Lecture 9 is here. This lecture discussed many of the applications that can be built on top of Bitcoin based upon different characteristics such as append-only log.
Questions answered in this post
- What does append-only log mean?
- How can Bitcoin be used for secure time stamping?
- What are three different ways this can be done on the base layer?
- What is an overlay currency?
- How does Mastercoin work on top of Bitcoin?
Append-only Log
Append-only means just what it sounds like; you can only make it larger and add lines to the log and cannot remove elements. One benefit of bitcoin being an append-only log means we know something came before something else. For Bitcoin, it’s less about time and more about which block they were written to.
That sounds pretty simple if you’re working with one machine or list and you see everything that is going on. As a simple extension, imagine instead of one machine you have 24 students in a classroom with computers writing to the same log. Things become a bit more complicated but at least you can coordinate the group since it’s all localized. Things become crazier when maybe you have 1000 people all working at the same company but distributed all over the world. Now it’s not so straightforward how each person and machine correctly coordinate events happening unless they all kept to the same time clock and had a notion of strict ordering. Blockchain ie bitcoin can accomplish this via strict timestamping.
Strict Timestamping
Goal: Prove knowledge of x at time t.
If desired, without revealing x at time t but instead be able to reveal it later. Evidence should be permanent.
Simple example for this could be an auction or more generally a guessing game. Essentially the operator can take every person’s input and it’s fair and secure as not even the operator knows the guesses. Then once time is up, then you find the winner and can prove this knowledge.
This becomes a reality through hash commitments. If you publish H(x) and it should be one way it’s a commitment to x. H(x) should reveal no information about x as is guaranteed by hash functions. Then once time is up, you can reveal x to allow a system to compute H(x) and thus input is validated.
Secure timestamping application
- proof of knowledge – patent
- proof of receipt – commitment that you received a msg
- Hash-based signature schemes – Guy Fawkes signature scheme
Can’t use secure timestamp for proof of clairvoyance.
Timestamping in Bitcoin
Three different ideas are discussed below.
First Idea: Specify the hash of your data instead of a valid public key
Send 1 satoshi to the address. You want it to be 1 satoshi as that is the smallest spendable amount. The overhead with this is that miners are tracking an unspendable UTXO forever.
Second Idea: Commit Coin is a slightly better way in that there is no UTXO bloat but it is more expensive.
Third Idea: Provably unspendable commitments where you put your data into an unspendable script.
CommitCoin (Clark, Essex 2012)
Idea: Brute-force to find a key that meets requires ie a public key and signature starting with the first n bits of your data hash.
Pros: compatible, invisible to miners, no UTX0 bloat
Cons: More expensive, low data rate
Provable unspendable commitments
Pro: cheap, no UTXO bloat
Cons: not a standard transaction
Examples for this being a business
40-byte for 1 tx fee
The best approach is via a provable un-spendable commitments. There are startup and websites that have made their business this way as well. It’s not that bad in that you can get a 40-byte into the blockchain. A downside is that if you can write any data, there is a risk that illegal content could be written. Thus if you relay the blockchain you may technically be storing said content which in itself is a crime. There is a way to reduce this attack by forcing everyone to use pay-to-script-hash but it’s more expensive.
Overlaying currencies
Observation: timestamping is all we need to open the door to creating overlay currencies.
Bitcoin can be the underlying blockchain and then you can write new data to the blockchain without requiring new mining or consensus schemes. Invalid transactions are included but the nodes parsing the information would need to understand them. Thus there would need to be certain nodes or new rules to ensure valid transactions are written and parsed.
Master Coin
Mastercoin (Omni) is one example of this. It’s an overlay currency with a richer transaction set which has more features and faster development. There are smart property and smart contracts. However, it is reliant on Bitcoin.