[Cryptography] What has Bitcoin achieved?

Bear bear at sonic.net
Fri Jun 6 21:35:42 EDT 2014 

On Fri, 2014-06-06 at 18:00 +0200, tpb-crypto at laposte.net wrote:
> > Message du 06/06/14 00:18
> > De : "John Levine" 
>  
> > Executing reversions is easy -- you have some entity (the "bank") that
> > can publish undo entries into the block chain when it has reason to do
> > so. The hard part is the non-crypto part of running the bank in a way
> > that is sufficiently trustworthy that people are willing to accept its
> > decisions.
> > 
> 
> Maybe you are referring to the act of executing the reversion, but it implies lots of responsibilities and infrastructural cost, those things ain't easy.

True.  Cost of executing an "undo" - zero.  Cost of getting 
peers to agree on who can execute an "undo" and for what 
reasons - prohibitive. 

I've been working on a blockchain protocol extension that would 
allow "undo's" in some limited circumstances and could possibly 
exist in cooperation with regulations and laws and courts.  

It's strictly opt-in, but I figure the "crypto anarchist" 
contingent will hate it anyway - because it becoming possible 
means some people will start refusing to do business with them 
unless they "voluntarily" abandon some privacy.

The first piece of the puzzle is the "subordinate claim" on 
blockchain assets.  An entity owning some asset can issue a 
subordinate claim on that asset to some other entity rather 
than transferring ownership of that asset to that other entity.  

A subordinate claim in the asset can be used just like its 
superior claim could be used (bought, sold, transferred, etc), 
except that the holder of the superior claim has the ability to 
revoke either the subordinate or superior claim at any time.
The subordinate claim is revoked at any moment if the superior
claim is transferred to a new address. The superior claim is 
revoked if it is transferred to the current address holding
the subordinate claim. 

The second idea is that of a persistent identity, which really 
is just a species of PKI published to the blockchain. An entity 
could publish a key asserting its identity and/or identifying 
itself in transactions, so that subsequently people could use 
the blockchain to see how much and exactly what business that 
identity has done and how long it's been around.  Yes, it's 
an abandonment of privacy.  It is also strictly voluntary. 
Nothing compels anyone to link a particular transaction to 
their persistent identity, nor forbids them from having more 
than one, etc.   The reason why some entities might choose do 
this is to firmly establish their identity and trustworthiness, 
or at least their collateral, both as issuers and recipients 
of subordinate claims that might be revoked.  

The idea is that regulated assets could have sovereign claims 
(that is, the top-level claim that is not subordinate to anyone 
or anything else) held by the regulatory agency, and then 
ordinary trade in those assets would be trading the subordinate 
claims.  Thus, someone with a publicly traded stock would hold 
his claim subordinate to the agency with authority on that stock, 
which would be someone like the SEC in the US, or equivalent 
national authority elsewhere.  If it's a privately held stock, 
the stockholder would hold a claim subordinate to the company's 
claim, which would in turn be subordinate to the sovereign claim 
held by the SEC (or whatever regulatory authority has jurisdiction
in that particular asset). 

That gives the regulatory agency the option to 'freeze trading' 
in a particular asset, or even claim it pursuant to court action, 
etc, without the cooperation of the holder or even after the 
death of the holder if necessary.  It gives the courts a way 
to recover assets that have been burgled or embezzled, or the 
assets of someone who died intestate or who has failed to pay 
fines, child support, or income taxes, etc -- provided those 
assets were held subordinate to court control in the first place.  

It is still strictly opt-in, in that nothing could compel you
to do anything you don't want to do with a _sovereign_ claim, 
and if you don't *want* any subordinate claims, you don't have 
to buy any, and if you don't *want* to issue any subordinate 
claims under any circumstances, you don't have to issue any, 
and if you don't *want* to establish a persistent identity that
would doubtless quickly be associated with your legal identity
nothing would compel you to, and you'd always know exactly 
which persistent entities have the superior claims before you 
acquired a subordinate claim....  but I still figure the crypto
anarchists will hate it. 

			Bear

More information about the cryptography mailing list