Creating metacoin for a decentralized exchange?

[tee-rex]

With the recent fall of so many cryptocurrency exchanges I was thinking about feasibility of making trades safe.

So I came up with the following idea. We create some metacoin with the single purpose of making its blockchain a decentralised exchange for trading other major coins. How this would work in practice. Say, you want to sell a few bitcoins and get some doges. You send your bitcoins to a randomly generated address whose private key is distributed across (encrypted in) this metacoin blockchain. The private key could only be made available to whoever sells you dogecoins at the price which will be set in the transaction you sign on this meta blockchain. For the buyer of your bitcoins the process should be pretty much the same.

Is it possible to make such a "coin", which client would serve as a trading platform?

[Cryddit]

I actually have coded an unlaunched alt with multivalent amounts - so I could easily launch a blockchain tomorrow that can keep track of thousands of different kinds of coins, and keep them all separate, and allow trading between them on the chain. 

But moving them back and forth to their native blockchains is something that the devs on those blockchains would have to provide a way to do.

[tee-rex]

I actually have coded an unlaunched alt with multivalent amounts - so I could easily launch a blockchain tomorrow that can keep track of thousands of different kinds of coins, and keep them all separate, and allow trading between them on the chain. 

But moving them back and forth to their native blockchains is something that the devs on those blockchains would have to provide a way to do.

Why not release the source code then? Someone could pick up where you left and go on. Also, altcoin exchange devs do have to deal with the issue of working with numerous blockchains somehow.

[Cryddit]

Why not release the source code then? Someone could pick up where you left and go on. Also, altcoin exchange devs do have to deal with the issue of working with numerous blockchains somehow.

I may yet do it.  I did re-base it to Bitcoin 0.10.0 this week, following the latest Bitcoin release for all kinds of improvements in block chain handling.  I haven't implemented my side of the transfer-between-chains thing for anybody to be compatible with, and of course they'd need to add the code to their altcoins (and have a hard fork each for a couple of new transaction types) before it would work.

Mostly I've been not pursuing it because I don't want to explain to two or three hundred scammers why I'm not going to be making an effort to be compatible with their scamcoins.  Seriously, the altcoin world is filthy these days.  I would go so far as to say MOST alts actually have no interest in application as currency; their model of issuance (with most of the coins out in the first year, or coin production cut by more than half in the first year) makes no economic sense for that.  Nor does the ludicrous notion that it is reasonable for a significant fraction of the entire money supply to be reserved for one or a few people.  And one is left with the unfortunate implication that most of them have no reason to exist except as scams. 

And, do I really want to facilitate trading between scams?  Considered as an economic force, in the short term easy trustless trading would facilitate some scams and make others more difficult.  The question is, in the long run would it favor the less scammy operators?  With trustless trading, would market pressure mean the pump-n-dumps end with less money effectively stolen?  And hopefully faster, or with more accountability, or both? 

[CIYAM]

The Atomic Cross-Chain Transfer concept which has been implemented using Automated Transactions (AT) and is described in detail here: http://ciyam.org/at/at_atomic.html could end up providing the "lynch pin" for trading across different blockchains (and CIYAM is developing a Token package that could act as the decentralised "market" for this approach).

By using ACCT at least all trades would be "safe" (in terms of the trade being honoured according to the terms of the ACCT algorithm).

I do agree with @Cryddit that most alts are just pump and dump scams (but I doubt they would go to the effort of implementing AT so it might be a refuge from that at least in the short term).

[tee-rex]

Why not release the source code then? Someone could pick up where you left and go on. Also, altcoin exchange devs do have to deal with the issue of working with numerous blockchains somehow.

I may yet do it.  I did re-base it to Bitcoin 0.10.0 this week, following the latest Bitcoin release for all kinds of improvements in block chain handling.  I haven't implemented my side of the transfer-between-chains thing for anybody to be compatible with, and of course they'd need to add the code to their altcoins (and have a hard fork each for a couple of new transaction types) before it would work.

You could take the most traded altcoin (say doge) and make a reference design (proof of concept). If this works out well in the end, other altcoin developers will be eager to add support for their stuff.

[matt608]

BitShares is a decentralied exchange.  The only difference between it and what you describe is it doesn't trade altcoins (yet), just BTC, fiat, gold and silver.

[CIYAM]

BitShares is a decentralied exchange.  The only difference between it and what you describe is it doesn't trade altcoins (yet), just BTC, fiat, gold and silver.

It doesn't trade *actual* fiat, gold or silver just IOUs - or am I incorrect?

(does it even actually trade real BTC - I think not)

[tee-rex]

BitShares is a decentralied exchange.  The only difference between it and what you describe is it doesn't trade altcoins (yet), just BTC, fiat, gold and silver.

Where are these funds actually (physically if applicable) stored?

[CIYAM]

Where are these funds actually (physically if applicable) stored?

Nowhere - as they are just IOUs (no different to Ripple really).

They have been trying to "con" people with the idea that an IOU is just a good as the real thing from day one.

[tee-rex]

Where are these funds actually (physically if applicable) stored?

Nowhere - as they are just IOUs (no different to Ripple really).

They have been trying to "con" people with the idea that an IOU is just a good as the real thing from day one.

Then why should we care?

[CIYAM]

Then why should we care?

I don't (as I know it is just crap) but unfortunately they are sucking more and more people into their "prediction market" crap (which is really "newspeak" for "let's steal your money by trying to make you think our snake oil is the real thing").

I suspect that they'll try and evade prosecution by eventually leaving the US and setting up overseas (as others are doing).

To use the terms "USD", "BTC", "gold" and "silver" when there is no such actual underlying asset is "deceitful to say the least".

[Cryddit]

You could take the most traded altcoin (say doge) and make a reference design (proof of concept). If this works out well in the end, other altcoin developers will be eager to add support for their stuff.

Doge, for all that I don't care much for its prospects, at least doesn't appear to be a scam.  Or at least, not actively scamming at this time.  Litecoin likewise doesn't appear to have any active scams going. 

But, honestly?  The single most non-scammy alt I can think of is Namecoin.  Thousands of nodes on their network all the time, mostly just because people are running full nodes in order to keep their browsers updated on the .bit domains.  Namecoin actually provides a real service, so there's a constant non-pump demand for it.

[tee-rex]

You could take the most traded altcoin (say doge) and make a reference design (proof of concept). If this works out well in the end, other altcoin developers will be eager to add support for their stuff.

Doge, for all that I don't care much for its prospects, at least doesn't appear to be a scam.  Or at least, not actively scamming at this time.  Litecoin likewise doesn't appear to have any active scams going.

Litecoin seems to me like a bastard child of Bitcoin. Neither here nor there. It tries to clothe itself with bitcoin's fame, but since there can only be one Bitcoin, it looks grotesque. Dogecoin, on the contrary, doesn't pretend to take after anything, and as a result we have fast (in terms of confirmation times) and cheap (in terms of transaction fees) coin, perfectly fit for trading.

But, honestly?  The single most non-scammy alt I can think of is Namecoin.  Thousands of nodes on their network all the time, mostly just because people are running full nodes in order to keep their browsers updated on the .bit domains.  Namecoin actually provides a real service, so there's a constant non-pump demand for it.

Can't say anything about Namecoin. Though providing real service doesn't make it invulnerable to pumping (in fact, more prone).

[Cryddit]

Looking more closely at the atomic cross-chain trading protocol, I have a bit more coding to do for security.  

It works fine as long as both chains are proceeding, neither party can block the other from making a transaction in a given timeframe, and a reorg doesn't block out just part of the protocol on one or both chains.  But dealing with alts, often the block chain security is kinda thin, and I can't really trust that there'll not be long reorgs created by attackers -- either on my chain or one of the others.  

First thing, for secure cross-chain trades, because the protocol depends on transactions waiting until after other transactions have occurred,  I'll absolutely have to add minimum and maximum block heights to transactions. That is, a transaction would not be valid in any block prior to its minimum block height, nor in any block after its maximum block height.  

Second, I'll want to implement time-locked outputs;  That is, different outputs, even if created in the same transaction, will need to be able to specify different minimum block heights before which they cannot be validly spent and possibly even different maximum block heights after which they cannot be validly spent.

Finally related to secure trades, and also to eventually implementing proof-of-stake that doesn't give attackers infinite free shots at causing reorgs,  I'll need each tx to specify a very recent block (current block as of the time the tx is created) and not be valid in any block chain that does not have that block as its ancestor.  This will prevent a couple of possible scams involving chain reorgs either on the metacoin chain or the chain it's crossing with; if a given tx is invalidated by a reorg, then other tx in the same sequence must also be invalidated by the very same reorg.

I keep spending coding effort on this thing, like a hobby; maybe in the back of my mind I have already decided to do it.  With my conscious mind I still have huge doubts.

[tee-rex]

Looking more closely at the atomic cross-chain trading protocol, I have a bit more coding to do for security.  

It works fine as long as both chains are proceeding, neither party can block the other from making a transaction in a given timeframe, and a reorg doesn't block out just part of the protocol on one or both chains.  But dealing with alts, often the block chain security is kinda thin, and I can't really trust that there'll not be long reorgs created by attackers -- either on my chain or one of the others.  

First thing, for secure cross-chain trades, because the protocol depends on transactions waiting until after other transactions have occurred,  I'll absolutely have to add minimum and maximum block heights to transactions. That is, a transaction would not be valid in any block prior to its minimum block height, nor in any block after its maximum block height.  

Second, I'll want to implement time-locked outputs;  That is, different outputs, even if created in the same transaction, will need to be able to specify different minimum block heights before which they cannot be validly spent and possibly even different maximum block heights after which they cannot be validly spent.

Finally related to secure trades, and also to eventually implementing proof-of-stake that doesn't give attackers infinite free shots at causing reorgs,  I'll need each tx to specify a very recent block (current block as of the time the tx is created) and not be valid in any block chain that does not have that block as its ancestor.  This will prevent a couple of possible scams involving chain reorgs either on the metacoin chain or the chain it's crossing with; if a given tx is invalidated by a reorg, then other tx in the same sequence must also be invalidated by the very same reorg.

I keep spending coding effort on this thing, like a hobby; maybe in the back of my mind I have already decided to do it.  With my conscious mind I still have huge doubts.

If you make it opensource (you will have to in the end, unless you decide to abandon it indeed), other people will give you motivation to continue your work. And this is the least you could expect after going public.

[Cryddit]

Well, there was already an nLockTime (minimum block/time for a tx to be valid).  I added an nLastTime (maximum block/time for a tx to be valid), plus an nStakeTime and an nStakeBlock;  nStakeTime is the height of a 'stake block' for the tx, and nStakeBlock is the last 32 bits of that block's ID.  And I implemented functions IsAliveTx and IsStakedTx to check for these conditions being wrong, and hacked IsStandardTx to keep such tx out of the blocks, and IsValid to keep blocks containing such tx from being accepted in a blockchain.

So, you can have a tx that is valid only between block A and block B; you know for sure that it won't be included in any block before A, and you also know for sure that it won't be included in any block after B. 

The idea with nStakeTime and nStakeBlock is that a tx is not valid in any chain other than one where the block at the named height has a hash whose last 32 bits matches the named nStakeBlock.  And this means that if a bunch of related tx all stake the same block, you can guarantee that if any of a them disappears in a reorg, then ALL of them disappear in the same reorg.  And that also puts in the infrastructure for proof-of-stake that doesn't suffer from the "nothing-at-stake" problem, although I have not implemented any PoS yet - and if/when I do it'll be a true hybrid where proof-of-work is still required to find blocks.

I have not implemented time-locked outputs yet; the more I think about it the more I'm certain that there is a better way to do it than by having another data field in the txout.  Time-locked outputs and much more become possible if the scripting language has an op that pushes the current block height.  Then the time-locked output becomes a P2SH output, where the script pushes the block height, compares it to a number that's already there, and returns true iff one is greater than the other. 

This makes several ways to 'backstop' the cross-chain trading risks involving playing silly-buggers with block timing and reorgs.

But now I need to think hard about whether that new scripting op introduces new vulnerabilities and scams.

[Cryddit]

Okay, I thought about it.  It is not just necessary for txOuts to have a spendable time, it is also necessary that people can see what the spendable time is without anyone having actually provided the script to spend it. 

So I'm hacking an nSpendableHeight into txOuts.  This will get serialized in the txOuts of each transaction and will permit transactions to have a minimum block height before which they cannot be spent. And importantly for auditable protocol,  people can look at the block chain and see what that height is.  I don't think a maximum spendable height is going to be necessary. 

[Cryddit]

Okay, did that.  Serialization and constructor calls were a heck of a thing to sort out, but now txOuts have a spendable time - a block height before which they cannot be spent.  At this time it's only supported in raw RPC transactions - the wallet doesn't know boo about it except to not display them for its current balance until they are valid and not use them to try to make payments until they are valid.  It always creates txouts that are not limited to a spendable time.

At this point I think I've provided ways to prevent most of the potential attacks on atomic cross-chain transfer, at least from my side.  

But since I now have StakeTime and StakeBlock, I can't resist going ahead to implement a non-stupid implementation of Proof-of-Stake.  

For the record, all implementations of Proof-of-Stake  that I've seen so far are in fact stupid.  

What I'm going to do is a PoW/TaPoS hybrid (that is, Proof-of-Work combined with Transactions as Proof of Stake).   Who forms the block is determined by PoW.  Each transaction 'stakes' a given block, and is not valid in any blockchain that forked before that block - making txOuts that exist before the fork into a finite resource that either supports one side of the fork, or cancels itself out by supporting both.  Resolving the conflict between two block chain branches will depend on both the relative proof-of-work between the branches and the total amount of txouts created before and staked after the split.  The stakers and the PoW miners will both get payments for securing the chain in the same proportion that their contributions to chain security are counted relative to each other.

I'm probably going to find dozens of bugs when I start testing this....  

[robrigo]

BitShares is a decentralied exchange.  The only difference between it and what you describe is it doesn't trade altcoins (yet), just BTC, fiat, gold and silver.

It doesn't trade *actual* fiat, gold or silver just IOUs - or am I incorrect?

(does it even actually trade real BTC - I think not)

Yes you are incorrect. BitShares is a decentralized exchange- it doesn't trade only IOUs as you are claiming, it trades assets that peg the value of their real world counterpart, also known as market pegged assets or bitassets. A gateway could issue their own IOU on bitshares and trade it 1:1 for bitUSD however. BUT the market pegged assets are not IOUs! These assets have collateral locked on the blockchain.

Hence, a bitUSD is a stablecoin with the properties of Bitcoin (i.e. lower counterparty risk), backed by BTS as collateral.

Where are these funds actually (physically if applicable) stored?

Nowhere - as they are just IOUs (no different to Ripple really).

They have been trying to "con" people with the idea that an IOU is just a good as the real thing from day one.

This is just plain wrong. Market pegged assets like bitUSD, bitGOLD are a new type of asset... not user issued IOUs. Read more about them here: http://whatisbitusd.com/whitepaper/

Then why should we care?

I don't (as I know it is just crap) but unfortunately they are sucking more and more people into their "prediction market" crap (which is really "newspeak" for "let's steal your money by trying to make you think our snake oil is the real thing").

I suspect that they'll try and evade prosecution by eventually leaving the US and setting up overseas (as others are doing).

To use the terms "USD", "BTC", "gold" and "silver" when there is no such actual underlying asset is "deceitful to say the least".

We use these terms because the bitasset has the same buying power as the real world counterpart. AND it is not because someone is promising to redeem it as such (as with an IOU)! The value is frozen on the blockchain when a short order is matched to create the new bitasset. And technically the proper term is BitGOLD, BitUSD, etc.

BitShares is like a decentralized Ripple with a stable liquidity token (bitUSD vs. XRP) that can facilitate the same type of IOU payment network between gateways, only in a way requiring less trust of the user, a fair distribution, and Ripple doesn't have market pegged bitassets that eliminate the need for businesses to cash out of crypto into fiat... now they can hold bitUSD or whatever their favorite relatively stable asset is instead. Of course, this is pending more liquid markets... which has been improving as more bridges open up like metaexchange.info and shapeshift.io.

In fact there is a discussion over at the bitsharestalk forums about adding cryptocurrencies so other communities can trade on a decentralized exchange too. BitShares wants to bolster the overall crypto community with a platform for safer trades... not scam it as CIYAM suggests. I suggest you do your research before you make claims about projects you are unfamiliar with.

https://bitsharestalk.org/index.php?topic=14847.0