Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 447FBC000B for ; Thu, 3 Mar 2022 12:59:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 2AF5040385 for ; Thu, 3 Mar 2022 12:59:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 0.813 X-Spam-Level: X-Spam-Status: No, score=0.813 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=suredbits-com.20210112.gappssmtp.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k_CqWDR_9vo6 for ; Thu, 3 Mar 2022 12:59:07 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) by smtp2.osuosl.org (Postfix) with ESMTPS id 9668940018 for ; Thu, 3 Mar 2022 12:59:07 +0000 (UTC) Received: by mail-qk1-x731.google.com with SMTP id g24so3790961qkl.3 for ; Thu, 03 Mar 2022 04:59:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suredbits-com.20210112.gappssmtp.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=dGX/7yNsGZJomgQ+diUT2m38gVvUOY6LYS/bGLCapuY=; b=J29eYIGXWt1rI1j6kqC+GF8cWsZG4JdW7nDdSQ4qMsv+wiGQJg22Hl1F40vP9aPyDI oAwhMVkOXFHpqGAoeeBxZ72dMYS3kzS33YvvKe9+YpSk/he7VECW4ASDr4yHIdHElgAL ACr7+iB6S3dxnRUbtiOe3VyCr6mWUNks2RxqMnmLi+qUyP70Y3uA5ivKdK/zaHWedYw0 pS+Yoo+fwscRK2FXPa5c2DL/pd+/gcFT1tDjUQIYyJ8CT3ba4VwLEh3SIY3VT1aiSZvF lSzfNy6YZ4nFbY1gsx8pbCOv6qsHiHs9tjUf1fITp3buIoU/yhMyR956AmgL72CtUpji 2Mlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=dGX/7yNsGZJomgQ+diUT2m38gVvUOY6LYS/bGLCapuY=; b=cgWCz4sxDvZHfcz/MFPD73i455+lokbhb99G0inpBcMyOpjHF93FOlpHHUvogjxPtE ut2ek5SQR8eIYC9vwVJ6ixkvPS8DoVmIeLRgHNzJPKRsij0gUULK5mAftjEgBsj92vgu uUPdCvH+G5Oeb5sPruW3P2f1mN+jmcQkHpKkGnncn0WdStZKrGNPyVCu4ooe5vQ36+wr MphRIYJo6p+Glt+h0Qct7Bvf1NrUH7gWYCPhG2xgv+fgNpD4nrmk6P1S4ONuuoPyh4mF al2gdJscOlZY9qJKvvM4u8qiFAA99tnUcSETjKrT/vZhAsiuAiIFxFsniskQ6UnjS6Ed RZbA== X-Gm-Message-State: AOAM532ujX9bClWgMardl7E7UbHVwr3lJiI5pxErY9hbv7Ri+Hl+LTHM e7DZHwRua05/5LBzWrHMAzcKsxUUPSL/L36IZUzfSQ== X-Google-Smtp-Source: ABdhPJxFokdiJJIP9kb366smHcokCHnNodjvcWNs5CDkxWP6R1YGcWHe4xfeGtl18hEWZWzd7PLWztKYMtLsr/wTJn0= X-Received: by 2002:a37:af81:0:b0:5f1:9172:7c3f with SMTP id y123-20020a37af81000000b005f191727c3fmr19008539qke.665.1646312346036; Thu, 03 Mar 2022 04:59:06 -0800 (PST) MIME-Version: 1.0 From: Chris Stewart Date: Thu, 3 Mar 2022 06:58:55 -0600 Message-ID: To: dlc-dev@mailmanlists.org, Christian Decker via bitcoin-dev Content-Type: multipart/alternative; boundary="00000000000093425505d94ff69a" X-Mailman-Approved-At: Thu, 03 Mar 2022 16:36:32 +0000 Subject: [bitcoin-dev] Recurring bitcoin/LN payments using DLCs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2022 12:59:09 -0000 --00000000000093425505d94ff69a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable DLCs are typically thought to be used for betting. Alice & Bob want to speculate on an event, and have bitcoin payouts rewarded to them if they bet correctly. The oracle determines what event occurred and produces attestations representing that outcome. Recently I had a conversation with a friend about implementing recurring subscriptions with Discreet Log Contracts. At a high level, you should think about this working like ACH. If you are purchasing a subscription from Netflix, they will deduct $20 from your bank account every month. To do this, you give them your credit card information. You can do this with Discreet Log Contracts. It requires a slightly modified DLC setup. Netflix would create an oracle representing a monthly subscription. They require that users setup DLCs to them that will be executed at the end of the month. Alice, a subscriber to Netflix, creates a unilaterally funded DLC to Netflix. She creates adaptor signatures for her payment and sends them to Netflix. No bitcoin transaction is required to create this subscription since the DLC is unilaterally funded. Alice can =E2=80=9Ccancel=E2=80=9D the subscrip= tion at any time by spending from the utxo she is using to fund the DLC. At the end of the month, Netflix attests that it is time to charge Alice for her subscription. Netflix takes its own attestation and decrypts Alice=E2=80=99s adaptor signature to get her signature to send funds to Net= flix. Netflix publishes the settlement transaction for the DLC which pays Netflix it=E2=80=99s subscription fee for the next month. Netflix also publishes a = new announcement for next month so that Alice can create a new DLC subscription= . Netflix needs to give Alice a bitcoin address to pay to. The information Alice is required to send Netflix is 1. Her utxo used to fund the DLC 2. Her adaptor signature representing her monthly subscription to netflix. Netflix must verify the adaptor signatures are correct and the utxo exists. Why is this useful? It's very convenient for a user to give access to withdraw a certain amount of money from a bank account at a given time in the future. This is how recurring payments work in tradfi. This brings the same principle to bitcoin payments. DLCs also give you the power to specify how much the service can withdraw. For instance, with Netflix, they shouldn=E2=80=99t have the ability to with= draw thousands of dollars worth of bitcoin. The monthly service fee is $20. With DLCs, you can cryptographically enforce that they will only receive $20. They cannot withdraw more or less money than they are authorized to. There may be concerns about Netflix being both the oracle and the entity receiving a monthly payment. I would argue this is mitigated by the fact that the service provider could steal at most one months worth of service fees for users of the subscription. After users get scammed once, they will cancel their future subscription and distrust the service. The key feature is the amount of money in the subscription is predetermined, thus the oracle cannot withdraw excess funds if they are evil. ### QA Does the DLC use a 2 of 2 multisig between Netflix and Alice? No, the DLC is unilaterally funded by Alice. This allows her to create the subscription without an onchain transaction, and also allows her to cancel the subscription at any time. She cancels the subscription by double spending the utxo. Can Netflix steal all the money in the funding output? No, Alice=E2=80=99s adaptor signatures allow Netflix to withdraw a specific= amount of bitcoin. The change is sent back to an address Alice controls. Both of these outputs are protected by the adaptor signature. Is there a perverse incentive for Netflix to be the oracle and receive the subscription? The most Netflix can steal in this setup is one months worth of subscription fees across the entire customer base. In this setup, Alice is accepting that risk for the convenience of auto withdrawals from her bitcoin wallet. Remember, Alice can cancel the subscription at any time she wants by spending from the funding utxo. --00000000000093425505d94ff69a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

DLCs are typically thought to be used for betting. Alice & Bob want to= speculate on an event, and have bitcoin payouts rewarded to them if they b= et correctly. The oracle determines what event occurred and produces attest= ations representing that outcome.


Recently I had a conversation with a = friend about implementing recurring subscriptions with Discreet Log Contrac= ts. At a high level, you should think about this working like ACH. If you a= re purchasing a subscription from Netflix, they will deduct $20 from your b= ank account every month. To do this, you give them your credit card informa= tion.


You can do this with Discreet Log Contracts. It requires a slight= ly modified DLC setup. Netflix would create an oracle representing a monthl= y subscription. They require that users setup DLCs to them that will be exe= cuted at the end of the month. Alice, a subscriber to Netflix, creates a un= ilaterally funded DLC to Netflix. She creates adaptor signatures for her pa= yment and sends them to Netflix.=C2=A0


No bitcoin transaction is requ= ired to create this subscription since the DLC is unilaterally funded. Alic= e can =E2=80=9Ccancel=E2=80=9D the subscription at any time by spending fro= m the utxo she is using to fund the DLC.


At the end of the month, Netfl= ix attests that it is time to charge Alice for her subscription. Netflix ta= kes its own attestation and decrypts Alice=E2=80=99s adaptor signature to g= et her signature to send funds to Netflix. Netflix publishes the settlement= transaction for the DLC which pays Netflix it=E2=80=99s subscription fee f= or the next month. Netflix also publishes a new announcement for next month= so that Alice can create a new DLC subscription.


Netflix needs to give= Alice a bitcoin address to pay to.=C2=A0


The information Alice is requ= ired to send Netflix is


  1. Her utxo used to fund the DLC

  2. Her adaptor signature representin= g her monthly subscription to netflix.


Netflix must verify t= he adaptor signatures are correct and the utxo exists.


Why is this usef= ul?


It's very convenient for a user to give access to withdraw a ce= rtain amount of money from a bank account at a given time in the future. Th= is is how recurring payments work in tradfi. This brings the same principle= to bitcoin payments.


DLCs also give you the power to specify how much the se= rvice can withdraw. For instance, with Netflix, they shouldn=E2=80=99t have= the ability to withdraw thousands of dollars worth of bitcoin. The monthly= service fee is $20. With DLCs, you can cryptographically enforce that they= will only receive $20. They cannot withdraw more or less money than they a= re authorized to.

There may be concerns about Netflix being both the oracle= an= d t= he entity receiving a monthly payment. I would argue this is mitigated by t= he fact that the service provider could steal at most one months worth of s= ervice fees for users of the subscription. After users get scammed once, th= ey will cancel their future subscription and distrust the service. The key = feature is the amount of money in the subscription is predetermined, thus t= he oracle cannot withdraw excess funds if they are evil.


### QA<= /p>

Doe= s the DLC use a 2 of 2 multisig between Netflix and Alice?


No, the DLC = is unilaterally funded by Alice. This allows her to create the subscription= wi= thout an onchain transaction, and also allows her to cancel the subscription a= t any time. She cancels the subscription by double spending the utxo.


C= an Netflix steal all the money in the funding output?


No, Alice=E2=80= =99s adaptor signatures allow Netflix to withdraw a specific amount of bitc= oin. The change is sent back to an address Alice controls. Both of these ou= tputs are protected by the adaptor signature.


Is there a perverse incen= tive for Netflix to be the oracle and receive the subscription?

<= br>

The mos= t Netflix can steal in this setup is one months worth of subscription fees = across the entire customer base. In this setup, Alice is accepting that ris= k for the convenience of auto withdrawals from her bitcoin wallet. Remember= , Alice can cancel the subscription at any time she wants by spending from = the funding utxo.

--00000000000093425505d94ff69a--