📅 Original date posted:2022-05-16
📝 Original message:Hello list,
Fidelity bonds could be used to help create trust-minimized federations
that are needed for things like chaumian ecash servers or sidechains.
From what I've seen until now, people working on chaumian ecash or
sidechains say that the federation controlling the multisig keys will be
based on some kind of reputation. Perhaps it will be some pseudonymous
nyms that have built up a good reputation over a long time. I suggest
another option is to use fidelity bonds to decide who gets to control
the multisig keys.
Fidelity bonds are a way to deliberately sacrifice bitcoin value in a
way that can be proven to a third party. In practice this is done by
sending bitcoins to an address which is time-locked using the
OP_CHECKTIMELOCKVERIFY opcode. The redeemscript and UTXO, along with a
signature, can be shown to anyone to prove that the sacrifice happened.
This system has already been deployed in JoinMarket since August 2021,
and at the time of writing about 600 btc have been locked up, some for
several years. The whole scheme is similar in some ways to PoW that
bitcoin itself uses to avoid sybil attacks when solving the double spend
problem.
It's important to understand what is the value-add of fidelity bonds and
what it isn't. Fidelity bonds don't solve the trust issue, as someone
with a big fidelity bond could still steal funds from the ecash server
or sidechain using multisig keys they control. Such systems will always
be custodial.
Rather, fidelity bonds strongly incentivize that the different fidelity
bond owners are actually different people. That might be exactly the
kind of thing needed for distributing the keys of big multisigs,
especially now that taproot allows us to create very big multisig
schemes. This happens because the value of a fidelity bond is calculated
as a greater-than-linear power of the bitcoin sacrifice. So for example
if the power was 2, and someone sacrificed 5 bitcoins of value, their
fidelity bond would be worth 5 x 5 = 25. If instead they sacrificed 6
bitcoins their fidelity bond would be worth 6 x 6 = 36. This superlinear
power is what creates a strong incentive for the different fidelity
bonds to actually be controlled by different people, because anyone
behaving rationally will put all their bitcoins into just one fidelity,
not split them up over many bonds. As a sybil attacker needs to
distribute their bitcoins over many different bonds, they are
mathematically punished. The fidelity bond system achieves this without
revealing anything much about those people's identities.
Another value-add of fidelity bonds is they are very much in keeping
with the cypherpunk ethos, as anyone can create a fidelity bond and
advertise it in the market. As the bitcoins can be mixed with coinjoin
before and after sending to the timelocked address, the scheme doesn't
have to be linked to any identity. Only money talks; not reputation,
political power or geographical power.
I don't know yet exactly the details of how such a scheme would work,
maybe something like each fidelity bond owner creates a key in the
multisig scheme, and transaction fees from the sidechain or ecash server
are divided amongst the fidelity bonds in proportion to their fidelity
bond value.
Regards
CB
Chris Belcher [ARCHIVE] /
npub1ek…lnm2u
2023-06-07 23:09:40
in reply to nevent1q…jh4r
Author Public Key
npub1ekvnqhww3aagwuj9t55dgj5y29u8cxdjllfv3vgppt8vc0zljhrs6lnm2uPublished at
2023-06-07 23:09:40Event JSON
{
"id": "d0c9a3f51734ed8023dfec8fc1ac021f54c90836acac6a7ee10fee09162ff15b",
"pubkey": "cd99305dce8f7a8772455d28d44a8451787c19b2ffd2c8b1010acecc3c5f95c7",
"created_at": 1686179380,
"kind": 1,
"tags": [
[
"e",
"3c45b7a0d90a62714a61d19a62377119b80090c180aae6cabdabaacac6152934",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2022-05-16\n📝 Original message:Hello list,\n\nFidelity bonds could be used to help create trust-minimized federations \nthat are needed for things like chaumian ecash servers or sidechains.\n\n From what I've seen until now, people working on chaumian ecash or \nsidechains say that the federation controlling the multisig keys will be \nbased on some kind of reputation. Perhaps it will be some pseudonymous \nnyms that have built up a good reputation over a long time. I suggest \nanother option is to use fidelity bonds to decide who gets to control \nthe multisig keys.\n\nFidelity bonds are a way to deliberately sacrifice bitcoin value in a \nway that can be proven to a third party. In practice this is done by \nsending bitcoins to an address which is time-locked using the \nOP_CHECKTIMELOCKVERIFY opcode. The redeemscript and UTXO, along with a \nsignature, can be shown to anyone to prove that the sacrifice happened. \nThis system has already been deployed in JoinMarket since August 2021, \nand at the time of writing about 600 btc have been locked up, some for \nseveral years. The whole scheme is similar in some ways to PoW that \nbitcoin itself uses to avoid sybil attacks when solving the double spend \nproblem.\n\nIt's important to understand what is the value-add of fidelity bonds and \nwhat it isn't. Fidelity bonds don't solve the trust issue, as someone \nwith a big fidelity bond could still steal funds from the ecash server \nor sidechain using multisig keys they control. Such systems will always \nbe custodial.\n\nRather, fidelity bonds strongly incentivize that the different fidelity \nbond owners are actually different people. That might be exactly the \nkind of thing needed for distributing the keys of big multisigs, \nespecially now that taproot allows us to create very big multisig \nschemes. This happens because the value of a fidelity bond is calculated \nas a greater-than-linear power of the bitcoin sacrifice. So for example \nif the power was 2, and someone sacrificed 5 bitcoins of value, their \nfidelity bond would be worth 5 x 5 = 25. If instead they sacrificed 6 \nbitcoins their fidelity bond would be worth 6 x 6 = 36. This superlinear \npower is what creates a strong incentive for the different fidelity \nbonds to actually be controlled by different people, because anyone \nbehaving rationally will put all their bitcoins into just one fidelity, \nnot split them up over many bonds. As a sybil attacker needs to \ndistribute their bitcoins over many different bonds, they are \nmathematically punished. The fidelity bond system achieves this without \nrevealing anything much about those people's identities.\n\nAnother value-add of fidelity bonds is they are very much in keeping \nwith the cypherpunk ethos, as anyone can create a fidelity bond and \nadvertise it in the market. As the bitcoins can be mixed with coinjoin \nbefore and after sending to the timelocked address, the scheme doesn't \nhave to be linked to any identity. Only money talks; not reputation, \npolitical power or geographical power.\n\nI don't know yet exactly the details of how such a scheme would work, \nmaybe something like each fidelity bond owner creates a key in the \nmultisig scheme, and transaction fees from the sidechain or ecash server \nare divided amongst the fidelity bonds in proportion to their fidelity \nbond value.\n\nRegards\nCB",
"sig": "1de0f977c90ec6d2c5103891f22907e3a9c04dadd30696e3a478aa523158a5292566ee172da696a0becc0637dd6e4b37c42989cf5ba4c0f715256a29f1f2b1d9"
}