Never seen private key trade system/ Virtual Casascius/ self-escrow-coin SEC

[Qwedcxza1]

It's fun to see people batting these ideas around because a great way to learn about a topic is by picking a problem and turning it over and over in your head.   Once you dig into the math of this, here's what you'll find:  there are only 2 ways to simultaneously ensure someone controls a piece of information and yet hasn't exercised that control.

1.  A trusted party
In this case, whoever runs the Chinese Code box would be able to lie about whether or not the box had been opened.  So if you find an entity you are willing to trust not to lie, the system can work.

2.  Some sort of p2p consensus methodology
This is in fact the central problem that the blockchain itself solves.  Its assumption (that computing power costs something, and that people wanting the system to work can out-compute those who want to exploit or destroy it) is an extremely narrow one, and that makes it very reliable.  If you were willing to accept different assumptions, for example that multiple known parties can be trusted not to collude, you could build a different sort of p2p consensus mechanism (like Ripple).

In short, the entire point of Bitcoin is that it answers this one question, and it answers it with the blockchain.  So if you try to recreate something with the same characteristics outside of the blockchain, you either have to accept different assumptions, or reinvent the blockchain.  And it's difficult to imagine a solution with lower built-in trust than Bitcoin's.

But don't take my word for it!  Keep turning the problem over your head until you understand why this must be the case.  If you do, you'll end up with a deeper understanding of Bitcoin than the vast majority of its fans.

I'm not sure what mathematics you used to prove that there are only two ways to ensure this. Perhaps the other ways just haven't been discovered yet. As somebody else mentioned previously quantum cryptography has incredible ways of dealing with this problem.

[marcus_of_augustus]

emansipater has never bothered with mathematical proofs too much when it is clear his intellect is proof enough ...

[eMansipater]

I'm not sure what mathematics you used to prove that there are only two ways to ensure this. Perhaps the other ways just haven't been discovered yet.

emansipater has never bothered with mathematical proofs too much when it is clear his intellect is proof enough ...

If you're interested in the proof it can be accomplished by using the notion of "state".  As always, assumptions and definitions are important so constrain the problem specifically to a discrete system and computable operations; and grant all participating entities access to private computation, private storage, and communication between arbitrary subsets of entities (if you're trying to duplicate mine).

Now at the point in the system where some entity A has acquired exclusive control over a piece of information i (that is, information in A's private storage can be used to compute i and no other entity or set of entities has access to information which can feasibly be used to compute i), the entire system is in some state.

There are precisely three possibilities for the operation used to compute i.  Either the operation can be accomplished by changing only A's state, it can be accomplished by changing only A's state and one other entity's state (call it "B"), or it requires a change in state for A and at least two other entities (A's state must change by the definition of "exclusive control").

In the first scenario, no other entities have observed the change in state, so the system fails (A has obtained i without being detected).

In the second scenario, entity B can refuse to change their state and thereby prevent A from obtaining i, making them a trusted party.

The third scenario is by definition a p2p consensus methodology.

But like I said--seriously--don't take my word for it.  Explore the issue and convince yourself by your own means.  It will be eminently more effective.

As somebody else mentioned previously quantum cryptography has incredible ways of dealing with this problem.

With quantum cryptography, either physics is the trusted entity B, or (more commonly) the consensus mechanism itself.  You can get around this, but not with discrete, computable systems (my assumption above which allows for precise notions of "state", "entity", and exactly 3 types of operation).  Similarly, any implementation on the basis of "trusted hardware" is simply using trusted hardware as B, which is why it is called "trusted" in the first place.

[jubalix]

I'm not sure what mathematics you used to prove that there are only two ways to ensure this. Perhaps the other ways just haven't been discovered yet.

emansipater has never bothered with mathematical proofs too much when it is clear his intellect is proof enough ...

If you're interested in the proof it can be accomplished by using the notion of "state".  As always, assumptions and definitions are important so constrain the problem specifically to a discrete system and computable operations; and grant all participating entities access to private computation, private storage, and communication between arbitrary subsets of entities (if you're trying to duplicate mine).

Now at the point in the system where some entity A has acquired exclusive control over a piece of information i (that is, information in A's private storage can be used to compute i and no other entity or set of entities has access to information which can feasibly be used to compute i), the entire system is in some state.

There are precisely three possibilities for the operation used to compute i.  Either the operation can be accomplished by changing only A's state, it can be accomplished by changing only A's state and one other entity's state (call it "B"), or it requires a change in state for A and at least two other entities (A's state must change by the definition of "exclusive control").



In the first scenario, no other entities have observed the change in state, so the system fails (A has obtained i without being detected).

In the second scenario, entity B can refuse to change their state and thereby prevent A from obtaining i, making them a trusted party.

The third scenario is by definition a p2p consensus methodology.

But like I said--seriously--don't take my word for it.  Explore the issue and convince yourself by your own means.  It will be eminently more effective.

As somebody else mentioned previously quantum cryptography has incredible ways of dealing with this problem.

With quantum cryptography, either physics is the trusted entity B, or (more commonly) the consensus mechanism itself.  You can get around this, but not with discrete, computable systems (my assumption above which allows for precise notions of "state", "entity", and exactly 3 types of operation).  Similarly, any implementation on the basis of "trusted hardware" is simply using trusted hardware as B, which is why it is called "trusted" in the first place.

one theoretical question, does thermodynamics allow for their to be a unobservable system within your light cone?

[eMansipater]

one theoretical question, does thermodynamics allow for their to be a unobservable system within your light cone?

Trivially, if I'm understanding you right.  But perhaps you could clarify what you mean?

[jubalix]

one theoretical question, does thermodynamics allow for their to be a unobservable system within your light cone?

Trivially, if I'm understanding you right.  But perhaps you could clarify what you mean?

no act is unobservable, yes I think you do understand me.

[Qwedcxza1]

But like I said--seriously--don't take my word for it.

Ok