Author

Topic: Wei Dai's "b-money", and contract enforcement (Read 4114 times)

sr. member
Activity: 316
Merit: 250
December 17, 2011, 01:06:53 PM
#5
A general computer with Bitcoin-like integrity of collective data and calculations and public-keys for user accounts would be the best tool for implementing anonymous contract systems. In the following thread, I also explained how Bitcoin's existing history and user accounts could be mapped into its global 320 bit (or 1024 bit for the bigger version) address space.

"MerkleWeb - statistical Godel-like secure-but-not-perfect global Turing Machine"
https://bitcointalksearch.org/topic/merkleweb-statistical-godel-like-secure-but-not-perfect-global-turing-machine-53062
donator
Activity: 826
Merit: 1060
Thank you, Wei.
newbie
Activity: 2
Merit: 12
Hmm. Or maybe he is actually saying that. If I think Starbucks cheated me, I can adjust my balances so that Starbacks has less money and I have more. At the same time, Starbucks will adjust their balances so that they have more money and I have less. I guess everyone else can decide whose balances they want to believe.

But I feel I must be missing the point here. Can anyone shed some light on this?

The idea here is that most people will accept the arbitrator's judgment (remember that both parties have to agree to the choice of arbitrator), unless one of the parties can produce clear evidence that the arbitrator behaved unfairly. So if Starbucks cheated you, and the arbitrator agrees with that, then Starbucks can still adjust their balances so that they have more money and you have less, but then they can't expect to spend that money anywhere else.
legendary
Activity: 980
Merit: 1020
My investigation turn up the fact that Wei Dai is a poster at lesswrong.org.

http://lesswrong.com/user/Wei_Dai/submitted
donator
Activity: 826
Merit: 1060
The first paper referenced by Satoshi Nakamoto's Bitcoin Paper is Wei Dai's 1998 proposal for "b-money". It's a short but very interesting paper, and it shows that many of the ideas behind Bitcoin were well along the way to fruition back in 1998.

The part that has me interested relates to the enforcement of contracts between pseudonymous participants. The key idea is that there is distributed accounting, as in Bitcoin. The participants to a contract, and an arbitrator, each transfer a deposit equal to the maximum "penalty" they will pay if they break their contract.

If the contract is carried out, these "reparations" get refunded. If the contract does not succeed, the reparations are paid out as agreed by the participants, up to the maximum amount deposited:

Quote
3. The effecting of contracts. A valid contract must include a maximum reparation in case of default for each participant party to it. It should also include a party who will perform arbitration should there be a dispute. All parties to a contract including the arbitrator must broadcast their signatures of it before it becomes effective. Upon the broadcast of the contract and all signatures, every participant debits the account of each party by the amount of his maximum reparation and credits a special account identified by a secure hash of the contract by the sum the maximum reparations. The contract becomes effective if the debits succeed for every party without producing a negative balance, otherwise the contract is ignored and the accounts are rolled back. A sample contract might look like this:

K_A agrees to send K_B the solution to problem P before 0:0:0 1/1/2000. K_B agrees to pay K_A 100 MU (monetary units) before 0:0:0 1/1/2000. K_C agrees to perform arbitration in case of dispute. K_A agrees to pay a maximum of 1000 MU in case of default. K_B agrees to pay a maximum of 200 MU in case of default. K_C agrees to pay a maximum of 500 MU in case of default.

4. The conclusion of contracts. If a contract concludes without dispute, each party broadcasts a signed message "The contract with SHA-1 hash H concludes without reparations." or possibly "The contract with SHA-1 hash H concludes with the following reparations: ..." Upon the broadcast of all signatures, every participant credits the account of each party by the amount of his maximum reparation, removes the contract account, then credits or debits the account of each party according to the reparation schedule if there is one.

But what if the participants can't agree? That, of course, is the crux of any contract enforcement scheme. Wei Dai has this to say:

Quote
5. The enforcement of contracts. If the parties to a contract cannot agree on an appropriate conclusion even with the help of the arbitrator, each party broadcasts a suggested reparation/fine schedule and any arguments or evidence in his favor. Each participant makes a determination as to the actual reparations and/or fines, and modifies his accounts accordingly.
I don't get it. What is Wei Dai saying here? Surely he can't be saying that each participant does whatever they choose to do, because that would result in everyone having a different idea of what everyone else's balance is.

Hmm. Or maybe he is actually saying that. If I think Starbucks cheated me, I can adjust my balances so that Starbacks has less money and I have more. At the same time, Starbucks will adjust their balances so that they have more money and I have less. I guess everyone else can decide whose balances they want to believe.

But I feel I must be missing the point here. Can anyone shed some light on this?

Naturally my interest is in how this could be adapted to Bitcoin, but I feel I should understand Wei Dai's proposal first.
Jump to: