[Bitcoin-development] The relationship between Proof-of-Publication and Anti-Replay Oracles

Peter Todd pete at petertodd.org
Sun Dec 21 16:07:13 UTC 2014

On Sun, Dec 21, 2014 at 12:25:36PM +0100, Jorge Timón wrote:
> So let's go through an example to see in which ways
> non-proof-of-publication orders are "insecure".
> Alice the seller wants to sell 1 unit of A for 100 units of B.
> Bob is willing to pay up to 200 Bs for 1 A.
> Let's assume a proof of publication system first, in which the
> execution price is the mean between bid and ask.
> Alice publishes her order.
> Bob could publish his order at price 200 Bs and the order would
> execute at 150 Bs.
> But after seeing Alice's order he knows he doesn't need to pay that
> much, so he publishes and order buying for 100 Bs.
> Alice gets 100 Bs (what she signed she wanted) and Bob pays less than
> he was wiling to pay, he pays 100 Bs. Everybody happy.
> Now let's assume native assets and sighash_single.

Incidentally, SIGHASH_SINGLE is just as usable in embedded consensus;
it's not specific to native assets.

> So again, what's the advantage that proof-of-publication provides TO
> ALICE so that she will be so eager to pay the higher costs to get the
> same deal?

Like I said the last time this issue was discused on the mailing list,
it's silly to think the seller of an asset starts off with a specific
price they want to sell it at and is happy no matter what happens or how
it gets fufilled. In the real world sellers and buyers want to know
they're connected to actual sellers and buyers - not sybil attackers
trying to shave off a margin for themselves - and are willing to pay a
premium for that. Note all the hatred and vitrol directed towards
high-frequency traders...

How *much* of a premium is an interesting question, and depends a lot on
the specific scenario. For instance I fully expect to see a whole
variety of mediums become used for the proof-of-publication needed,
ranging from directly on a major blockchain to minor/less secure
blockchains like Bitmessage over treechains to centralized-but-audited
proof-of-publication schemes - AKA centralized exchanges - to standard
exchanges. Point is, the concept of proof-of-publication makes these
tradeoffs and options available and lets end-users pick the right one
for their needs.

Accurate unbiased price information is worth money. In systems that
allow third-parties to republish asset bids and offers we'll even see
third-parties republishing bids and offers from less secure systems to
more secure systems to get better price discovery.

> If this example is not enough to be able to explain the advantage of
> proof-of-publication markets feel free to write a more complex one.

I gotta ask, have you actually run the design and tradeoffs of
Friemarket's past actual finance types? I have, and it's remarkable how
excited many of them are about cryptographically provable fair price

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20141221/5262d433/attachment.sig>

More information about the bitcoin-dev mailing list