Archives: Wayback, Archive.is,
Bitcoin talk and Archive and Another
The blockchain is top heavy.
The chain can restructure and can throw off the previous awards. This is why many confirmations of a transaction are needed, to limit the possibilities of a chain restructuring throwing a wrench in your transaction. This slows down transactions. China could be secretly mining bitcoin off-chain right now as we speak, and a year from now send their blockchain and destroying all transactions in the last year for example. This system is flawed.
Also in current cryptocurrencies, only one person can win coins every
10 or so minutes, and therefore they need to be easily tradable. But
what if everyone could earn coins on their own relatively quickly, and even allow for mining offline? (offline mining). In this idea the miner could always be offline, the only person that needs an internet connection is the person a miner is transferring coins to.
No transactions on-chain.
The secret is that we don't need transactions. We don't have to facilitate the transfer of the value. All we need is something (a ledger) that keeps track of which public key owns a coin. In order to trade the crypto, you wouldn't send the coin to another public key, you would just give the person your private key to the coin.
First you can prove you own a coin by signing a transaction using your private key to verify you own the public key that owns a coin. Then someone can give you a product, and you can then give them the private key. See below heading of "Preventing double spend" for how double spending is prevented in this system.
You could send the private key to another person using encrypted communication, Bluetooth, the mail, verbally, etc. This is fine because you can have one coin per private key if you want, that way if you want to send someone 10 coins, you just send them 10 private keys. Or you can assign 10 coins to one key if you want. It doesn't matter.
Prime Factorization
In our case a "coin" is a prime factorization of a certain length number. For "coins" to be fungible, the length of number shouldn't change throughout the life of the cryptocurrency. However there could be a roadmap where every year or month or something you have to factor one more digit number. So the first year for example would be 300 digit numbers, second year would be 301 digit, or something like that.
For example we can choose 300 digit numbers, and your prime factorization must be of a 300 digit number that is created, in part, by hashing your public key. If it was just any random 300 digit number, it would be too easy because you wouldn't have to factor the number to create the prime factorization, you could just multiply random prime numbers together until you got a composite number of 300 digits. By requiring using the public key hash, it forces you to actually factor a number. We can also require that the number be odd and that there can be no prime factors greater than 1/2 the length, so no factors bigger than 150 digits. This negates any "easy to factor" numbers. We can also stipulate the first and last digits cannot be zeroes to also prevent someone from just searching for easy to factor numbers by adjusting their nonce.
The distributed ledger would look something like this:
Public Key: Nonce: Prime factors:
H45JY4O9LCVW5G 346573 3, 3, 3, 5, 5, 11, 17...
JW45OLGU792POQ 648293 3, 3, 5, 5, 5, 17, 19... 578208 7, 7, 11, 11, 13, 17...
NW34KIW87MN24 825401 5, 5, 17, 19, 19, 23...
The prime factorization represents the prime factors of a compound number that is 300 digits long. By just multiplying together all the prime factors you can verify that it gives a 300 digit long number that is the product of hashing the given public key with the nonce. This nonce can be anything and can be selected by the miner randomly. The public key also can be created by the miner as a hash of their private key and would have to fulfill requirements like types of characters used, length, etc. The number to factor (given as the hash of the nonce and public key) can be greater than 300 digits (preferably using Skein 1024), and truncated down to it's first 300 digits.
Notice that the public key "JW4..." owns 2 coins. This can be done, but
is discouraged. It is best if each key only owns 1 coin so that you
cannot link multiple coins to the same person. However it is valuable for staking as described in the "staking" section below.
Updating the network of nodes
So say someone sends a message to the network that they just factored a 300 digit number. They send their public key, the nonce, the prime factorization, and a signature that verifies they own the private key to the public key (that last step is optional, some may want to mine for others public keys without knowing the private key, however making sure the miner owns the key might be best to prevent slavery).
Now, as a node maintaining a ledger, here is what you do to verify. You hash the public key with the nonce and truncate to get a 300 digit number. Next you multiply all the prime factors together and verify it equals that 300 digit number.
If everything checks out, you add a line to your database that says this public key owns this prime factorization; basically that the public key owns a coin.
Preventing double spend
Double spend is one of the only viable ways I can think of to attack this network. However it really isn't hard to overcome it.
When a transaction happens and the miner wants to send the coin they just mined to compensate someone, they send that person the private key to that coin. Now, what is to stop him from sending the private key to multiple people at once? Or what is to stop them from remembering (copying) the private key so they continue to have access to it?
Well, we need another step where the receiver can ensure that they are the only one who has the key. When the recipient receives the private key to the public key, she immediately sends a new message to the network, signed with the current private key (that the giver still knows), of changing the public key to a new number. She would hash the current public key with her newly chosen private key (that the giver does not know), and a nonce if desired; creating a new public key that the previous owner can no longer claim. A "paper trail" would be kept by the network of what the original public key was, and what it was changed to. The original public key would need to be always kept so the prime factorization could always be verified.
Bad Nodes
Bad nodes are the only other way that I can forsee an attack on the network. The way it would work is a bad actor would make a bunch of nodes (not trivial to get many public ip addresses). Next they would send a coin, the reciever would change the public key of the coin using a new private key, the reciever now thinks they own the coin and give the bad node person a product. But now that the bad node has the product, they could delete the entry that said the public key was changed. Or they can create a fraudulent transaction to replace the real transaction that changes the public key to something they themselves have a private key for instead. This is a double spending attack as well. This attack can also be done in bitcoin.
So to get around this it might be necessary to not only ping a dozen random nodes that the trasaction has been verified before handing over the product. You would likely do that but also ping some "trusted nodes" that you know have been honest before. Also the staking thing below could help determine trusted nodes. If a bad node is found out, they can be labled a "bad node" and be blacklisted (and their staked coins blacklisted and lost).
Staking
Why run a node?
Benefit: "instant" transactions
Benefit: improves encryption security
One benefit to this design is this ledger would be a list of however-many-digit compound numbers, which will narrow down the search for primes in this space, and these primes used to create more secure encryption. If someone does find a 300 digit prime number, that could certainly be used as a type of coin as well, but those are much less asymmetric, meaning that it is easier to check number for primality than to factor them, and also they are much slower to verify they are prime than multiplying together prime factors. So unfortunately for this coin design, primes would likely not be useful. However perhaps another coin can be designed that uses prime numbers exclusively and you can send the primes you find to that network instead.
Another extremely valuable benefit to this coin design is in determining safety of various length RSA numbers. RSA numbers have had a bounty on them to see if anyone can factor them, to track how safe RSA numbers are for encryption. These bounties offered large sums of money to see how big of a number could be factored with current technology. Instead of offering bounties, researchers could watch this coin and get a real-time gauge of how safe RSA numbers are for cryptography in the wild for free; an extremely valuable service.
References:
(Note: I was only familiar with bitcoin white paper before formulating this idea, but it finds an almost identical design as b-money, and solves a few of it's questions. Also the notion of "digital collectible" is similar to how BitGold defined it.)
Cypherpunk history This history states that b-money is vulnerable to Sybil attacks, which it is by making each node get one vote, but it did include the staking of coins to run a node which dis-incentivizes this. In our protocol, each node is not equal and does not get an equal vote, trustworthy nodes would get more vote than others based on the choice of which nodes the person sending a coin uses to verify their transaction. Staking in our design is a voluntary and variable and the users of the coin are the ones who vote on which nodes are trustworthy by who's ledger they trust.
I have been following the digital renminbi and think this would be a good decentralized competitor.
Topplcoin, toppl, topplecoin, restcoin, restfulcoin, flatcoin, off-chain, offcoin
밀양출장샵
ReplyDelete사천출장샵
구미출장샵
강진출장샵
구미출장샵
사천출장샵
영주출장샵
제주도출장안마
ReplyDelete제주도출장안마
총판출장안마
총판출장안마
총판출장안마
고고출장안마
심심출장안마
제주출장안마