Author

Topic: Building initial transaction trust through "coin ripping" (Read 8792 times)

founder
Activity: 364
Merit: 7060
The software is designed to support things like this.  I was going to post details of the plans for Escrow, but since getting slashdotted I haven't had time.
hero member
Activity: 770
Merit: 566
fractally
I think that Red's idea is great if it can be properly designed.

The only problem with this whole procedure is that both parties are required to put up capital.   The one buying a service and the one performing the service both must put up cash.  Unfortunately the one providing the service is also putting up their service.
full member
Activity: 150
Merit: 100
One possibility would be to ask a algorithmically selected node from the network as intermediary. It would be possible, I suspect, to make the system work in such a way that nobody can get the money unless the two parties and the intermediary cooperate (so the intermediary cannot steal the money)
Red
full member
Activity: 210
Merit: 115
To make that work in bitcoin you would need to be able to create a private key that both of you know, but a public key that each of you only know *half* of. In the crypto sense of half, where there are two secrets that can be combined together mathematically to make a third secret.

You would both transfer 5 BTC to the bitcoin address matching the public key. Then neither could retrieve the coins until one surrendered his half to the other.

A proxy comes to mine, but that is cheating. If you used a proxy to generate the private key and split it, they would know the private key and in that case you might as well trust them to hold the money without splitting the key.

I don't know enough about how elliptic curve based keys are generated to propose an algorithm. But stranger things have happened in crypto than that. In some cases, you can do math with two unknown encrypted numbers and have and have the answer decrypt correctly.

Go figure.
xc
jr. member
Activity: 40
Merit: 4
That's very clever. Satoshi has implied that there is great flexibility in the way transactions could work: https://bitcointalksearch.org/topic/m.1611. I think he may have had such ideas in mind.

In time, hopefully, numerous such arrangements can be used to fully develop the idea of 'smart' contracts (http://en.wikipedia.org/wiki/Smart_contracts). The current Bitcoin implementation already represents a working example of smart contracts: software encoded rules governing digital property. Rothbard in Ethics of Liberty talks about how powerful the simple penal bond was to medieval commerce (http://mises.org/rothbard/ethics/nineteen.asp). Given the right contract tools, the Bitcoin economy will be able to flourish without relying on the expense and ethical contradictions of state courts.

XC
full member
Activity: 218
Merit: 101
I'm certainly not a cryptographer by trade or anything so I'm not sure if this idea holds any water.  As I browse the forums I am noticing that perhaps one of the bigger issues when transacting with BC is building reputation between the transacting parties.  In particular, the very first transaction seems to be critical.

I'm wondering if a solution, similar to what Professor Markus Jakobsson proposed in his paper could work? See http://romualdogrillo.net/index.php?option=com_content&view=article&id=48&Itemid=54   for an overview.  In a nutshell, the goal with "coin ripping" is similar to what could be done with traditional paper money. 
  • If A is going to perform $5 of service for B, they each can take out a $5 bill and rip them in half.
  • Now A and B would each have 2 halve's of a $5 bill, but neither would have the correct halves.
  • Therefore A is incentivized to actually perform the service for B, since this is the only way for him to receive both the missing half from his original $5bill back and the missing half of B's original $5 bill.
  • The result is a transfer of $5 to A from B (as originally planned) in exchange for service.
Of course, if A or B is a scammer, with this scenario both of them would lose.  In other words, it wouldn't pay to be a scammer.

I don't know if this is something that would qualify for design consideration, but if all transactions were "ripped" by default, it might set people's minds at ease.  Additionally, it could possibly be algorithmically implemented unlike a staffed escrow account.

What do you guys think?
Jump to: