(Sorry if this is the wrong forum)

One of the most interesting topics I learned about at the Bitcoin 2013 conference was the idea of Colored Coins.  However, I'm unable to convince myself that implementing them on top of Bitcoin would have the same security characteristics that exist for Bitcoin itself.

In particular, what is the chain of reasoning that demonstrates that the set of incentives that protect Bitcoin from an economically-motivated 51% attack also apply when certain Bitcoins are colored?

More precisely, here is what I have in mind:

* For Bitcoin itself, an economically rational actor has little incentive to perform a 51% attack to steal Bitcoins (by double-spending, say) since undermining the integrity of the network would reduce/destroy the value of the very coins the attacker was seeking to steal.  Thus, the only actors one would expect to engage in a 51% attack would be those with a non-economic motive (governments, perhaps).  Perhaps another way of saying it is that the possessor of huge amounts of compute power has more to gain by participating in the system than by seeking to thwart it.

* However, if one now turns attention to colored coins, the incentives change.  These are coins with some connection to the "real world": possessing one might entitle the possessor to income from shares or title to a physical asset, etc, etc.  As such, the value of the assets represented by colored coins could be orders of magnitude greater than the value of the underlying Bitcoins themselves.   Therefore, an economically-rational attacker set on stealing real-world assets may no longer care about the value of Bitcoins (or a subsequent failure of the system) since their eyes are on a different goal.

* So... if there were ever a colored Bitcoin that was worth vastly more than the underlying Bitcoin that "carried" its color, why would an attacker not, say, acquire the colored coins for fiat, sell them to somebody else for fiat and then, once the fiat was safely received, mount a 51% attack to reverse the "sale"?   The end-result would be that the attacker had both the original fiat *and* a blockchain that recorded them as the owner of the asset.  If the (BTC) value of the double-spent Bitcoins was low (imagine 1 colored Satoshi that represents one million Apple Shares), one could imagine a scenario where the core Bitcoin network shrugged off the issue as an aberration and the attacker was now recorded as the rightful owner of a stolen asset.  Equally, one could imagine that this fatally undermines the Bitcoin system yet the attacker still potentially has title to the asset.

* Of course, the 51% attack is just an example - the wider point I'm trying to make is that it is not immediately obvious that the economic incentives that help protect Bitcoin from various attacks are still effective in the presence of highly valuable colored coins.

Am I missing something?  Is this something that one would expect to be covered in the legal agreements that "link" a real-world asset to a particular set of colored coins? Something else?

Colored coin is contract. If the coin issuer refuses to acknowledge the stolen colored coins, those coins worth nothing

For the vast majority of backing commodities the act of redeeming colored coins (i.e. destroying them and receiving their value) could easily require significant confirmations -- say 50+.  After all, backed coins already require that you trust the issuer.  So you can send them your coins overnight and trust them enough to get the commodity in the AM.

The problem is colored coins exist only on the blockchain, if the blockchain is 51% attacked, it cannot be used as a reiiable proof of anything anymore, then the colored coin would lose its value as well.

youre not missing anything, Color Coins[1] are going to be a nightmare in practice.  They seriously distort the economics of mining.  I raised this many times on the BitcoinX list, but the main protagonist/troll on there 1st: refused to acknowledge the problem 2nd: acknowledged it but didn't fix it.  He spends months doing precisely NOTHING but sounding off and trying to look important(but not succeeding).  This is probably why it seems the only project in that neighborhood with investment money did not include him.

It's these very problems, and a few other revelations that led to my development of Confidence Chains.

Confidence Chains has none of these problems.  It doesnt use mining at all.


[1] and presumably Mastercoins

I dont think Color Coins increase the risk of a 51% attack.  It poses the same risk with or without color coins.

the problem is that the transaction values no longer scale to the input of the miners.  A very small BTC transaction could carry millions of dollars in trade value.  Thus a miner could hold that transaction hostage or a number of different things.  It's already been discussed at length on the BitcoinX list, but as things go here anything important is virtually ignored in favor of pump and dump schemes and WHO IS TEH SATOSHI? threads.

the idea works as far as the initial whitepaper takes it.  The initial whitepaper does not discuss the issues regarding mining economics brought up by myself on the BitcoinX list.  It's a failed architecture in my view.

that is a good point and it's very possible to have this kind of configuration.  Each node might have different perspectives on which nodes are more important.  Just like in real life.  One member of a social group might favor the statements of certain people.  There's no centralized document that says this particular person is more credible than another.  This does not effect the basic operation of the algorithm though.  Not only can nodes have different views on who is important, they can actually employ different strategies for building chains, and these strategies can exploit various aspects of the financial ledger, ultimately though consensus is the thing on which a ledger is accepted.  With complex financial instruments there is quite a bit of interpretation involved.


that's certainly fair to say.  To understand what Confidence Chains means you have to revisit some of the initial design goals of Bitcoin.  Bitcoin was meant to be a currency without backing and without ownership.  Color Coins and other related technologies have a different purpose: digital vouchers(although Confidence Chains does much more than that).  Thus, you've removed ZERO TRUST.  You must trust the backer.  The idea of leaving in Proof Of Work anyway is just meaningless really and reflects a lack of vision as to why it was there in the first place.  The core oversight is that the block chain is a free database that anyone can insert information for any purpose.  You'll find this assumption is a standard amongst the Color Coin people.  It is here that Color Coins breaks down.  We saw this unfold with the COIN_DUST issue.

Confidence Chains does not have any of the security problems of Bitcoin.  Initially the system supports a STATIC distribution, as in the nodes are predetermined.  There are other possibilities which have not been conceptually explored at this point.  The first basic app will be a Distributed Exchange which offers a some really great value to the sorts of peoples who come here to this list.  Keep in mind people are interested in Confidence Chains who don't have anything to do with Bitcoin.  Wouldn't you rather trade bitcoin on an exchange that cannot be biased by any individual participant or owner?  the exchange has no owner, and that the key difference.



There are two more whitepapers posted to this forum showing some other applications of Confidence Chains.  There will be more publications in the future.  One of the advantages to CCs is that the architecture is very flexible.  Im a very conceptual high-forehead kind of person so I think the strength of this is how many different things you can do with it.  Im not going for low-hanging fruit at this point.  People can easily work in their own ideas and financial instruments, build wealth and capital without much knowledge.  The code base will be relatively simple. 
 
thanks for the input.  I will post a few progress milestones to here when it is relevant.  The http://www.altchain.org site is coming very soon.

that is a very lucid way to phrase it actually.  Seems like youre treading on a few of the logical paths I took while I was coming up with this. It's sufficiently far enough from Bitcoin that it does take some effort to understand the what/why/how of it.  A good portion of the people here are just interested in making money mining, so I've excluded them as people to talk to.  Also, it does not require any legal support.  People can issue assets(and other things) reliably without involving any traditional legal system.  Cryptography does all the work here.

Consider this, you mentioned earlier something along the lines of- how do we stop people from just having their own identity weights?  I do allude to this in the paper, the part about 'idiot nodes'.  So you're individually free to reassess credibility values in the system, but ultimately, the issuers need to honor the ledger for you to get reimbursed.  Therefore if you choose to be an 'idiot' then you risk alienation from your implicit contract with the issuer, and also alienation from the community of people transacting in the assets. [2]  Why are you in a marketplace if you don't like anyone?  Remember the chains build on top of each other, and to have some kind of radical choice of identity weights will just exclude you from opportunities to build blocks on the chain.  It's effectively impossible to drastically diverge from the consensual layout of identity weights(small differences won't have major results). [3]  This is a technology that allows people to easily and automatically generate a consensual distributed financial ledger(it can do many things, not just exchanges- I explain how to do a distributed auction as well).



This also seems to be problematic for the Bitcoin crowd.  We assign trust to entities all the time.  Mt Gox has a pile of my money and they can easily take off with it.  The advantage CChains gives you is that I can create a congress of trust.  It's far more reliable than trusting one particular entity.  For instance would you rather deal with Saudi Arabia(a monarchy) or France(a democratic republic)? [1]  It would be fairly easy to organize as little as 5 nodes into something that is virtually bulletproof.  Imagine you had a ledger that is mathematically proven to be agreed upon by 100 parties in 30 countries with varying shades of background and character?  And this ledger is FAST, we can assemble this consensus practically instantly.  That's the power of Confidence Chains.

The system also addresses Bitcoin's technical shortcomings.  A great paper on why the underlying assumptions of Bitcoin are problematic: http://www.links.org/files/decentralised-currencies.pdf

Laurie points out for instance that Bitcoin relies on checkpoints.  Who makes the checkpoints?  Bitcoin is not exactly as decentralized as they make it out to be, and some of the 'solutions' to the problems they face are really removing the initial intent of the system.  Most people involved at this point don't really care, they're just interested in latching onto the inertia of the movement.  Theyre not necessarily concerned that the movement is moving in a completely opposite direction than originally intended.

Keep in mind that once we have factored out Proof Of Work, there is no mining, there is no need for expensive machinery to run the system.  You can host 50,000+ txs a day(what Bitcoin does) with simple commodity hardware.  You can probably host several thousand transactions a minute.  Thus the technology brings money back into the hands of the average person.  Naturally the big boys, who sell hardware and such are not interested in such things.  Also the performance is much much better, you get virtually instantaneous response times.  There is no block hashing, nonces, etc.


It does not have the same set of risks as Bitcoin as there are no 'unbounded consensus' problems(sic. Ben Laurie).  The 'inputs' in the system are your trust layout.

The risks for Color Coins are going to be a capacity/performance breakdown.  They don't pose any serious additional security problems and generally it does not effect the 51% attack issue.  Putting color coins on an altchain is just pointless because if you had an altchain you can redesign the tx format to support 'colors' directly without the need for this complex coloring schema.


the other papers describe how to make a Distributed Exchange and how to make a Distributed Bond Auction.  There are few parties here and there claiming they can make a Distributed Exchange, however I'm the only one I know of that has described exactly how to do it in detail.  One other camp claims to have it, but their claims are dubious to say the least.  This project, which is currently posted all over the place here, is just kicking up dust trying to bring in investment money.  If you have the time to closely follow their claims it's fairly easy to see what theyre up to.

Richard, much appreciate your comments here.  danke schon!  -bm






[1]  who would you buy bonds from?  Hint: countries like Saudia Arabia don't have the same sovereign debt system that democratic republics have because they are no where near as credible and reliable.

[2] and this tactic would be very short lived.  If you chose for instance to ignore half the identity nodes because you felt they are untrustworthy, the confidence of your own private chain would be minuscule compared to the dominant chain.  Then what?  you could present this private 'idiot' chain to an issuer and claim you have an account balance.  Your records might line up with the dominant records, and they may honor it.  But the problem is you lose the ability to transact with all the people who are 'getting along'.  This is basically how the algorithm fosters participation.  If you don't 'get with the program' you are left out.  If you don't like the program, maybe you can find an alternate chain to trade in.  Remember though that in NO SITUATIONS can account transfers or the initiation of any financial instruments be falsified.  The nodes to not have the ability to forge personal signatures.  

[3] btw- most of these details are shielded from the average user.  These things are only going to come into play when people start breaking open the system and trying to exploit it.  The average person will see a very performant, publicly credible, feature rich exchange/financial service that does not appear to be branded by any one particular entity.  Hackers will see the things I describe, and then they will discover that they cannot break the system.

 I appreciate the comments, and I address the individual points below but before I do, consider the advantages of this architecture.

 * No mining
 * No expensive hardware.
 * No excessive network usage.
 * No mining pools.
 * No asic manufacterers.
 * Instant Confirmations.
 * No thorny security issues that are often intractable and unmanageable.

   the general point is though, that ultimately value must rest in it's redeemability for something.  Even if this is a complex financial derivative that is a financial function of a financial function denominated in a currency that is itself a complex of financial functions.  Ultimately you need to exchange it for something.  Even if this exchange isn't something that is eg. edible or physical, it still has some kind of legal value outside the system.  This reliance is implicit in all financial systems.  And if you don't trust the issuer, why would you want to trade in their issued vouchers?


  You can certainly do complex things such as this in Confidence Chains.


  Sell it for what?  another share that has an implicit value, because that share is exchangeable for something else with implicit value.  Remember Bitcoin wasn't worth anything until someone bought a pizza with it.  So ultimately you must have at least ONE person willing to redeem the digital vouchers for something in the real world.  That could be peanuts, USD, Turkish Lira, Gold Coins, etc.  In most environments though there will be MANY issuers who have such implicit promises and what Confidence Chains gives you is a very quickly assembled ledger that all those issuers agree on.  Consensus is the key word here.  I've abandoned Bitcoin's idea of a global ledger, and this bought me some very attractive performance and architecture features(as well as simplicity).

  Granted there are issues in hosting eg. trades and supporting some sense of non-bias.  Im not sure how a PoW system can give you that.

 "you can't eat money."


you can also do this kind of complex logic chaining and then the remarketing of the risk implicit in those agreements.  Confidence Chains can support the same exact Transaction formats that Bitcoin does if you really want it.

btw- not sure if you saw Peer-To-Peer Bond Auction  http://goo.gl/LVU7A5

thanks for your comments, -bm