[Cryptography] Standards Trolls: Re: Bitcoin is a disaster.

Ray Dillinger bear at sonic.net
Sun Feb 7 23:46:32 EST 2021

On 2/1/21 2:39 PM, jrzx wrote:
> On Tuesday, January 26, 2021 11:24 PM, Ray Dillinger <bear at sonic.net
> <mailto:bear at sonic.net>> wrote:
>  you can figure out who double spent it, revoke their cert, and sue
> them for
> > counterfeiting.  But you don't need the authority's help to see that
> the record of spends
> > from minting to you is well-formed, and the double-spend->revoke
> feature, combined with
> > certs NOT being freely available, should keep instances of double
> spending very rare.
> "Certs not being freely available" is the number of the beast problem
> that crypto currency attempts to address.
If you regard absolute anonymity as the problem that cryptocurrency
attempts to address, then you do not understand what payment systems are
for.  There is no motive whatsoever to pay any absolutely anonymous
person for anything. At the very least you have to know that this is the
same person who has provided the goods or services you are paying for.

Bitcoin provides a nearly-useless "pseudonymity".  People who aren't the
counterparties can tell how much was transferred and when, and can link
each transaction to previous transactions. Its total public ledger can
be used to trace everything.  And it can't scale because of the Block
Chain Bandwidth Bottleneck.

This alternate proposal guarantees "conditional anonymity" - meaning
that anonymity depends on users not breaking protocol with a double
spend or counterfeit.  If they don't do that, then nobody - not even the
trusted authority - can tell how much was transferred, what certs were
used in a transaction, or link previous transactions.

With no total public ledger appearing anywhere, "melting" of tokens
permanently erasing transactions from the protocol (or at least
providing no protocol-related reasons to keep record of them) and no way
to tell even the AMOUNT of a transaction unless you have one of the
counterparties' private keys, the conditional anonymity here is IMO
substantially better than the pseudonymity provided by Bitcoin.

But anonymity was never really the point, except that people deserve
some privacy.  The point is making payments between users without
creating a "Block Chain bandwidth bottleneck." 

Without creating a Block Chain Bandwidth Bottleneck we cannot discover
protocol breaks before the transaction is completed. 

If a transaction that may involve a protocol break is completed and
other transactions made later depend on it, then we have to be able to
provide legal recourse against the thief.

It is not possible to create viable legal recourse against an anonymous

Therefore real-world identities must be associated with certificates
even if, in the absence of protocol breaks, no one save the
counterparties to the transaction will ever be able to identify which
cert was used.

A protocol break is proof of misconduct, and someone who misconducts
themselves needs to be cut out of the network. But revoking a cert is
meaningless if there is an endless supply of free certs. So the same
information that doxes a thief for legal recourse is also necessary for
doxing a protocol breaker for revocation.

Unfortunately, a Trusted Authority is needed to assure that certs are
limited to one per breathing human being.  The Trusted Authority has no
means to discover the content of any transaction or identify the people
who made it.  There is no reason in fact for any record of any
transaction to be where the Trusted Authority can see it. 

> A cryptocurrency where you need permission from authority to own and
> spend the currency would have all the defects of the US$, and none of
> the advantages.
> Observe no end of people being deplatformed and demonetized, often for
> no intelligible reason. 

"Permission?"  The user gets one cert.  Nobody can even tell how the
user is using it or what for. The user has complete control over whether
and when that cert gets revoked.  If you don't want to be
revoked/demonetized/deplatformed/censored/canceled/whatever, then DON'T
ATTEMPT A DOUBLE SPEND OR COUNTERFEIT.  That's it.  That's all.  There's
no politics, no opinions, no judgments, no philosophy beyond the simple
bright-line rules of the protocol, no exceptions for anybody we like or
don't like, no other way to revoke a cert, no technicalities to argue
over, and nobody except the user who can decide whether to abide by or
break the rules.

Nobody, not even the Trusted Authority, can tell which transactions
belong to which certs, UNLESS the user revokes by attempting a double
spend.  Someone out there is making transactions someone else doesn't
approve of?  The Trusted Authority has absolutely no way of determining
who.  Nor does anyone else save the counterparties.  All they have is a
list of certs that are currently valid.

The Trusted Authority here is in the role of making sure that if someone
revokes their cert (by attempting THEFT from one or more other users)
they don't get a new one.  And that is all.  One cert per breathing
human being, and the Trusted Authority is there not to make any
judgements, nor even to have enough information to attempt judgements. 
The Trusted Authority is there solely because evidence of non-duplicated
breathing human beings necessarily comes from outside the protocol.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210207/ba0f89e5/attachment.htm>

More information about the cryptography mailing list