Redactable Bitcoin

Update: I made some redactions corrections.

Bitcoin people frequently criticize banks for claiming to build blockchains while discarding proof-of-work, so here comes Accenture with their own version of a blockchain. It keeps Bitcoin’s proof-of-work, and adds a master key.

(More specifically, it takes Bitcoin’s exact protocol but replaces the double-SHA256 hash with a chameleon hash inside a SHA256 hash. A chameleon hash is a hash function that contains a trapdoor.)


I suspect that Accenture’s Financial Services group does not know what it is actually getting here. Their whitepaper begins by asserting that Bitcoin’s blockchain contains illegal porn that needs to be redacted. Good grief.

Then they spend two pages talking about the DAO.

The problem isn’t the redactability – sure, maybe Accenture’s Group Exec wants to scrub those bookings at the no-tell hotel from his credit card statement. I can sympathize with that. The problem is that Accenture misrepresents what a blockchain even is.

Accenture employees might be clueless, but their academic co-authors cannot possibly be ignorant of the fact that an application that runs on a blockchain (the DAO) is separate from the blockchain itself (Ethereum). And, having modified Bitcoin Core, they know full well that porn cannot be stored on Bitcoin’s blockchain.

Look, it’s fine if people want to make grandiose claims about how blockchains will revolutionize the universe. It’s good for business around here. But now you guys are just making shit up to exploit the technological ignorance of banks. This is exactly how industries start getting regulated. Cut it out.

Bitcoin and child porn:
Yes, Bitcoin’s blockchain contains transactions that have encoded URLs of child porn sites. So does this web page. In fact, this is an encoded URL, right here: “1HJCcziSCEkUcDq5aRC68vxVdx6enWUrvf” (the link goes to a transaction in the Bitcoin blockchain explorer, not a porn site). If you know where to find this data on the blockchain, AND you know the algorithm for decoding the data, AND you actively take the time to decrypt it, AND you paste the decrypted URL into your web browser, then yes, I suppose you can get child porn from Bitcoin’s blockchain. You’ll have a hard time blaming Bitcoin for this one though.

See Also:
G. Ateniese, et al. Redactable Blockchain — or — Rewriting History in Bitcoin and Friends. Cryptology ePrint Archive: Report 2016/757
When a Blockchain isn’t a Blockchain –Bloomberg

OpenBazaar: How Does a Decentralized Marketplace Work?

I love Etsy. Etsy’s great! Except… I just wish it wasn’t so… centralized.

I assume that’s what Andreessen Horowitz and Union Square Ventures were thinking when they invested $1 million into decentralized marketplace OpenBazaar.

Whatever, this is how it works.

BitTorrent, not Blockchain
People call OpenBazaar a Bitcoin company, but it’s not. Not any more than Microsoft is a Bitcoin company for accepting bitcoin payments, anyway. OpenBazaar uses the network structure of BitTorrent.

Bitcoin Network vs BitTorrent Network
A brand-new Bitcoin node discovers other nodes by hitting up a few known seed nodes. The seed nodes return a list of IP addresses for other known nodes. When someone sends a transaction through a node, the node broadcasts it to all of their peers. If the peers consider the transaction valid, they rebroadcast it to all of their peers.

Whereas Bitcoin operates on consensus, BitTorrent operates on discovery. I don’t need to broadcast to the entire network that I’m looking for a pirated copy of Game of Thrones. I just want to find some peers who have the episode.

BitTorrent nodes maintain a distributed hash table (DHT), which is like a location map for all the clients in the network. An infohash of each available torrent is also stored in the table.

If I want to download Game of Thrones, I send a request for the torrent infohash to any known node. That node will reply with the contact information of nodes from its routing table that are closer* to the infohash than itself. I keep querying subsequent nodes, getting closer and closer, until I hit a node that has the infohash. The node with the infohash replies with the contact information of peers who are downloading the Game of Thrones torrent. And I connect to them for my download.

*The distance metric is an XOR function. Not physical distance.

OpenBazaar, the Decentralized Marketplace
The OpenBazaar network operates using the same distributed hash table approach as BitTorrent. Stores are nodes, each running OpenBazaar on a client machine. Each store has a unique GUID.

Assume for a moment that I have the GUID of my friend George’s store. Through the distributed hash table, I locate the store’s IP address and connect to the store. Maybe I see that his store is selling a ziplock bag containing some carpet freshener:


The store listing is actually an unsigned Ricardian contract containing a description of the item. No, it’s not a smart contract.

If I want to purchase this bag of carpet freshener, I sign the contract. George signs the contract also, to confirm that we agree on the trade. The contract is sent to a third party. An arbiter, notary, oracle, whatever, someone who agrees to settle any disputes. The arbiter puts a third signature on the contract and sends everyone a copy. A multi-signature bitcoin address is appended to the contract.

This is the escrow address. Outbound transactions require two out of three keys. Me, George, and the arbiter each have a private key. As the buyer, I send a bitcoin deposit to this address and wait for my carpet freshener to arrive in the mail.

My input initiates an unsigned transaction. I set the output to George’s bitcoin address, but without any signatures, the transaction doesn’t do anything. I send the unsigned transaction to George.

If the carpet freshener arrives and I am happy, then I send George my signature, which is generated from my private key and the transaction.

George generates his signature too, because he wants to receive the money. With two signatures, George can send the complete transaction to a Bitcoin node, which will broadcast it to the network for confirmation and settlement.

If the carpet freshener arrives and I discover that the bag actually contains some morally reprehensible substance, I might refuse to sign the transaction. Then the arbiter comes in, and if she agrees that I have been wronged, she doesn’t sign either. The transaction expires without completion and the input deposit is released back to its origination, which is my bitcoin address.

Or maybe I lied, and the arbiter determines that I did in fact receive Grade A pure Colombian carpet freshener. Then she would sign the transaction instead of me, and George uses her signature to get his payment.

Bazaar Bay
How can I discover all the fantastic resources on offer in my BitTorrent network? The Pirate Bay provides a searchable database of torrent infohashes. And of course, someone already set up a Bazaar Bay to search for stores and their associated listings.

Check out Elaine’s store!
I set up a node to run a store on my server. I created a tunnel so that anyone can use my store as a portal to try out OpenBazaar without actually running a node. Try it! You can even sell stuff! Just don’t list anything that would get me thrown in prison, please.


1. DHT Protocol –
2. OpenBazaar wiki
3. OpenBazaar Git Repository

The Winklevoss Twins are Launching a Bitcoin ETF

winklevoss twins bitcoin

Can’t be a worse investment than the Facebook IPO, right? Takedown from the Macro Man:

It’s an IQ test. Bitcoin is anonymous, untaxed (for now) and quite liquid in and of its own right despite all the complexities of a cryptocurrency. A bitcoin ETF is taxed, has fees, may or may not be liquid at all.

To be fair, physical gold is anonymous and quite liquid. Does that mean GLD is an IQ test?

See Also:
The Winklevoss Twins Would Like To Help You Trade Bitcoins With Their Bitcoin ETF –business insider