[Cryptography] Preventing co-op notary defection

Phillip Hallam-Baker phill at hallambaker.com
Sun Jul 6 22:15:50 EDT 2014


On Sun, Jul 6, 2014 at 3:40 PM, Ben Laurie <ben at links.org> wrote:

> On 1 July 2014 16:19, Phillip Hallam-Baker <phill at hallambaker.com> wrote:
> > So here is my alternative, a co-op notary which operates under rules that
> > are designed to make it coercion proof after some time t which is
> > sufficiently close to the current time (i.e. no more than one to 24 hours
> > behind depending on taste).
>
> Isn't this essentially what I proposed here:
> http://www.links.org/files/distributed-currency.pdf?
>

Somewhat, and that is similar to a scheme I have proposed in non-bitcoin
contexts before. The difference is the level of detail.

The change over my previous iterations is that I originally assumed that
the members of the association would have to be very carefully selected and
agree to operate the service essentially forever. A bit like being a DNS
root. The only way out is to pass the responsibility on to someone else.

I now think that the co-op can be a lot looser and essentially
self-governing.

In particular a concern I had before was that a notary could defect by
refusing to notarize an input and required a super-nortary to decide what
was going to be signed. Closer analysis suggests this possibility can be
controlled if the members of the co-op monitor each other and vote for the
next hash to be signed.

So yes, your mintettes are voting in a similar way but as part of a
"central authority". I think the voting scheme brings sufficiently
effective controls as to dispense with the need for a central authority. I
think it is possible for it to become a genuine peer scheme with loose
binding.

Maybe not such a big step technically but I think it would make a huge
difference to how certain parties would accept the scheme.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140706/8769a2d6/attachment.html>


More information about the cryptography mailing list