Pages:
Author

Topic: Proposal for some BIP with KYC elements (Read 2690 times)

legendary
Activity: 1246
Merit: 1011
April 27, 2015, 06:38:29 PM
#21
Quote
Well i don't think that anonymity was the main goal of bitcoin
https://web.archive.org/web/20090131115053/http://bitcoin.org/
Quote
01 Nov 2008

Bitcoin is a new design for a fully peer-to-peer electronic cash system. A C++ implementation is under development for release as an open source project.

Main properties:
  - Double-spending is prevented with a peer-to-peer network.
  - No mint or other trusted parties.
  - Participants can be anonymous.

One of the 3 main goals, so your premises are wrong.

I read Satoshi's paper couple of time, i tried to "enter" his mind to understand the poet's intention,anonymity wasn't one of his main goal i think.

That's taking things too far I think.  I agreed with you that anonymity was not the main goal.  As far as I'm concerned, the main goal was to do with creating a trustless wealth transfer protocol, where the functions of payment processors are wholly replaced with a system of cryptographic proofs.  Satoshi explains this clearly in the introduction of his whitepaper.

However, if the whitepaper does not highlight the importance of "anonymity", I would not take this to mean that anonymity was not an important goal (absence of evidence is not evidence of absence).  Sure, you might argue that the whitepaper carries more weight than a single post (more thought was put into its wording); however, by the same token, the whitepaper itself is surely trumped by Satoshi's actions:

The clues are everywhere, from Satoshi actually maintaining his own anonymity to the intention that addresses be used only once (a heavy blow to short-term usability; something Satoshi cared a lot about).  I personally like to cite the release notes for Bitcoin 0.2.  One does not properly torify the client at such an early stage unless one is taking anonymity pretty damned seriously.
jr. member
Activity: 54
Merit: 4
April 27, 2015, 05:57:58 PM
#20
Quote
Well i don't think that anonymity was the main goal of bitcoin
https://web.archive.org/web/20090131115053/http://bitcoin.org/
Quote
01 Nov 2008

Bitcoin is a new design for a fully peer-to-peer electronic cash system. A C++ implementation is under development for release as an open source project.

Main properties:
  - Double-spending is prevented with a peer-to-peer network.
  - No mint or other trusted parties.
  - Participants can be anonymous.

One of the 3 main goals, so your premises are wrong.

I read Satoshi's paper couple of time, i tried to "enter" his mind to understand the poet's intention,anonymity wasn't one of his main goal i think.
The paper describe other impotent goals and technical approaches much more widely,he also talked about privacy,but not deeply enough.
But don't get me wrong,i am a big fan of anonymous bitcoin features like coinjoin/coinmix,darkwallet and zerocoin.. i learn those technics seriously because i believe that they would used as default in future bitcoin products (when bitcoin will be mass adopted ) ,it doesn't conflicts with the KYC  approach because they still can combined together in a creative and smart way..

BTW,some great lecture about bitcoin and anonymity: Princeton University
https://www.youtube.com/watch?v=glyQy_e5LmM

Tnx..
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
April 27, 2015, 12:32:10 AM
#19
Quote
Well i don't think that anonymity was the main goal of bitcoin
https://web.archive.org/web/20090131115053/http://bitcoin.org/
Quote
01 Nov 2008

Bitcoin is a new design for a fully peer-to-peer electronic cash system. A C++ implementation is under development for release as an open source project.

Main properties:
  - Double-spending is prevented with a peer-to-peer network.
  - No mint or other trusted parties.
  - Participants can be anonymous.

One of the 3 main goals, so your premises are wrong.
legendary
Activity: 1400
Merit: 1013
April 26, 2015, 10:38:34 PM
#18
I wrote up a proposal for a system that would allow merchants to identify the customers who pay them, and automatically know how to send them a refund, without doing so in a manner that enables mass surveillance.

https://github.com/justusranvier/rfc/blob/payment_code/bips/bip-pc01.mediawiki
sr. member
Activity: 384
Merit: 258
April 26, 2015, 07:50:57 PM
#17
@Itskok:
Thanks for your answer.

TBH, I agree with you about the goal (how to build a better e-commerce experience and how to enforce honest behaviors) but I'm not convinced that storing these data on a blockchain is the way to go (especially if they can be read only by the merchant and the customer). My main "objection" is that storage on the blockchain & decentralized consensus are expensive and should only be used for things requiring global consensus. Nick Szabo has wrote a great piece on that point (The dawn of trustworthy computing).

Having say that, I'm convinced that cryptography has a lot of useful tools (beyond a blockchain) which can be used to build this kind of system.
FWIW, the guys running the OpenBazaar project try to address some of these subjects (contracts, trust between participants, reputation, ...) and have some interesting proposals (Ricardian contracts, Web of Trust, ...).

If not already done, you should check their website and their github. I'm sure you'll be interested by some of their ideas Smiley
legendary
Activity: 1246
Merit: 1011
April 26, 2015, 06:58:47 PM
#16
Well i don't think that anonymity was the main goal of bitcoin,the most important issue here for my opinion is decentralization and "Man in the middle" cancellation.

This is true.  However, I feel it's worth noting the close parallel between reliable identification as it is typically handled and trusted third parties.  If one wishes to preserve the goal of Bitcoin then one must tread carefully on any topic of identification, especially when combined with the idea of government regulations (please clarify if you had something totally different in mind when you said regulation).

And still as i dont think that the "Man in the middle" approach is about to disappear,i just think that the bitcoin very very weakened him and hurt his power (Banks/Visa/Paypal and other intermediaries)and that's good,its means that we are about to pay much less fees on everything in the future.

Certainly, intermediary companies can be useful.  The focus of Bitcoin is on removing the need to trust third parties to process payments, not in eliminating third party support entirely.  I agree with you here.

I also agree that an intermediary that manages contact details could be of value, but I claim that this value should be determined by market demand for such intermediaries, not by one's feeling that we should lay the groundwork for regulations.

The proposal undoubtedly comes with certain pros and cons.  The reason I'm not so happy with it is I believe an alternative proposal can give us the pros without the cons.  It is the trust that allows lower fees and reduced waiting times, not the contact information.  Contact information is one way of engendering trust, but so too is reputation.  I believe that a system which allows people to build and prove reputation (a web of trust), in applying the UNIX philosophy, will ultimately do a much better job of increasing the efficiency of commerce.  Next to this, a system which relies on third parties to verify sensitive information which is then sent to trading partners seems like an expedient hack.

One of the important things in storing the "purchase Details" on blockchain is that we can put there the receipt/warranty and no one can deny this deal or scam his costumers,its a strong proof for the deal,it must be operated by a "trusted" parties or a BIP consensus, and i also know that its still a new "psychology" that we should get used to ,but i think that solutions like that will change the e-commerce progression significantly.

Such proof can be valuable, but it doesn't require decentralised storage.  All that is needed is for the traders to specify the deal in agreed upon detail and then for each to digitally sign a copy for the other(s) to keep.
jr. member
Activity: 54
Merit: 4
April 26, 2015, 04:52:43 PM
#15
Well i don't think that anonymity was the main goal of bitcoin,the most important issue here for my opinion is decentralization and "Man in the middle" cancellation.
And still as i dont think that the "Man in the middle" approach is about to disappear,i just think that the bitcoin very very weakened him and hurt his power (Banks/Visa/Paypal and other intermediaries)and that's good,its means that we are about to pay much less fees on everything in the future.

One of the important things in storing the "purchase Details" on blockchain is that we can put there the receipt/warranty and no one can deny this deal or scam his costumers,its a strong proof for the deal,it must be operated by a "trusted" parties or a BIP consensus, and i also know that its still a new "psychology" that we should get used to ,but i think that solutions like that will change the e-commerce progression significantly.
I think its a natural addition for the bitcoin if you look at this technology as a pure E commerce payments system (this is how i look at it because of satoshi's vision,and as i says its more like "value" over the internet).
I already know about couple of companies that developing those solutions under the title of "Bitcoin 2.0 technologies" as a third party services,i just thought that it should be a part of the protocol in some technical way.
I know that for some of you its sounds like the complete opposite of what bitcoin is represented, but for me its one of the ways that bitcoin can connect much faster to the "real" world .

In terms of "costs",the only cost here for the costumers/merchants (i am not including the costs of the "BIP"development because it can be very different) ,is the cost of reading data from the blockchain in a smart and trusted way,its not going to be cheap but it wll be much cheaper then visa/paypal infrastructure for sure,these benefits will also be reflected in much lower fees

Tnx..
sr. member
Activity: 384
Merit: 258
April 25, 2015, 10:51:04 PM
#14
Sorry to ask this stupid question but why do you need to store these metadata on the blockchain while they're visible only for the merchant and the customer ? The cost implied by this solution (security, privacy) seems much higher than the benefit (having a convenient online backup).

Moreover, BIP70 allows the exchange of metadata and that sounds like a pretty good solution for this need.
As an example of a more complex scenario, here's a toy project which implements a BIP70-like protocol allowing provable bargaining thanks to a chain of signed messages (i.e. the merchant can't cheat after the end of the negotiation).

No everything needs to be stored on the blockchain. Many things can be done off-chain.
legendary
Activity: 1246
Merit: 1011
April 25, 2015, 08:40:31 PM
#13
Implementing this "trust" layer on wallets should be a decision of the wallet developers,if they decided to add a BIP like that,they will be responsible for verifying their customer's information,otherwise their service will not be considered 'trusted',(i didn't mentioned that,but its the wallet service provider responsibility).

Ok.  So they are responsible for verifying the information but are not to be aware of which transactions their users are involved with.  This is easy enough to arrange; each user will simply need to create a signing/encryption key-pair.  I expect it would be better to keep all the extra data off-chain (on-chain metadata would be an expensive way of dodging ip-logging issues).

The direction here is to create some standard for verifying identities,because i see that every new bitcoin "company" trying to create her own standard and what i think is that we need to create some consensus in a much lower level then everyone apps/services.
If you set a single and simple way for every wallet provider for verify his customer (merchant/costumer) then is a much better way to start and create trust between wallets-merchants-costumers.

I don't agree with this.  Wallet service providers (let's say "wasps") requiring identity verification can just as easily increase trade efficiency (lower fees, instant transactions) for their users with such a standard as without one.  A standard merchant-wasp communication protocol could make this process easier but this would be orthogonal to your proposal.

A metadata standard is primarily of value to merchants and the regulators they are required to report to.  Such entities will be spared an often costly data-sanitation step as they use the data for marketing or crime-fighting purposes.  The standard could also be used by consumers to share lists of their favoured merchants with their friends (potentially helping a valuable web-of-trust recommendation system to replace central ratings companies such as TripAdvisor).

In brief: Standardising trust communications increases the efficiency of trading.  Standardising metadata communications increases the efficiency of finding traders.

About your second question "Why do you consider the Bitcoin technology noble?"
For me bitcoin is not money,its "Value over the Internet",it can be the "next generation of money",i never see other platform that works worldwide so good that can transfer any value within a seconds,its just something amazing.

There are many companies which offer "value over the internet".  Try OKPay for example:  You can send US dollars to other OKPay users instantly, convert them to euros instantly, and send them on as you please.  It's all really quite easy.

I would argue that the extra universality and "just works" magic of Bitcoin is made possible primarily by the lack of KYC regulations.  Currently, a merchant that accepts Bitcoin is offering to do business with anyone.  I believe that should such developments come to pass, regulations will require merchants to reject non-verified users and "we accept bitcoin" will effectively be reduced to "we accept bitcoin approved by one of the following wasps" (basically what we have now with PayPal and friends).
hero member
Activity: 658
Merit: 501
April 25, 2015, 06:23:07 PM
#12
In any case, regulating Bitcoin by controling >50% of the hashing power is perfectly possible. At minimum there's always the nuclear option of telling the (very few!) chip fabs of the world to add kill switches to the ASICs they make and/or regulate who can buy them.

Its already happening with 4k Playready 3.0 hardware DRM and  Intel, AMD, Nvidia, and Qualcomm and Microsoft are on board.

http://www.pcworld.com/article/2908089/all-about-playready-30-microsofts-secret-plan-to-lock-down-4k-movies-to-your-pc.html

We have a lot of work to do with the Open Source hardware movement and we may need to start considering creating open source ASICs designs for PoW. This or start rolling in a TaPoS layer(wallet or protocol) on top of PoW that we can use as a fail safe in case your concerns are realized.

KYC on the blockchain sounds like a horrific idea that goes against some of the core ethical and design principles within bitcoin. We should treat such attempts with utmost contempt and as an attack on Bitcoin itself.

If I wanted KYC I would prefer simply using FIAT and adopting all the risks and benefits with such shared ledger systems.  
legendary
Activity: 4214
Merit: 1313
April 25, 2015, 04:45:45 PM
#11
I know, there are people who wanna buy drugs/weapon/child porn, this BIP is not for them, they can always use "old school" wallets that will not support this "regulation feature".

I'm not following you.  Couldn't such users still choose to use the regulation feature but simply supply false information?  If everyone is free to supply whatever information they wish then who benefits from such a scheme?

I have to assume you have some plan for ensuring a reasonable level of metadata integrity but I cannot discern it from your post.


Interfaces for regulation must begin to develop, this is nothing about hurting the Bitcoin user's privacy, we need to break away from that "drug dealer "character and understand that protocol-level standards will create strong ground for that Nobel technology.

Why do you consider the Bitcoin technology noble?  What value do you see in Bitcoin that does not already exist in better established alternatives?

First of all, thanks everyone for the reference,
Implementing this "trust" layer on wallets should be a decision of the wallet developers,if they decided to add a BIP like that,they will be responsible for verifying their customer's information,otherwise their service will not be considered 'trusted',(i didn't mentioned that,but its the wallet service provider responsibility).
The direction here is to create some standard for verifying identities,because i see that every new bitcoin "company" trying to create her own standard and what i think is that we need to create some consensus in a much lower level then everyone apps/services.
If you set a single and simple way for every wallet provider for verify his customer (merchant/costumer) then is a much better way to start and create trust between wallets-merchants-costumers.
The "open source" approach is good for developers,not for regular people who want to understand who they can call in a case of emergency,this is the reason why "series" wallets who determined to keep peoples money must be under a much harder laws of the protocol/bitcoin community.
We can think about the SSL and the Certificate_authority
http://en.wikipedia.org/wiki/Certificate_authority

http://en.wikipedia.org/wiki/Transport_Layer_Security
If the "authority" is faking the SSL,no one will be her client and she can not exist as a business because she's not loyal.
Same process like that should translated to the Bitcoin echo system as a BIP i think...

About your second question "Why do you consider the Bitcoin technology noble?"
For me bitcoin is not money,its "Value over the Internet",it can be the "next generation of money",i never see other platform that works worldwide so good that can transfer any value within a seconds,its just something amazing.
Another major thing,the Bitcoin system is just "working",as a user I never saw any bugs, always the money goes to his destination,any amount that i ever sent,the transaction went smoothly (hundreds of transactions).
All the "bugs" and risks out there (51% attack,scalability of the blockchain and more..) are just "tasks" that developers will resolved over time,for regular users the bitcoin is really a simple thing that just works great ,but i still think that it will take at least 7-15 years for that technology to become adopted seriously.


One doesn't want to use the certificate authority as an example. As a centralized authority they can be coerced or compromised. Look at the issues with MITM from various countries for example - China, probably the NSA etc.

A distributed solution like name coin for domains is important here.  Centralized is the opposite of the philosophy of bitcoin.

Edit:  In practice the CA's have been compromised at the governmental level and even in egregious examples haven't always been punished in the market place because few people are aware of the issues. 

legendary
Activity: 1792
Merit: 1111
April 25, 2015, 10:49:44 AM
#10

Implementing this "trust" layer on wallets should be a decision of the wallet developers,if they decided to add a BIP like that,they will be responsible for verifying their customer's information,otherwise their service will not be considered 'trusted',(i didn't mentioned that,but its the wallet service provider responsibility).



So this is basically to establish the bitcoin version of Paypal or VISA. This is application level, not protocol level

The direction here is to create some standard for verifying identities,because i see that every new bitcoin "company" trying to create her own standard and what i think is that we need to create some consensus in a much lower level then everyone apps/services.

No such consensus is possible because different countries (and different parts of a county) will always have different standards and requirements.
jr. member
Activity: 54
Merit: 4
April 25, 2015, 10:40:41 AM
#9
I know, there are people who wanna buy drugs/weapon/child porn, this BIP is not for them, they can always use "old school" wallets that will not support this "regulation feature".

I'm not following you.  Couldn't such users still choose to use the regulation feature but simply supply false information?  If everyone is free to supply whatever information they wish then who benefits from such a scheme?

I have to assume you have some plan for ensuring a reasonable level of metadata integrity but I cannot discern it from your post.


Interfaces for regulation must begin to develop, this is nothing about hurting the Bitcoin user's privacy, we need to break away from that "drug dealer "character and understand that protocol-level standards will create strong ground for that Nobel technology.

Why do you consider the Bitcoin technology noble?  What value do you see in Bitcoin that does not already exist in better established alternatives?

First of all, thanks everyone for the reference,
Implementing this "trust" layer on wallets should be a decision of the wallet developers,if they decided to add a BIP like that,they will be responsible for verifying their customer's information,otherwise their service will not be considered 'trusted',(i didn't mentioned that,but its the wallet service provider responsibility).
The direction here is to create some standard for verifying identities,because i see that every new bitcoin "company" trying to create her own standard and what i think is that we need to create some consensus in a much lower level then everyone apps/services.
If you set a single and simple way for every wallet provider for verify his customer (merchant/costumer) then is a much better way to start and create trust between wallets-merchants-costumers.
The "open source" approach is good for developers,not for regular people who want to understand who they can call in a case of emergency,this is the reason why "series" wallets who determined to keep peoples money must be under a much harder laws of the protocol/bitcoin community.
We can think about the SSL and the Certificate_authority
http://en.wikipedia.org/wiki/Certificate_authority
http://en.wikipedia.org/wiki/Transport_Layer_Security
If the "authority" is faking the SSL,no one will be her client and she can not exist as a business because she's not loyal.
Same process like that should translated to the Bitcoin echo system as a BIP i think...

About your second question "Why do you consider the Bitcoin technology noble?"
For me bitcoin is not money,its "Value over the Internet",it can be the "next generation of money",i never see other platform that works worldwide so good that can transfer any value within a seconds,its just something amazing.
Another major thing,the Bitcoin system is just "working",as a user I never saw any bugs, always the money goes to his destination,any amount that i ever sent,the transaction went smoothly (hundreds of transactions).
All the "bugs" and risks out there (51% attack,scalability of the blockchain and more..) are just "tasks" that developers will resolved over time,for regular users the bitcoin is really a simple thing that just works great ,but i still think that it will take at least 7-15 years for that technology to become adopted seriously.
legendary
Activity: 1246
Merit: 1011
April 25, 2015, 07:21:31 AM
#8
I know, there are people who wanna buy drugs/weapon/child porn, this BIP is not for them, they can always use "old school" wallets that will not support this "regulation feature".

I'm not following you.  Couldn't such users still choose to use the regulation feature but simply supply false information?  If everyone is free to supply whatever information they wish then who benefits from such a scheme?

I have to assume you have some plan for ensuring a reasonable level of metadata integrity but I cannot discern it from your post.

Interfaces for regulation must begin to develop, this is nothing about hurting the Bitcoin user's privacy, we need to break away from that "drug dealer "character and understand that protocol-level standards will create strong ground for that Nobel technology.

Why do you consider the Bitcoin technology noble?  What value do you see in Bitcoin that does not already exist in better established alternatives?
hero member
Activity: 699
Merit: 501
April 25, 2015, 05:01:38 AM
#7
You might as well add the customers credit card number to the blockchain. On a serious note, if you're producing services for merchants and consumers, like me, it would be faster, easier, and much more secure if you just stored all these information in a database (which is what we have all been doing) there's no need to share sensitive & dynamic user data, in a particular organisation, for the whole world to analyse.
legendary
Activity: 1120
Merit: 1152
April 25, 2015, 04:17:45 AM
#6
Bitcoin is a consensus protocol to determine the validity of some binary data. Fundamentally, it is just a language. It could not be regulated like regulating a company because there is no one to send to jail and nothing to confiscate. The only way to regulate bitcoin is to control >50% of the hashing power (or to regulate bitcoin users, but bitcoin users != bitcoin).

Quite simply, there'a a high chance this will be the crypto wars all over again. Like the first iteration of the crypto wars, it's a winnable battle, but it is a battle we can lose too.

In any case, regulating Bitcoin by controling >50% of the hashing power is perfectly possible. At minimum there's always the nuclear option of telling the (very few!) chip fabs of the world to add kill switches to the ASICs they make and/or regulate who can buy them.
legendary
Activity: 1792
Merit: 1111
April 25, 2015, 04:04:29 AM
#5
There is no reason to store these kind of private encrypted data on the blockchain. The blockchain should be used for storing

  • Public data, or
  • Private data but timestamping is needed

For the case you suggest, users and merchants should digitally sign those receipts and KYC data (with mutually agreed timestamp if needed) and keep it by themselves.

I've actually had this discussion with regulatory/banking types... There's pressure to have the data on the blockchain itself precisely because it forces it to be "sufficiently" public for governments to be happy - many of them want it to be fundamentally impossible to use the blockchain without giving up that information. First step is to be able to know for sure if the data exists.

Obviously pay-to-contract-hash techniques are the sane way to do this stuff... but we don't necessarily have the same goals as regulators do. One of the hard political challenges for people enganging with regulators is convincing them that privacy matters, and any KYC system has to be an add-on, not an inherent part of the system.

Bitcoin is a consensus protocol to determine the validity of some binary data. Fundamentally, it is just a language. It could not be regulated like regulating a company because there is no one to send to jail and nothing to confiscate. The only way to regulate bitcoin is to control >50% of the hashing power (or to regulate bitcoin users, but bitcoin users != bitcoin).

Anyway, if they have some good idea in mind, they can always create it (since they have unlimited resources) and convince people to adopt it.
legendary
Activity: 1120
Merit: 1152
April 25, 2015, 03:35:02 AM
#4
There is no reason to store these kind of private encrypted data on the blockchain. The blockchain should be used for storing

  • Public data, or
  • Private data but timestamping is needed

For the case you suggest, users and merchants should digitally sign those receipts and KYC data (with mutually agreed timestamp if needed) and keep it by themselves.

I've actually had this discussion with regulatory/banking types... There's pressure to have the data on the blockchain itself precisely because it forces it to be "sufficiently" public for governments to be happy - many of them want it to be fundamentally impossible to use the blockchain without giving up that information. First step is to be able to know for sure if the data exists.

Obviously pay-to-contract-hash techniques are the sane way to do this stuff... but we don't necessarily have the same goals as regulators do. One of the hard political challenges for people enganging with regulators is convincing them that privacy matters, and any KYC system has to be an add-on, not an inherent part of the system.
legendary
Activity: 1792
Merit: 1111
April 25, 2015, 01:14:14 AM
#3
There is no reason to store these kind of private encrypted data on the blockchain. The blockchain should be used for storing

  • Public data, or
  • Private data but timestamping is needed

For the case you suggest, users and merchants should digitally sign those receipts and KYC data (with mutually agreed timestamp if needed) and keep it by themselves.
legendary
Activity: 1120
Merit: 1152
April 25, 2015, 12:47:55 AM
#2
Interfaces for regulation must begin to develop, this is nothing about hurting the Bitcoin user's privacy, we need to break away from that "drug dealer "character and understand that protocol-level standards will create strong ground for that Nobel technology.

Government/bank signed and controlled blockchains are already being worked on that implement all the identity tech you're looking into and more - I've even been told about requirements for these projects to have every single invoice to be uploaded to the blockchain so the government can investigate not only who sent money to whome, but what exactly they were buying. Of course, this is nothing new: credit card processing platforms are already starting to do this stuff too with bigger merchants.

FWIW, the blockchain itself isn't new technology at all. Satoshi's contribution to the state of the art was to figure out how to make the tech work without central authority or identity. What you're doing goes in the exact opposite direction, and is better done in centralized systems; Bitcoin has no advantage over those much faster, cheaper, and more scalable systems other than freedom from regulation.

If you want to work further on this technology, I can pass your name onto companies working in this space. Personally I'm rather dubious about taking on those clients for hopefully obvious reasons...
Pages:
Jump to: