Post on 30-Jun-2015
description
transcript
Ebay without EbayOleg Andreev
@oleganzaoleganza@gmail.com
!February 13, 2014
Bitcoin is:
All-or-nothing ledger
Bitcoin is:
All-or-nothing ledger
Decentralized
Bitcoin is:
All-or-nothing ledger
Decentralized
Programmable
Bitcoin is:
Bitcoin is:
Everyone sees everything
Bitcoin is:
Everyone sees everything
Everyone executes code
Bitcoin is:
Everyone sees everything
Everyone executes code
Everyone validates txs
Bitcoin is:
Every teenager:
2001: can make a webpage
Every teenager:
2001: can make a webpage
2010: can make a mobile app
Every teenager:
2001: can make a webpage
2010: can make a mobile app
2014: can make a contract
Every teenager:
Alice Bob
Alice Bob
iPod
Alice Bob
$100 iPod
Alice Bob
$100 iPod
Alice Bob
$100 iPod
Alice Bob
$100 iPod
Alice Bob
$100
iPod
Alice Bob
iPod
$100
Alice Bob
$100
iPod
Alice Bob
$100iPod
Alice Bob
Alice Bob
$100 iPod
Alice Bob
$100 iPod$200
Alice Bob
$100 iPod$200 $200
Alice Bob
$100 iPod
Alice Bob
$100 iPod
$200
Alice Bob
$100 iPod
$200$200
Alice Bob
$100 iPod
$200$200
Alice Bob
$100iPod
$200$200
Alice Bob
$100iPod
$200$200
Alice Bob
$100iPod
$200$200
Alice Bob
$100iPod
$200$200
Alice Bob
$100iPod$200$200
$200 2 AlicePubKey BobPubKey 2 CHECKMULTISIG$200
1 transaction2 inputs locked by 2 keys
$200 2 AlicePubKey BobPubKey 2 CHECKMULTISIG$200
$200 2 AlicePubKey BobPubKey 2 CHECKMULTISIG$200
Signatures required
$200 2 AlicePubKey BobPubKey 2 CHECKMULTISIG$200
Signatures required
Keys used
$200 2 AlicePubKey BobPubKey 2 CHECKMULTISIG$200
Alice Public KeySignatures required
Keys used
$200 2 AlicePubKey BobPubKey 2 CHECKMULTISIG$200
Alice Public Key
Bob’s Public Key
Signatures required
Keys used
$200 2 AlicePubKey BobPubKey 2 CHECKMULTISIG$200
Alice and Bob must agree on how money is being spent
To unlock money both signatures must be present
0 (SigA) (SigB)$200$200
To unlock money both signatures must be present
0 (SigA) (SigB)$200$200
Back to Alice
To unlock money both signatures must be present
0 (SigA) (SigB)$200$200
Back to Alice
Back to Bob
Alice Bob
$100iPod
$200$200
SigBSigA
Alice has both signatures and sends the unlock transaction
0 SigA SigB$200$200
Alice Bob
$100iPod
$200$200
SigBSigA
Alice Bob
$100iPod
$200$200
Problem: Alice can unlock
$200 any time she wants, but Bob
cannot.
SigBSigA
Anti-troll measure
MAD
Mutually
MutuallyAssured
MutuallyAssuredDestruction
Before starting business, Alice and Bobsign transaction that destroys all funds
0 SigA SigB 000000000000000lock time: +30 days
Before starting business, Alice and Bobsign transaction that destroys all funds
0 SigA SigB 000000000000000lock time: +30 days
Cool off period
Alice Bob
$100iPod
$200$200
SigBSigA
Alice Bob
$100iPodSigBSigA
Payment + Unlock in one transaction
Alice Bob
$100iPod
$400
Alice Bob
$100iPod
$300$100
Alice Bob
$100iPod
$300$100
Alice Bob
$100iPod$300$100
Alice Bob
$100iPod
$400
SigBSigA
Alice Bob
$100iPod
$400
SigBSigA
Alice pays and unlocks at the same time
0 SigA SigB$100$300
Bob is motivated to unlock $300 to not allow Alice to destroy his $200
0 SigA SigB$100$300
0 SigA SigB 000000000000000lock time: +30 days
Once one tx is in blockchain, another one becomes invalid
0 SigA SigB$100$300
0 SigA SigB 000000000000000lock time: +30 days
Once one tx is in blockchain, another one becomes invalid
0 SigA SigB$100$300
Protocol:
Alice and Bob choose keys.
Protocol:
Alice and Bob choose keys.
They lock money with 2-of-2 multisig script.
Protocol:
Alice and Bob choose keys.
They lock money with 2-of-2 multisig script.
They sign a +30d timelocked destruction tx.
Protocol:
Alice and Bob choose keys.
They lock money with 2-of-2 multisig script.
They sign a +30d timelocked destruction tx.
Bob sends the product.
Protocol:
Alice and Bob choose keys.
They lock money with 2-of-2 multisig script.
They sign a +30d timelocked destruction tx.
Bob sends the product.
Alice pays and unlocks money.
Protocol:
Alice and Bob choose keys.
They lock money with 2-of-2 multisig script.
They sign a +30d timelocked destruction tx.
Bob sends the product.
Alice pays and unlocks money.
If money is not unlocked in time, either party can destroy money.
Protocol:
Use cases:
Anonymous markets
Use cases:
Anonymous marketsFreelance contracts
Use cases:
Anonymous marketsFreelance contractsAutonomous agents
Use cases:
http://oleganza.com/bitcoin-epita-2014.pdf