Can SCIP be used to prove the monetary base, whilst keeping tx's secret?

[Carlton Banks]

It's a radical thought. And a coding job beyond my comprehension. And so I ask. Because thinking about the whole CoinValidation issue has led me to consider one root of the whole construct.

Part of the reason to make all transactions and addresses publicly available on the blockchain is as a way of checking that the protocol is not being subverted, such that the monetary base is being inflated outside the proscribed limits.

What if we attacked the problem of taint lists another way? What if we could encrypt the entire contents of the blockchain, but also allow the public the capability to query the size and creation rate of it's monetary base? What if we can still query that a given payment request has been satisfied, without knowing which address it was sent from?

Could we not solve the problem that the blockchain was designed for, and simultaneously deny rainbow listings?

[1714838440]

1714838440

[1714838440]

1714838440

[1714838440]

1714838440

[1714838440]

1714838440

[gmaxwell]

In theory things like this are possible... an encrypted state with encrypted spends and proofs that the changes are faithful and following the rules, without disclosing what the changes actually were.

Making them practical is another matter, especially because we have some evidence that the expense of operating the Bitcoin network as its currently designed may be at the upper boundary of whats sustainable as a decentralized system. If such a system required 10x more bandwidth, cpu, disk space, or even lines of code— it's not clear to me that it could be practical. At least not today.

The explanation of how such a system works would be beyond the understanding of the majority of people who currently have a basic grasp of how Bitcoin works, which would lower trust.

I hope to see (and participate) in the development of technology in this space, but it's not an immediate thing we can apply. But the potential for things like that is certainly one reason I'm very excited about the recent advances in generic zero knoweldge proofs.

[Carlton Banks]

I am pleased that my superficial understanding is not without merit.

So, given an extraordinary change in storage, networking, processing, and a far from insignificant development effort, it could be done. This description compares not unfavourably with a pre-2009 pessimists view of what we have with Bitcoin today. And we can reasonably expect the technological changes. I will do anything I can to support the project development, even dust off my coding skills again (and probably end up running unit tests and bug testing! lol).

Time to breathe out again. There is a long term possibility of an ideal technical solution to the potential abuses of rainbow lists.

[gmaxwell]

Exactly.  But don't breath out too easily.  Just because something is possible doesn't mean it will be done.

There is a lot possible, and I mean practically not just theoretically possible, which is not being done because it has a high up front development cost and the nature of truly decentralized systems is that they eliminate rent-seeking, including the kind of benign rent-seeking that would otherwise be used to fund the development.

[Carlton Banks]

It's also the case that this could be the "if all else fails" option, but it could possibly be considered an ideal, not an idyll. In any case, we have yet to see quite what practical impact the listings can have, but we do know the impact will take time to fully show it's teeth. And with the current community, I doubt there will be many willing victims.

So there is much to contemplate before a true solution can be sought after, but I think we can have confidence that some type of cryptographic novelty will lead the way.

[Mike Hearn]

Remember that the purpose of the block chain is primarily to check for double spending. The inflation will eventually go away, but the block chain will live on.

Just checking the coinbase is of the correct size isn't really sufficient. You need to prove there's no double spending as well.

A proof that the coinbase adds up to the fees and the correct subsidy would be useful for SPV fraud proofs. I suspect that if SCIP continues to evolve, it may become useful for that at some point as an optional extra layer, but the block chain would still be needed.

[Carlton Banks]

Remember that the purpose of the block chain is primarily to check for double spending. The inflation will eventually go away, but the block chain will live on.

Just checking the coinbase is of the correct size isn't really sufficient. You need to prove there's no double spending as well.

A proof that the coinbase adds up to the fees and the correct subsidy would be useful for SPV fraud proofs. I suspect that if SCIP continues to evolve, it may become useful for that at some point as an optional extra layer, but the block chain would still be needed.

Indeed, I would like to think that SCIP could also prove that people aren't double spending.... but I see your point, I cannot see a logical solution to the problem of how a set of fully encrypted transaction inputs can possibly be kept globally secret, yet also verified as to whether they have been previously spent. Perhaps SCIP or whatever potential new work in Zero Knowledge Proofs can solve the problem, I remain open to the possibility.


By the by, any chance you could lend your support to the Identity Protocol as an alternative to the rainbow lists? It's far superior system to CoinValidation, which can easily fall foul to any bad intentions, either willingly or forced upon, the operators of the list. The operators can simply certify addresses of the people most able to pay/intimidate/influence them as being Green, disparaging the veracity of the list.

As you are a designer of the Identity Protocol, I fail to see why you're so keen on promoting discussion of measures that affect the money utility of Bitcoin.

[Mike Hearn]

By the by, any chance you could lend your support to the Identity Protocol as an alternative to the rainbow lists? It's far superior system to CoinValidation

The CoinValidation thing was very badly timed. I still don't really understand what it is they are proposing or want to do, but the whole notion of pre-registering addresses with a government agency is very much NOT what I was publicly musing about. The exact opposite actually, a lot of the complicated crypto in decentralised mark lists comes from the desire to prevent governments learning anything at all, beyond what citizens freely choose to give them. Unfortunately because of the timing of the Forbes article, now all these different things are mixed up in peoples minds and getting blurred together.

At the moment I'm content to just let the debate run and get people thinking. I'm happy with the insights that have been brought up so far, there's much food for thought.

The payment protocol (is that what you are talking about?) solves a different, unrelated issue. In the payment protocol merchants can optionally sign their requests for payment. Clients can keep the signed requests. But the buyers are still anonymous (unless the website/merchant requires you to log in or verify your ID in some entirely separate process of course). Considering CryptoLocker again, the payment protocol doesn't change anything because they can take their extorted money and go spend it as much as they want, nobody would ever know it was them.

The time when the ID verification/signing part of the payment protocol is useful, is when there's a dispute with the seller. Then you can use it to prove that you paid for something that the merchant promised to deliver. It's kind of like an ad-hoc, super lightweight contract or fancy receipt in that regard.

[Carlton Banks]

By the by, any chance you could lend your support to the Identity Protocol as an alternative to the rainbow lists? It's far superior system to CoinValidation

The CoinValidation thing was very badly timed. I still don't really understand what it is they are proposing or want to do, but the whole notion of pre-registering addresses with a government agency is very much NOT what I was publicly musing about. The exact opposite actually, a lot of the complicated crypto in decentralised mark lists comes from the desire to prevent governments learning anything at all, beyond what citizens freely choose to give them. Unfortunately because of the timing of the Forbes article, now all these different things are mixed up in peoples minds and getting blurred together.

Ah, I see that my opposition to both colours of lists has ended up with me conflating them together in the question I asked. Confusion may reign for a while with the overall listing issue. Once again, you pre-suppose that an authoritarian bent of government will not enforce required reporting. Imagine if consumers were compelled to report all purchases to a mark list, and the corresponding merchant were mandated to confirm their participation at the other side of the transaction?

The payment protocol (is that what you are talking about?) solves a different, unrelated issue. In the payment protocol merchants can optionally sign their requests for payment. Clients can keep the signed requests. But the buyers are still anonymous (unless the website/merchant requires you to log in or verify your ID in some entirely separate process of course). Considering CryptoLocker again, the payment protocol doesn't change anything because they can take their extorted money and go spend it as much as they want, nobody would ever know it was them.

The time when the ID verification/signing part of the payment protocol is useful, is when there's a dispute with the seller. Then you can use it to prove that you paid for something that the merchant promised to deliver. It's kind of like an ad-hoc, super lightweight contract or fancy receipt in that regard.

Conflation creep again, I was referring to the Identity Protocol. I remembered that you had started a thread that it featured in, and equated that with you being the overall or joint author.

It is clear to me that a Bitcoin Identity Protocol would be far less corruptible than the state based systems people currently use, and that they can serve a valuable purpose that varies with the cultures or society they are used in. I would never indulge a strange teenager bribing me to buy alcohol for them in the United States; in a society like that, there's no way to know that kid couldn't be prone to indulging in all sorts of dangerous or anti-social behaviour as a result. But in small close-knit Scandinavian community, the teenage population wouldn't even to need ask. They might still want age checks on purchasing firearms though.

By popularising the use of the proposed ID Protocol, enforcing identity + related attributes as seen fit in jurisdictions across the world would give us all a great deal to gain. A decentralised system using an open protocol, embedded within another decentralised open protocol would harm the ability of all people, of all means and resources, to steal and fake real world identities. It could promote trust in confirming the identity of users in a way never seen before. And more to the point, it usurps the (perhaps a little contrived) purpose of the CoinValidation scheme by a moon shot sized magnitude.

[Mike Hearn]

Ah, I see, sorry.

Again, they solve different problems. I'd like to see Bitcoin-based anonymous identities be implemented. I think they can be very useful for de-spamming things, solving sybil attacks, making Tor easier to use and lots of other great stuff.

But I don't see how they're relevant to tackling crimes like extortion. To solve that you basically have to find the guy who is doing it and force him to stop. Individuals can defend themselves with the right strategies, but it's hard to win at defence all the time, and globally some people will always lose.

It's certainly true that for certain types of "crime" (using the word very loosely) requiring a bannable anonymous ID would be more scalable and work better. Like, I don't think it'd make any sense to try and use coin marking to fight spammers. Different tools for different jobs.