MIME-Version: 1.0
Date: Fri, 20 Mar 2015 00:46:18 -0500
Message-ID: <CAFjbNjH01=TK1Xfy3W3FG6FO6yqBskPTeyBiVA5FMyR-auEtiQ@mail.gmail.com>
From: Brian Deery <brian@factom.org>
To: bitcoin-development@lists.sourceforge.net
Content-Type: multipart/alternative; boundary=001a113fb186dd353f0511b1d561
Subject: Re: [Bitcoin-development] My thoughts on the viability of the
	Factom token
Precedence: list

--001a113fb186dd353f0511b1d561
Content-Type: text/plain; charset=UTF-8

Greetings mailing list.

Not sure that this content is 100% appropriate here, but Peter Todd
invited me to post this for archival purposes.  The original thread
has been removed from the search results, but is still up here:
http://www.reddit.com/r/Bitcoin/comments/2z9k5p/factom_announces_launch_date_for_software_token/


I have added more thoughts too.


-----BEGIN REDDIT MESSAGE-----

> The idea behind Factom is to create a proof-of-publication medium where facts for some purpose can be published

That is only part of the story.  Factom is attempting to make a
publishing platform which is simultaneously censorship and spam
resistant.  This is what makes Bitcoin magical, and what Factom is
trying to accomplish.  Last Summer, I went down the road that you are
going down and kept coming up with a system that was susceptible to
either one or the other.  I gave the entities you described the
glorious name **Compaction Service Providers** (CSP) and even wrote
about it [here](https://github.com/FactomProject/FactomDocs/commit/2791c51917e3ecc65dc52bfc434ca6dec0b3a1fd)
back when we were Notarychains.  With free entry of CSPs, censorship
would be limited, but the entire system would get spammed quickly, and
there would not be a good way to accurately locate the data you
needed.  Without free entry, once a specific CSP (or proofchain
packager) was selected by a network, the CSP could selectively censor
within that network.  Lock in effects would be strong, so switching
the entire network over to a new CSP would be expensive.

The CSPs (and Proofchain packagers) could "exclude, delay, or reorder
the customer's timestamped entries".  This is fine as long as the CSP
doesn't have an incentive to do these things.

You claim that proofchains packagers will be the very business that
issues a stock.  Since stockholders are trusting the company to return
dividends in the first place, the trust can be expanded to managing
all the stock trades too.  In my mind, the company who issues the
stock still may game the system they control for their personal
benefit.  What is needed is a scalable disimpassioned 3rd party.
Something of the scale where if the company president calls up and
says "Delay these disfavored parties" that the packagers tell him his
company isn't big enough to push them around.

I think **Factom sits in a sweet spot between** your proposed
**centralized** solution **and** Bitcoin's anonymous membership
authority set (**Proof of Work**).  The Federated servers must
cooperate to move Factom forward, but like Bitcoin, require a majority
to effectively censor a transaction.  It is a whole lot easier to
censor with Proofchains.


>The issue is if the Factom servers ever publish a Factom ledger anchor in the Bitcoin blockchain but don't make the data available you have no way of proving...

Yes, to this point, Factom being forked is way worse than seizing up.
The Federated servers are constantly watching their peers and keeping
them honest.  Since we have a defined majority instead of an anonymous
membership set, if one Federated server goes rouge, the honest
majority will all place the correct anchor.  You will see 1 anchor
where someone is maybe trying to defraud you, and 31 anchors that have
the correct data.


> Those servers are voted in by a (quite complex) consensus algorithm

I had considered merge mining, but your [arguments against
it](https://letstalkbitcoin.com/ltb104-tree-chains-with-peter-todd/)
in reference to sidechains is compelling.  Without a majority of
miners, then the system is vulnerable to consensus attack.  We gain
the non-reversability by placing anchors in bitcoin without needing to
recruit mining pools.

We could have gone to proof of stake, but then someone who funded it
early on would have a disproportionate say in how the system was run.
Since we have the two step payment process, we can leverage that to
determine who is actively participating in the system, and let them
determine who sets policy.


>but ultimately they are trusted third parties that can break your ability to prove your Factom-secured records are honest

We are making the system so that it is visible if someone is trying to
do this, and the other members fight against it.

>skipping step #3 and the dependency on trusted third parties

But what you are proposing is a single trusted third party.


>is you have to pay transaction fees to do it
>we need Bitcoin transaction fees to rise greatly
I disagree.  Bitcoin is optimized for proving a negative over the
domain of Bitcoin value transactions.  Lets take a closed system like
Counterparty's current implementation.  To prove the negative (that an
asset has not been sent to someone else first) you need to parse the
entire Bitcoin blockchain looking for Counterparty transactions.  One
of two things will happen soon.  The 1MB limit will be raised, or not.

* Raised blocksize.  In order to see if your Counterparty asset was
doublespent, you will need to parse through many terabytes of Bitcoin
transactions to find the few MiB of Counterparty transactions.  You
would also need to wade through all the other embedded protocols like
Omni, ProofOfExistence.com, and all the others in your search for
Counterparty transactions.  Factom is setup so that interpreted
protocols like Counterparty do not need to wade through all other
protocol's data.

* Block limit stays.  Each Bitcoin transaction becomes expensive.
Each transaction might rise to $5, $10, $15, who knows.  Distributions
to asset holders would cost hundreds or thousands per dividend.


>I'm very skeptical about the long-term viability of Factom and the value of the Factom token.
>tl;dr: For the Facom token to rise in value we need Bitcoin transaction fees to rise greatly

You are making economic statements with technical arguments to back
them up.  I think the economics and technicals are not as tightly
bound as you imply.


TLDR:
Factom is trying to be a censorship and spam resistant disimpassioned
3rd party, like Bitcoin.

-----END REDDIT MESSAGE-----


I like to think in audited vs interpreted protocols.  Think Bitcoin vs
Counterparty.  Bitcoin won't let an invalid transaction into the
system.  Counterparty filters out invalid transactions after the fact.

Proofchains are good for audited protocols where there is a
predetermined auditor.  There is a gatekeeper who only adds in valid
transactions.

Factom is good for interpreted protocols.  A user's software will
filter out transactions which do not pass a ruleset that they agreed
to.

Both are immutable and serve as proof of publication (POP).  Sure the
POP in Factom is more complicated, but the publishing powers are
shared.

On the bitcoin wizards
[IRC](https://download.wpsoftware.net/bitcoin/wizards/2015-03-16.html),
phantomcircuit seems to have gotten close, the conversation resolved
with Alice burning her house down.

There are applications where proofchains will work just fine.  If you
are securing your own blockchian for your own data, proofchains will
work.  You are not worried about censoring yourself.

If two rivalrous institutions are sharing a blockchain, then giving
one of them exclusive power of making the blockchain is undesirable
for the non-authoritative institution.  No need to discuss that
arrangement anymore.

With threshold multisig, now multiple institutions would need to
cooperate amongst each other to create a communal blockchain. In this
example, a majority of keyholders can directly censor the minority.
The minority might have recourse like in Szabo's property club blog
post to fork the chain and start an alternate system, but if the
minority is too small, then the network will not jump to the fairer
fork.

OK, lets move authority to an industry group.  For something like
property records, it is shown to work in a centralized model.  Making
that model immutable with proofchains will certainly work.  Property
records are highly gated as of now at the county seat.  Transitioning
the county property database to a proofchains based POP will work.
They are audited records, and the auditor is predetermined.  They
already have censorship powers, and would in Factom too.  The only
difference would be that in proofchains an invalid record would not
exist, and in Factom, an invalid record would exist, but not be signed
by the county.

As the individual players in a system become more numerous and less
powerful, it becomes harder to have a disimpassioned industry group.
This is similar to politics where we see dispersed costs and
concentrated benefits.

Lets jump to the end and try to imagine how Counterparty would run on
proofchains.  Who would be the one to package the transactions?  The
counterpart devs can censor now, by updating the software to blacklist
certain addresses.  They are already the predetermined auditor.  The
Counterparty Foundation could package the transactions in a
proofchain.  The difference to me lies in how easy it is to censor.
It feels harder to censor by baking specific blacklists into the
software than keeping a blacklisted party from ever publishing at all.
One is very visible and the latter maybe not as much.  (Something like
proofchains is how I initially imagined Mastercoin and Counterparty
would work, since it seems silly to have every transaction be a BTC
transaction too.  I underestimated their desire for censorship
resistance.)


In the end it comes down to the data being published, and how/when it
is audited.  Proofchains prefilters data and couples the auditor with
the packager.  Factom allows the users to choose how they audit data
independent of the packager.  How much power do you want to invest in
one entity?  Factom allows splitting of those powers.

-Brian Deery

--001a113fb186dd353f0511b1d561
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><pre><font face=3D"arial, helvetica, sans-serif">Gree=
tings mailing list.

Not sure that this content is 100% appropriate here, but Peter Todd invited=
 me to post this for archival purposes.  The original thread has been remov=
ed from the search results, but is still up here:

<a href=3D"http://www.reddit.com/r/Bitcoin/comments/2z9k5p/factom_announces=
_launch_date_for_software_token/">http://www.reddit.com/r/Bitcoin/comments/=
2z9k5p/factom_announces_launch_date_for_software_token/</a>


I have added more thoughts too.


-----BEGIN REDDIT MESSAGE-----

&gt; The idea behind Factom is to create a proof-of-publication medium wher=
e facts for some purpose can be published

That is only part of the story.  Factom is attempting to make a publishing =
platform which is simultaneously censorship and spam resistant.  This is wh=
at makes Bitcoin magical, and what Factom is trying to accomplish.  Last Su=
mmer, I went down the road that you are going down and kept coming up with =
a system that was susceptible to either one or the other.  I gave the entit=
ies you described the glorious name **Compaction Service Providers** (CSP) =
and even wrote about it [here](<a href=3D"https://github.com/FactomProject/=
FactomDocs/commit/2791c51917e3ecc65dc52bfc434ca6dec0b3a1fd">https://github.=
com/FactomProject/FactomDocs/commit/2791c51917e3ecc65dc52bfc434ca6dec0b3a1f=
d</a>) back when we were Notarychains.  With free entry of CSPs, censorship=
 would be limited, but the entire system would get spammed quickly, and the=
re would not be a good way to accurately locate the data you needed.  Witho=
ut free entry, once a specific CSP (or proofchain packager) was selected by=
 a network, the CSP could selectively censor within that network.  Lock in =
effects would be strong, so switching the entire network over to a new CSP =
would be expensive.

The CSPs (and Proofchain packagers) could &quot;exclude, delay, or reorder =
the customer&#39;s timestamped entries&quot;.  This is fine as long as the =
CSP doesn&#39;t have an incentive to do these things. =20

You claim that proofchains packagers will be the very business that issues =
a stock.  Since stockholders are trusting the company to return dividends i=
n the first place, the trust can be expanded to managing all the stock trad=
es too.  In my mind, the company who issues the stock still may game the sy=
stem they control for their personal benefit.  What is needed is a scalable=
 disimpassioned 3rd party.  Something of the scale where if the company pre=
sident calls up and says &quot;Delay these disfavored parties&quot; that th=
e packagers tell him his company isn&#39;t big enough to push them around.

I think **Factom sits in a sweet spot between** your proposed **centralized=
** solution **and** Bitcoin&#39;s anonymous membership authority set (**Pro=
of of Work**).  The Federated servers must cooperate to move Factom forward=
, but like Bitcoin, require a majority to effectively censor a transaction.=
  It is a whole lot easier to censor with Proofchains.


&gt;The issue is if the Factom servers ever publish a Factom ledger anchor =
in the Bitcoin blockchain but don&#39;t make the data available you have no=
 way of proving...

Yes, to this point, Factom being forked is way worse than seizing up.  The =
Federated servers are constantly watching their peers and keeping them hone=
st.  Since we have a defined majority instead of an anonymous membership se=
t, if one Federated server goes rouge, the honest majority will all place t=
he correct anchor.  You will see 1 anchor where someone is maybe trying to =
defraud you, and 31 anchors that have the correct data. =20


&gt; Those servers are voted in by a (quite complex) consensus algorithm

I had considered merge mining, but your [arguments against it](<a href=3D"h=
ttps://letstalkbitcoin.com/ltb104-tree-chains-with-peter-todd/">https://let=
stalkbitcoin.com/ltb104-tree-chains-with-peter-todd/</a>) in reference to s=
idechains is compelling.  Without a majority of miners, then the system is =
vulnerable to consensus attack.  We gain the non-reversability by placing a=
nchors in bitcoin without needing to recruit mining pools.

We could have gone to proof of stake, but then someone who funded it early =
on would have a disproportionate say in how the system was run.  Since we h=
ave the two step payment process, we can leverage that to determine who is =
actively participating in the system, and let them determine who sets polic=
y.


&gt;but ultimately they are trusted third parties that can break your abili=
ty to prove your Factom-secured records are honest

We are making the system so that it is visible if someone is trying to do t=
his, and the other members fight against it.

&gt;skipping step #3 and the dependency on trusted third parties

But what you are proposing is a single trusted third party.


&gt;is you have to pay transaction fees to do it
&gt;we need Bitcoin transaction fees to rise greatly
I disagree.  Bitcoin is optimized for proving a negative over the domain of=
 Bitcoin value transactions.  Lets take a closed system like Counterparty&#=
39;s current implementation.  To prove the negative (that an asset has not =
been sent to someone else first) you need to parse the entire Bitcoin block=
chain looking for Counterparty transactions.  One of two things will happen=
 soon.  The 1MB limit will be raised, or not. =20

* Raised blocksize.  In order to see if your Counterparty asset was doubles=
pent, you will need to parse through many terabytes of Bitcoin transactions=
 to find the few MiB of Counterparty transactions.  You would also need to =
wade through all the other embedded protocols like Omni, ProofOfExistence.c=
om, and all the others in your search for Counterparty transactions.  Facto=
m is setup so that interpreted protocols like Counterparty do not need to w=
ade through all other protocol&#39;s data.

* Block limit stays.  Each Bitcoin transaction becomes expensive.  Each tra=
nsaction might rise to $5, $10, $15, who knows.  Distributions to asset hol=
ders would cost hundreds or thousands per dividend. =20


&gt;I&#39;m very skeptical about the long-term viability of Factom and the =
value of the Factom token.
&gt;tl;dr: For the Facom token to rise in value we need Bitcoin transaction=
 fees to rise greatly

You are making economic statements with technical arguments to back them up=
.  I think the economics and technicals are not as tightly bound as you imp=
ly.


TLDR:
Factom is trying to be a censorship and spam resistant disimpassioned 3rd p=
arty, like Bitcoin.

-----END REDDIT MESSAGE-----


I like to think in audited vs interpreted protocols.  Think Bitcoin vs Coun=
terparty.  Bitcoin won&#39;t let an invalid transaction into the system.  C=
ounterparty filters out invalid transactions after the fact.

Proofchains are good for audited protocols where there is a predetermined a=
uditor.  There is a gatekeeper who only adds in valid transactions.

Factom is good for interpreted protocols.  A user&#39;s software will filte=
r out transactions which do not pass a ruleset that they agreed to.

Both are immutable and serve as proof of publication (POP).  Sure the POP i=
n Factom is more complicated, but the publishing powers are shared.

On the bitcoin wizards [IRC](<a href=3D"https://download.wpsoftware.net/bit=
coin/wizards/2015-03-16.html">https://download.wpsoftware.net/bitcoin/wizar=
ds/2015-03-16.html</a>), phantomcircuit seems to have gotten close, the con=
versation resolved with Alice burning her house down. =20

There are applications where proofchains will work just fine.  If you are s=
ecuring your own blockchian for your own data, proofchains will work.  You =
are not worried about censoring yourself.

If two rivalrous institutions are sharing a blockchain, then giving one of =
them exclusive power of making the blockchain is undesirable for the non-au=
thoritative institution.  No need to discuss that arrangement anymore.

With threshold multisig, now multiple institutions would need to cooperate =
amongst each other to create a communal blockchain. In this example, a majo=
rity of keyholders can directly censor the minority.  The minority might ha=
ve recourse like in Szabo&#39;s property club blog post to fork the chain a=
nd start an alternate system, but if the minority is too small, then the ne=
twork will not jump to the fairer fork.

OK, lets move authority to an industry group.  For something like property =
records, it is shown to work in a centralized model.  Making that model imm=
utable with proofchains will certainly work.  Property records are highly g=
ated as of now at the county seat.  Transitioning the county property datab=
ase to a proofchains based POP will work.  They are audited records, and th=
e auditor is predetermined.  They already have censorship powers, and would=
 in Factom too.  The only difference would be that in proofchains an invali=
d record would not exist, and in Factom, an invalid record would exist, but=
 not be signed by the county.

As the individual players in a system become more numerous and less powerfu=
l, it becomes harder to have a disimpassioned industry group.  This is simi=
lar to politics where we see dispersed costs and concentrated benefits. =20

Lets jump to the end and try to imagine how Counterparty would run on proof=
chains.  Who would be the one to package the transactions?  The counterpart=
 devs can censor now, by updating the software to blacklist certain address=
es.  They are already the predetermined auditor.  The Counterparty Foundati=
on could package the transactions in a proofchain.  The difference to me li=
es in how easy it is to censor.  It feels harder to censor by baking specif=
ic blacklists into the software than keeping a blacklisted party from ever =
publishing at all.  One is very visible and the latter maybe not as much.  =
(Something like proofchains is how I initially imagined Mastercoin and Coun=
terparty would work, since it seems silly to have every transaction be a BT=
C transaction too.  I underestimated their desire for censorship resistance=
.)


In the end it comes down to the data being published, and how/when it is au=
dited.  Proofchains prefilters data and couples the auditor with the packag=
er.  Factom allows the users to choose how they audit data independent of t=
he packager.  How much power do you want to invest in one entity?  Factom a=
llows splitting of those powers.


</font>-Brian Deery</pre></div></div>

--001a113fb186dd353f0511b1d561--