[Cryptography] Cryptocurrency Exchange without a trusted third party

Ron Garret ron at flownet.com
Sun Jan 15 16:37:42 EST 2017 

On Jan 15, 2017, at 10:31 AM, Ray Dillinger <bear at sonic.net> wrote:

> 
> 
> On 01/14/2017 10:08 AM, Ron Garret wrote:
>> 
>> 
>> What I still don’t understand is why people don’t want to use trusted third parties.
>> A TTP is vastly more efficient than a block chain.
> 
> "Trusted" means "Someone who can screw you over by acting in bad faith."
> 
> People prefer hash chain solutions because that would mean that a bunch
> of people (more proportionate to time since transaction they're
> screwing with)  would have to act in bad faith to screw people over,
> and the maximum practical size for a conspiracy is rapidly exceeded.
> 
> People prefer block chain solutions because that sharply limits the time
> window during which someone acting in bad faith could screw them over,
> and imposes significant (possibly insurmountable in practice) hardware
> requirements and expense on bad-faith actions.
> 
> Block chains mean that someone cannot act in bad faith without making a
> substantial investment that is not justified by the rewards of the
> action.  Block chains, in fact, mean that the "trusted" party cannot
> even be INDUCED OR COMPELLED to act in bad faith by blackmail, bribery,
> extortion, or force of law.
> 
> Yes, the block chain is a "distributed trusted third party."  No, it
> isn't free.  Unlike most "trusted" parties, however, there is a good
> reason to believe that it can be trusted.

OK, I agree with all of that.  However: it seems to me that there is another solution to the problem that a TTP can screw you over (which I acknowledge as a very real problem): make the TTP *auditable*, that is, design your TTP protocol in such a way that *if* the TTP defects that defection will be immediately discoverable to anyone who bothers to check.  Now the TTP can only defect successfully if no one bothers to check.  The odds of that are small enough that no rational TTP will take the risk *even if no one is actively auditing them*.  The net result (I claim) will be a system that is as reliable in practice as a blockchain, but a lot more efficient.

What’s wrong with that argument?

rg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170115/29dd0521/attachment.sig>

More information about the cryptography mailing list