A block chain's only real job is to give transactions an official order.

And that is surprisingly difficult to create in a decentralized context.

Basically, the root of the problem with a pure proof of stake coin is the following scenario:

Say you just joined the network. And you try to download the blockchain but you're getting two very different stories:

In one story you have 49% of stake owners telling you they've been forging blocks for months despite the fact that the other 51% was just completely absent and not participating.

In the other story you have the other 51% of stake owners telling you the opposite, they've been forging a completely separate fork for just as long and it's the other 49% that weren't there.


So, how can something like that even happen? Well for one, there could have been some kind of network split where the respective nodes could not communicate with each other causing both halves to think the other half was simply not doing its job. Another possibility is that one of the groups is lying. One of the groups decided to wait for months before forging a whole lot of blocks all at once and spread them through the network.

For someone just now, joining the network, there is no way to tell whether it's a network split or if the 49% are lying or if the 51% are lying. But that will merely allow a cartel owning 51% of the blocks to be able to rewrite history at will (e.g. changing the order of double spends months after the fact). They may even be able to indefinitely delay some transactions that for their own reasons they just don't want included in the blockchain.


Now, from here it might seem like we're at an impasse. But not quite. Let's disregard the possibility of a network split for a moment and look into trying to fix the 51% stake attack.

Everyone who was joined to the network during the part of the attack where the 51% stake holders were hide, knew that it was actually the 49% who were being honest and working and that the 51% were not there. As soon as the 51% starts retroactively releasing their blocks everyone already on the network knows that they're lying. They could do all sorts of things to that 51%: refuse to propagate their fake blocks, include the blocks in the real fork to prove their dishonesty and punish them financially, etc..

But that doesn't help the newcomer at all. Everything that the 49% is saying in their own block chain about the 51%, the 51% is saying about the 49% in their new fork. Now, if the newcomer has a friend who was online at the time of the attack, then he'll know who's lying. And that's definitely an option, is the pizza place down the street connected to the network 24/7? Then find out which side they're on. Or maybe you have friends who were online at the time? The coin's client could be user-configured to trust certain accounts. And for those who have no one to trust, it can be pre-configured to trust a set of impartial observers and a fork would automatically be chosen if all trusted accounts agree on the same fork.

So, while yes, this is a solution. It's a pretty bad solution. If you're using the pre-configured set of impartial observers, presumably you're trusting the client software you download, so you should be able to trust the impartial observers that came with it. But things can change, maybe you can trust them today, but not 10 years from now.

But there's another problem. Some types of software simply can't trust anyone. For example, if you have a smart contract running on Ethereum and it needs to gather the latest authoritative information from your proof stake coins' block chain, it will have no way of knowing which block chain to pick. Unless you preconfigure it with a trusted observer, but that ends up centralizing the whole thing defeating the point of putting your smart contract on Ethereum in the first place.

Don't get me wrong, compared to the alternatives (PoW, or PoW+PoS hybrid) this is a great blockchain maintenance system. But it's not perfect.

So let's say trusted observers were not an option. Now, we're back to having a large chunk of the network being honest people who know exactly what happened, and 51% of stake holders actively lying to try and affect transaction processing and newcomers who have no idea which is which. But this time they can't trust anyone to tell them who's lying.

But the newcomers are online now. If the 51% wants to bring the newcomers over to their side, they better behave.

But why behave now? What's to gain from fooling a few newcomers?

How bad for the coin will the resulting fork be? Can those account holders who know what happened just surrender to rejoin the fork? Is there a mechanism by which we can make sure that the 51% must agree to the surrender and that the surrender comes with certain conditions that will ensure that very little damage is done in the end?

In the end, we're not really fighting over who's right and who's wrong. We're fighting to make sure that the block chain suffers as little damage as possible. We also want to find a way to make such an attack inconvenient and expensive for the attackers. If we can be sufficiently successful at those two goals, there might not be any reasonable motivation for someone to pull off the attack. It may already requires them to acquire 51% of the stake of the coin, the loss of value from a successful attack is already a pretty strong incentive.

So that's where I'm at. If I had to pick a favorite solution right now, between a 51% takes all and a trusted observers, I would go with trusted observers. Especially with a new coin with a small market cap where it could be quite easy to buy up the necessary stake.

Of course, the network split that I disregarded needs to be taken back into account somehow. But network splits might be easier to resolve as they most likely won't last longer than say, 60 minutes and all parties involved are interested in a best case resolution.


I assume, I'm not the only one who has thought of these things. If anyone know anyone else that might have gone further or links for further reading, it would be much appreciated.

It's not going to be easy to setup a "stable" coin that doesn't require trust in a central authority.

Ultimately, to make a coin that is truly stable, you need to have it backed up with something. If you have a central authority that sells the coin at $1.05 per coin and promises to buy any number of it at $0.95 than you'll have a reasonably stable currency with the central manager actually making a bit of a profit for his trouble.

But comes a time, when the central manager can just say, screw it, I have 350 Billion dollars I'm keeping it all and letting the coin fail.

From what I can tell, there are few ways to try and resolve it:

Create a legal framework to enforce the behavior of the backers of the currency through contract law. But when billions are involved, contract law is probably not going to be sufficient.

To help with that we might try and setup a situation where a greater number of backers. Setup a few hundred backers with a billion limit each, and you'll have plenty of big hitters keeping each other in check.

Or you can go even further. Rather than making absolutely sure that every "backer" will not default. Make "backers" pay interest on the money they receive as backing and force them to put something up as collateral. The interest + collateral should be sufficient to cover those that default.

That last one is a debt based currency which is how Fiat money works.

Thanks for the interest.

I understand the need for secrecy, I would probably do the same if I had the resources for it.

I look forward to seeing what you release.

Understood. Working on whitepaper now.

Yes, it has everything to do with safely trading existing coin. I edited my original post to clarify.

You can read here: https://bitcointalk.org/index.php?topic=381623.0 to find out more about the details.

First, what this is NOT about: A decentralized exchange to trade between fiat and cryptocurrencies.

Sure, it would be really nice. But it might just not be possible. There are ways to make it less centralized. But that's just not what my proposal is about.

What it is about: Trading different altcoins without having to trust your trade partner (e.g. Exchanging 1 BTC for 100 PPC from someone you don't even know on the internet without going through a trusted third party)

Next, there are NO real alternative solutions out there that I know of. There are a couple who claim to be working on it, and I don't really believe any of them will be successful. This is just too complex of a problem to just shoehorn into a cryptocurrencies that's already trying to bring 4-5 new paradigm shifts to the table at the same time.

So, others who are talking about this sort of thing:
https://bitcointalk.org/index.php?topic=172705.0 (Fiat P2P platform to locate trusted centralized brokers/institutions)
https://bitcointalk.org/index.php?topic=26063.0 ("Dark Exchange". Fiat-Crypto P2P network to locate trading partners. Requires trust of random trading partners. Centralized exchanges are a better alternative IMO)
http://opentransactions.org/ (Arbitrary asset exchange network. Not sure if P2P, definitely requires trust among trading partners)
https://bitcointalk.org/index.php?topic=174464.40 (Some people who appear to be trying to solve the Fiat-Crypto P2P trustless problem.)
https://bitcointalk.org/index.php?topic=174302 (Relevant conversation, mostly about Fiat-Crypto P2P exchange, no solution offered)
https://bitcointalk.org/index.php?topic=173187 (Semi decentralized Fiat-Crypto exchange)
https://bitcointalk.org/index.php?topic=62879 (Interesting proposal for a Fiat-Crypto P2P network, but uses a magic "Trader Bot", so it's just as centralized as anything else).

About Colored Coins:
I don't care how much lipstick you put on a pig, or what color you paint your bitcoin. Neither is going to turn into a house.
I'm not saying that Colored Coins aren't an interesting concept. But I am saying that they require trust that whoever colored the coin will really back up that purple coin with an actual house. That prevents Colored Coins from being a viable solution.

About bitcoin's programability:
It's quite nice, and it might be of some use. But it's not good enough because bitcoin's programming language doesn't have any tools to observe what happens outside of itself.

About NXT:
There seem to be vague second-hand claims that they're going to do something like this. But there's nothing concrete and there's no indication that they even have the first clue on making it happen.

About eMunie:
They seem much more capable and realistic about the problem. But they don't seem to have the design of a solution yet, so they're still pretty far off.

My solution:
https://bitcointalk.org/index.php?topic=381623.0


It requires the creation of a new type of coin, which I have so far called TradeCoins, that natively support escrow services that resolve automatically based on what can be observed in the blockchain of other cryptocurrencies.

There are a few missing details, especially around extensibility. But these are very solvable.


I hope this establishes that I do have a good plan to solve an important problem that no one else has solved yet.

The next few steps for me are to find out what kind of market interest there is for this solution and whether I can make it worth my while to build it and whether I can get help building it.

So, on making a profit, here's my plan:

First: full transparency. Too many of the innovative coins are there are extremely opaque about who is profiting from those coins, by how much and what they contributed to the project to deserve them.

I plan to finance this project by taking a percentage cut of mining revenue, fees and/or commission.

I don't yet know what that fee would look like. For fees and/or commission I'd be tempted to take 0-20%. A tax and fees and commissions can be very damaging to the network, so I'd like to keep it to a minimum.
For fees on mining revenue I'd go anywhere between 5 and 90%. Frankly, I don't really see the point of letting a fortune go to waste on electricity, when it can be used to help development of the coin instead.

What I do not want to do is any kind of significant pre-mine or insta-mine. A long term revenue stream really helps align developer interests with the community's interests.


Next, I need a team to build this.

Alone, it will probably take me up to 6 months just to build the TradeCoin itself (aka mining clients and protocol).
But on top of that, we'll need a client to make transfers. We'll need a trading client to take part of the exchange. And we'll need to build the exchange itself.
It would also extremely help adoption if we can "port" the clients to all popular platforms: iPhone/Android/Windows Phone/Mac/Linux/Windows PC

I think adding more developers to the project will strengthen our offering by a ton (and hence profits). So this project should be able to handle up to 4 developers.

Also, note that building the exchange network is a massive undertaking all of on its own. We may want to build a centralized exchange API that the clients connect to instead, and then build the decentralized network at a later date. Or perhaps even partner with another group that has a decentralized exchange solution but doesn't have the underlying untrusted trade system powered by TradeCoins.

So, if you're a skilled developer and you're interested in potentially making much profit (in TradeCoins) for doing really good work, then please get in contact with me.

Finally, I need customers:

If you're a trader or an alt coin enthusiast. Please tell me what you think of this, whether you would be interested in using the decentralized trading market and what you think of TradeCoin's potential.

I want a P2P trustless exchange between any alt coins.

Mastercoin only allows exchange between Mastercoin derived coins, these can have a tenuous link to actual alt coins, but they're not the real thing.

I don't see how Colored coins constitute a P2P exchange could you elaborate?

NXT seems to have made a promise of a decentralized BTC/NXT exchange but instead offers a centralized version and no indication on how they expect to pull off a decentralized one.

Emunie seems to be more realistic about creating a decentralized exchange. But they haven't provided any specifics yet. I hadn't heard of them before they seem very interesting.

I'm a developer. I'm considering creating a decentralized trading network.

See: https://bitcointalk.org/index.php?topic=381623.0

We've all heard stories on how unreliable certain exchanges can be.

The worst part is that they can just run away with all the coins they have under their control anytime they want.

We have these amazing decentralized currencies but we're still beholden to centralized organisations to trade these currencies.

But what if we could do it another way?

Buying or selling Fiat online will always require a trusted third party. But trading between altcoins doesn't have to.

The goal here is to be able to find a seller that will sell what you want in exchange for what you have, and then be able to execute the transaction at an agreed exchange rate without having to trust any of the parties involved.

But making that happen isn't so easy. If you send your coins first, there's no guarantee that they'll send them back to you. A vice versa.

We need a way to place coins in escrow and only release them to the other party if they've sent you their coins.

Most altcoins don't support that feature. So we'll need to create one.

And so, I would like to create "TradeCoins".

How they work:

They can be mined, stored and transferred like most other coins. The specifics are TBD.

In addition they can be placed in escrow with a set of rules guiding the when and to whom of their release.

These rules can depend on events that occur in other currencies.

The network (miners), in addition to resolving transactions, will resolve escrow events by cross referencing what happens on the block chain of other coins against the rules setup in TradeCoin's escrow accounts.

As such a trade without a trusted third party can occur like this:
I want to trade my 1 BTC and sell them for PPCs.

I find an untrusted trader (Bob) who will sell me 1 BTC's worth of TradeCoins (let's say that amounts to 1000 TradeCoins).

I tell Bob the address(es) I will send the 1 BTC from and Bob tells me where to send it to.
I also tell Bob the address of my TradeCoin account.

Bob then puts 1000 TradeCoins into an escrow account with the rule that they be released to my TradeCoin account once 1 BTC has been sent from my BitCoin account to his BitCoin account. There is also a rule that after 3 hours if the 1 BTC has not been sent, then the TradeCoins return back to Bob.

I then send the 1 BTC to bob and the 1000 TradeCoins automatically get transferred to me.

Now, I find an untrusted trader (Jane) who will sell me 100 PPCs for 1000 TradeCoins. I repeat the same process as with Bob but with the roles reversed.

And I am now the proud owner of 100 PPCs and have sold 1 BTC. Mission accomplished!

Of course, it's not a perfect system. You are exposing yourself to the price volatility of TradeCoins when you only want to deal with BTCs and PPCs and, additionally, you have to make the trade in two steps. What could have been great market conditions to sell your BTC for PPCs when you started the process may turn out not so good once you have the TradeCoins and you're trying to by PPCs.

And so, there are two other ways to trade BTCs for PPCs:

1- Keep your own store of TradeCoins.
If you expect to be doing a lot of trades, then you might consider just keeping a bunch of TradeCoins in reserve to use as guarantee.

So if I wanted to sell 1 BTC for 100 PPC directly without have to go through TradeCoins as intermediary (but still using them as a guaratee). I would do it this way:

First, I find someone (Bob) who wants to buy my 1 BTC for an agreeable price of 100 PPC.

Next, we agree on what would be a reasonable guarantee in TradeCoins. Let's say the current price of 1 BTC is equivalent to 1000 TradeCoins. So we agree on a 1500 guarantee (something a bit higher than the price is needed to guard against price fluctuation).

I then put 1500 of my own TradeCoins (that I already had before) in escrow with the following rules:
1) If you send Bob 1 BTC, then the TradeCoins go back to you.
2) If after 3 hours you have not sent Bob 1 BTC, and Bob has sent you 100 PPC then the TradeCoins go to Bob
3) If after 3 hours neither 1 nor 2 has occured, the TradeCoins go back to you.

Bob is now happy that if he send me 100 PPC, I will send him back the 1 BTC because he knows he'll get 1500 TradeCoins if I don't.

So Bob sends me 100 PPC.

I wait until I'm absolutely certain that the 100 PPC transfer has been confirmed.

I then send Bob my 1 BTC.

And the 1500 TradeCoins come back to me.


The third method of transaction is probably the safest with regards to price volatility but it does require a third party (and a commission).

With this third method, I don't have to own any TradeCoins at all.

So, I want to sell 1 BTC for 100 PPC.

I need to find Bob who wants to sell 100 PPC for 1 BTC and Jane who will provide escrow services for 0.2% commission.

One of the transactions will need to go through Jane it doesn't matter whose. So let's say it's the 1 BTC.

Then the trade happens like this:

Jane puts 1500 TradeCoins in escrow with the following rules:
1) If I send Jane 1.002 BTC and Bob sends me 100.1 PPC within 3 hours and Jane sends Bob 1 BTC within 6 hours, then the TradeCoins go back to Jane.
2) If I don't send Jane 1.002 BTC within 3 hours, regardless of what Jane and Bob do, the TradeCoins go back to Jane.
3) If I send Jane 1.002 BTC and Bob sends me 100.1 PPC within 3 hours but Jane doesn't send Bob 1BTC within 6 hours, then the TradeCoins go to Bob.
4) If I send Jane 1.002 BTC within 3 hours but Bob doesn't send me 100.1 PPC within 3 hours and Jane sends me 1.002 BTC within 6 hours, then the TradeCoins go back to Jane.
5) If I send Jane 1.002 BTC within 3 hours but Bob doesn't send me 100.1 PPC within 3 hours and Jane doesn't send me 1.002 BTC within 6 hours, then the TradeCoins go to me.

Next, I send Jane 1.002 BTCs. Jane has 1500 TradeCoins in escrow to guarantee that I don't get screwed.

Once that is confirmed, Bob send me 100.1 PPC. Now I'm happy and I can go on my merry way. Bob's transfer is safe because it is now guarateed by the 1500 in escrow.

Once that is confirmed, Jane sends Bob 1 BTC.

The 1500 TradeCoins automatically go back to Jane.

So if the trade goes through normally:
I spend 1.002 BTC, receive 100.1 PPC.
Bob spends 100.1 PPC, receives 1 BTC.
Jane provides escrow services and earns 2 mBTC.

Regardless of what happens, the only way Jane loses her TradeCoins is if she messes up.

Both Bob and me have to send our coins before we receive what is due to us. So we can't really defraud anyone.

Jane however will have the opportunity to keep BTCs that aren't hers. They are mine before Bob sends the PPCs, and they become Bob's after. But in both cases she's put up 1500 TradeCoins as guarantee (which is worth more than the 1 BTC she's holding for Bob and I).


So that's how you trade Cryptocurrencies without a trusted third party.

Now I'm willing to build this. But only if there is sufficient interest and if I'm confident that I can get back my investment with profits.

Also, if I can partner with 1 or 2 serious, experienced and competent developer I think that would vastly increase my chances of success and even my profits. So any good developers out there, please let me know.

And if you're already working on something like this. Let me know too, we're better off collaborating rather than competing.