I wrote a piece on this a month or so ago: http://gendal.wordpress.com/2014/08/09/a-simple-explanation-of-fees-in-the-payment-card-industry/

It's just one example - and note the comments at the bottom:  the breakdown between participants can easily go the other way too.

My piece on the structure of the payment cards industry is here:  http://gendal.wordpress.com/2014/07/05/why-the-payment-card-system-works-the-way-it-does-and-why-bitcoin-isnt-going-to-replace-it-any-time-soon/

Thanks - actually, answering in general terms was very helpful...  highlighted exactly where I think we agree and where we were talking at cross purposes

Thanks Justus - good article.

What's your take on the problem I discuss in my piece about ensuring inevitability of settlement once two orders have been crossed?

i.e. regardless of how assets are represented or issued, my take is that anybody wanting to trade two assets will want certainty that a validly matched order will lead to the assets actually being exchanged on whatever platform they happen to be represented on.

Ultimately, this means those making bids/offers need to relinquish some control at the point they make their bid/offer....  in other words, there needs to be a way for them to be "compelled" to exchange if their order is validly matched. And you can't do that if they have the ability simply to send the asset/coin somewhere else... that freedom has to be relinquished.

Counterparty et al do it through the protocol (and my distaste stems from the pollution of the blockchain but I also accept having app-specific coins is troublesome) - but I don't see any way of achieving something similar with a colored coin system...  unless you're prepared to put your assets into escrow at the time you post your bid/offer.  And that might be fine - but it does require you to trust an identifiable entity rather than "the protocol".

Is this an issue you recognise?  Is it only a problem in theory or are you perhaps arguing there is something in OT that can help here?  (I don't know enough about OT but it's on my to-read list)

Richard

Agree - but how do Bob and Alice find each other?

In the traditional securities exchange world, a valid, current bid/offer that is matched with a corresponding valid, current offer/bid is binding: the counterparties are mandated to exchange and there are rules and institutions (clearing houses, etc)., to enforce it.

From what I can tell, counterparty (and mastercoin and, I *think*, NXT) have implemented a scheme that does something broadly equivalent:  if you enter bids/offers on those platforms that are matched, then the underlying assets will be automatically transferred by the platform.

On the colored coins systems, there is a decoupling between exchange and settlement.  There is no in-built mechanism that will inevitably lead to an exchange of assets as a result of a successful match on whatever exchange platform is used.

You're right that one can create atomic settlement transactions in the way you outline, but that doesn't address the point I was making.  You need Alice and Bob after they have agreed to an exchange to then subsequently create and sign the transaction. What's to stop me making an offer to buy a colored asset for BTC on some exchange and then subsequently simply deciding that I'd really rather not go through with the exchange?  Answer: nothing.  Hence the section in my article where I outline ways of remedying the situation (performance bonds, escrow, etc, etc)

This isn't a criticism of the colored coin projects - I know many of the guys behind some of the projects and I have a lot of respect for them and the "embed bids/offers in the blockchain" architecture of counterparty et al is distasteful to me...  but this is, I think, the essential difference between the approaches.

From what I can tell, they're similar from an asset issuance/transfer perspective but differ when it comes to exchange.

In particular, it seems that counterparty (and mastercoin) support issuance/tracking of tokens issued by third parties ("colored coins" if you like) but also have a concept of decentralised exchange...  i.e. bids and offers are also processed (and persisted) in the platform.

This has many downsides (blockchain bloat, etc) but does open the possibility that offers to buy/sell can be executed with certainty...  valid, matching orders result, inevitably, in an exchange of the assets.

Contrast with colored coins, where buy/sell orders are processed external to the platform - and so there is the risk that one or other party could renege.

I don't have a strong view on which I approach I prefer but they *are* different.

I wrote about it here: http://gendal.wordpress.com/2014/06/10/a-decentralized-securities-trading-and-settlement-system-is-being-built-hidden-in-plain-sight/

Some universities "get it".

e.g. the University of Nicosia has an MSc in Digital Currencies and has just kicked off a free MOOC on the topic.  twitter.com/polemitis is behind it.

And twitter.com/gvrooyen is doing some really interesting work at Stellenbosch University in South Africa.  I met him and some of his students this weekend at Bitcoin 2014 - very smart.

Traditional unis with clearly defined silos seem to struggle to "get" it - perhaps because you need a combination of economics/computer science/crypto/finance to appreciate the achievement Bitcoin represents?

You might be interested in a piece I wrote last year on how the traditional securities settlement system works (i.e. so you can compare/contrast):

http://gendal.wordpress.com/2014/01/05/a-simple-explanation-of-how-shares-move-around-the-securities-settlement-system/

And I jotted down some thoughts on how one might improve on today's Bitcoin exchanges here:

http://gendal.wordpress.com/2014/03/02/bitcoin-exchanges-are-more-centralised-than-traditional-exchanges-we-can-do-so-much-better-than-this/

You'll see that not everybody agreed with the views in my second post but hopefully it's useful food for thought.

Richard
(@gendal)

Sorry - not my intent to imply a lack of insight elsewhere!

And I'm acutely aware that my write-up is based on two-day-old recollections so apologies for the sketchiness of some of it.

To be clear... when I talk about node identities and the like, I'm not talking about real-world identities of individuals... just some random token associated with a node that is the same for all nodes controlled by the same actor and different for nodes controlled by different actors.

Hi everybody,

I was at the event at which Mike spoke and the proposal seemed pretty clear to me.  Here's my recollection of how he laid it out.

1) We need to improve protection against certain classes of Sybil attacks.  That is: we need to make it harder for one "actor" (person, entity, whatever) to masquerade as multiple "actors".   e.g. if I am connecting to eight peers, I'd like some reassurance that they are controlled by different people and not actually the same person pretending to be eight different people

2) There are some interesting ways of achieving this.

3) One way is "proof of sacrifice":  you could devise a scheme whereby creation of a unique "node identity" (my loose term - Mike didn't use this phrase) requires visible destruction of some small number of satoshis.  This is easy for you to do if you only want to present one such identity to the world but very expensive if you wanted to create 10,000 different identities.  So.... if you had this system, a client could make sure to connect to nodes with different identities and they could be more sure that they were controlled by different actors.  Not perfect but it would probably be OK.   Big problem though:  nobody wants to throw away their money!

4) So is there another way?

5) Mike's insight:  why don't we ask ourselves this question:  "what do most people have one of and would find exceedingly difficult to have 10,000 of?"   I guess some answers might be a house or a car or something like that... but Mike added the additional condition: "what do most people have one of and would find exceedingly difficult to have 10,000 of and *which they can prove they have over the internet*?"

6) He then pointed out that the spec of most modern passports calls for them to have an embedded chip and for the chip to have the option of including a private key that can be used to sign arbitrary challenge messages.

7) A ha!  So we already have a widely-deployed infrastructure that maps (roughly - not perfectly) one person to one private key.

8 ) So.....   you could come up with a crypto scheme that allowed you to create a node identity that everybody could see could only have been created by the holder of a passport... and which would be different for each person.... but it would not reveal anything about the person or their passport... just that the controller of that node *has* a passport.

9) Unfortunately, most passports don't implement the signing function so it looked like the idea was dead in the water

10) However, a paper presented at the May BTC conference showed that it may be possible to work around this problem and still achieve the same ends (the details are complicated and I didn't understand them).

Bottom line:  this part of the talk was all about a really interesting approach to preventing a particular type of sybil attack.   

Thank you too - your response was very clear.

If I understand correctly, your fundamental point is that if somebody/thing is going to assert equivalence between a "blockchain asset" and a real-world asset then a legal entity, ultimately needs to stand behind this assertion as there needs to be *something* that will act as the bridge to the real world. And if you have an identifiable entity as part of the system then some of the constraints that drove the original designs of bitcoin et al can be questioned, right?

Your chain (no pun intended) of reasoning then becomes: "if we're going to have one trusted entity in the system, why not generalise the concept to one where *any* entity can be assigned some notion of trust and see where that takes us" I think.   Which I think is a great insight.

I'm still unconvinced that it *would* generalise in the real-world, however.   

For example, I'm not yet seeing the circumstances under which I would assign non-zero trust values to any entity other than the issuer of an asset unless I had some other out-of-band information about them from which I could make a determination about their trustworthiness (e.g. if they were a well-known and trusted brand, say?).

If all I have to observe is their behaviour inside the system, then I don't understand the economic analysis / game-theoretic story that means they wouldn't easily be able to "build up" trust for some period of time before mounting a catastrophic attack.   Perhaps the situation would be no worse than one in a "colored coin on bitcoin" world, where the attacks I discussed at the start of the thread could potentially occur - but I don't know.

Disclosure: I've not yet had chance to read the other papers... so if you discuss these issues there (or elsewhere), please just tell me to RFTM.

Richard

Thanks for the comments - I'll take a deeper look at confidence chains.  When I first read about them, I must admit I was unconvinced.  In particular, your paper (link below so you know which one I'm talking about) lacked any analysis of the potential attacks and didn't give me much insight into how the confidence values for nodes would be set (and evolve) over time.  e.g. what happens if different nodes assign different values to the confidence they have in other nodes?  Surely everybody would have a different view as to which the most confident chain was?

No doubt these issues have already been discussed (probably on here somewhere) but my sense is that if you're going to throw out the proof of work system (and I see why it could be attractive for some scenarios), there probably needs to be a reasonably rigorous analysis of how the system could be gamed, etc.

Very interesting concept, in any case.

https://docs.google.com/viewer?a=v&pid=forums&srcid=MDg1Nzc2MjYxNDE2NDcyMjk2NDcBMDQ4MDMyNzQyMDY2MjExMDkyNzEBNU81RURra1djcHdKATQBAXYy

Following the finextra video I recorded the other week, several people on here and elsewhere have asked me for my views on the colored coin space.  I concluded, after quite extensive reading, that there are actually quite few good high-level summaries - the ones I could find either descended too quickly into technical detail, turned into flamewars or didn't, at least to me, get to the core of the analysis.  So I've taken a stab at writing a simple overview - i.e. one that's (more or less) technically accurate but still accessible to a non-expert.

Introduction to the topic: http://gendal.wordpress.com/2013/11/10/decentralised-digital-asset-registers-concepts/

Extending the discussion to explain mastercoin: http://gendal.wordpress.com/2013/11/10/decentralised-digital-asset-registers-mastercoin/

I've deliberately not discussed any of the controversy or expressed any views on the merits of the competing approaches... just tried to explain the technical differences.  Comments welcome, ones that point out errors and omissions particularly so.


(As ever, that is my personal blog and the content doesn't represent the views, plans, opinions of my employer, etc, etc, etc)

Hi there,

Thanks for the feedback.

It's great to see the projects that are underway to make the colored coin concept a reality (e.g. mastercoin, the work being done by the bitcoinx folk and so on).

I particularly like the approach taken, I think, by killerstorm to create a theoretical underpinning for the concept (e.g. here: https://github.com/bitcoinx/colored-coin-tools/wiki/colored_coins_intro). I think the "color kernel" idea is a simple, yet important abstraction that has helped moved the debate on.

In my mental model, the colored coin concept is based on somebody asserting that "this transaction output is of color X, representing asset Y" and bitcoin transactions that transfer it are considered to be transferring ownership of the asset.  So additional meaning has been placed over parts of the existing bitcoin network but the core principles are unchanged.  I find mastercoin interesting because it takes a very different approach and so has forced me to clarify the concepts in my own mind.

The mastercoin approach doesn't share the same theoretical model as colored coins, at least not in my view.  Assuming I understand it correctly, they've pretty much decoupled their system from the underlying bitcoins that appear in their bitcoin transactions, whereas they are tightly linked in the colored coin model: mastercoin is, in effect, using several of the key services provided by the bitcoin system (consensus, 'timestamping', persistent storage, etc) but building an alternative asset scheme on top; the bitcoins that appear in mastercoin's bitcoin transactions are almost incidental. 

In this way, you can think of the classical colored coin concept as being the third layer in a stack consisting of "bitcoin network services" + "bitcoin currency" + "colored coin specialisation" -- whereas mastercoin could be thought of as "bitcoin network services" + "mastercoin asset/currency".

My model might not be perfectly accurate but I think it may explain some of the confusion.  I think it also explains why many people (myself included) find the current mastercoin implementation inelegant. The reality is that, today, Bitcoin doesn't actually offer a "persistent storage" service and so mastercoin has had to come up with a clever bending of the semantics of bitcoin transactions to encode their own transaction information inside 'fake' bitcoin addresses in their transactions. It works but "feels" wrong.  So I see the 80 byte storage option in bitcoin 0.9 as very interesting because it effectively gives mastercoin, and others, a far more elegant way to store what they need in the bitcoin blockchain.   I haven't seen the details but I imagine mastercoin bitcoin transactions on 0.9 will simply be a micropayment to the exodus address, a fee to the miner and the rest sent back as change, with the 80 byte field containing the necessary hash(es) of the mastercoin information.  As such, you could then model/interpret a mastercoin bitcoin transaction from the bitcoin perspective simply as the simultaneous consumption of underlying bitcoin network services and payment for them.

I don't have a view on which model I prefer - I find them both extremely interesting.

Richard

It's now been posted to YouTube:  http://www.youtube.com/watch?v=VDO7TDMlxsY&feature=c4-overview&list=UUYuBZVt_S82TGwoEgNqN8yg

Richard Brown here.  Thanks for the comments.  fyi -  I started a thread on this when the Finextra video first went live. There were some very interesting comments there - and I attempted to elaborate/justify some of my claims in more depth.

https://bitcointalk.org/index.php?topic=316405.0

Hi there.

Many thanks for the feedback and thoughtful comments.  I gave some considerable thought about how to address the Silk Road topic as I knew it was bound to come up.  In the end, I concluded there just wasn't any room for equivocation...  if one accepts the rule of law (as the employee of a major corporation surely must!) then one must also conclude that the prosecution of lawbreakers is a good thing.  Now I completely agree that there is room (lots of room) for debate about *whether* certain activities should be illegal but I didn't think it appropriate to raise it in that forum, and certainly not given that I was speaking as a representative of my employer rather than as an individual.

Richard

All fair points.  I was, indeed, talking in the video about "as-is" rather than "could-be".  And I was also implicitly assuming that there will always be enough people who use the system naively or employ lax security practices that there will be a "way in" for sufficiently motivated law-enforcement agents.   

I also think you make an excellent point about the power of compounding/exponentiation with chained N:N mixing...  you rapidly reach a point where the set of potential suspects is the set of all Bitcoin users.  If such an approach were widely deployed then my statement that Bitcoin is more traceable than cash may well prove unfounded.   But I sense we're a long way from there.

Agreed.  It's possible to make it extremely difficult to walk the blockchain in the linear, simplistic manner I describe. Indeed, the FBI compliant against Silk Road makes a similar point, noting that mixing services are a big threat to their ability to trace transactions.   But, even here, I think it's important to distinguish between what can be *proved* and what can be used to support an investigation by narrowing down a search space or revealing a list of candidates for further investigation.

I think it could be useful to make a distinction between what is true legally and what is *achievable* by motivated law-enforcement agencies.

In your scenario, it's clearly the case that I am not implicated in or responsible for the illegal activity that takes place several transactions downstream of my transaction.  But that's not to say that the visible linkage is not helpful to law-enforcement.

For example, imagine the police believe the downstream address is owned by a drug dealer but don't know for sure and certainly don't know who it is.    It seems entirely feasible to me that a motivated investigator could walk the chain backwards until they find an address they *do* know (perhaps the exchange where I bought my Bitcoins).  Now they can walk forwards:  serve a subpoena on the exchange to find out who I am.   Turn up at my front door with a scary-looking dog and a menacing manner.  It may not be legitimate to ask, but I suspect I'd probably reveal the name of the candy vendor if I felt sufficiently threatened.   The cops can then move one step further and visit the candy retailer.

Again, there may be no legal justification for demanding the information they want but that doesn't mean it won't be done.

So my argument nets down to:  Bitcoin may not be as easy to trace as other electronic transactions but it's MUCH more helpful to law-enforcement agencies than physical cash.