westkybitcoins (OP)
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
October 29, 2012, 04:48:57 AM |
|
I've been coding again lately, and have a number of new bitcoin-related project ideas buzzing around in my head. But it seems like now may be a good time to try to raise discussion, yet again, on the idea of the decentralized bitcoin exchange. Don't groan. We all want this, we just don't quite know how to do it, right? My inspiration for a way to possibly do this came from Bitcoin itself, both in how it does away with the idea of "backing" a currency, and just makes it all digital; and in how Satoshi didn't fret over the downsides to a solution to the double-spend problem (public blockchain, etc.) He just implemented it and let it go. So first: how about doing away with the idea of an exchange having to be Bitcoins-for-some-tangible-good? I think the decentralized exchange can work, if it's designed to exchange bitcoins for information, and information only. Now, this information would just be a kilobyte or so of arbitrary data. It could be a link to an ebook, a short snippet of sound, the combination to a locker containing a pot of gold, or the private key to a stash of Namecoins. But if the payload is simply a chunk of data, and the system only concentrates on that (and includes a public record of what kind of data was exchanged, and for how many bitcoins, to help set prices,) then I think it's quite feasible. True, it may not result in the sort of sit-and-your-desk-and-play-the-market-from-anywhere-on-the-planet exchange we'd like. But it would help person A exchange his bitcoins for something common of value with others, and is a start. Here's a rough outline of one way to possibly implement this. Feel free to smooth out the kinks, as I'm still not fully educated on whether ECC keypairs can do this, plus just in looking it over I think there are a number of redundant steps. - Buyer of bitcoins creates a public bid, describing the data payload he's offering (could be anything, but the software would likely encourage and readily support certain common sorts of payloads.)
- Seller sees bid, agrees to the transaction, and initiates it with the seller. From here on out, most of the process could be automated.
- Seller creates 2 private keys as the first step in a protected exchange.
- Buyer creates a private key.
- Seller sends the public key derived from his first private key to the buyer.
- Buyer simultaneously sends the public key derived from his private key to the seller (it shouldn't matter if the actions aren't truly simultaneous, as neither party can harm the other at this point.)
- Seller uses buyer's public key to encrypt his second private key and sends it to the buyer.
- Buyer multiplies the seller's first public key (given at the start), the seller's second public key (which he derives himself), and his own private key to for a new public key we'll call "k". He does not have a way to get the private key for this public key. He encrypts it with the seller's first public key and sends "k" to the seller.
- Seller decrypts the message using his first private key to get the new public key "k". He takes the public keys of his two private keys, and multiplies them with the buyer's public key to verify that "k" is indeed the mutually-created new key. He sends his bitcoins to the bitcoin address produced by "k".
- Buyer sees that the address produced by "k" receives the bitcoins. After 6 (or fewer) confirmations, he encrypts his data payload with the seller's first public key and sends it to the seller.
- Seller uses his first public key to decrypt the data payload, and verifies it gets him whatever goods/services/info it's supposed to. He now has no incentive to cheat the buyer, since he can no longer access the bitcoins (and if this is automated, he likely wouldn't even think to.)
- Seller then encrypts his first private key with the buyer's public key and sends it to the buyer.
- The buyer now has all three private keys, and the seller does not. The buyer can now move the funds from "k" to another bitcoin address. He has his bitcoins. Seller has his info, confirmed to provide whatever was intended. Everyone wins.
Comments? Opinions? Snide remarks?
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
sangaman
|
|
October 29, 2012, 08:10:37 AM |
|
Cool idea, I'm not a crypto expert but it seems like it would work. A couple of potential vulnerabilities is that the seller of bitcoins has the option to cheat the buyer in the last stage out of spite by not sending his remaining key. And I'm struggling to think of a lot of valuable things people could sell that can be represented entirely by just a piece of data. In any case, the buyer of bitcoins (seller of data) will still have that data after the transaction.
This could maybe work out as a good way to exchange alt-coins, each user would have their own k wallet and could verify when the wallets receive the coins. Once both k wallets receive those coins, there's nothing to gain from cheating the other party since you can never recover the coins you're offering. However, it's still possible to spite the other party. I can trade you my one XCoin for your two YCoins. After our coins go to their k wallets and you send me your keys, I can retrieve your two YCoins and just never send you my last key. The XCoin I said I would trade would just be lost.
|
|
|
|
Bitcoin Oz
|
|
October 29, 2012, 08:18:00 AM |
|
Cool idea, I'm not a crypto expert but it seems like it would work. A couple of potential vulnerabilities is that the seller of bitcoins has the option to cheat the buyer in the last stage out of spite by not sending his remaining key. And I'm struggling to think of a lot of valuable things people could sell that can be represented entirely by just a piece of data. In any case, the buyer of bitcoins (seller of data) will still have that data after the transaction.
This could maybe work out as a good way to exchange alt-coins, each user would have their own k wallet and could verify when the wallets receive the coins. Once both k wallets receive those coins, there's nothing to gain from cheating the other party since you can never recover the coins you're offering. However, it's still possible to spite the other party. I can trade you my one XCoin for your two YCoins. After our coins go to their k wallets and you send me your keys, I can retrieve your two YCoins and just never send you my last key. The XCoin I said I would trade would just be lost.
It would be good for selling digital content. I wonder if you could use a ransom business model where you only release the key fo a file when you have raised enough money.
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
October 29, 2012, 08:32:29 AM |
|
You've described a way to sell digital content for Bitcoin. It has nothing to do with an exchange, which is about exchanging Bitcoin with liquid goods (usually, traditional currencies).
There are known ways to have some of the features of an exchange in a decentralized way, which are waiting to be implemented.
|
|
|
|
markm
Legendary
Offline
Activity: 2996
Merit: 1121
|
|
October 29, 2012, 08:35:03 AM Last edit: October 29, 2012, 12:37:09 PM by markm |
|
Spite is the standard objection, yes.
But no blockchain is used in this, no transaction fees, so you can exchange billions of keys if you like, worth satoshis apiece, and alternate who is the one that can be hurt on the last tiny trade.
So basically your clients can stream tiny tiny values at a time until one of you breaks it off by playing the "spite" card.
There are spiteful people so yes you do have to plan for spite.
There are less-cumbersome methods of doing streams of tiny amounts too, so you could each set up a micropayments stream heading to the other player, and both run as tiny and slow as desired to gradually build up to whatever the target volume of value actually is.
-MarkM-
|
|
|
|
cunicula
Legendary
Offline
Activity: 1050
Merit: 1003
|
|
October 29, 2012, 09:12:02 AM |
|
I wonder if you could use a ransom business model where you only release the key fo a file when you have raised enough money.
A good way of doing this would be to a) specify a target collection amount b) ask each entrant to specify p, the most he would be willing to pay for the good Say the collection target is Q, and individual's max price is p, and the number of people who specify max prices greater than P is P(n). Then you could sell the good as soon as n*P(n)>=Q for some choice of n You would charge all n people P(n), so everyone would end up paying less than their max price (except for the marginal bidder). This is just like a bounty, except that you are forcing all contributors to contribute the same amount. I think that satisfies notions of fairness better than a bounty. My suspicion is that if you organized an illegal market for pirated files like this, you could: a) sell a lot of pirated electronic goods b) increase the supply of specialized and high quality pirate software (regular stuff would have fewer viruses, unusual stuff would be more available) c) repeat pirates with well-established reputations would dominate the market. The pirates could upload encrypted versions ahead of time and then just release locations and passwords.
|
|
|
|
mobile4ever
|
|
October 29, 2012, 02:47:29 PM |
|
Keep up the good work‼
|
|
|
|
mskwik
|
|
October 29, 2012, 03:00:48 PM |
|
It would be good for selling digital content. I wonder if you could use a ransom business model where you only release the key fo a file when you have raised enough money.
https://bittit.info/ ?
|
|
|
|
Portnoy
Legendary
Offline
Activity: 2030
Merit: 1000
My money; Our Bitcoin.
|
|
October 29, 2012, 04:17:31 PM |
|
So first: how about doing away with the idea of an exchange having to be Bitcoins-for-some-tangible-good?
Umm... I kinda like the idea of using bitcoins for that... You've described a way to sell digital content for Bitcoin. It has nothing to do with an exchange, which is about exchanging Bitcoin with liquid goods (usually, traditional currencies).
+1 Maybe you should change the tread title... I was kinda excited to read that topic, but then I read what you were actually talking about.
|
|
|
|
sangaman
|
|
October 29, 2012, 07:33:28 PM |
|
So first: how about doing away with the idea of an exchange having to be Bitcoins-for-some-tangible-good?
Umm... I kinda like the idea of using bitcoins for that... You've described a way to sell digital content for Bitcoin. It has nothing to do with an exchange, which is about exchanging Bitcoin with liquid goods (usually, traditional currencies).
+1 Maybe you should change the tread title... I was kinda excited to read that topic, but then I read what you were actually talking about. I mean, this would at least work for decentralized alt-coin exchanges, right? Ignoring the spite factor at least. The reason you can't do a decentralized exchange with cash is because cash has limitations that cryptocurrencies don't and that is why there is any appeal/value to cryptocurrencies in the first place. I had an idea about a way to reduce malicious traders who don't hold up their end of the deal out of spite. One side agrees to be party 0 and the other side agrees to be party 1, this is entirely arbitrary and could be done automatically. Each side could generate a random number, and encrypt it. The they exchange the encrypted numbers. Then they exchange keys to decrypt each other's number. If the sum of both numbers is even, party 0 is the first to send his key to decrypt the k wallet. If the sum of both numbers is odd, party 1 is the first to send his key. Unless I made a mistake somewhere, this means that malicious spite traders would be unable to spite 50% of the time, otherwise both parties would lose. It seems like this would at least reduce the occurrence of spite trades by 50%.
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
October 29, 2012, 08:09:25 PM |
|
I mean, this would at least work for decentralized alt-coin exchanges, right? Ignoring the spite factor at least. The reason you can't do a decentralized exchange with cash is because cash has limitations that cryptocurrencies don't and that is why there is any appeal/value to cryptocurrencies in the first place.
I had an idea about a way to reduce malicious traders who don't hold up their end of the deal out of spite. One side agrees to be party 0 and the other side agrees to be party 1, this is entirely arbitrary and could be done automatically. Each side could generate a random number, and encrypt it. The they exchange the encrypted numbers. Then they exchange keys to decrypt each other's number. If the sum of both numbers is even, party 0 is the first to send his key to decrypt the k wallet. If the sum of both numbers is odd, party 1 is the first to send his key.
Unless I made a mistake somewhere, this means that malicious spite traders would be unable to spite 50% of the time, otherwise both parties would lose. It seems like this would at least reduce the occurrence of spite trades by 50%.
Trading across chains is a solved problem. The trick is to build the transaction so that one party, with the very act of redeeming his coins, publishes the information needed for the other party to do so. And if I'm not mistaken, one party can't lose its coins due to the other party losing the key, since in this case it falls back to a previous tx version.
|
|
|
|
franky1
Legendary
Offline
Activity: 4396
Merit: 4755
|
|
October 29, 2012, 11:44:33 PM |
|
to the OP things to consider.
MTGOX has a list of public bids and so does BTC-E its called their order lists. the benefits of both existent exchanges is that you do not have to wait for confirmations before re-ordering at different price to profit. meaning trades can be done superfast.
the downside of gox and btc-e is having to give them your funds in the first place to manage instant trades. if they suddenly disapeared into oblivion your coins are gone.. whereby your idea has merits with this part you keep the coins until an agreement is made.
speed vs security, which to choose.
the only thing i am noticing lately is all of the projects are just 'pot stirring' funds.. not creating value. basically just passing money between already inducted bitcoin users. Dave pays peter who pays steve who pays dave..
FIAT economy's problem is the same. they are not concentrating on imports and exports between different countries expanding the use and value via new outside sources. they just think about how to grab as much as they can out of the native currency.
i would like to see these genius minds at somepoint make a project that would inspire an influx of new users. not a new way for current traders to pass funds between each other
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
luv2drnkbr
|
|
October 30, 2012, 02:04:21 AM |
|
I feel like this has a lot of use for p2p poker (potentially).
|
|
|
|
westkybitcoins (OP)
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
October 30, 2012, 02:36:30 AM |
|
Thanks for the comments so far, folks. Sorry to those of you who were disappointed. That wasn't really my intent, although I admit I'm beginning to believe a decentralized exchange where anyone can load software and start trading bitcoins for bank funds without a central authority will simply never happen. I was really trying to spark some ideas about what could be done if we finally let that idea go and start looking into pure information exchange. The funny thing is, in a way this could still be a sort of direct-cash exchange. MoneyPak cards are basically information; they could be exchanged in this way. Even prepaid, preloaded debit card info could be exchanged (although, thanks to the magic of chargebacks, we know why that would be foolish.) I really think focusing on an informational exchange has untapped potential, and could be built on in a number of ways. the only thing i am noticing lately is all of the projects are just 'pot stirring' funds.. not creating value. basically just passing money between already inducted bitcoin users. Dave pays peter who pays steve who pays dave..
I don't really see it that way. The point of bitcoins is, ultimately, to spend them. Any new thing that makes that simpler and easier (and immune to shutdown) helps that. An informational exchange wouldn't be stuck relying on fiat money somehow being the payload. Really, I think there are fewer limits to what can be exchanged with it than it appears. Spite is the standard objection, yes.
<snip>
There are spiteful people so yes you do have to plan for spite.
Eliminating that would be ideal. I'm not sure it could be totally removed, but even without a lot of micro-transactions, I think it could be minimized. Each trader could have a public, yet anonymous identity... a random (or even vanity) bitcoin address. The keys could be used in all correspondence (possibly even tied into trading,) so you could be reasonably sure that you're dealing with person X who has a record of nothing but positive feedback. It wouldn't be perfect, but then again I doubt any decentralized plan is going to be.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
markm
Legendary
Offline
Activity: 2996
Merit: 1121
|
|
October 31, 2012, 12:18:09 AM |
|
Decentralising mostly means everyone can be either side of any trade.
When most people are shoppers and very few are shops, shopping can by some be characterised as at least somewhat "centralised".
When everyone can put a shopping cart on their eepsite or simply run it directly on port 80 of their machine with the incoming port correctly routed by their router, complaining that shopping is not decentralised amounts to complaining that most people fail to exercise the option of running a shop.
Since you want exchanges to be centralised, I am interested to know where you run yours? On a third party hosted website? A virtual server, maybe? Right on your own desk at home? Or on your 24/7-connected phone?
If you are not serious enough about decentralisation to at least do your own "bit" toward it taking you at all seriously starts to seem somewhat a waste of mental/emotional effort.
In a thread about a distributed "darknet" exchange someone just recently posted that having got it running he saw only two other nodes of it online.
When the use of RetroShare was proposed, it turned out over and over again that usually everyone is just not there. Possibly even the original proposer of the idea.
I set up Cyclos recently as a Tor hidden service so we could explore how useful it could be and consider how best to configure it and whether it could do with some added functionality and so far no one has even created an account on it.
So actually maybe there are only about half a dozen people who have any real interest whatsoever, 3 of them are on the darknet thing two or three sometimes on Retroshare and one still wandering around wondering where all the thousands of people eagerly trying out everything that sounds like it could give any clue whatsoever toward getting closer to such an idea are and why they don't have accounts in the darknet (I do, I just don't use it as evidently there is no demand for distributed exchange systems) and in RetroShare (I do, heck I notice its still running even. Once in a while I see a connection join, I might even have one connection most of the time now and sometimes maybe two.)
I also have Tor and i2p running, and normally Freenet though that seems to have died at some point somehow.
Which of those are you on?
(You are, presumably, on #bitcoin-otc on Freenode, with a WOT identity on gribble?)
Maybe all that is really happening is actually such a vast amount of distributedness that all the actual people interested in distributed exchange are themselves distributed between so very many methods of exchange that there are as many, or more, methods among which to distribute exchange as there are people interested in exchange?
(That maybe makes sense actually; if there are three people, there are only three ways of distributing two-party exchanges between them, but if there are four people, there are more than four ways of distributing two-party exchanges between them, and as the number of people grows the number of possible pairs of them grows faster in general...)
Also I do not think on small scales one needs large markets, since to figure out YOUR price that a coin is worth to YOU all that you need to know is how much fiat the merchant you want to buy alpaca socks from would take instead of coins for them and how much fiat one potential trading partner wants in return for the number of coins the sock dealer is asking. You don't need to know a "market price" just this "how much does each of the two parties (the who I get coins from and the where I plan to spend them) consider them to be worth?"
-MarkM-
|
|
|
|
misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
October 31, 2012, 03:26:39 PM |
|
If you're going to have a subject line that mentions "decentralized exchange" then it'd be pretty useful to actually...talk about a decentralized exchange. As it stands the subject line is misleading.
I don't think it's possible to have a decentralized exchange that is also secure because at the end of the day, fiat has to change hands.
|
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
October 31, 2012, 05:14:31 PM |
|
About the last-step-spite-issue:
You can minimize the problem by providing the seller with a larger reward for playing fair then he/she would have from cheating the buyer. One-and proven- way to do so would be to implement a web-of-trust system into your trade platform. This way all parties have a strong incentive to play fair to conduct future trades and to build a trusted reputation.
Im sure such web-of-trust could also be included into an open source platform.
|
|
|
|
|