1
0
forked from cheng/wallet
wallet/docs/manifesto/white_paper.md
reaction.la 5f47c5b35a
modified: docs/manifesto/bitcoin.md
modified:   docs/manifesto/lightning.md
modified:   docs/manifesto/scalability.md
modified:   docs/manifesto/white_paper.md

new file:   docs/manifesto/consensus.md
new file:   docs/manifesto/sharding.md
2024-05-26 10:22:30 +08:00

497 lines
27 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: >-
Rhocoin White Paper
...
This is a preliminary draft, not the final version.
The centre of mass of the world financial system is starting to shift from
fiat currency to crypto currency and crypto currency exchanges. Total
value of crypto currency and transaction volume is within one order of
magnitude of US\$, and when regulatory authorities cut off crypto
currency exchanges and stablecoins from the US$ banking system it has
very little impact on them.
# Scaling
The time urgently approaches for a cryptocurrency capable of scaling to
ten thousand transactions per second, so that eight billion people can buy a
lollipop with crypto currency. Bitcoin can currently do ten transactions per
second.
The big problems are scaling and privacy.
# Fungibility
A currency has to be fungible. And a cryptocurrency needs privacy, not so
much to protect its users (there does not seem to be a lot of demand for
privacy) but to protect its fungibility.
Lack of privacy is likely to lead to the blood diamonds attack, where
governments declare a long and ever growing list of bitcoins to be tainted,
and twist the arms of the miners to exclude transactions in those bitcoins,
with the result bitcoins cease to be fungible and thus cease to be money, as
uncut diamonds ceased to be money.
We need untraceability to prevent the blood diamonds attack. Even if you
do not need your transactions to be untraceable, if they are traceable, ham
fisted government intervention is likely to make your money disappear
under you, as the value of uncut diamonds was lost.
Bitcoin is vulnerable to the one third attack. If one third of miners exclude
“tainted” bitcoins and refuse to add to a chain ending in a block containing
“tainted” bitcoins, other miners have an incentive to exclude “tainted”
bitcoins also, to improve the prospects that their block becomes part of the
longest chain.
(This has been called the ten percent attack, but it does not actually work
until rather more than ten percent join the attack. One third, however will
suffice. Calling it the blood diamonds attack is more accurate. The blood
diamonds attack put a lot of people out of business, for they were really in
the money changer business, rather than the jewellery business.)
[Bitcoin is already under the ten percent attack. If it approaches one third,
time to flee bitcoin.](http://reaction.la/security/bitcoin_vulnerable_to_currency_controls.html)
Blockchain analysis is a big problem, though scaling is rapidly becoming a
bigger problem.
Monero and other privacy currencies solve the privacy problem by padding
the blockchain with chaff, to defeat blockchain analysis, but this
greatly worsens the scaling problem. If Bitcoin comes under the blood
diamonds attack, Monero will be the next big crypto currency, but Monero
has an even worse scaling problem than Bitcoin.
The solution to privacy is not to put more data on the blockchain, but less -
considerably less. The place for clever cryptography to secure privacy is
the lightning network and sidechaining, so that most transactions happen
off the main blockchain, with primary blockchain transactions each
recording the accumulated effect of many transactions.
A true lightning network functions as full reserve correspondence
banking with no central authority. The existing Bitcoin lightning network
functions as marginal reserve banking with good conduct enforced by central
authority. Taproot was designed to make this fixable, and plans are afoot
to fix it. At the time of writing, it was not clear to me that it has been fixed.
But even with sidechaining and the lightning network, we are going to
need the capacity to put thousands of transactions per second on the
primary blockchain.
We need off blockchain blockchains, sidechains, but how do you transact
between one sidechain and another? It would seem that it is not much use
if it only supports half a dozen people transacting with each other.
The answer is that such transactions reach other peoples sidechains through
the lightning network, that you are usually transacting with one
particular person in that sidechain, who is a well connected lightning node.
A sidechain transaction can only directly connect to someone who is
participating in that particular sidechain, but it can reach anyone in the
world through the lightning network if one entity of the small number of
entities in that small sidechain has half a dozen lightning gateways on
other sidechains and on the primary blockchain.
The lightning network naturally results in lots of repeated blockchain
transactions between stable small groups of people, because you are
always sharing new cryptocoins between the same group of people when a
lighting gateway overflows.
So every time you have a stable account with someone, your pub, your
club, your fiber connection, your bank, the shopping chain that delivers
your groceries, you form a lightning network gateway with them, whose
shared cryptocoins are likely in a sidechain much of the time. You
participate in roughly as many sidechains as you have accounts or
regular repeated transactions with people.
The solution to all these problems is a lightning network done right, to
support both scalability and pseudonymity. Multiparty lightning network
transactions have to be trustless and full circle. Ann pays Bob to pay Carol
to pay Ed to pay Frank, and Frank sends a receipt to Ann, and all of them
go through, or none of them go through, and if someone breaks the circle,
then either none of them go through (non Byzantine failure, as with a poor
connection to the internet, or someones computer goes down), or, if
someone breaks the circle in a Byzantine failure suggestive of Byzantine
defection, then, and only then, it goes through on the primary blockchain.
The problem with the existing Bitcoin lightning network is, or recently was, that it has a
hidden and unexplained central authority, whom you have to trust, and
which does stuff that is never explained or revealed. This is not stable, and
does not scale. Not only is it evil, it is incapable of connecting everyone
in the world to everyone in the world. The existing lightning network has the
same problem as Tether.
Tether is not a ponzi scheme. It is an unregulated bank, but it is still doing
marginal reserve banking, and will implode sooner or later due to insider
fraud or maturity transformation, and something analogous is bound to
happen with the existing Bitcoin lightning network, because of the inherent
fragility of centralization. The moral problem of the existing lightning
network is the same as the moral problem of marginal reserve
correspondence banking. Scaling requires trustlessness. Or rather you are
trusting that if enough people see and process the transactions in full, then,
because they are not parties to that transaction and dont have a dog in the
fight, they will process it correctly. And as soon as you have a central
authority that you have to trust, you have a party with an interest and
capability to not process it correctly.
So we dont want everyone in the world, or even every full peer in the
world, to process every transaction in the world. We want every full peer
in the world to process every transaction in the world where the parties
quarrel, with most other transactions never showing up directly on the
primary blockchain. And we dont want everyone in the world to be a full
peer. We want enough full peers that the vast majority will not have a dog
in the fight, and we want anyone in the world who is reasonably affluent
and wants to be a full peer to be able to be a full peer, which is likely to be
most with substantial amounts of cryptocurrency. At scale, nearly
everyone will keep his money in his client wallet, but if it is a lot of
money, his client wallet will likely be a client of a peer that he controls.
# The failures of bitcoin
The pseudonymity of coins being owned by the bearer of some
cryptographic key is a failure; People have been eavesdropping and
aggressively analyzing the block chain from day 1. And the block chain
will always be there, it will always be public, and it will always be subject
to further analysis. And we are learning that analysis of that record is
sufficient to destroy any pretense of anonymity or pseudonymity.
The scarcity of transactions has led people to re-invent every last feature
of the banks they thought they were going to be escaping. Including debt
brokering (lightning network) and fractional-reserve banking, starting with
the case of Mt. Gox and continuing to ventures today by “responsible”
business people who just dont get, or dont care, or both, that the entire
reason the system existed, as far as the early adopters were concerned, was
to get away from exactly that. They have made Bitcoin into a debt-based
system like any other; as long as the “exchange” holds your keys for you,
there is no obligation for them to maintain assets equal to the deposits. You
cant prove that they are, or arent, maintaining sufficient assets until
after those assets are spent and the evidence appears in the block chain.
And its useless for small transactions. Had it been deployed to a
market the size of, say, a college campus it could bear the load and
the bidding for block space wouldnt exceed the value of most
transactions. But had it been deployed to a market the size of a
college campus, the small pool of miners available would make mining
bursty and unstable, and the block chain therefore not well protected
from tampering. Same could have happened to Bitcoin early on, which is
why Satoshi was mining like crazy and jumping on when needed to prop up
the block rate and back off again when the blocks were coming too fast.
And that brings us to mining. Bitcoin mining has encouraged corruption
(Because its often done using electricity which is effectively stolen
from taxpayers with the help of government officials), wasted enormous
resources of energy, fostered botnets, centralized mining activity in a
country where centralization means its effectively owned by exactly
the kind of government most people thought they *DIDNT* want looking
up their butts and where the people who that government allows to “own”
this whole business work together as a cartel.
The whole idea of proof-of-work mining is broken the instant hardware
comes out which is specialized for mining and useless for general
computation because at that point the need to have compute power
for other purposes is absolutely irrelevant in having any effect on mining,
and there ceases to be any force that causes mining to be distributed
around the world. It becomes a “race to the bottom” to find where people
can get the cheapest electricity, and then mining anywhere else anywhere
the government tries to make sure ordinary people actually get the benefit
from electricity bought for tax money, for example becomes first pointless,
then a net loss.
Bitcoin doesnt scale, except by becoming the very thing it was supposed to
replace.
Bitcoin was a Pilot system, a good first effort. It did what a Pilot system is
intended to do: show where the pitfalls lie.
You're supposed to learn from it, then toss it out and go back to the
drawing board.
We cannot keep pushing the prototype, we must a designing a proper production system.
Satoshis main goal was to improve on DigiCash, RPOW and other similar schemes
that had a fair degree of decentralization but still relied on a central authority. Satoshi managed to solve this problem in a genius way
by combing existing technologies and understanding of human psychology.
People had been trying to solve it for decades without any luck. People like
Wei Dai and Szabo came close but never managed to materialize their visions
(assuming they're not Satoshi).
Bitcoin showed us where the pitfalls are, so we can focus attention on solving
them.
Privacy, security, efficiency, and scalability are mutually opposed if if one attempts to have them all on the blockchain. For the blockchain achieves security by everyone repeating the processing of everyone elses transactions, which is opposed to privacy, efficiency, and scalability.
The most efficient way is obviously a single central authority deciding everything, which is not very private nor secure, and has big problems with scalability.
If a transaction is to be processed by many people, one achieves privacy, as with Monero, by cryptographically padding it with a lot of misinformation, which is contrary to efficiency and scalability.
The efficient and scalable way to do privacy is not to share the
information at all. Rather we should arrange matters so that
information only goes to the blockchain to be scrutinized by
many people if the parties to the transaction have a falling out.
Which is what the Bitcoin lightning network was supposed to be,
but is not.
Bitcoins pseudonymity is alarmingly weak, (though the Wasabi wallet
partially fixes this). The lightning network layer would fix this, as
well as providing instant transactions, but a true lightning network
cannot be implemented over Bitcoin as it exists today.
A lightning network would provide instantly settled transactions and
strong fungibility. It would make bitcoins (unspent transaction outputs of
the blockchain) far less traceable, because lightning transactions happen
off chain and inherently mingle coins, thus making crypto coins fully
fungible, thus increasing their desirability as a direct substitute for cash.
# proof of share, Byzantine fault, and statehood
A proof of share currency is a corporation. Its currency is shares in that
corporation. Corporations derive their corporateness from the authority
of the sovereign, but a proof of share currency derives its corporateness from
each stakeholder (shareholder) playing by the rules because all the other
stakeholders play by those rules.
Which means the rules to be incentive compatible and have provide
Byzantine Fault Resistant consensus.
This was Satoshis great stroke of genius. If most people follow Satoshis rules, everyone has an economic incentive to follow the rules.
Constructing such a set of rules is very hard. Even non Byzantine
distributed consensus is hard, because distributed consensus is very hard.
The Byzantine Generals problem is named after Byzantium, because in the
latter days of the Byzantine empire, there were some generals who wanted
a large part of the Byzantine army defeated and annihilated so that they
could take Byzantium, overthrow the emperor, and become emperor.
So general Malloc might send general Bob the the message:
> facing overwhelming enemy attack, falling back. You and general Dave may soon be cut off.
and general Dave the message:
> enemy collapsing. In pursuit.
With the intent that general Dave will advance and find himself cut off and isolated.
That the messages are inconsistent is Byzantine failure, and that they are
deliberately inconsistent with malicious intent is Byzantine defection.
The phrase “Byzantine failure” is usually used to refer to one computer in a
network sending a message to one computer that is inconsistent with the
message it sent to another computer.
The generals need to find a consensus as to whether they are all going to
attack, or all going to retreat. They are physically separate, and messages
going between them may get lost. And some of them are traitors. The
problem of establishing a true consensus for cohesive action under these
circumstances is difficult, and the algorithms and process often hard to
understand.
To achieve cohesive action, to act as one, all the independent actors need
to follow some process. And it can be proven that deviation from process
yields an advantage of least two to one in getting ones way.
This is a Byzantine fault. And if people get away with it, pretty soon no
one is following process, and the capacity to act as one collapses. Thus
process becomes bureaucracy. Hence todays American State Department
and defence policy. Big corporations die of this, though states take longer
to die, and their deaths are messier. It is a big problem, and people, not
just computer programs, fail to solve it all the time.
Proof of work was a brilliant and unobvious solution but it is costing too
much, and it is slowing down the rate at which transactions can handled,
which slowness is now starting to bite hard.
The blockdag, done right, is equivalent to the Practical Fault Tolerant
Byzantine consensus, albeit the equivalence is far from obvious, and the
blockdag is in ways simpler to understand. Practical Fault Tolerant
Byzantine consensus is arcane, but reveals a number of interesting
mathematical facts about the nature of collective action.
## Sovereign Corporation
My writings on Sovereign corporations are inconsistent and incoherent,
because I have continually changed the definition over time.
Also they are dispersed all over the place, and should be in one place
to make it easier to keep the meaning consistent.
### New definition incoming, edit in progress
It is fairly obvious that any Dao that is reasonably functional fails the Howey test,
and is therefore an unregistered security.
A sovereighn corporation is a Dao that does not pretend it is not a corporation
A successful DAO usually has someone who does the kind of stuff a CEO does,
a group of people who do the kind of stuff a board does,
and people keeping track of money in and money out,
but its all informal, vague, and vulnerable to scamming,
which makes it difficult and dangerous for outside investors to invest in the DAO coin.
The reason they do it this way is to evade the UDS Government Howey Test. If the government could
*find* the CEO, the board, and the accountant, the DAO coin would constitute an
"investment contract" and they would be guilty of selling an unregistered security
When you buy a DAO coin, you are investing in something like the shares of something like a corporation.
Or maybe you are not. It is hard to tell. And to avoid getting nailed by the Howey test, the officers
of that corporation like to keep it that way.
Any good DAO is centered around a secure communications platform. If we have a good communications
platform conceals a nym's IP, can carry money in human readable messages, which get integrated
into the immutable append only journal that is the basis of the corporation's books, if the DAO
explicitly has books, a CEO, and a board, it is going to be completely obvious that the DAO fails the Howey test.
It is also going to be very difficult to shut it down.
DAO stands for "Distributed Autonomous Organization".
But "distributed" is apt to conflict with "organization"
Daos that actually make a profit (and all the others are just scams)
continually have to make decisions that require immediate human judgement,
case by case.
A Sovereign Corporations is a Dao with a pseudonymous CEO, a
pseudonymous board, and book keeping based on an
immutable append only journal whose immutability is enforced
on each Sovereign corporation by the blockchain
on which their DAO coins(shares) are recorded and traded,
and that the books are validly derived from that journal is enforced
by the mechanisms that the blockchain uses to ensure validity of transactions.
Which does not stop people from adding lies into the journal,
but does force them to keep their lies consistent in relation to their other lies.
Triple entry accounting ensures that they have to tell the truth about liabilities
and assets which are obligations reslting from transactions between between such entities
and about assets on the blockchain.
The way that the corporations of modernity handled this,
the corporations of the Dutch Republic and Charles the Second of England,
was that the shareholders choose the board,
and can dismiss and replace the board at any time,
but should not and do not do so except under extraordinary circumstances,
the board chooses the CEO, and can dismiss and replace the CEO at any time,
but should not and do not do so except under extraordinary circumstances,
and the CEO decides.
This system worked remarkably well, outperforming all previous systems.
### old definition, rewrite of all old material needed.
[a sovereign corporation]:social_networking.html#many-sovereign-corporations-on-the-blockchain
[that sovereign corporation]:social_networking.html#many-sovereign-corporations-on-the-blockchain
A successful proof of share currency would be a non state corporation,
[a sovereign corporation]. What is a sovereign corporation but a state? The
power of the US is in substantial part that it is a world currency, albeit a
major reason why it is a world currency is airsea war superiority, and as its
relative airsea war superiority power declines, its role as a world currency
declines. If the shares of a sovereign corporation took over the role of the
US dollar, that sovereign corporation would be a world power. Its power
would be in the network, as the power of the US was in the air and sea,
rather than the land. But the dollar and nukes are not the only bases of
USG power. Even more than being a financial root node, the power of
USG is a result of being the monopoly truth root node. (Via Harvard aka
the Cathedral, but including lesser official government outposts such as
the CIA.) USG establishes the worlds narratives which control what
everyone cool across the world believes that gay marriage is justice, for
example, or that “trans” people are a real thing and not just crazy and/or
sexually deviant, or that global warming is real, human-caused, and
disastrous, or that black lives matter. A proof of share currency is not very
functional, unless, like the Jitsi blockchain, it provides a namespace and
service, because you need to interact with peers that have authority over
the consensus the shareholders, or their computers, need to interact with
the computer equivalent of the members of the board and CEO. A
nameservice, that unlike Domain names, cannot be seized by the
government, nor mimmed by any of a hundred organizations that have a
certificate authority in their pocket. Replacing the domain name service as
well as the US\$ would substantially undermine the US Governments monopoly
of truth. [Yarvin analysis of bitcoin](white_paper_YarvinAppendix.html)
## The big metadata security hole
The necessarily cumbersome process of embedding a payment in SSL is a
huge security hole in every crypto currency, as for example when one
leases a virtual private server (cloud server) over the internet using bitcoin.
We need to replace SSL, which requires replacement of the name system
that is integrated in SSL.
The Domain Name System means that names are ultimately owned by the
government, and the government can intercept communications to and
from such names. SSL is inherently insecure, because any entity that has
one of a thousand certificate authorities in its pocket can man in the
middle communications to and from such names. A currency cannot be
truly private, and thus is in danger of losing fungibility, if payments are
sent and received from entities with government owned names.
Names should be owned by secrets in crypto wallets.
# The name system is worth serious money
Business is moving to the internet
Increasingly, the primary assets of a business are its internet name, other peoples links to its name, and its position on other peoples pages.
The primary asset of Amazon is the same as the primary asset of Ebay. It
silos the reputations that enable strangers to do business with each
other. You do business on Amazon, it owns your reputation.
We need a name system that supports reviews, so that you own your own reputation.
For the lightning network to work without central authority, we need a
cryptographic means to enforce full circle payments, so you are
guaranteed acknowledgment of your payment if it it goes through. In
which case we can have Amazon and Ebay like reviews, without a central
authority such as Amazon or Ebay.
Amazons management of its primary asset is rapidly becoming worse and
worse.
Amazon is not primarily a warehousing and delivery service, and to the
extent that is a warehousing and delivery service, it is poorly run
warehousing and delivery service. When I get something through Amazon,
it usually comes direct from the seller, not through an Amazon warehouse.
It is primarily a reputation service like Ebay suffering from the delusion
that it is a warehousing and delivery service.
There is another option, neither FBA nor your own warehousing and
delivery service, but using some other logistics services company.
Schenker is big, precisely because they are offering to run practically
every aspect of your business, warehouse, shipping, a basic aftersales (call
center going through a script, giving replacements or credit notes for
returns), they are even offering things like billing or even building a
webshop.
You design a product. China manufactures it for you and these logistics
services companies deal with all the details of getting the product out. So
you do not really have to have a real business with employees. Logistics is
a service, accounting is a service, marketing is a service, sales is a service,
every department can be virtualized into a service bought from another
company.
This is probably too expensive in the long run, but very good when you
are just putting your toes into the water. Suppose you have a real actual
company in the US with employees, office, warehouse. You decide you try
to sell your stuff in France and Germany. Will you go through hiring
people and renting office and warehouse? Without even knowing if
anyone wants to buy your product there? Too risky. In 1980 it was
necessary to risk it, but not today, you can have an entirely virtual
business where every department is outsourced to local (local language
etc.) service providers, it can be started one day and liquidated the
other day if it does not work out. And if it does work out, you start
insourcing the most expensive services.
If you take that path, you are bypassing Amazon owning your name.
Instead, the Domain Name Service owns your name. There is a lot of
money in names, and while the service is not failing as badly as the banks,
it still is mighty bad. And it is missing the capability to securely pay
money to the entity that has the name. The methods for encapsulating
payments inside SSL work, but are cumbersome and indirect, hence the
ubiquitous need to sign up, fill out a captcha, receive an email message to
confirm your sign up, click on a link in that message, before you enter
your credit card details which promptly get stolen. You should be able to
receive an invoice from `example.com` the way you can receive an email
from `name@example.com`, know for sure it is the same `example.com` you
were just clicking around in, rather than yet another scammer, and reply to
that message by clicking on a pay button.
To accomplish this will be a great deal of work, but the foundation for
accomplishing it is that names need be on the same blockchain as cryptocoins,
and controlled by their owners secrets, rather than some central authority which
is apt to pursue its own political objectives and the financial interests of the
registrars, rather than those whose names are being registered.