Idea: Subchains with only a legal, not technical, connection to the blockchain

[casascius]

I had this idea that I thought might be a real feasible way to scale Bitcoin in a manner that allows an infinite number of transactions (including small ones) to benefit from blockchain confirmation, which is a finite resource.

I think most everyone who understands Bitcoin understands that it's not sustainable for every node to hear and relay a 1 kilobyte message each time anybody anywhere buys a pack of gum or a soda pop, or reads a newspaper article.  It's just not realistic and a terribly inefficient use of resources.  We expect transaction fees to eventually be a controlling force as to what's worth putting in the block chain, and at some point, that fee is going to exceed the value of many of the micropayments people would like to put through Bitcoin, making on-blockchain transactions of such a size totally infeasible.

Luckily, we have a lot of time to innovate before we ever get to that point.

There have been several proposals of parallel block chains, all technical based.  All of them have one problem or another that leads people to conclude the following: when we really hit the hard limit, we're going to have to have a bunch of web wallets and "MyBitcoins" that settle up against one another, so that micropayments become sustainable while being kept off the block chain.

I have yet another idea.  It exploits Bitcoin's multisig feature to achieve the trust.  A semi-centralized temporary altcoin, pegged to BTC and backed by BTC, operated by a group of trustees, decentralized just enough so that everyone can always audit its blockchain, and so that the trustees can't steal without overwhelming collusion, but centralized just enough so that block chain reorganizations on the altchain versus Bitcoin blockchain don't result in corner cases where the whole thing comes crashing down because they can't be reconciled.

Here is how it might work.  I, and nine other highly trusted but independent members of the Bitcoin, all take 10,000 BTC, and send it to a 6-of-10 multisig destination, where each of the ten of us hold one private key.  We publish a public agreement promising that these 10,000 BTC are held in escrow for the benefit of holders of our altcoin, and that when the altcoin scheme "ends" (more about that in a minute), we will reimburse the BTC to all of those holding the altcoin.

Then we start the altcoin.  Only the trustees mine it.  However, the mining is a bit different from Bitcoin.  When we mine, the consensus being sought isn't who has the most hashing firepower, rather, the ten of us publish signed messages indicating that we agree on the ledger of the altcoin.  We embed those messages in the Bitcoin block chain for the purposes of non-repudiation.  We embed those transactions in Bitcoin not by mining ourselves, but by broadcasting special transactions to Bitcoin, signed by our ten private keys, to give a nod to what the ten of us believe is the hash representing the top of the chain.  When a majority of trustees have signed an altcoin block by having their signatures confirmed in the Bitcoin blockchain, that altcoin block is deemed to have been mined.

In the altcoin, there is no coinbase reward, and no coins are created per block.  Rather, all of the coins are premined and start out in the possession of the trustees who put up the original 10,000 BTC backing their altcoin.  The trustees introduce them into circulation as par substitutes for BTC.  Transaction fees, if any, are charged strictly as the prerogative of the trustees who specified what fees would apply, in advance, in the original published contract.  Obviously, merchants must accept these low-fee altcoins as substitutes for BTC for them to be useful, but let's just assume merchants can and do elect to accept them, by using software that treats them as equivalent.

I mention that one day the altcoin scheme "ends".  An end game has to be a possibility for the altcoins to have any true BTC value: one day, they need to be redeemable for bitcoins, otherwise they're worthless.  Now, in reality, the scheme never has to "end", it simply must have the possibility of ending fairly and cleanly if everyone decides to dump it at once (unlike the fiat banking system, whose endgame is depositors lose their asses and the execs keep their profits).

If the altcoin ends, it ends when somebody ends up with a supermajority (or other appropriate threshold) of the unredeemed altcoins, proves he has them, and states his intent to redeem them.  An end might also be forced if a certain number of the trustees disappears or stops cooperating, e.g. they are observed to have stopped "mining".

This redemption process gets stipulated in the public agreement issued by the trustees.  Once the supermajority coin holder is properly acknowledged by the trustees as having the right to call a redemption, the altcoin chain shutdown can be scheduled.  All of the altcoin holders have some time period to send all of their altcoins to a preset coin-eater address (like the one resembling 11111114oLVt2), at which point, the trustees agree to reimburse bitcoins to those who held those coins, minus any fees.

The trustees use the multisig feature on the Bitcoins to ensure that all redemptions are either honest, or don't happen at all.  Deciding where to send the coins is simple and straightforward: if we can assume that users of the altcoin know the private key encumbering the altcoins just before they were sent to the eater, it can be assumed that a Bitcoin address based on that same private key would benefit the same person.  Simply take the altcoin address and change the prefix byte so it's Bitcoin, and send out btc.

Yep, I mentioned fees.  Only if appropriate.  The whole point of a scheme like this is to make small transactions remain sensible in an environment where the minimum Bitcoin transaction fee has risen enough to exclude them from ever appearing in a bitcoin block.  If someone starts a chain like this, they might stipulate that if the altcoin chain is ever "called" for redemption, that they will deduct a fee they consider appropriate, like 2% a year for the length of time the chain has been in operation.  Or, there could be a mandatory per-transaction fee instead.  This fee shall have been stipulated in advance in the original published contract agreed to by the trustees.  Whether or not the user community would tolerate such fees is outside the scope of my proposal: I assume that if the fee is intolerable, users won't participate in the altcoin.

Thanks in advance for your comments.

[1713905137]

1713905137

[1713905137]

1713905137

[1713905137]

1713905137

[casascius]

reserved

[Peter Todd]

Did you see my post about fidelity-bonded ledgers on the bitcoin-development email list? Sounds like we're thinking along similar lines.

I think the big problem right now is developing solutions that can work even in the guise of FinCEN and similar regulatory agencies. You're alt coin would make all the administrators essentially administrators of a currency, and probably subject ever user to mandatory ID verification and so on.

[PRab]

You might want to talk to FellowTraveler about his goals for OpenTransactions. He has talked about using federated servers (similar to your trustees) to provide trust. You only need to trust that a majority of them are not colluding together. Instead of using a blockchain, it uses auditable signed receipts.

https://bitcointalk.org/index.php?topic=28565.msg363945#msg363945 (A bit old, but there is activity on IRC and GitHub)

Overall, I like the concept and agree that some form of off-the-chain payment will be needed in the future.

[yordan]

I had this idea that I thought might be a real feasible way to scale Bitcoin in a manner that allows an infinite number of transactions (including small ones) to benefit from blockchain confirmation, which is a finite resource.

I think most everyone who understands Bitcoin understands that it's not sustainable for every node to hear and relay a 1 kilobyte message each time anybody anywhere buys a pack of gum or a soda pop, or reads a newspaper article.  It's just not realistic and a terribly inefficient use of resources.  We expect transaction fees to eventually be a controlling force as to what's worth putting in the block chain, and at some point, that fee is going to exceed the value of many of the micropayments people would like to put through Bitcoin, making on-blockchain transactions of such a size totally infeasible.

Why not batch them just like credit card transactions?  You get a middle that's willing to deal in hundreds of thousands of tiny transactions and then process them as larger transactions every X time period.  Granted you have the risk the transactions won't go through but that exists outside the bitcoin world too.  Maybe to make these small batched transactions users need something like a verified address to engage in such transactions.

[Anon136]

cascius why not just make an exact perfect copy of bitcoin and call it bitcoin2 as soon as tx fees become a problem. and when they become a problem again we create bitcoin3 ect.... Exchanging one cryptocurrency for another is so easy exchanges would become ubiquitous very quickly and simply built into the payment process just like bitpay converts btc to usd now.

its infinitely scalable, perfectly decentralized, and if anyone decided to attack any of the weaker chains the capital would quickly flow to stronger chains and tx fees would increase relative to the amount they needed to increase to inorder to prevent further attacks.

[casascius]

cascius why not just make an exact perfect copy of bitcoin and call it bitcoin2 as soon as tx fees become a problem.

If each kind of bitcoin floated freely, it would be too complex for users to be useful, as well as costly in terms of friction exchanging between them.  It's important that all the units be alike.

Why not batch them just like credit card transactions?  You get a middle that's willing to deal in hundreds of thousands of tiny transactions and then process them as larger transactions every X time period.

This suggestion is not relevant to the problem I'm talking about nor the solution I'm proposing.  I notice on another thread you're asking how mining works.  It is understandable that without a clear picture of how mining works and how blocks are formed, it's not clear why doing this won't help.  Hang in there though, with Bitcoin there comes a lot to learn, and you've got the right kind of mind to be helpful.

[yordan]

Why not batch them just like credit card transactions?  You get a middle that's willing to deal in hundreds of thousands of tiny transactions and then process them as larger transactions every X time period.

This suggestion is not relevant to the problem I'm talking about nor the solution I'm proposing.  I notice on another thread you're asking how mining works.  It is understandable that without a clear picture of how mining works and how blocks are formed, it's not clear why doing this won't help.  Hang in there though, with Bitcoin there comes a lot to learn, and you've got the right kind of mind to be helpful.

I know how the mining works in theory.  I was curious about exactly what problems they're being asked to solve.  But now I see what you mean.  While the 2nd half of batching the transactions into larger amounts might work in theory the first part wouldn't because the small transactions from the end user to the middle man wouldn't get processed for being too small...   Is this what you mean?

[Anon136]

cascius why not just make an exact perfect copy of bitcoin and call it bitcoin2 as soon as tx fees become a problem.

If each kind of bitcoin floated freely, it would be too complex for users to be useful, as well as costly in terms of friction exchanging between them.  It's important that all the units be alike.

Why not batch them just like credit card transactions?  You get a middle that's willing to deal in hundreds of thousands of tiny transactions and then process them as larger transactions every X time period.

This suggestion is not relevant to the problem I'm talking about nor the solution I'm proposing.  I notice on another thread you're asking how mining works.  It is understandable that without a clear picture of how mining works and how blocks are formed, it's not clear why doing this won't help.  Hang in there though, with Bitcoin there comes a lot to learn, and you've got the right kind of mind to be helpful.

Sure i understand this criticism and it is correct, i would just argue that the advantages of my proposal outweigh this very real cost. Your "solution" has costs as well, as you mentioned it wouldnt be decentralized in the way that bitcoin is. My suggestion is decentralized in the way that bitcoin is. i think both of our proposals are flawed but your flaw is over all worse than mine.

Also this legitimate criticism you bring up is one that would be solved by the market in time because there would be an economic incentive for entrepreneurs to come up with systems to lessen this "friction".