summaryrefslogtreecommitdiff
path: root/6b/9a23424a94026b83fa5ae0d8571f07eaef2c31
blob: 823106c4c2d17d2e1243fdc76a4409567cacecf3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Return-Path: <luca@token21.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id EC5C1A7C
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  6 Sep 2017 18:32:21 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from r2d2.yepa.com (r2d2.yepa.com [54.229.249.165])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 47762480
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  6 Sep 2017 18:32:20 +0000 (UTC)
Received: from mago.yepa.com (ec2-54-171-199-73.eu-west-1.compute.amazonaws.com
	[54.171.199.73] (may be forged)) (authenticated bits=0)
	by r2d2.yepa.com (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id
	v86IWHNP002366
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT) for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 6 Sep 2017 18:32:19 GMT
Received: from [192.168.43.157] ([94.164.229.50]) (authenticated bits=0)
	by mago.yepa.com (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id
	v86IW5wY019653 for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 6 Sep 2017 20:32:12 +0200
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <a72b52aa-10b5-d256-280b-a72cac3bf92d@token21.com>
	<E76332FD-4B67-49F2-9E36-8EE66D490193@droplister.com>
From: Luca Venturini <luca@token21.com>
Organization: Token 21 Inc.
Message-ID: <31863284-d944-b90c-8e62-7d4f38d39476@token21.com>
Date: Wed, 6 Sep 2017 20:32:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <E76332FD-4B67-49F2-9E36-8EE66D490193@droplister.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE
	autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 06 Sep 2017 18:48:09 +0000
Subject: Re: [bitcoin-dev] [BIP Proposal] Token Protocol Specification
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 18:32:22 -0000

Hi Dan,

thank you for your feedback. Let me clarify that the plausible 
deniability is a property of the protocol. If this will become a BIP, 
and will be approved, there will be wallets that will manage tokens. In 
the meantime, and in the future, it is important that a person with a 
legacy bitcoin wallet can hold, issue and transfer bitcoins without 
disclose that there are tokens involved. Tokens are contained in Bitcoin 
transactions without any modification.

Vanity addresses are on option. They are not mandatory. In situations 
where plausible deniability is a concern they will, probably, not be used.

Sending to someone 0.23000012 bitcoin is really easy. You don't need any 
form of math and you are sending exactly 12 tokens from your wallet. 
Sometimes it is suspect, but sending 0.03423122 in order to send 23122 
tokens does not seem suspect to me. The large majority of the 
transactions have strange numbers like this one.

In the document, when I say "wallet" I mean every single bitcoin wallet 
that you can use today to hold bitcoins. The base of the plausible 
deniability is that there is no "special" wallet involved. Maybe there 
will be special wallets to manage tokens, but they are not mandatory. 
The consolidation is needed only when using wallets that do not allow 
coin selection.

The state of the tokens is fully contained in the bitcoin blockchain. 
There is no need for verification nodes, nor for any other software. 
Maybe you already issued some tokens using this protocol and I cannot 
know it. Unless you disclose it.

There is no "special" need to create small outputs. In order to send a 
transaction containing tokens, you need to send a bitcoin transaction. 
The bitcoin value will be transfered along with the token value. If you 
issue tokens with a token offering transactions (aka ICO), the value of 
the bitcoin transferred to you is exactly the price of the tokens, so 
there is no "extra" bitcoin value involved.

I'm sorry if the example of the corporation is not clear. The idea was 
only that Alice receives from the shareholders the bitcoin value, in 
order to use that same value to give back the tokens. There is no 
interest. As I wrote, people got equity for "time, money, furniture, 
knowledge". I could simply write that Alice sends small outputs without 
receiving the underlying bitcoin value beforehand.

I agree that memorable names are great to social scalability. This is 
why you can use a vanity address or only the first part of the vanity 
address to identify a token type.

Cheers,

Luca

On 09/06/2017 07:24 PM, Dan Anderson wrote:
> Hi Luca,
>
> Here are some comments...
>
> 1. This is clever, but it has a lot of "gotchas" that I think will work against its ability to scale socially. Especially, when you suggest that following the rules by memory/manually gains users the most advantage in terms of deniability.
>
> 2. The plausible deniability of this protocol is suspect as it would seem fairy apparent to a third party that it was being used. Vanity addresses, satoshis adding to tidy amounts, frequent "consolidation". Especially, when you make a mistake and perform actions to try again.
>
> 3. In your docs, when you say "wallet" do you mean a single Bitcoin address or do you mean an HD wallet? I become confused while reading. Address vs same wallet vs other wallet.
>
> 4. It's not clear to me how this protocol does not need verification nodes or some kind of node software to compute state.
>
> 5. I don't think it's a given that this design will cause less UTXOs. I could see people creating many small outputs as a result of trying to get the right amount of signal satoshis.
>
> 6. In your example of a corporation, it seems like people got equity for free. Why do they need to send 1 BTC at all, if they just get it back, plus interest?
>
> 7. I wouldn't underestimate the value of memorable names for social scalability.
>
> I will keep thinking about it, as the ICO portion is something I have been looking for ideas on and I have similar reservations about existing token protocols, so I hope these comments help you.
>
> ---------------------------------
> Dan Anderson
>