Toppling the Blockchain: A prime factorization, digital collectible based currency

Archives: Wayback, Archive.is

Bitcoin talk and Archive and Another

The blockchain is top heavy.

The chain can restructure and can throw off the previous awards.  This is why many confirmations of a transaction are needed, to limit the possibilities of a chain restructuring throwing a wrench in your transaction.  This slows down transactions.  China could be secretly mining bitcoin off-chain right now as we speak, and a year from now send their blockchain and destroying all transactions in the last year for example.  This system is flawed.

Also in current cryptocurrencies, only one person can win coins every 10 or so minutes, and therefore they need to be easily tradable.  But what if everyone could earn coins on their own relatively quickly, and even allow for mining offline? (offline mining).  In this idea the miner could always be offline, the only person that needs an internet connection is the person a miner is transferring coins to.

No transactions on-chain.

The secret is that we don't need transactions.  We don't have to facilitate the transfer of the value.  All we need is something (a ledger) that keeps track of which public key owns a coin.  In order to trade the crypto, you wouldn't send the coin to another public key, you would just give the person your private key to the coin.  

First you can prove you own a coin by signing a transaction using your private key to verify you own the public key that owns a coin.  Then someone can give you a product, and you can then give them the private key.  See below heading of "Preventing double spend" for how double spending is prevented in this system.

You could send the private key to another person using encrypted communication, Bluetooth, the mail, verbally, etc.  This is fine because you can have one coin per private key if you want, that way if you want to send someone 10 coins, you just send them 10 private keys.  Or you can assign 10 coins to one key if you want.  It doesn't matter.

Prime Factorization

In our case a "coin" is a prime factorization of a certain length number.  For "coins" to be fungible, the length of number shouldn't change throughout the life of the cryptocurrency.  However there could be a roadmap where every year or month or something you have to factor one more digit number.  So the first year for example would be 300 digit numbers, second year would be 301 digit, or something like that.  

For example we can choose 300 digit numbers, and your prime factorization must be of a 300 digit number that is created, in part, by hashing your public key.  If it was just any random 300 digit number, it would be too easy because you wouldn't have to factor the number to create the prime factorization, you could just multiply random prime numbers together until you got a composite number of 300 digits.  By requiring using the public key hash, it forces you to actually factor a number.  We can also require that the number be odd and that there can be no prime factors greater than 1/2 the length, so no factors bigger than 150 digits.  This negates any "easy to factor" numbers.  We can also stipulate the first and last digits cannot be zeroes to also prevent someone from just searching for easy to factor numbers by adjusting their nonce.

The distributed ledger would look something like this:

Public Key:                                 Nonce:                            Prime factors:                      

H45JY4O9LCVW5G                 346573                            3, 3, 3, 5, 5, 11, 17...                    

JW45OLGU792POQ                 648293                            3, 3, 5, 5, 5, 17, 19...                                                    578208                            7, 7, 11, 11, 13, 17...

NW34KIW87MN24                  825401                            5, 5, 17, 19, 19, 23...                       

The prime factorization represents the prime factors of a compound number that is 300 digits long.  By just multiplying together all the prime factors you can verify that it gives a 300 digit long number that is the product of hashing the given public key with the nonce.  This nonce can be anything and can be selected by the miner randomly.  The public key also can be created by the miner as a hash of their private key and would have to fulfill requirements like types of characters used, length, etc. The number to factor (given as the hash of the nonce and public key) can be greater than 300 digits (preferably using Skein 1024), and truncated down to it's first 300 digits.

Notice that the public key "JW4..." owns 2 coins.  This can be done, but is discouraged.  It is best if each key only owns 1 coin so that you cannot link multiple coins to the same person.  However it is valuable for staking as described in the "staking" section below.

Updating the network of nodes

So say someone sends a message to the network that they just factored a 300 digit number.  They send their public key, the nonce, the prime factorization, and a signature that verifies they own the private key to the public key (that last step is optional, some may want to mine for others public keys without knowing the private key, however making sure the miner owns the key might be best to prevent slavery).  

Now, as a node maintaining a ledger, here is what you do to verify.  You hash the public key with the nonce and truncate to get a 300 digit number.  Next you multiply all the prime factors together and verify it equals that 300 digit number.

If everything checks out, you add a line to your database that says this public key owns this prime factorization; basically that the public key owns a coin.

Preventing double spend

Double spend is one of the only viable ways I can think of to attack this network.  However it really isn't hard to overcome it.

When a transaction happens and the miner wants to send the coin they just mined to compensate someone, they send that person the private key to that coin. Now, what is to stop him from sending the private key to multiple people at once?  Or what is to stop them from remembering (copying) the private key so they continue to have access to it?  

Well, we need another step where the receiver can ensure that they are the only one who has the key. When the recipient receives the private key to the public key, she immediately sends a new message to the network, signed with the current private key (that the giver still knows), of changing the public key to a new number.  She would hash the current public key with her newly chosen private key (that the giver does not know), and a nonce if desired; creating a new public key that the previous owner can no longer claim. A "paper trail" would be kept by the network of what the original public key was, and what it was changed to.  The original public key would need to be always kept so the prime factorization could always be verified.

Bad Nodes

Bad nodes are the only other way that I can forsee an attack on the network.  The way it would work is a bad actor would make a bunch of nodes (not trivial to get many public ip addresses).  Next they would send a coin, the reciever would change the public key of the coin using a new private key, the reciever now thinks they own the coin and give the bad node person a product.  But now that the bad node has the product, they could delete the entry that said the public key was changed.  Or they can create a fraudulent transaction to replace the real transaction that changes the public key to something they themselves have a private key for instead.  This is a double spending attack as well.  This attack can also be done in bitcoin.

So to get around this it might be necessary to not only ping a dozen random nodes that the trasaction has been verified before handing over the product.  You would likely do that but also ping some "trusted nodes" that you know have been honest before.  Also the staking thing below could help determine trusted nodes.  If a bad node is found out, they can be labled a "bad node" and be blacklisted (and their staked coins blacklisted and lost).


Another thing that could be done is staking, basically a node can be required to sign for (prove ownership of) several coins to make sure that his node has coins staked to its public key, which might increase good behavior.  If there is bad behavior those coins can be mutually deleted from everyone else's ledger.  In this case it would make sense for all the coins to be under one public key, so if that node ever gets blacklisted, coins from that public key would be deleted from all ledgers.  Staking could be optional, and nodes with more at stake, could be rated more highly by people's software wallets.  The higher rated you are, the more people will trust your ledger.

Why run a node?

In bitcoin, not many people run nodes.  Usually only miners run nodes and that is so they can mine.  Mining is basically what incentivizes people to run nodes.  But another reason in bitcoin to run a node is so that you can add transactions to the network.  You have to be running a node connected to the network to send it transactions.
In our case, you also need to be running a node to send a transaction to the network.  However you do not need to be running a node to either mine nor send a person a coin.  The only person that needs to have a node running is the person receiving the coin, so they can change the private key via sending a message to the network.

Also donations can be another reason.  If a person is a well respected node, then people could potentially donate coins to them.  Also if a bad node tries to "take back" the coins they gave you, you can alert a trusted node of this and they can help you take back your coins by showing their timestamp for your transaction was before the bad nodes fraudulent transaction.  A good node going to bat helping you recover your transaction might tend to get them tips.

More ideas on incentivizing good nodes would be welcome.

Benefit: "instant" transactions

The transactions are not perfectly instant and they also need an internet connection to confirm by the receiving party,  however they are as fast as possible.  There is no waiting arbitrary lengths of time (blocktimes) for confirmation, you simply send the transaction to the network, then ping the network to make sure it verified and implemented your transaction.  You would likely ping a dozen random nodes or some trusted nodes to make sure they got your transaction. Nodes would likely also ping each-other to make sure their ledgers are all in agreement or dispute discrepancies.

Benefit: improves encryption security 

One benefit to this design is this ledger would be a list of however-many-digit compound numbers, which will narrow down the search for primes in this space, and these primes used to create more secure encryption.  If someone does find a 300 digit prime number, that could certainly be used as a type of coin as well, but those are much less asymmetric, meaning that it is easier to check number for primality than to factor them, and also they are much slower to verify they are prime than multiplying together prime factors.  So unfortunately for this coin design, primes would likely not be useful.  However perhaps another coin can be designed that uses prime numbers exclusively and you can send the primes you find to that network instead.

Another extremely valuable benefit to this coin design is in determining safety of various length RSA numbers.  RSA numbers have had a bounty on them to see if anyone can factor them, to track how safe RSA numbers are for encryption.  These bounties offered large sums of money to see how big of a number could be factored with current technology.  Instead of offering bounties, researchers could watch this coin and get a real-time gauge of how safe RSA numbers are for cryptography in the wild for free; an extremely valuable service.





(Note: I was only familiar with bitcoin white paper before formulating this idea, but it finds an almost identical design as b-money, and solves a few of it's questions.  Also the notion of "digital collectible" is similar to how BitGold defined it.)

Cypherpunk history This history states that b-money is vulnerable to Sybil attacks, which it is by making each node get one vote, but it did include the staking of coins to run a node which dis-incentivizes this.  In our protocol, each node is not equal and does not get an equal vote, trustworthy nodes would get more vote than others based on the choice of which nodes the person sending a coin uses to verify their transaction.  Staking in our design is a voluntary and variable and the users of the coin are the ones who vote on which nodes are trustworthy by who's ledger they trust.

I have been following the digital renminbi and think this would be a good decentralized competitor.

Topplcoin, toppl, topplecoin, restcoin, restfulcoin, flatcoin, off-chain, offcoin


Thank you for your feedback! Sharing your experience and thoughts not only helps fellow readers but also helps me to improve what I do!