Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1SNSeg-0005Qa-Ln for bitcoin-development@lists.sourceforge.net; Thu, 26 Apr 2012 17:38:58 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of coinlab.com designates 209.85.213.175 as permitted sender) client-ip=209.85.213.175; envelope-from=peter@coinlab.com; helo=mail-yx0-f175.google.com; Received: from mail-yx0-f175.google.com ([209.85.213.175]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.76) id 1SNSea-0001H6-RT for bitcoin-development@lists.sourceforge.net; Thu, 26 Apr 2012 17:38:58 +0000 Received: by yenm3 with SMTP id m3so1366073yen.34 for ; Thu, 26 Apr 2012 10:38:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=P7LkvVUvMhudDYgWm5HSeAoaHKuogZMPLbrSFtL5JGs=; b=JGEsxtpamT1XVX+JIlV5TY3EAfhPTmGHMnVkhVEKmpSlI4pQIxvOniZXJBsSfskN8d d+xIoiMwd+FZeYrv++OcZiHiXX9ZvSB7ms7OH8Zj3ztyrBqX30zrsursHW34kD1CCWXd O7vrNToT8NuMKJS6N7PGfTO0cWWlp2+z0rcJrsLPUtIqIxGoKOETFx3btJHZlukwo7sN BkY2oZ61a4DQcZGLcB7CcMCZWJ4uhUPqpn9MYG1tQBnlw13wrT2W4Y9nqmwmBjdQuVzg +KjhC799o6m84LQUe8dIcE6+1nT+ieNRrB7/7ejqUvGw2YpVRt/kRE5nUubwnH88BuEg lgAw== Received: by 10.60.31.67 with SMTP id y3mr9682192oeh.41.1335460332213; Thu, 26 Apr 2012 10:12:12 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.56.226 with HTTP; Thu, 26 Apr 2012 10:11:51 -0700 (PDT) In-Reply-To: <20120426154928.GA13737@savin.lan> References: <20120426154928.GA13737@savin.lan> From: Peter Vessenes Date: Thu, 26 Apr 2012 10:11:51 -0700 Message-ID: To: Peter Todd Content-Type: multipart/alternative; boundary=e89a8f647b71b696bc04be9816fb X-Gm-Message-State: ALoCoQkYe/7q+EWAVRefl59X+krWCkH+7S/4k85MYPFzQFnlbu/FRefkJBUP1yTCTfOe07u8ROkr X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1SNSea-0001H6-RT Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Trusted identities X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2012 17:38:58 -0000 --e89a8f647b71b696bc04be9816fb Content-Type: text/plain; charset=ISO-8859-1 These are interesting thoughts, karma for bitcoins essentially. I would like CoinLab to publish a 'cost of subverting 1-n transactions with 90% probability' metric soon, and I think it would help everyone to understand what that number is. When we started out, you probably needed to wait 5 blocks for $10 or $20 of bitcoin value transfer. Now, I'd happily accept a $1k transaction with 1 confirmation. More difficulty shortens the safe time we can transact large volumes in, which is good for the network. I'm not sure of the current implementation of replacement transactions, can anyone on the core team speak to this? Can I replace transactions, or is that part of the spec unimplemented or deprecated right now? Peter On Thu, Apr 26, 2012 at 8:49 AM, Peter Todd wrote: > It recently occured to me that we can use the public nature of the block > chain to create trusted identities, for a specific form of trust. > > Lets suppose Alice has some bitcoins held at bitcoin address A. She > wants to establish trust in the "identity" associated with the ECC > keypair associated with A, for instance for the purpose of having other > users trust her not to attempt to double spend. Since the trust she > seeks is financial in nature, she can do this by valuing the identity > associated with A, by delibrately throwing away resources. A simple way > to do this would of course be to transfer coins to a null address, > provably incurring a cost to her. > > A more socially responsible way would be for her to create a series of > transactions that happen to have large, and equal, transaction fees. > Bitcoin makes the assumption that no one entity controls more than 50% > of the network, so if she makes n of these transactions consecutively, > each spending m BTC to transaction fees, there is a high probability > that she has given up at least n/2 * m BTC of value. This of course is > all public knowledge, recorded in the block chain. It also increases the > transaction fees for miners, which will be very important for the > network in the future. > > Now Bob can easily examine the block chain, and upon verifying Alice's > trust purchase, can decide to accept a zero-confirmation transaction at > face value. If Alice breaks that promise, he simply publishes her signed > transaction proving that Alice is a fraudster, and future Bob's will > distrust Alice's trusted identity, thus destroying the value needed to > create it. > > In effect, we now have a distributed green address system. > > Now Alice could try to mount a double-spend attack on a whole bunch of > people at once, hoping to have them all accept the transaction. However > as it is the "just trust them" model works pretty well already. > > > A good usecase for this idea, beyond the obvious fast payments > application, is a distributed anonymizer. Alice can now publish her > request to anonymize coins, and other trusted identities can make their > bids. If Alice accepts a bid from Bob, she will want Bob to send her the > anonymized coins *prior* to her transaction going through, thus breaking > the temporal connection between the transactions. Now Alice can give Bob > the signed payment transaction, and Bob can submit his payment > transaction to the network first, knowing that Alice isn't going to try > to rip him off. Bob can also have a trusted identity which signed the > contract for the anonymizer transaction, and similarly if he rips Alice > off, she can publish it for the world to see. > > A more subtle effect, is this makes sybil attacks more difficult. To > pretend to be a thousand identities is going to now require 1,000 * n > coins, and attempting to pull this attack off inherently strengthens the > bitcoin network. Obviously we can apply this principle to other things > like tor nodes as well. > > -- > http://petertodd.org 'peter'[:-1]@petertodd.org > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJPmW6EAAoJEH+rEUJn5PoEZfEH/ixptlMX9MzP71bCHMkj7YN1 > y6GEkc1vNhyHu01NX77vzSqR4trbVnWJeJ5hH8EB5tgYRwmI17XoQW6Iz8yEXXgO > JqUKCTBBexGE+F5RfBkizJ9ap5wXwVrAOIMy/KurSdST+PWMXIPQFaGark01uKcG > M4VXg3U9fc/0Zz1QyKpRTI5O7ZSBqPzEh/Xf4TujR39nUtaI5mkT/bmA3+Te7oRT > 34QO7ryF7U001Xz2VJCfm9AE8mPPZjMavLTs/XvPSqTdliVCZpjGGHzcJ2BPrni5 > LEPBsBBxNsuwFGjnRobQwrkPtmYGFntseMLzCJ3iGXWYwedssBg2LLOx9QaXG04= > =PftQ > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Peter J. Vessenes CEO, CoinLab M: 206.595.9839 Skype: vessenes Google+ --e89a8f647b71b696bc04be9816fb Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
These are interesting thoughts, karma for bitcoi= ns essentially.

I would like CoinLab to publish a 'cost of subverting 1-n tra= nsactions with 90% probability' metric soon, and I think it would help = everyone to understand what that number is.

When we sta= rted out, you probably needed to wait 5 blocks for $10 or $20 of bitcoin va= lue transfer.

Now, I'd happily accept a $1k transaction with 1 confirmation.=A0
=

More diffic= ulty shortens the safe time we can transact large volumes in, which is good= for the network.

I'm not= sure of the current implementation of replacement transactions, can anyone= on the core team speak to this? Can I replace transactions, or is that par= t of the spec unimplemented or deprecated right now?

Peter
=
=A0

On Thu, Apr 26, 2012 at 8:49 AM, Peter Todd <pete@pete= rtodd.org> wrote:
It recently occured to me that we can use th= e public nature of the block
chain to create trusted identities, for a specific form of trust.

Lets suppose Alice has some bitcoins held at bitcoin address A. She
wants to establish trust in the "identity" associated with the EC= C
keypair associated with A, for instance for the purpose of having other
users trust her not to attempt to double spend. Since the trust she
seeks is financial in nature, she can do this by valuing the identity
associated with A, by delibrately throwing away resources. A simple way
to do this would of course be to transfer coins to a null address,
provably incurring a cost to her.

A more socially responsible way would be for her to create a series of
transactions that happen to have large, and equal, transaction fees.
Bitcoin makes the assumption that no one entity controls more than 50%
of the network, so if she makes n of these transactions consecutively,
each spending m BTC to transaction fees, there is a high probability
that she has given up at least n/2 * m BTC of value. This of course is
all public knowledge, recorded in the block chain. It also increases the transaction fees for miners, which will be very important for the
network in the future.

Now Bob can easily examine the block chain, and upon verifying Alice's<= br> trust purchase, can decide to accept a zero-confirmation transaction at
face value. If Alice breaks that promise, he simply publishes her signed transaction proving that Alice is a fraudster, and future Bob's will distrust Alice's trusted identity, thus destroying the value needed to<= br> create it.

In effect, we now have a distributed green address system.

Now Alice could try to mount a double-spend attack on a whole bunch of
people at once, hoping to have them all accept the transaction. However
as it is the "just trust them" model works pretty well already.

A good usecase for this idea, beyond the obvious fast payments
application, is a distributed anonymizer. Alice can now publish her
request to anonymize coins, and other trusted identities can make their
bids. If Alice accepts a bid from Bob, she will want Bob to send her the anonymized coins *prior* to her transaction going through, thus breaking the temporal connection between the transactions. Now Alice can give Bob the signed payment transaction, and Bob can submit his payment
transaction to the network first, knowing that Alice isn't going to try=
to rip him off. Bob can also have a trusted identity which signed the
contract for the anonymizer transaction, and similarly if he rips Alice
off, she can publish it for the world to see.

A more subtle effect, is this makes sybil attacks more difficult. To
pretend to be a thousand identities is going to now require 1,000 * n
coins, and attempting to pull this attack off inherently strengthens the bitcoin network. Obviously we can apply this principle to other things
like tor nodes as well.

--
http://petertodd.org= 'peter'[:-1]@pe= tertodd.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJPmW6EAAoJEH+rEUJn5PoEZfEH/ixptlMX9MzP71bCHMkj7YN1
y6GEkc1vNhyHu01NX77vzSqR4trbVnWJeJ5hH8EB5tgYRwmI17XoQW6Iz8yEXXgO
JqUKCTBBexGE+F5RfBkizJ9ap5wXwVrAOIMy/KurSdST+PWMXIPQFaGark01uKcG
M4VXg3U9fc/0Zz1QyKpRTI5O7ZSBqPzEh/Xf4TujR39nUtaI5mkT/bmA3+Te7oRT
34QO7ryF7U001Xz2VJCfm9AE8mPPZjMavLTs/XvPSqTdliVCZpjGGHzcJ2BPrni5
LEPBsBBxNsuwFGjnRobQwrkPtmYGFntseMLzCJ3iGXWYwedssBg2LLOx9QaXG04=3D
=3DPftQ
-----END PGP SIGNATURE-----

-----------------------------------------------------------------------= -------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122= 263/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment




--
Peter J. Vessenes
CEO, CoinLab
M: 206.595.9839
Skype: vessenes
= Google+

--e89a8f647b71b696bc04be9816fb--