1.04.2021

Bitcoin vs Digital Collectible Currency (DCC) in overcoming technical challenges

Archive: Wayback, Archive.is

Here I will list the problems laid out in the Bitcoin white paper with digital currencies, how bitcoin (a decentralized digital currency DDC) solved them, and how a Digital Collectible Currency (DCC) can also solve them.  We will also discuss which format has better solutions to which problems.

Verification of ownership of a coin 

Bitcoin

Digital signatures are used with public/private key encryption

DCC

Digital signatures are used with public/private key encryption

Creation and distribution of coins

Bitcoin

Bitcoin solves the creation and distribution of coins by having a challenge every 10 minutes where one lucky miner will win and get awarded a set number of coins.  Basically a lottery where the price of a ticket is energy usage.  

Basically in Bitcoin, you buy an ASIC and work on a hash problem that there is no way to figure out the right answer, you have to try every possible solution.  The lucky one who finds the right solution first, wins.

DCC

A DCC solves the creation and distribution of coins by letting miners create and complete a challenge on their own or in a group that meets the requirements of the coin.

You create your own challenge, and don't need any connection to the network to both create the challenge and complete it.

In our DCC, you generate a large random number that is the right bit length, and then you factor it using a CPU/GPU combo.  The prime factorization is the solution and earns you a coin.

Pro's and Con's 

In bitcoin the miner has to be constantly connected to the internet and has to compete within time limits.  In a DCC the miner never has to connect to the internet and can mine at their own pace.  

Everyone can earn coins simultaneously in a DCC whereas only one person can earn coins every 10 minutes in bitcoin.  

Also in bitcoin ASIC's are the most powerful miners which price out normal people from earning coins by mining.  In a DCC consumer grade APU's (CPU GPU combo like a laptop, desktop, or smartphone) will be the most efficient miner until quantum computers can compete in several decades for GNFS factorization. 

Bitcoin may be more resistant to quantum computers because it uses an NP-complete algorithm whereas our version of a DCC uses an NP-hard algorithm.  However DCC is much more resistant to acceleration in GPU's, FPGA's, and ASIC's.  Also a DCC can be designed that uses NP-complete algorithm if desired.  In any case quantum computers are decades off that would be able to complete the factorizations that everyday computers can complete today.

DCC has a very serious advantage in the creation and distribution of coins.

Sending coins

Bitcoin

In bitcoin, coins are assigned to your public key to which only you know the private key to claim them.  You then sign a transaction that verifies that you give a coin to another person's public key.  Once this transaction becomes a part of the blockchain, you can no longer spend it, and the person you gave it to can spend it at will.

DCC 

In a DCC coins are assigned to a public key that only you know the private key for just like bitcoin.  But to spend the coin, you must give the private key to another person off-chain.  So using encrypted messaging, bluetooth, snail mail, passing a note, or verbally, etc.  Now both you and the recipient know the private key.  The recipient then needs to send a message to the network in order to change the private key so they are the only ones that can spend it in the future.

Pro's and Con's

In bitcoin everything is on-chain, so you do not need to open up a side communication channel to send coins.  In a DCC you need to comunicate with the other party directly likely via either encrypted communication like email or wallet to wallet or physically with bluetooth.  Bitcoin has a distinct advantage here, but it is also nice that in a DCC you can send coins without internet connection.  With bitcoin you can receive coins without an internet connection, which you cannot do with a DCC (unless you trust the person to not double spend it, or you get it via bluetooth from a phone app that somehow prevents double spending).

In bitcoin you need to wait up to 1 hour for your transaction to be confirmed in the network.  In a DCC when someone changes the private key to receive coins, they can immediately ping the network and see if it was verified and integrated.  DCC has the potential for much faster transactions than bitcoin, however bitcoin's transactions would likely be more secure on average.

Bitcoin has the lead here for ease of sending coins if you have an internet connection but are not in-person.

DCC has the lead here for speed of transactions.

The DCC has the lead here for in-person point of sale, the merchant would need to be connected to the internet but the buyer would not need to be and transactions would be faster than bitcoin and likely cheaper.

Preventing double spend

Double spend is where someone gives their coin to multiple people at once and therefore gets more products than he can afford.

Bitcoin

Double spending is prevented by a blockchain; that is an unbroken chain of transactions that cannot be reordered or changed without re-completing the proof-of-work faster than the rest of the honest network.

DCC

Double spending is prevented by allowing the receiver of the coin to change the private key of the coin they are given.  The receiver pings nodes in the network to confirm that the private key of the coin was changed to their private key, and no one else's.

Pro's and Con's

Bitcoin requires less coordination between nodes to prevent double spend.  A new miner can simply see what the longest blockchain is, and accept that as objectively the true and correct chain.

DCC requires coordination between nodes.  You will have to look for a consensus of nodes to know what the true ledger is.  Likely some nodes will be more trusted than others so you will value their ledger as more correct.  Bad nodes can be blacklisted from the network and their staked coins erased.  Also nodes could require a subscription or connection fee to download or collaborate with or send a transaction to their ledger.  This will likely even out with bitcoin, since there are no transactions on the DCC ledger, you will not have to pay transaction fees in a DCC.

Bitcoin has a more cohesive and authoritative and rigid way to prevent double spend.  But in practice and network code optimization, DCC should become quite close and be more flexible if errors are later found, unlike bitcoin.

Incentives 

Bitcoin

Bitcoin incentivizes nodes by requiring nodes to be constantly connected to the network and have an up-to-date ledger to mine for the currency, collect transaction fees, and to send it.

DCC

DCC incentivizes nodes by requiring a connected node to securely receive payments.  Node runners might also require a fee to connect to them and declare that you received a payment.

Pro's and Con's

Bitcoin using mining to incentivize running network nodes has an advantage here, but in practice, I expect roughly equal numbers of nodes in either setup.

Divisibility

Bitcoin

In bitcoin the mining reward is very highly divisible.  However it needs to be because there are so few mining rewards.  There is an ultimate indivisible amount called the Satoshi which is a set and small fraction of a bitcoin.

DCC

In a DCC, each mining challenge awards the miner with the smallest unit possible of the currency which cannot be further subdivided.  This is similar to the satoshi in bitcoin.  In our DCC this doesn't matter as much since there is no limit to how many people can be solving challenges at once.  The difficulty of the problem can be set, and adjusted, so that the coin maintains a relatively constant value if desired.

Pro's and Con's 

While bitcoin is clearly more divisible than DCC in theory, in practice DCC could be difficulty adjusted to make each reward worth a small amount similar to a satoshi or a penny (or more preferably a dollar).

Price stability

Bitcoin

Bitcoin's price is not designed to be stable.  Bitcoin is designed to have an ever increasing value by having ever diminishing supply.  Also there are liquidity crises every block halving which occurs roughly every 4 years.

DCC

The price can be very stable in a DCC.  A price target can be set and the challenge difficulty adjusted to keep the price fixed on whatever is desired.  If the price rises, the difficulty can be lowered so more supply comes on the market.  If the price falls, difficulty can be raised to reduce supply.  A consensus of nodes would be required to set the numbers minimum bit length to be factored to be awarded a coin.  Adjusting the difficulty can make mined coins less fungible until they are accepted to the network in which case even if later the bit length is no longer adequate, the coin would still be valid.  The varying requirements only effect newly mined coins being accepted onto the network.  So if your factors currently don't meet the requirements, you can sit on it until the difficulty lowers in which case you can submit it to the network.

Pro's and Con's

DCC clearly has an advantage in price stability, but at the cost of potential loss of fungibility of some mined coins that are still in-process when difficulty requirements change.  Difficulty adjustment can be done at set intervals like monthly or yearly to prevent miner frustration.

Privacy

Bitcoin

In bitcoin everything is transparent but pseudonymous, there is no identity linked to a public key.  However if a public key can be linked to an identity like through using off-chain exchanges, your entire history can be tracked if you are using that one public key.  Ways around this is to own many public keys that are not linked to exchanges and only connected to your other public keys through obfuscated routing of transactions through 3rd party intermediates.  Sophisticated tools could likely still use metadata techniques to figure out what your likely public keys are.

DCC 

In a DCC each coin has a separate public and private key.  Therefore there is no way to link together the keys to which you own without somehow snooping on your off-chain communications.

Pro's and Con's

DCC has much stronger privacy built in.  Mining and sending coins can have 100% unbreakable privacy since it can be done without an internet connection.  Receiving coins requires a node and IP address so thus can potentially be spied on, but much less so than bitcoin.

Vulnerabilities

Bitcoin

Bitcoin's biggest vulnerability is a 51% attack.  This can happen when a miner or colluding group of miners achieve 51% of the hash-power of the network.  When this happens a coin can basically be destroyed at will causing a fork in the chain.  Non-colluding miners can be prevented from mining and transactions of non colluding actors can be stopped.  It is basically a hostile takeover.  It can also be done in secret.

There is nothing that can be done to mitigate this risk.

DCC

A DCC is vulnerable to a large group of bad colluding nodes that will accept your private key change request, but later reverse it in order to double spend the coin.  This would happen on a transaction by transaction basis and cannot effect the network as a whole unlike the 51% attack on bitcoin.

This can be mitigated by reporting your key change to nodes that are trusted, either by experience or by them having staked coins.  Bad nodes that reverse transactions can be blacklisted from the network and their staked coins erased.  Nodes are disposable, and having a fork in the nodes does not effect the security of the coin unlike bitcoin.

Pro's and Con's

Bitcoin has the lead here for casual everyday transactions being more secure.  There is forced consensus on bitcoin whereas in a DCC the consensus is voluntary.  Node software would likely have to undergo constant research and development to develop protocols that make the network as consensus attaining as possible complete with incentivizing good behavior and punishing bad behavior.

DCC has the lead here for no "Currency destroying" vulnerabilities like the 51% attack.  Many altcoins have died due to 51% attack, and it is only a matter of time to bitcoin also succumbing.

1.02.2021

Toppling the Blockchain: A prime factorization, digital collectible based currency

Archives: Wayback, Archive.is

Bitcoin talk and Archive and Another

The blockchain is top heavy.

The chain can restructure and can throw off the previous awards.  This is why many confirmations of a transaction are needed, to limit the possibilities of a chain restructuring throwing a wrench in your transaction.  This slows down transactions.  China could be secretly mining bitcoin off-chain right now as we speak, and a year from now send their blockchain and destroying all transactions in the last year for example.  This system is flawed.

Also in current cryptocurrencies, only one person can win coins every 10 or so minutes, and therefore they need to be easily tradable.  But what if everyone could earn coins on their own relatively quickly, and even allow for mining offline? (offline mining).  In this idea the miner could always be offline, the only person that needs an internet connection is the person a miner is transferring coins to.

No transactions on-chain.

The secret is that we don't need transactions.  We don't have to facilitate the transfer of the value.  All we need is something (a ledger) that keeps track of which public key owns a coin.  In order to trade the crypto, you wouldn't send the coin to another public key, you would just give the person your private key to the coin.  

First you can prove you own a coin by signing a transaction using your private key to verify you own the public key that owns a coin.  Then someone can give you a product, and you can then give them the private key.  See below heading of "Preventing double spend" for how double spending is prevented in this system.

You could send the private key to another person using encrypted communication, Bluetooth, the mail, verbally, etc.  This is fine because you can have one coin per private key if you want, that way if you want to send someone 10 coins, you just send them 10 private keys.  Or you can assign 10 coins to one key if you want.  It doesn't matter.

Prime Factorization

In our case a "coin" is a prime factorization of a certain length number.  For "coins" to be fungible, the length of number shouldn't change throughout the life of the cryptocurrency.  However there could be a roadmap where every year or month or something you have to factor one more digit number.  So the first year for example would be 300 digit numbers, second year would be 301 digit, or something like that.  

For example we can choose 300 digit numbers, and your prime factorization must be of a 300 digit number that is created, in part, by hashing your public key.  If it was just any random 300 digit number, it would be too easy because you wouldn't have to factor the number to create the prime factorization, you could just multiply random prime numbers together until you got a composite number of 300 digits.  By requiring using the public key hash, it forces you to actually factor a number.  We can also require that the number be odd and that there can be no prime factors greater than 1/2 the length, so no factors bigger than 150 digits.  This negates any "easy to factor" numbers.  We can also stipulate the first and last digits cannot be zeroes to also prevent someone from just searching for easy to factor numbers by adjusting their nonce.

The distributed ledger would look something like this:


Public Key:                                 Nonce:                            Prime factors:                      

H45JY4O9LCVW5G                 346573                            3, 3, 3, 5, 5, 11, 17...                    

JW45OLGU792POQ                 648293                            3, 3, 5, 5, 5, 17, 19...                                                    578208                            7, 7, 11, 11, 13, 17...

NW34KIW87MN24                  825401                            5, 5, 17, 19, 19, 23...                       


The prime factorization represents the prime factors of a compound number that is 300 digits long.  By just multiplying together all the prime factors you can verify that it gives a 300 digit long number that is the product of hashing the given public key with the nonce.  This nonce can be anything and can be selected by the miner randomly.  The public key also can be created by the miner as a hash of their private key and would have to fulfill requirements like types of characters used, length, etc. The number to factor (given as the hash of the nonce and public key) can be greater than 300 digits (preferably using Skein 1024), and truncated down to it's first 300 digits.

Notice that the public key "JW4..." owns 2 coins.  This can be done, but is discouraged.  It is best if each key only owns 1 coin so that you cannot link multiple coins to the same person.  However it is valuable for staking as described in the "staking" section below.

Updating the network of nodes

So say someone sends a message to the network that they just factored a 300 digit number.  They send their public key, the nonce, the prime factorization, and a signature that verifies they own the private key to the public key (that last step is optional, some may want to mine for others public keys without knowing the private key, however making sure the miner owns the key might be best to prevent slavery).  

Now, as a node maintaining a ledger, here is what you do to verify.  You hash the public key with the nonce and truncate to get a 300 digit number.  Next you multiply all the prime factors together and verify it equals that 300 digit number.

If everything checks out, you add a line to your database that says this public key owns this prime factorization; basically that the public key owns a coin.

Preventing double spend

Double spend is one of the only viable ways I can think of to attack this network.  However it really isn't hard to overcome it.

When a transaction happens and the miner wants to send the coin they just mined to compensate someone, they send that person the private key to that coin. Now, what is to stop him from sending the private key to multiple people at once?  Or what is to stop them from remembering (copying) the private key so they continue to have access to it?  

Well, we need another step where the receiver can ensure that they are the only one who has the key. When the recipient receives the private key to the public key, she immediately sends a new message to the network, signed with the current private key (that the giver still knows), of changing the public key to a new number.  She would hash the current public key with her newly chosen private key (that the giver does not know), and a nonce if desired; creating a new public key that the previous owner can no longer claim. A "paper trail" would be kept by the network of what the original public key was, and what it was changed to.  The original public key would need to be always kept so the prime factorization could always be verified.

Bad Nodes

Bad nodes are the only other way that I can forsee an attack on the network.  The way it would work is a bad actor would make a bunch of nodes (not trivial to get many public ip addresses).  Next they would send a coin, the reciever would change the public key of the coin using a new private key, the reciever now thinks they own the coin and give the bad node person a product.  But now that the bad node has the product, they could delete the entry that said the public key was changed.  Or they can create a fraudulent transaction to replace the real transaction that changes the public key to something they themselves have a private key for instead.  This is a double spending attack as well.  This attack can also be done in bitcoin.

So to get around this it might be necessary to not only ping a dozen random nodes that the trasaction has been verified before handing over the product.  You would likely do that but also ping some "trusted nodes" that you know have been honest before.  Also the staking thing below could help determine trusted nodes.  If a bad node is found out, they can be labled a "bad node" and be blacklisted (and their staked coins blacklisted and lost).

Staking


Another thing that could be done is staking, basically a node can be required to sign for (prove ownership of) several coins to make sure that his node has coins staked to its public key, which might increase good behavior.  If there is bad behavior those coins can be mutually deleted from everyone else's ledger.  In this case it would make sense for all the coins to be under one public key, so if that node ever gets blacklisted, coins from that public key would be deleted from all ledgers.  Staking could be optional, and nodes with more at stake, could be rated more highly by people's software wallets.  The higher rated you are, the more people will trust your ledger.

Why run a node?


In bitcoin, not many people run nodes.  Usually only miners run nodes and that is so they can mine.  Mining is basically what incentivizes people to run nodes.  But another reason in bitcoin to run a node is so that you can add transactions to the network.  You have to be running a node connected to the network to send it transactions.
 
In our case, you also need to be running a node to send a transaction to the network.  However you do not need to be running a node to either mine nor send a person a coin.  The only person that needs to have a node running is the person receiving the coin, so they can change the private key via sending a message to the network.

Also donations can be another reason.  If a person is a well respected node, then people could potentially donate coins to them.  Also if a bad node tries to "take back" the coins they gave you, you can alert a trusted node of this and they can help you take back your coins by showing their timestamp for your transaction was before the bad nodes fraudulent transaction.  A good node going to bat helping you recover your transaction might tend to get them tips.

More ideas on incentivizing good nodes would be welcome.

Benefit: "instant" transactions


The transactions are not perfectly instant and they also need an internet connection to confirm by the receiving party,  however they are as fast as possible.  There is no waiting arbitrary lengths of time (blocktimes) for confirmation, you simply send the transaction to the network, then ping the network to make sure it verified and implemented your transaction.  You would likely ping a dozen random nodes or some trusted nodes to make sure they got your transaction. Nodes would likely also ping each-other to make sure their ledgers are all in agreement or dispute discrepancies.

Benefit: improves encryption security 

One benefit to this design is this ledger would be a list of however-many-digit compound numbers, which will narrow down the search for primes in this space, and these primes used to create more secure encryption.  If someone does find a 300 digit prime number, that could certainly be used as a type of coin as well, but those are much less asymmetric, meaning that it is easier to check number for primality than to factor them, and also they are much slower to verify they are prime than multiplying together prime factors.  So unfortunately for this coin design, primes would likely not be useful.  However perhaps another coin can be designed that uses prime numbers exclusively and you can send the primes you find to that network instead.

Another extremely valuable benefit to this coin design is in determining safety of various length RSA numbers.  RSA numbers have had a bounty on them to see if anyone can factor them, to track how safe RSA numbers are for encryption.  These bounties offered large sums of money to see how big of a number could be factored with current technology.  Instead of offering bounties, researchers could watch this coin and get a real-time gauge of how safe RSA numbers are for cryptography in the wild for free; an extremely valuable service.

References:

B-Money

BitGold 

Bitcoin

(Note: I was only familiar with bitcoin white paper before formulating this idea, but it finds an almost identical design as b-money, and solves a few of it's questions.  Also the notion of "digital collectible" is similar to how BitGold defined it.)

Cypherpunk history This history states that b-money is vulnerable to Sybil attacks, which it is by making each node get one vote, but it did include the staking of coins to run a node which dis-incentivizes this.  In our protocol, each node is not equal and does not get an equal vote, trustworthy nodes would get more vote than others based on the choice of which nodes the person sending a coin uses to verify their transaction.  Staking in our design is a voluntary and variable and the users of the coin are the ones who vote on which nodes are trustworthy by who's ledger they trust.

I have been following the digital renminbi and think this would be a good decentralized competitor.

Topplcoin, toppl, topplecoin, restcoin, restfulcoin, flatcoin, off-chain, offcoin