You can't spend those coins... yet.
-
ChrisJ and I were talking on Skype and he suggested an interesting feature which got me thinking. Specifically he said he wanted to be able to not spend some given coins for a certain amount of time as a way of demonstrating “skin in the game”. I thought the idea was novel, but realized I didn’t have an immediate solution for him that involved zero trust. I’m sure there’s plenty of ways to do it involving lawyers or other third parties, but I want a zero trust solution, so I figured I’d start a topic and solicit opinions on the matter from the other smart people in the room.
Let’s start with the obvious: You can generate a transaction supplying the nLockTime parameter which will make it so the transaction can’t be put into the blockchain prior to nLockTime as specified in either unix time (milliseconds since the epoch) or blockchain height. You could build a transaction that has the coins going from address A to address B, both of which you own the private keys to, and then destroy the private key for A. The only way to retrieve the coins would be to broadcast the transaction, and the transaction wouldn’t be accepted prior to the nLockTime. Buth ow do you prove the key for A was destroyed so the coins can’t be spent prior to the broadcast of the transmission?
I thought about using a multi-sig transaction for this as well, but then that has problems too, namely that someone has to be trusted to not sign their part until the time.
My BitcoinJ buddy Mike Hearn suggested that you could use an oracle, but then we’re back to third parties, and while there’s ways to reduce the trust on that oracle, it’s still no zero trust.
He also suggested that you can use trusted computing in the form of Intel TXT or the AMD equivalent (SKINIT) to set up a sealed hardware environment and then use the TPM chip to attest that fact to a third party. That third party can verify the hardware was in the required state. If you combined this with verifiable computation, you could pull this off by writing a program which produces two transactions, as follows:
Inputs: public and private key for the existing coins, and an address for the coins to go to which we own, which we’ll call the destination address.
Generate a public key. Compute the private key. We’ll call this the locked address.
Generate a transaction which spends from your initial input into the locked address. We’ll call this the locking transaction.
Generate a transaction which spends from the locked address to the destination with an nLockTime. We’ll call this the unlocking transaction.
Output: Both locking and unlocking transactions.Then broadcast the locking transaction to the blockchain.
The user could then demonstrate the proof of this program running, and the state of the hardware, and that the first transaction had already been broadcast and included in the blockchain, meaning only the second transaction could be used to retrieve the coins at the locked address, and only after nLockTime had passed. Since the locked address private key wasn’t an output of the program, and we can verify the program after the fact, we can’t spend the coins early.
That would work… but can anyone come up with a more elegant solution?
-
[i][b]Stop bashing the community Kevlar! [/b][/i]
lulz (sorry)
-
[quote name=“Tuck Fheman” post=“29906” timestamp=“1380584863”]
[i][b]Stop bashing the community Kevlar! [/b][/i]lulz (sorry)
[/quote]I want to have your abortion, Tuck. Still no homo.
-
I read this. Twice. And my head is still spinning.
Kevlar, can you ELI5? Maybe just give me an example of how I would use this tool.
-
[quote name=“mnstrcck” post=“29910” timestamp=“1380588268”]
I read this. Twice. And my head is still spinning.Kevlar, can you ELI5? Maybe just give me an example of how I would use this tool.
[/quote]Let’s say you wanted to demonstrate that you were in a long position on a crypto-currency. What’s more is you wanted to deny yourself the ability to exit that position until some time in the future, and more importantly, you wanted to demonstrate that fact to members of the community.
You could use this tool to lock up the funds until some time in the future, and you could demonstrate the fact that you had invested in the currency for that time frame. This would allow you to say, “Look, I purchased X FTC on this date, and to show you that I’m serious about it’s long term positioning, I’ve made it impossible for me to spend that FTC until some date in the future.”
Anyone could verify that you own the coins by looking at the blockchain, but with this tool, they could also verify that you can’t spend them until some time in the future. You could publicly post the lock transaction and the unlock transaction, and anyone could verify that the lock transaction is in fact in the blockchain, and no one would be able to post the unlock transaction until after the elapsed time had passed. This is safe to do, since by transmitting the unlock transaction to the blockchain for inclusion, all they can achieve is allowing you to spend your coins, but the blockchain would reject it if someone tried to transmit it before the specified date. You could also demonstrate that you’re not cheating by holding on to the locked addresses private key. Thus, zero trust.
-
I was with you all the way up until:
[quote name=“Kevlar” post=“29905” timestamp=“1380583822”]
You can generate a transaction supplying the nLockTime parameter
[/quote]:)
But yeah this could be really powerful if we could get it to work. People on the forum could demonstrate with a public announcement that they were about to send some coins to a Wallet that was under time delay that would be a very powerful signal to the rest of the community just how much they believed in it. I would do it!
-
Got it!
Really great idea with a ton of potential uses. Especially the Kickstarter thing.
Allowing people to put their money where their mouth is, and prove it!
-
[quote name=“mnstrcck” post=“29920” timestamp=“1380591795”]
Got it!Really great idea with a ton of potential uses. Especially the Kickstarter thing.
Allowing people to put their money where their mouth is, and prove it!
[/quote]Yep!
Also it acts as a neat kind of savings account where value can be generated by the trust it creates within an investment vehicle (because the signal it would send to other investors would incentivise new investment). Maybe. Could be powerful.
-
[quote name=“chrisj” post=“29922” timestamp=“1380595333”]
[quote author=mnstrcck link=topic=3862.msg29920#msg29920 date=1380591795]
Got it!Really great idea with a ton of potential uses. Especially the Kickstarter thing.
Allowing people to put their money where their mouth is, and prove it!
[/quote]Yep!
Also it acts as a neat kind of savings account where value can be generated by the trust it creates within an investment vehicle (because the signal it would send to other investors would incentivise new investment). Maybe. Could be powerful.
[/quote]You said trust, and I was thinking irrevocable trust. You can spend these coins on your 18th birthday. Your gift is the unlocking transaction.
Final will and testaments. If you’re reading this, here’s the unlock transaction. Every year, I’d move the coins into a new address, and generate a transaction good for one year in advance, and update the new will. This is effectively a “dead man switch” that you can (and should) invalidate every year before it becomes valid.
The code has been in place since day one, it’s just no one has really considered how to take advantage of it.
Did you know zero trust escrow features are built into the blockchain too? #truestory
-
[quote name=“Kevlar” post=“29934” timestamp=“1380610338”]
Did you know zero trust escrow features are built into the blockchain too? #truestory
[/quote]本å½"ã«ï¼Ÿ
If it can be made to work just as good as third-party escrow, it would revolutionize crypto interactions.
-
[quote name=“mnstrcck” post=“29936” timestamp=“1380610971”]
[quote author=Kevlar link=topic=3862.msg29934#msg29934 date=1380610338]
Did you know zero trust escrow features are built into the blockchain too? #truestory
[/quote]本å½"ã«ï¼Ÿ
If it can be made to work just as good as third-party escrow, it would revolutionize crypto interactions.
[/quote]Nosir, you misunderstand.
Third-party is extremely limited. Both parties must one entity.
With blockchain escrow, you can set it up however you want among any number of parties.
It’s called a multi-signature transaction, and the way it works is it requires X of Y parties to sign it before it will be accepted. So the third-party case is trivial: You set up a multi-sig transaction requiring 2 of 3 signature, where the 3 signatures are from your key, the receivers key, and the third-party’s key. If the transaction goes accordingly, you can sign your part, he can sign his part, and you have 2 out fo the 3 required signatures. Done. If it goes badly, a third party can supply his signature to release the funds, or withhold it to side with the seller meaning the coins can’t be sent.
The interesting case is when you introduce colored coins, because now you can create a transaction that requires 51% of your shareholders of that coin, or stock, to transfer ownership of it You just set up a 26 of 50 transaction, and sell 50 shares. If 26 shareholders agree to sell the company, they can do so. This scales to any number, and the interesting thing is then shares become divisible by hundreds of millions, and an IPO means purchasing cryptocoins, so some cryptocoins could be worth more than others. You could instamine the entire thing on your own seperate blockchain just for your corporation. A stock split would require a fork. The end of lawyers in the board room? P2P stock exchange? [b]Your mind == blown! KABOOM![/b]
-
Damn. Thank you for that fine explanation kind sir.
-
What is this all about in one line? Too lazy to read it all. :P
-
[quote name=“JohnsonX” post=“29979” timestamp=“1380636584”]
What is this all about in one line? Too lazy to read it all. :P
[/quote]It’s about creating a wallet that won’t let you spend your coins for a fixed amount of time so that you can prove to other people that you are a serious holder of FTC.
-
[url=http://www.reddit.com/r/Bitcoin/comments/1nq126/how_lock_time_could_have_rescued_silkroad_bitcoins/]http://www.reddit.com/r/Bitcoin/comments/1nq126/how_lock_time_could_have_rescued_silkroad_bitcoins/[/url]
This guy figured it out too. Except he did the crazy brilliant thing of applying it to online wallets, and automating the process: Web wallets that expire and return the funds in case of an unexpected shutdown or other disaster (aside from theft). The transactions can all be posted on a blog. Every month you can log in an get a fresh dead man’s switch.
Luv.
-
Now someone is offering a 5BTC bounty on Reddit for this: [url=http://www.reddit.com/r/Bitcoin/comments/1nwokt/making_hot_wallets_impossible_to_steal_now_with_5/]http://www.reddit.com/r/Bitcoin/comments/1nwokt/making_hot_wallets_impossible_to_steal_now_with_5/[/url]