Bitcoin Forum

AliasCoin: How To Send Money To "Satoshi" Instead of "1TE6a7tvT..."

SUMMARY

One of the chief obstacles to mainstream acceptance of cryptocurrency is the reliance on public keys to transfer funds. Such character strings are long, very difficult to memorize, non-intuitive and intimidating to new users. This proposal suggests a method by which any cryptocurrency could utilize a dedicated blockchain ("AliasCoin") to enable sending funds to a "normal" ASCII name/address such as "Satoshi".

INTRODUCTION

Imagine a bitcoin client in which you could send funds to a name like "Satoshi" or "FordMotorCompany" instead of the long, complex character strings we deal with now. This post outlines a proposal for an Alias Registry situated on a dedicated blockchain. The Alias Registry would tie a simple ASCII text string such as your name to a public key in a secure manner, enabling any other cryptocurrency to search the registry and direct transactions to the appropriate target address based on the assigned alias.

HOW IT COULD WORK

To establish an alias on the Registry users would simply submit a transaction specifying
1. The desired alias ("Satoshi")
2. One or more corresponding public keys
3. Signatures proving control of the listed key(s)
4. A registrar payment in AliasCoin.

The payment would be calculated based on how long a user wanted to register the Alias, counted in blocks. Once the Aliascoin blockchain exceeded the expiration block, the Alias would be recognized as expired, though subsequent transactions could always extend the registration duration. (It is anticipated that transactions on other blockchains such as bitcoin to an expired alias would be rejected as invalid.)

Multiple public keys on separate blockchains could be registered to the same alias. For example, "JohnDoe" could register separate keys for Bitcoin, Ethereum and Zcash in one transaction. Senders sending JohnDoe funds from each blockchain would each be able to simply direct their funds to JohnDoe, with each blockchain retrieving the appropriate public key from the Alias Registry.

The end result would be a universal Alias Registry that all cryptocurrencies could employ, once they implemented the ability to look up Aliases in the registry when they encounter a target address that is not a valid public key in their own blockchain. Users would (for a presumably trivial fee) be able to use and share easily-remembered names instead of long text strings to receive payments.

THE REGISTRAR

There had to be a catch, and here it is. I do not see an alternative to the use of a central registrar to handle Alias registrations. I am wide open to suggestions on this. The registrar would receive Alias registrations from users, verify there is no breach of a Trademark (including verifying the identity of the registering user in cases of Trademark use), and then publish the Alias registration to the blockchain. In other words, users would not directly publish their alias registrations, they would have to go thru the Registrar for verification.

Why is a central registrar body unavoidable? Because 5 minutes after launching AliasCoin without a registrar, we'd see people registering "DonaldTrump" and "IRS" and "FordMotorCompany" who have no valid connection to those names. And then we'd forever be reading about the millions of $$$ that scammers were raking in with control of those aliases.

So a global registrar body would be needed to police the system, including having the ability to cancel out invalid registrations (such as in the case of a judicial decision against a defendant in a trademark dispute) prior to their expiration. The registrar would only have the ability to delete/cancel registrations, not to alter them or unilaterally add them.

I emphasize that use of aliases would be strictly voluntary, and I'm open to ideas of how to keep the Registrar body accountable and user-friendly as possible, while protecting the public from bad actors. (SEE ADDENDUM 3) For example, the Registrar could also cancel alias registrations made by scam artists upon criminal conviction, though this needs to be explored carefully.

How would the Registrar be funded? I anticipate that the registration fees mentioned above could be directed to the Registrar to fund their operations. Such operations should be transparent and handled on a non-profit basis with full auditability via the AliasCoin blockchain, with the fee per # of blocks duration for each alias registration floating based on funding requirements. Again, I'm open to ideas how to refine/improve this. (SEE ADDENDUM 2)


A FEW OTHER COMMENTS AND OPEN ISSUES

It is anticipated that as people bought AliasCoins to purchase registrations, some would be held for future use. This would help ensure the AliasCoins would hold some value, necessary for the funding of the Registrar. I do not anticipate that Aliascoin would have significant other financial functions (and would discourage such use).

PoW, PoS? I'm open to suggestions on how mining would be conducted. If PoW, recent history with bitcoin biases me against the use of algorithms for which ASICs are available, to support decentralization.

Care should be taken to ensure that a public key used in an alias registration is solely identified with one blockchain when registered. We cannot anticipate future forks, but it is imperative that users cannot send funds to an alias and have it misinterpret the connected keys and send funds into a black hole.

For example, Mary hears John needs pizza money. She knows he uses the alias JohnDoe, so she sends him $20 worth of Ethereum using the JohnDoe alias. Only, JohnDoe has never had an Ethereum account/wallet, only one for Ethereum Classic. So he has a key in his alias registration that looks valid for Ethereum, but isn't. He doesn't even know Mary sent him funds because she forgot about it afterwards. A solution to situations like this needs to be implemented, anyone have any ideas? Is this what is meant by Replay protection? What about the thousand altcoins out there, are the keys used for each identifiably unique?

I know there are downsides to re-using public keys, and so an alias registration tied to a single public key that will be heavily used obviously conflicts with the best practice of not re-using public keys. Any suggestions to mitigate this issue would be appreciated.

Finally, each blockchain needs to know that they are reaching the correct AliasCoin blockchain, not a spoof of it, when checking alias registrations. I think this is simple enough, each transaction should include a co-signature from the Registrar proving they published it with a unique signed message, but wanted to mention it in case there are related attack vectors to defeat. (There should not be a need to verify # of confirmations in the Aliascoin blockchain for recent registrations if all transactions are being approved/published by the Registrar.)

ENDNOTE

I believe the use of Aliases could provide a big step forward in ease of use for mainstream adoption. To anyone concerned with the reliance on a registrar, I would point out that the use of aliases would be completely voluntary, and that I just don't see an alternative. Trademark infringement and scamming would explode without it.

I'm not a programmer or coin developer, so I'm just throwing this idea out for the community to consider. If it seems worthwhile and workable my hope is that a team with the right skills will step forward to start working on it. Since literally any cryptocurrency can benefit from it if developers choose to support it, I hope it proves a blessing to cryptocurrency adoption in general.

The concept of an alias registry actually dates from a project I brainstormed back in ~2014. I eventually shelved the project due to its complexity and the fact that it required ultra-high transaction capacities (far in excess of the VISA network). So I decided I'd dust it off once options like the Lightning Network became available. I only just realized this morning that the Alias concept could be applied completely independently and the benefits could be shared with everyone right now.

If this idea bears any relationship to other proposals out there that have already been explored or even implemented, I apologize for being unaware of them. It's not my intent to waste anyone's time.

Throwing it open for discussion...



ADDENDUM 1: WHY A BLOCKCHAIN?

It occurs to me that people may ask, if you are going to need a centralized registrar, why even bother with a blockchain? Why not just trust them to keep the alias-key pairs on a private database?

The answer is that such databases can be hacked, and there would be tremendous incentive to do so if the use of aliases become widespead in cryptocurrency. The most secure method of storing information is on a blockchain. It is hackproof and unalterable apart from defined transaction types. The registrar would need to exercise due care to keep its own keys safe (presumably utilizing some form of multi-sig).

Perhaps it might be necessary to implement a feature by which the public keys used by the Registrar could be "invalidated" on the blockchain - that is, if any given key used by the Registrar was lost/stolen/compromised, the Registrar should be able to send a multi-sig transaction to the blockchain that invalidates the use of the compromised key in any future transaction on the blockchain. Thus even if an attacker obtained several keys over time from the Registrar, it would be unable to use them if the hacks were detected. (Recommendation: The Registrar could make it a practice to invalidate keys it uses at a regular frequency, introducing new ones, to mitigate the risk of undetected thefts.)

Also note that the Registrar should not be able to spoof Alias registrations. Alias registration submissions from users should include a signature (or signatures) proving that they control each of the keys listed in their alias registration. This would improve trust in the use of a registrar, since they can only delete alias registrations (such as in a case of trademark infringement), never alter or add them unilaterally.

ADDENDUM 2 - MINER-FUNDED REGISTRAR?

This is another rough idea I worked out in my original project. The idea here is that registration fees would be paid to the miners (like in bitcoin) rather than the Registrar. To fund the Registrar, miners would have the ability to generate Aliascoins with each block that would be paid to a public key issued by the Registrar. The funds going to the Registrar would be in ADDITION to the regular miner payout per block, and could be specified within some range by the miner.

Thus miners believing the Registrar is overfunded could cut back funding, and those believing it underfunded could increase funding, both with no direct impact to the miner. Miners would be incentivized to not overfund the registrar because it would dilute the value of their own mined coins, and would be incentivized not to underfund it because it would risk the smooth functioning of the Registrar that upholds the value of the Aliascoin project and the value of their own coins.

Whether this is workable and would achieve the right balance needs to be carefully explored. But I thought it an idea worth mentioning, because...

ADDENDUM 3 - A REPLACEABLE REGISTRAR?

This is more speculative, but bear with me. What if it was possible in principle to replace the Registration body with a competing organization in one fell swoop through a democratic process? As an anology, what if the economic majority could vote on whether they preferred Core or Bitcoin Unlimited as being in control of the Bitcoin protocol?

Here is the proposed method: The Aliascoin protocol would include a voting mechanism (such as Dash, etc. employ), in which each coin counts as one vote. The more coins you have, the more voting power. Votes would be tallied based which public key you support - the one of the current Registrar, or one published by a competitor.

Depending on the exact rules for determining a victory (plurality, majority, majority after run-off, etc.), the funds allocated by miners would automatically go to the public key of the winning Registrar body. Moreover, only the winning body holding that public key would be able to submit registrations to the blockchain, effectively acting as the official Registrar. The keys employed by a Registrar driven from power would no longer be accepted for such duty. (I leave it for developers to determine the exact method to do this and how it could be made secure.)

Why on earth might we want the ability to change the Registrar?

1. It is anticipated that the Registrar would also take a lead role as developer for the blockchain. In case of serious conflicts such as the Core/BU debate this would provide a mechanism for resolution of the debate.

2. Insofar as the Registrar is made up of real people in real locations, the Registrar body could be subjected to intimidation or other coercive acts, or even physically replaced, by local/national authorities or organized crime. The voting mechanism would enable the community to disenfranchise such a compromised or corrupted Registrar, replacing it with a fresh body that obtains the most support.

In any event, the Registrar body would need to uphold two linked ideals: The protection of properly trademarked material to the best of their ability, and the prevention of criminal exploitation of aliases.

In other words, this will never happen.

The world is full of examples of centralized organizations, for better and for worse. Can you give me a more detailed reason why you think having a registrar automatically is worse than the value provided?

I've already explained how the Registrar would be structured so it could only eliminate registrations, not alter them nor create them on behalf of others. It would basically just be a filter. The worst thing that could happen is people complaining that they couldn't get their preferred alias accepted due to some perceived slight, leaving them no worse than they are today.

A for effort.  Lots of issues.  Keep trying.

If a registrar has the ability to cancel registrations after the fact (you indicated that it could cancel due to a court ruling), then it effectively has the ability to edit registrations because it could cancel a registration, then create a new registration.

This would also make any cryptocurrency that utilizes said central registrar be subject to censorship.

I think this semi-centralized model could work, but would have a relative low level of acceptation with "hardcore-bitcoiners" and a decentralized system would be better.

There are several alias systems in the altcoin space, starting with good ol' Namecoin, but there is also NXT, Emercoin, Steem, NEM and some others. Most of them enable the registrants to receive payments using their alias name as "address".

So why not simply integrate one of these systems into Bitcoin, or if it is not desirable, in a future BTC sidechain?

The "centralized registrar" could be replaced in the following way:
- install a PoS voting system
- specify a special category of aliases which are more complicated to register and are meant for official names
- this category should have the following properties:
1) very costly to register
2) a majority of stakeholders must vote for the proposal

That would make the registration of an "morally not acceptable" name of this category more difficult. Not impossible, but there is always the legal system that could be used if there is a severe infringement of trademarks etc..

Note also that all (centralized and decentralized) "registrar" systems would have severe problems in an international system if two trademarks of two different countries get in conflict. So I think there is no perfect solution for this.

(I think the thread belongs in the "Project development" section, as there is a sidechain involved)

No. The Registrar would have no ability to create a new registration with altered data. It could only cancel one.

The world is full of organizations with much more power than this that we rely on every day. The list is literally endless. So while I expected this to be a hurdle, I would hope that we can move off this point.

Thanks for the info and comments. I'm fine with moving the thread if that's more appropriate. I agree some won't want anything to do with it and that's fine so long as they don't dedicate themselves to FUDing it.

I've wondered about the likelihood of conflict over trademarks and if there is a current international framework for resolving such disputes. I've been hoping to avoid/minimize the degree to which my proposed Registrar would need sanctioning by governments, but it's probably a safe assumption that it would need to demonstrate a scrupulous and consistent effort to honor existing trademarks or it would itself become a defendant in litigation.

There are probably many forms the Alias concept can be implemented and had how it would be managed with respect to trademarks and disputes. Hopefully the best one can be worked out and implemented so everyone can take advantage.

If they approve registrations, then nothing would stop them from approving an arbitrary entity's registration for an alias that has nothing to do with the entity, including an entity controlled by the registry.

Ahh, I see your point now. So a corrupt Registrar could assign a trademarked or otherwise economically valuable alias to themselves or accomplices. Problems with this idea:

1. The governance mechanism I suggest above (Addendum 3) could be used to replace a corrupted Registrar if things got significantly bad.
2. Infringed parties and defrauded parties would rapidly learn of the corrupt actions, and would know that the Registrar was involved either as the instigating party, an accomplice, or responsible through negligence. All three would rapidly put the Registrar in the crosshairs for litigation as well as a governance challenge as noted in #1 above if they didn't correct things ASAP and make amends if anything but negligence was involved.

Just thinking out loud here... a more complicated but more decentralized approach to this alias concept would be to allow for multiple competing registrars in a free market. It would be more complex because your alias would also need to identify which registrar needs to be consulted to look up the corresponding key. For example "John@ABC" for ABC Registrar versus "John@XYZ" for XYZ registrar.

I was hoping to avoid such complications, but it would allow for things like national registrar bodies and/or free market competition. Shady registrars could be blacklisted by various parties, with legal pressure, boycotts and sanctions against them to discourage corruption. So it might be worth it, and might simply be needed to deal with trademark disputes across national boundaries that cannot be otherwise resolved.

I like that already more. Registrars could be voted in a similar way "delegates" are voted in DPOS currencies like Bitshares or Lisk - by a Proof of Stake vote of the "whales" of the sidechain. Or, if it's a merged-mined sidechain, also the miners could have voting power like suggested for a future "Drivechain".

As of the name issue: Couldn't there simply be one single namespace that would have to be used by all registrars? So the additional step probably could be avoided, or am I understanding something wrong?

If you solve all your other issues you are still stuck with this - which is your biggest problem.  This affects Bitcoin at a fundamental level, privacy and fungibility.

If, instead of registering a Bitcoin address, you registered a place to get a Bitcoin address (a URL?) then the entity could hand out new addresses every time the "place to get addresses" was accessed.

Of course this is even further removed from the idea of Bitcoin and has even more security issues/concerns.

Back in the day there was the firstbits project, which aimed to provide a canonical shorter version of bitcoin addresses.  As people decided that you shouldn't be reusing addresses, this fell out of favor.

I actually own the first bits "1BurtW", pretty cool, still works, you can look it up, etc.  However now everyone knows all of my transactions on that address.  I no longer support address reuse, first bits, or this proposal (unless it solves the address reuse issue).  Ideally all addresses should be used exactly twice:  once to receive BTC and once to be spent.

I also met the guy that invented first bits (FreeMoney).  He moved away from Boulder, does not come here to bitcointalk anymore so I lost touch with him.

This is where I get out of my depth very quickly. I don't know what is technically possible in terms of being able to quickly search and/or route transactions if the alias used could come from any of a number of blockchains. There is also the question of how to prevent the same alias being used on two blockchains run by two different registrars. The latter issue can probably be resolved through some sort of universally agreed rule of precedence.

Well, yeah, that would be pretty centralized and require trust in the issuer. If schemes like mine did not come to fruition though, I could actually see somewhat trusted institutions (by the general public) doing something like that as mainstream acceptance grew. For example, a major bank doing just what you said in return for a micropayment, or as a free service to customers keeping their funds with them. That could be canny marketing.

But let's do something better before it comes to that...

I was just thinking this morning that something like an Ethereum smart contract might be capable of issuing unique public keys within the context of an Aliascoin type project. And lo and behold, it appears I'm not the only one thinking along the lines of using aliases in place of public keys:

http://www.coindesk.com/ethereum-name-service-prepares-take-off/

"For example, it will be much easier to do simple things like send ether (the token of the ethereum blockchain) to 'alice.wallet.eth' or pull up content on Swarm (etherum's decentralized storage space) by typing 'alice.swarm.eth', rather than cutting and pasting, or worse having to type, '0x123f681646d4a755815f9cb19e1acc8565a0c2ac'."

Good to see a project like this moving forward, especially if all crypto can take advantage of it.

Yeah, how many stories have we heard about mistaken addresses. I've only done it once, thankfully only because I right-clicked and copied an address just below the intended one in my Electrum wallet list, so I still received it, just not in the address I intended. A solution like this might make that mistake easier to avoid.

This does not solve the problem with financial privacy and pseudo-anonymity for me. I guess if you opt for a public name for your account, you are willing to sacrifice your privacy. I for one, feel very strong about Crypto currency users being pseudo-anonymous, BUT I can see some use cases where this might be used. < Branding & Marketting >

It is just a pity that this is being done by our <BTC> main competitor. ^grrrrrrr^

I have seen a couple of these proposals and I always have one shared thought about all of them: I never understand why people even want to have an easily, memorable phrase instead of that scary hash160 string. When you buy something from an online store you never memorize their payment details, you click a button and are redirected to a payment processor and it automatically fills in the data needed for you to make the payment. And nobody is ever scared of seeing that page. So why making a payment with bitcoin which means either clicking a payment link using BIP21 or scanning a QR code. But that's just my thoughts

Other problem that I see here, is being too limited (I believe the word for it is collision):
With bitcoin everyone who is using it has a unique address and will continue having a unique address for years no matter how many millions of people use it and generate new addresses.
In this proposal what happens when I register name "Foo", then 1000 others after me want to register the same name? "Foo.Bar"? "Foo.2"? "Foo.1000"?
There will always be very limited number of proper names to use before we start getting to hard names area. And the main issue you raised in the beginning will show up again. It will be hard to remember "My.Custom.Foo.Bar.Name.That.Is.Unique.To.Me".

Also the "centralization" and the "address reuse" issues that are already mentioned are not small things to overlook.

Let's say my son is in college and emails me that he needs pizza money. I'd like to reach a point where I can just send a quick transaction to "ebliever.jr" from my wallet rather than having to look up or cross-reference unmemorizable hash strings. The current approach really only works for transactions with businesses that set up expensive and complex front-ends that minimize the complexity to the customer. I'd like a simple solution for non-techies for everyday life, peer-to-peer and without forcing mom-and-pop shops to invest in expensive solutions.

As far as collisions go, that's why a fair amount of my proposal has to deal with registration issues. It's no different than the problems people face with email. Only one person can grab "Bob@gmail.com". So we each try to come up with an email address that isn't too miserable but hopefully is easier to recognize and remember, while still being unique. (I'm fortunate in that regard - I've done a fair amount of genealogy research, and I'm pretty sure my first name/surname combo is unique in human history.)

Centralization will be a big topic with any project like this, to be sure. But it's a fact of life in many areas, and it's just a matter of working out the best solution with the best checks on abuse or undesirable outcomes.

I think the address re-use issue can be addressed with a smart contract type setup as I noted earlier, though I haven't thought that through in any detail.

You know that your address book in your wallet can be labeled any way you want.  You can have an address for "son" and I can have an address for "son" and there is no issue because we have just labeled an address in our own personal wallets.

If you want to fix the address reuse issue all you need to do is get an xpub from your son, label it "son" in your wallet and then every time he needs pizza money you send it to the next public address calculated from the xpub you have labeled "son" in your wallet.

Personally, I see no need to involve a central DNS type authority in this.  If people register with a central authority then the central authority has immediate an undeniable access to your financial records related to that public key or xpub.  This is a bad idea.

Yes, I can see how you'd be sensitive to that... good point.

Is 'xpub' a master public key? Am I correct in thinking that if you have someone's master public key you can generate new public keys that will be recognized by their wallet without any difficulty? I'm not familiar with this technique, is it something most wallets can perform?

Yes, an xpub is a public key "seed" that is used to generate a deterministic sequence of public keys.  There is a corresponding xpriv that generates the corresponding deterministic sequence of private keys.  You have the xpriv, you give someone the xpub then they can send you Bitcoins on a periodic basis but use a different public key every time.  Meanwhile you can generate the corresponding private key when needed.

All HD (Hierarchical Deterministic) wallets can do this.  That is what the HD means.  See:

https://en.bitcoin.it/wiki/Deterministic_wallet

Or other links that come up when you Google HD Bitcoin wallets (Trezor is an example).

Why not use NameCoin as the registrar.. ?

Why use registrar, instead we can make alias transactions to a specific burn address and if amount per time is greater than previous, alias is replaced. Minimum amount can be set to prevent spam and sybils.