Bitcoin Forum
October 31, 2024, 09:47:20 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Introducing the timechain - solving tx malluability, security problems, and more  (Read 740 times)
Uptrenda (OP)
Member
**
Offline Offline

Activity: 114
Merit: 16


View Profile
June 21, 2015, 05:16:08 AM
Merited by ABCbits (6)
 #1

This is a paper we've been working on introducing a new type of cryptographic data structure called the timechain. The timechain is an example of a decentralized autonomous corporation that awards participants for providing reliable time-locked encryption. The paper's main revelation is you can use the timechain to build unhackable currency exchanges, wallets, merchant services, and more - there's a lot of untapped potential there and we think this structure will allow for many new kinds of smart contracts which currently aren't possible. The catch is the timechain does not solve the third-party trust problem - it simply makes third-parties considerably more secure (although you can improve trust by using multiple timechains - read the paper and this will make more sense Smiley )

Here is the link to the paper: http://roberts.pm/timechain

And this is our conclusion:
Quote
In this article we have described a system for solving the transaction malleability problem in smart contract protocols by introducing the timechain.

The timechain is a new deterministic data structure that uses a chain of time-lock encrypted RSA public keys at 5 minute intervals whose publication is incentivised through the use of hash-locked financial rewards.

Financial rewards are claimed by breaking links in the chain which must be done as early as possible or risk losing the reward. When financial rewards are claimed, the RSA private key is released automatically allowing anyone to decrypt time-locked information using that key.

The resulting process forms a decentralized autonomous corporation (DAC) that rewards participants for providing a reliable time-lock service and can be “hired” by smart contracts to provide a secure refund system without having to rely on malleable refunds transactions or a third-party service.

Finally, the timechain also makes it possible to improve the security of a number of services that handle cryptocurrencies including wallets, escrow agents, and currency exchanges by removing the need for centralization of ECDSA private keys.

Please let us know what you think of the idea and how we can make it better Cheesy

StarenseN
Legendary
*
Offline Offline

Activity: 2478
Merit: 1362



View Profile
June 22, 2015, 08:14:09 AM
 #2

Bump and folliwing
Eik
Newbie
*
Offline Offline

Activity: 1
Merit: 1


View Profile
June 23, 2015, 08:19:22 AM
Merited by ABCbits (1)
 #3

Great concept.

But, this concept is working only on short-term game-theory. I'm afraid the incentives to go quicker to the future than anyone else might be more profitable than publishing resuls and cash in little reward.
What prevents someone from doing '51% attack' on people publishing results by getting more computing power but not disclose results?
They could sell future keys to anyone willing to pay.

Or am I missing something?

Quote
[...]
Before we go into the full details its important to understand the game theory taking place here: because the first person who breaks a link is racing against countless other participants they must broadcast a redeeming transaction as early as possible or risk losing their reward. Thus, the timechain forces participants to redeem coins as early as possible.

Using these basic properties together with a special hash-locked contract it is possible to force participants to simultaneously release the details to decrypt the time-lock encrypted … AES encrypted … RSA private key and provide participants with the next IV in the chain.[...]
Uptrenda (OP)
Member
**
Offline Offline

Activity: 114
Merit: 16


View Profile
June 29, 2015, 05:54:43 AM
Last edit: June 29, 2015, 06:33:32 AM by Uptrenda
 #4

Great concept.

But, this concept is working only on short-term game-theory. I'm afraid the incentives to go quicker to the future than anyone else might be more profitable than publishing resuls and cash in little reward.
What prevents someone from doing '51% attack' on people publishing results by getting more computing power but not disclose results?
They could sell future keys to anyone willing to pay.

Or am I missing something?

Quote
[...]
Before we go into the full details its important to understand the game theory taking place here: because the first person who breaks a link is racing against countless other participants they must broadcast a redeeming transaction as early as possible or risk losing their reward. Thus, the timechain forces participants to redeem coins as early as possible.

Using these basic properties together with a special hash-locked contract it is possible to force participants to simultaneously release the details to decrypt the time-lock encrypted … AES encrypted … RSA private key and provide participants with the next IV in the chain.[...]

Breaking links in the chain is a race against everyone else working on the current link so if you break a link and don't publish it -- any of the people behind you could catch up and claim the reward. The incentive structure isn't the same as with Bitcoin where a majority is required. The incentive structure only requires one person who wants the reward and the timechain will be unlocked on time. There is also the difficulty puzzle for the next link which needs to be broken before that link can be attempted to be broken and depending on difficulty - the participants behind the current link will always arrive before the next link can be broken.

In any case, even if it is more profitable to publish results slightly in the future and not claim a reward: the timechain would still be broken on target because its a serial chain of hashes and participants would be incentivised to break the other links because of the unclaimed rewards (so "future keys" would not stay future for very long.)

Edit: A problem that your post does raise is abnormal scaling of the difficulty puzzle IVs. What this means is: a majority of computing power could be required to break the initial puzzle which is provided by an attacker who fails to utilize their resources to break puzzles. If this was the case: it would be extremely expensive to break the next link as you would have to fill in the missing resources yourself. One way to fix this problem is to save a copy of the difficulty puzzle for the links (only the puzzle - nothing else.) That way difficulty for the puzzle could be scaled down based on time expended on the current puzzle and it wouldn't undermine the integrity of the timechain even if all these puzzles were later compromised - it would just make it harder to distribute awards fairly as a single person would be able to provide the timechain service on a single CPU (once again - only bad for participants - still good for services that use the timechain.)

There is definitely a better way to do this but we're still working on adjustable difficulty and distribution for rewards.
ammy009
Sr. Member
****
Offline Offline

Activity: 303
Merit: 250



View Profile WWW
June 29, 2015, 07:42:57 AM
 #5

Great work  Grin I have bookmarked your site  Grin

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!