The first paper referenced by
Satoshi Nakamoto's Bitcoin Paper is Wei Dai's 1998 proposal for "
b-money". It's a short but very interesting paper, and it shows that many of the ideas behind Bitcoin were well along the way to fruition back in 1998.
The part that has me interested relates to the enforcement of contracts between pseudonymous participants. The key idea is that there is distributed accounting, as in Bitcoin. The participants to a contract, and an arbitrator, each transfer a deposit equal to the maximum "penalty" they will pay if they break their contract.
If the contract is carried out, these "reparations" get refunded. If the contract does not succeed, the reparations are paid out as agreed by the participants, up to the maximum amount deposited:
3. The effecting of contracts. A valid contract must include a maximum reparation in case of default for each participant party to it. It should also include a party who will perform arbitration should there be a dispute. All parties to a contract including the arbitrator must broadcast their signatures of it before it becomes effective. Upon the broadcast of the contract and all signatures, every participant debits the account of each party by the amount of his maximum reparation and credits a special account identified by a secure hash of the contract by the sum the maximum reparations. The contract becomes effective if the debits succeed for every party without producing a negative balance, otherwise the contract is ignored and the accounts are rolled back. A sample contract might look like this:
K_A agrees to send K_B the solution to problem P before 0:0:0 1/1/2000. K_B agrees to pay K_A 100 MU (monetary units) before 0:0:0 1/1/2000. K_C agrees to perform arbitration in case of dispute. K_A agrees to pay a maximum of 1000 MU in case of default. K_B agrees to pay a maximum of 200 MU in case of default. K_C agrees to pay a maximum of 500 MU in case of default.
4. The conclusion of contracts. If a contract concludes without dispute, each party broadcasts a signed message "The contract with SHA-1 hash H concludes without reparations." or possibly "The contract with SHA-1 hash H concludes with the following reparations: ..." Upon the broadcast of all signatures, every participant credits the account of each party by the amount of his maximum reparation, removes the contract account, then credits or debits the account of each party according to the reparation schedule if there is one.
But what if the participants can't agree? That, of course, is the crux of any contract enforcement scheme. Wei Dai has this to say:
5. The enforcement of contracts. If the parties to a contract cannot agree on an appropriate conclusion even with the help of the arbitrator, each party broadcasts a suggested reparation/fine schedule and any arguments or evidence in his favor. Each participant makes a determination as to the actual reparations and/or fines, and modifies his accounts accordingly.
I don't get it. What is Wei Dai saying here? Surely he can't be saying that each participant does whatever they choose to do, because that would result in everyone having a different idea of what everyone else's balance is.
Hmm. Or maybe he
is actually saying that. If I think Starbucks cheated me, I can adjust my balances so that Starbacks has less money and I have more. At the same time, Starbucks will adjust their balances so that they have more money and I have less. I guess everyone else can decide whose balances they want to believe.
But I feel I must be missing the point here. Can anyone shed some light on this?
Naturally my interest is in how this could be adapted to Bitcoin, but I feel I should understand Wei Dai's proposal first.