fi=
t them. They<br>
&gt;&gt; can<br>
&gt;&gt;&gt;&gt;&gt;&gt; not be a big mining pool since there is no benefit=
, so they<br>
&gt;&gt; will be<br>
&gt;&gt;&gt;&gt;&gt;&gt; small miners with low hash rate. If they solve the=
 puzzle and<br>
&gt;&gt;&gt;&gt;&gt;&gt; broadcast the block, no one in the entire Bitcoin =
network has<br>
&gt;&gt; block<br>
&gt;&gt;&gt;&gt;&gt;&gt; transactions or seen it before in their mempool!<b=
r>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; You&#39;re making the assumption that miners won&#=
39;t build on top of<br>
&gt;&gt; a<br>
&gt;&gt;&gt;&gt;&gt;&gt; block<br>
&gt;&gt;&gt;&gt;&gt;&gt; with transactions they have not seen before or tra=
nsactions<br>
&gt;&gt; that may<br>
&gt;&gt;&gt;&gt;&gt;&gt; contain double spends of unconfirmed inputs, this =
is not how<br>
&gt;&gt; mining<br>
&gt;&gt;&gt;&gt;&gt;&gt; works, as long as the block passes the consensus r=
ules<br>
&gt;&gt; effectively<br>
&gt;&gt;&gt;&gt;&gt;&gt; all<br>
&gt;&gt;&gt;&gt;&gt;&gt; miners will mine on top of it by default, this beh=
avior is<br>
&gt;&gt;&gt;&gt;&gt;&gt; fundamental<br>
&gt;&gt;&gt;&gt;&gt;&gt; to how mining currently works and is fairly deeply=
 baked into<br>
&gt;&gt; the<br>
&gt;&gt;&gt;&gt;&gt;&gt; current mining infrastructure.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; Will they accept this block? In theory it is p=
ossible and<br>
&gt;&gt; have<br>
&gt;&gt;&gt;&gt;&gt;&gt; 0.01 percent chance but we can eliminate this smal=
l<br>
&gt;&gt; possibilities by<br>
&gt;&gt;&gt;&gt;&gt;&gt; a simple BIP for miners.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; What would this BIP look like? I don&#39;t see how=
 this could work<br>
&gt;&gt; in a<br>
&gt;&gt;&gt;&gt;&gt;&gt; decentralized way as you would need another way of=
 reaching<br>
&gt;&gt;&gt;&gt;&gt;&gt; consensus<br>
&gt;&gt;&gt;&gt;&gt;&gt; on what defines a valid block. Right now the chanc=
e is nearly<br>
&gt;&gt; 100<br>
&gt;&gt;&gt;&gt;&gt;&gt; percent that a miner will mine on top of the lates=
t valid<br>
&gt;&gt; block,<br>
&gt;&gt;&gt;&gt;&gt;&gt; many<br>
&gt;&gt;&gt;&gt;&gt;&gt; pools(most last I checked) will even mine on the n=
ext block<br>
&gt;&gt; before<br>
&gt;&gt;&gt;&gt;&gt;&gt; they validate the latest block fully(ie validation=
less mining)<br>
&gt;&gt; to<br>
&gt;&gt;&gt;&gt;&gt;&gt; reduce their orphan rates.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; We suppose the miners always control transacti=
ons with<br>
&gt;&gt;&gt;&gt;&gt;&gt; doc-watchers and avoid accepting transaction with =
same UTXO<br>
&gt;&gt; but<br>
&gt;&gt;&gt;&gt;&gt;&gt; different output.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; Miners have different mempool policy/rules for wha=
t<br>
&gt;&gt; transactions<br>
&gt;&gt;&gt;&gt;&gt;&gt; they<br>
&gt;&gt;&gt;&gt;&gt;&gt; themselves mine but all miners must mine on the mo=
st work<br>
&gt;&gt; chain of<br>
&gt;&gt;&gt;&gt;&gt;&gt; valid blocks otherwise they risk their own blocks =
being<br>
&gt;&gt; orphaned,<br>
&gt;&gt;&gt;&gt;&gt;&gt; any<br>
&gt;&gt;&gt;&gt;&gt;&gt; miner that does not do this is effectively guarant=
eed to have<br>
&gt;&gt; their<br>
&gt;&gt;&gt;&gt;&gt;&gt; block orphaned right now.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; Because of high Bitcoin transaction fee, this =
guarantee<br>
&gt;&gt;&gt;&gt;&gt;&gt; transaction will take place in next block, even if=
 other<br>
&gt;&gt; transaction<br>
&gt;&gt;&gt;&gt;&gt;&gt; which are using the same UTXO as input existed in =
mempool.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; When a new transaction is broadcast miners do not =
immediately<br>
&gt;&gt; start<br>
&gt;&gt;&gt;&gt;&gt;&gt; mining on a block template that includes that tran=
saction, the<br>
&gt;&gt;&gt;&gt;&gt;&gt; template won&#39;t even be generated immediately w=
hen it enters a<br>
&gt;&gt; miners<br>
&gt;&gt;&gt;&gt;&gt;&gt; mempool in practice, for bandwidth/network efficie=
ncy reasons<br>
&gt;&gt; mining<br>
&gt;&gt;&gt;&gt;&gt;&gt; pools batch update the stratum templates/jobs they=
 mine<br>
&gt;&gt; against so<br>
&gt;&gt;&gt;&gt;&gt;&gt; there can be significant latency between the time =
a<br>
&gt;&gt; transaction is<br>
&gt;&gt;&gt;&gt;&gt;&gt; actually broadcast and hits the miners mempool and=
 the time<br>
&gt;&gt; the<br>
&gt;&gt;&gt;&gt;&gt;&gt; miners<br>
&gt;&gt;&gt;&gt;&gt;&gt; actually switch to mining on top it, these batched=
 updates are<br>
&gt;&gt;&gt;&gt;&gt;&gt; essentially like point in time snapshots of the me=
mpool and<br>
&gt;&gt;&gt;&gt;&gt;&gt; typically<br>
&gt;&gt;&gt;&gt;&gt;&gt; remain valid(as in the pool will accept shares sub=
mitted<br>
&gt;&gt; against<br>
&gt;&gt;&gt;&gt;&gt;&gt; that<br>
&gt;&gt;&gt;&gt;&gt;&gt; job as valid) until the bitcoin network finds the =
next block.<br>
&gt;&gt; I<br>
&gt;&gt;&gt;&gt;&gt;&gt; don&#39;t<br>
&gt;&gt;&gt;&gt;&gt;&gt; think these batch updates are done more often than=
 every 30<br>
&gt;&gt; seconds<br>
&gt;&gt;&gt;&gt;&gt;&gt; typically, while often it is on the order of multi=
ple minutes<br>
&gt;&gt;&gt;&gt;&gt;&gt; depending on the pool.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; Regards,<br>
&gt;&gt;&gt;&gt;&gt;&gt; James<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; On Thu, Jun 17, 2021 at 2:14 PM raymo via bitcoin-=
dev<br>
&gt;&gt;&gt;&gt;&gt;&gt; &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfound=
ation.org" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt; =
wrote:<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; Hi,<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; I have a proposal for improve Bitcoin TPS and =
privacy, here<br>
&gt;&gt; is the<br>
&gt;&gt;&gt;&gt;&gt;&gt; post.<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;<br>
&gt; <a href=3D"https://raymo-49157.medium.com/time-to-boost-bitcoin-circul=
ation-million-transactions-per-second-and-privacy-1eef8568d180" rel=3D"nore=
ferrer" target=3D"_blank">https://raymo-49157.medium.com/time-to-boost-bitc=
oin-circulation-million-transactions-per-second-and-privacy-1eef8568d180</a=
><br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"https://bitcointalk.org/index.php?t=
opic=3D5344020.0" rel=3D"noreferrer" target=3D"_blank">https://bitcointalk.=
org/index.php?topic=3D5344020.0</a><br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; Can you please read it and share your idea abo=
ut it.<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; Cheers<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; Raymo<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; ______________________________________________=
_<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; bitcoin-dev mailing list<br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"mailto:bitcoin-dev@lists.linuxfound=
ation.org" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a><br>
&gt;&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt; <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitc=
oin-dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation=
.org/mailman/listinfo/bitcoin-dev</a><br>
&gt;&gt;&gt;&gt;&gt;&gt; _______________________________________________<br=
>
&gt;&gt;&gt;&gt;&gt;&gt; bitcoin-dev mailing list<br>
&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"mailto:bitcoin-dev@lists.linuxfoundatio=
n.org" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a><br>
&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"https://lists.linuxfoundation.org/mailm=
an/listinfo/bitcoin-dev" rel=3D"noreferrer" target=3D"_blank">https://lists=
.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
&gt;&gt;&gt;&gt; _______________________________________________<br>
&gt;&gt;&gt;&gt; bitcoin-dev mailing list<br>
&gt;&gt;&gt;&gt; <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" t=
arget=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a><br>
&gt;&gt;&gt;&gt; <a href=3D"https://lists.linuxfoundation.org/mailman/listi=
nfo/bitcoin-dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfo=
undation.org/mailman/listinfo/bitcoin-dev</a><br>
&gt;=C2=A0 <br>
&gt; <br>
&gt; Links:<br>
&gt; ------<br>
&gt; [1] <a href=3D"https://lists.linuxfoundation.org/pipermail/bitcoin-dev=
/2021-June/019050.html" rel=3D"noreferrer" target=3D"_blank">https://lists.=
linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019050.html</a><br>
</blockquote></div>

--000000000000c2371205c680064a--