From: Tom Trevethan <tom@commerceblock•com>
To: "David A. Harding" <dave@dtrt•org>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Statechain implementations
Date: Tue, 31 Mar 2020 12:41:46 +0100 [thread overview]
Message-ID: <CAJvkSsfWoTTUOUYjQDrP-xrwB8FwAGUaDKSrYX3=-+wAE3yDLA@mail.gmail.com> (raw)
In-Reply-To: <20200331103508.asvxujkhtifj6n7i@ganymede>
[-- Attachment #1: Type: text/plain, Size: 3931 bytes --]
Hi David,
Just for clarity, I left nChain over 2 years ago (having worked there since
2016). While there, I (along with other researchers) were given free rein
to work on any ideas we wanted to. I had been interested in the scaling of
Bitcoin off-chain, and this was one of several things I spent time on
(including things like sidechains, pegs and threshold signatures). This
patent application came out of an idea I had to transfer ownership of UTXOs
off-chain that has some similarities to the statechains proposal, which has
shown there is interest and demand for this type of system.
Although I think the existence of this application is something to be
mindful of, there are several important things to note:
1. Although there are similarities, the current ideas are significantly
different to those in the application.
2. The key transfer protocol as described in the application is not secure
(for several reasons, including as discussed above, by Albert and Bob etc.)
- and a different mechanism is required.
3. Decrementing timelocks (as suggested in the application) are prior art
(Decker-Wattenhofer 2015), and in any case any implementation will most
likely use an 'invalidation tree' relative locktime backup mechanism for
open-ended UTXOs.
4. The patent application has not been granted (it was made in May 2017)
and the international search report rejected it on the grounds of prior
art.
Tom
On Tue, Mar 31, 2020 at 11:36 AM David A. Harding <dave@dtrt•org> wrote:
> On Wed, Mar 25, 2020 at 01:52:10PM +0000, Tom Trevethan via bitcoin-dev
> wrote:
> > Hi all,
> >
> > We are starting to work on an implementation of the statechains concept (
> >
> https://medium.com/@RubenSomsen/statechains-non-custodial-off-chain-bitcoin-transfer-1ae4845a4a39
> ),
> >
> > [...]
> > There are two main modifications we are looking at:
> > [...]
> >
> > 2. Replacing the 2-of-2 multisig output (paying to statechain entity SE
> key
> > and transitory key) with a single P2(W)PKH output where the public key
> > shared between the SE and the current owner. The SE and the current owner
> > can then sign with a 2-of-2 ECDSA MPC.
>
> Dr. Trevethan,
>
> Would you be able to explain how your proposal to use statechains with
> 2P-ECDSA relates to your patent assigned to nChain Holdings for "Secure
> off-chain blockchain transactions"?[1]
>
> [1] https://patents.google.com/patent/US20200074464A1
>
> Here are some excerpts from the application that caught my attention in
> the context of statechains in general and your proposal to this list in
> particular:
>
> > an exchange platform that is trusted to implement and operate the
> > transaction protocol, without requiring an on-chain transaction. The
> > off-chain transactions enable one computer system to generate multiple
> > transactions that are recordable to a blockchain in different
> > circumstances
> >
> > [...]
> >
> > at least some of the off-chain transactions are valid for recording on
> > the blockchain even in the event of a catastrophic failure of the
> > exchange (e.g., exchange going permanently off-line or loosing key
> > shares).
> >
> > [...]
> >
> > there may be provided a computer readable storage medium including a
> > two-party elliptic curve digital signature algorithm (two-party ECDSA)
> > script comprising computer executable instructions which, when
> > executed, configure a processor to perform functions of a two-party
> > elliptic curve digital signature algorithm described herein.
> >
> > [...]
> >
> > In this instance the malicious actor would then also have to collude
> > with a previous owner of the funds to recreate the full key. Because
> > an attack requires either the simultaneous theft of both exchange and
> > depositor keys or collusion with previous legitimate owners of funds,
> > the opportunities for a malicious attacker to compromise the exchange
> > platform are limited.
>
> Thank you,
>
> -Dave
>
[-- Attachment #2: Type: text/html, Size: 4911 bytes --]
next prev parent reply other threads:[~2020-03-31 11:48 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-25 13:52 Tom Trevethan
2020-03-26 1:20 ` ZmnSCPxj
2020-03-26 3:55 ` Albert
2020-03-26 12:36 ` Ruben Somsen
2020-03-26 17:12 ` Christian Decker
2020-03-26 17:17 ` Greg Sanders
2020-03-26 18:53 ` Ruben Somsen
2020-03-27 1:46 ` ZmnSCPxj
2020-03-27 15:12 ` Ruben Somsen
2020-03-28 2:20 ` ZmnSCPxj
2020-03-26 14:52 ` Bob McElrath
2020-03-27 17:10 ` Bob McElrath
2020-03-28 2:42 ` ZmnSCPxj
2020-03-28 17:38 ` Ruben Somsen
2020-03-28 17:42 ` Ruben Somsen
2020-03-30 1:25 ` ZmnSCPxj
2020-03-31 10:35 ` David A. Harding
2020-03-31 11:41 ` Tom Trevethan [this message]
2020-04-02 22:56 ` Tom Trevethan
2020-04-03 16:37 ` Nadav Kohen
2020-04-04 12:07 ` ZmnSCPxj
2020-04-05 14:17 ` Bob McElrath
2020-04-05 18:24 ` ZmnSCPxj
2020-04-05 21:25 ` Tom Trevethan
2020-05-07 14:54 ` Tom Trevethan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJvkSsfWoTTUOUYjQDrP-xrwB8FwAGUaDKSrYX3=-+wAE3yDLA@mail.gmail.com' \
--to=tom@commerceblock$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=dave@dtrt$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox