public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: "Jose Femenías Cañuelo" <jose.femenias@gmail.com>,
	"Bitcoin Protocol Discussion"
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] easypaysy - A layer-two protocol to send payments without addresses
Date: Fri, 06 Dec 2019 17:16:44 +0000	[thread overview]
Message-ID: <Qul4dCoKs2JEQgCYkvdn_QYjgQ5ucpwHZCHdU7qOZ5DGYOGB7p37-s7GN6Jg_NKDzsLlGv-WkOU_mY-a1A_tygRlnhOVnJBK9nvAJ3Gs-bE=@protonmail.com> (raw)
In-Reply-To: <AF3AF268-8E5B-481E-A5C7-205D171E90A5@gmail.com>

Good morning Jose,

> Hi ZmnSCPxj,
>
> first of all: do you ever sleep? ;-)

It seems possible, that, I do not.


> b) Master accounts are included in the white paper as a feature for a future release.
> The roadmap is not set yet, but I’d like to include a first release of the protocol that only covers the most basic features, to make it simpler and safer for wallet developers.
> Master accounts aren’t a priority, since they are more oriented towards scaling the proposal, and that is far from being a problem yet.
> So, this feature is not well defined for now. However, as presented in the white paper, the ‘service provider’ has really no control over your money.
>
> He would basically do a just a few things:
>
> -   Aggregate the account info (up to 2048 individual accounts per master account).
> -   Hash every account info, sort them, and calculate the Merkle root of a tree containing them all.
> -   Create a JSON document containing the information of all the sub-accounts included in the pack.
> -   Make that JSON document publicly available, probably with a https: URL (That’s called an Authoritative server)
> -   Finally, create and publish a TX that contains a pointer to the Authoritative server, and the Merkle root of the set of accounts.
>
>     The service provider would have NO control whatsoever of your funds, nor can he block payments, etc.
>     There is some sort of delegation, but no trust involved here. The Merkle root protects agains any attempt of tampering with the account data.

This does not seem to mesh well with the other non-Master parts of the protocol, where further updates on the single account backed by a funding TXO are performed by spending the funding TXO and creating a transaction with `OP_RETURN`.

In addition, I would like to suggest as well that instead of `OP_RETURN`, you could instead use "sign-to-contract".

Sign-to-contract is simply that, when signing, instead of selecting a random `r` and computing `R` as `R = r * G`, you select a random `r` and a contract or other message `c`, and compute `R` as `R = r * G + h((r * G) | c) * G`.
Then the user can provide the message `c` independently of the signature, via another mechanism, and reveal `r * G` and `c` and point to the signature as a commitment to the message `c`.
Although, it does have the drawback that using sign-to-contract require a different layer / overlay network to broadcast messages `c`, but it does reduce the cost on the blockchain layer, which is always a good thing.
Similar issues are faced by the RGB project, for instance, and defiads explicitly uses a separate overlay network when transmitting advertisements (both RGB and defiads use the opposite pay-to-contract, which tweaks the pubkey rather than the ephemeral `R`).

>
>     The account’s TX won’t ever disappear from the blockchain, so your account info will always be there.
>     Worst case scenario, the service provider disappears and users can’t download the Json document containing your account information.
>
>     To mitigate this issue, the white paper suggests the creation of mirror servers.

How about control transactions on top of the funding txo?
Who is able to make further control transactions?
If the service provider gives the user full control of the control transactions on top of the funding txo, then it outright loses the money it put in the funding txo and might as well operate as a full exchange.
If the service provider retains even partial control, then it can refuse to cooperate with the user and the user will be unable to update his or her account.

This is not fixable by the use of mirror servers.


> d) Regarding your comments on the possibility of adding the output index in the account ID, I still don’t see the need for the use case of easypaysy (since, by definition, easypaysy accounts must have exactly one input and two outputs).

Do you mean, that if the user makes a control transaction to change the details of the account, then the user is forced to change the easypaysy identifier?

My initial reading of your whitepaper is that the easypaysy identifier refers to the funding txo that roots the further control transactions.
If so, the funding txo is not necessarily a one-input two-output transaction.
If not, then each time a control transaction changes the details of the easypaysy identifier, the identifier itself is changed.0


> If you are interested, please contact me, preferably privately since I wouldn’t want to become much too off topic in this dev-list

I still do not see why it would be off-topic to the devlist.

Regards,
ZmnSCPxj



  reply	other threads:[~2019-12-06 17:17 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-05 20:00 [bitcoin-dev] easypaysy - A layer-two protocol to send payments without addresses Jose Femenías Cañuelo
2019-12-06  2:53 ` ZmnSCPxj
2019-12-06  7:56   ` Jose Femenías Cañuelo
2019-12-06 17:16     ` ZmnSCPxj [this message]
2019-12-06 18:47       ` Jose Femenías Cañuelo
2019-12-07  4:09         ` ZmnSCPxj
  -- strict thread matches above, loose matches on Subject: below --
2019-12-02 21:25 Jose Femenías Cañuelo
     [not found] <mailman.1377.1575015939.25512.bitcoin-dev@lists.linuxfoundation.org>
2019-12-02 14:00 ` Jose Femenias
2019-12-02 17:27   ` Tim Blokdijk
2019-12-02 21:10     ` ZmnSCPxj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='Qul4dCoKs2JEQgCYkvdn_QYjgQ5ucpwHZCHdU7qOZ5DGYOGB7p37-s7GN6Jg_NKDzsLlGv-WkOU_mY-a1A_tygRlnhOVnJBK9nvAJ3Gs-bE=@protonmail.com' \
    --to=zmnscpxj@protonmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=jose.femenias@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox