EnCoin Proposal
Revision 3.0
2011/09/29
ryan26ix@yahoo.com
https://bitcointalk.org/index.php?topic=46237.0
0. Foreword
I am not a cryptographic or networking protocol expert. In email discussions with several other Bitcoin dissenters, many ideas were discussed about how Bitcoin could be made better. I incorporated these ideas plus many more of my own into this proposal.
I am willing to design a GUI for this software. As I stated above, my cryptography and networking abilities are not up to par for this project, so I would need help in those areas if this project were to proceed. If you think you can help in any way, please email me at the address above.
Many specific details of how this network would run will have to be hammered out in the development process. So, for the time being, exact details of how the EnCoin network would function are beyond the scope of this proposal. Concepts and hard values are subject to change.
1. Introduction
EnCoin is designed as a competitor to Bitcoin while initially piggy-backing on Bitcoin’s relative success to help aid its own bootstrapping. Many of the design principles are very similar to Bitcoin, but the core values are quite different.
This proposal assumes a strong familiarity with how Bitcoin already works.
If you do not possess this familiarity, please see: https://en.Bitcoin.it/wiki/Main_Page
2. Goals of EnCoin
The primary goals of EnCoin are as follows:
3. Definitions
Client, Software – The actual computer software that individual computers use to join the Network.
ENC – The unit of the EnCoin currency.
FreeNet (FN) – A conglomeration of a maximum of 100 Network peers that work together to mint new currency and secure network transactions by consensus.
FreeNet Block – A block of data that contains a solution to a cryptographic problem which is used to determine the award of new coins to a FreeNet.
FreeNet Peer – A peer that is a member of a specific FreeNet and works to secure the network while minting new currency.
Hash – A deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, such that any change to the data will change the resulting hash value.
Network – (used with a capital N.) This refers to the EnCoin Network as a whole. In the scope of this document, it refers to the underlying protocol that processes transactions, creates new currency, and facilitates communication with Network peers.
Module, Network or FreeNet – A module is one among many possibilities that the Network or a FreeNet can select to modify various decision-making processes. In programming terms, there are a branch of possible ways for the software to take that is determined by which modules have been selected. Modules are selected by vote or consensus.
Peers, Network Peers, Users – Any individual that makes use of the Network. “Individual” may refer to a human being, but it may also refer to the computer that the human is using to access the Network. Peers or users may sometimes mean peers that are not a FreeNet peer, depending on context.
Primary Block (PB) – A block of data that contains the status of every aspect of the Network at one snapshot of time. It is created by a consensus among FreeNets.
Reputation – The system by which the Network gives higher credence to one FreeNet over another. It is also used on an individual basis for determining who may or may not join a FreeNet.
Reputation Points, Rep Points (RP) – The value used to determine which FreeNet has credence over another.
Signature, Sign – A cryptographic signature that cannot be forged. In a public/private key pair, the private key is used to sign data, and the public key that everyone knows is used to verify it.
Transaction – A means of transferring currency from one wallet to another over the Network.
Wallet – A wallet is a cryptographic representation of a store of currency. It consists of a public and private key. Only the peer who knows the private key may use the currency contained in a wallet by signing a transaction.
Wallet Key, Wallet ID – Generally refers to the public half of the public/private key pair associated with a wallet. This key is used to identify one wallet from another.
4. FreeNets
FreeNets are the backbone of the EnCoin Network. FreeNets are small groups of individuals and their computers that work together to mint new currency and secure the Network.
4-1) Creating and Running a FreeNet
Any Network peer may create a FreeNet whenever they wish. However, to avoid spam, there is a fee associated with making a new FN. To offset the cost of the fee, the creator gets to name the FN and that name is permanent for as long as that FreeNet exists. In creating a new FN, a peer will create a special transaction with a new private key that contains a name for the new FreeNet, the hash value of the current Primary Block, and the IP address of the creator.
When the new FN is approved by the Network, the creator may begin inviting other peers to join his FN. To invite them, he must give out the private key to his FN. New peers looking for a FN may also request the key. At this point, the creator no longer has any more control over the FN than anyone to whom he has given the private key.
To avoid subversion attacks against this rather easily available private key, the Network will employ several mechanisms. The first of which is that the key will change each time the FreeNet creates a new block. This eliminates anyone who has ever been a member of the FN from subverting its reputation. Secondly, it will be easy to distinguish a peer who is not currently a member of the FN based on the last block. Peers will not accept new blocks from a peer that has no history with the FN in question. Beyond that, there are other double-checks described later in this proposal.
After a sufficient number of peers have agreed to be members of this FN, they will begin to work on a computationally difficult problem. When this problem is solved, they create a FreeNet Block. This block contains the solution to the problem, the payout award structure, and a random selection of IP addresses of members of the FN. All members of the FN then agree that this is the correct structure, then sign it with the private key of the FN and pass this block on to all of the other FNs.
4-2) Confirming Transactions
While members of a FreeNet are working on a solution to their problem, they are also receiving new incoming transactions from Network peers and blocks of transactions from other FreeNets.
When a new incoming transaction is received, the FN members will check to make sure that there are enough coins available in the balance of the “From” account. If all of the members agree that this is the case, they will add this transaction to their transaction block.
When a block of transactions is received from another FreeNet, the FN members will again check to make sure that all of the transactions are for valid amounts, then add this block of new transactions to their own transaction block. Any transactions that the FN has already seen and approved will not be added to this block.
Every 15 seconds, members of the FN will double-check agreement of transactions in their transaction block, then sign this block with their FreeNet private key. Each individual member will then sign the block with his or her own private key, and then send this block on to every other FN that they are connected to.
4-3) Primary Blocks and Achieving Consensus
Once per day at a pre-determined time, all of the FreeNets will stop working on problem solutions and work to achieve a complete consensus of what has transpired in the previous day. With issues such as internet latency, dropped connections, and intentional attacks against the Network, this may at first seem like a daunting task. However, there are rules and regulations in place to ensure that this process runs smoothly. These are detailed in Section 7-3.
The Primary Block is the result of this achieved consensus among FreeNets. It contains several sub-blocks that contain all of the information required to function on the Network:
Once a consensus on this block has been reached, each FreeNet peer will sign the hash value, then each FreeNet signs the combined signatures into one block and sends it to the rest of the Network. Upon connecting to the network, any peer may request this new PB and batch of signatures to bring themselves up to date and ensure that the entire Network agreed that this is the correct version of events.
5. Reputation
Because the EnCoin Network is a decentralized protocol, there is no guarantee of an individual node’s trustworthiness. In fact, a group of people may very well decide that they feel that the Network is an affront to their sensibilities and that it must be brought down and will do everything available in their power to do so. Because the Network employs a system of reputation, attacking the consensus of the network will be magnitudes more difficult (see Section 10-1).
5-1) FreeNet Reputation
Each FreeNet starts with 1 Reputation Point when it is created. When the Network works to achieve consensus while creating a new Primary Block, each FreeNet that has approved every transaction and created at least 1 FN block during the last day will receive an additional RP. The maximum achievable reputation for a FN is 360, or about 1 year of working for the Network. As reputation increases, rewards are provided by the Network for that reputation. These rewards are described in Section 8-1.
If a FN has failed to create a block, they will lose 2 RP. There has to be a heavy cost associated with gaining reputation; that cost is paid in the form of electricity. If no block was created, there is no proof of electricity.
If a FN fails to respond, agree, and sign the new PB during consensus, they will lose 20 RPs. This is to quickly weed out FNs that are no longer being used.
If a FN will not come to consensus with the rest of the Network, their reputation will be set to 0. The only likely reason for this occurring is that the FN has been overtaken by untrustworthy individuals.
5-2) Peer Reputation
Individual peers do not earn a reputation per se, rather the wallet that they use for depositing coins from their FreeNet work gains reputation. Since there is no way to identify exactly who a peer is on a semi-anonymous network, it is more reliable to use a wallet for which there is a uniquely identifying private key.
Peers gain reputation in a similar manner as FreeNets: firstly, be apart of a FN that creates a block; secondly, the peer must be present and sign the new Primary Block at the time of creation—and a point of reputation is gained. Peer reputation is used as a minimum requirement to join more reputable FreeNets. There is no maximum peer reputation.
Peers do not lose reputation if a FN does not make a FN block. However, if a peer wallet has not had any activity in securing the Network for a long period of time, they will begin to lose reputation.
Peers that are caught doing something that is outside the rules of the Network such as approving a transaction that their FN did not agree to approve, that peer’s reputation will be set to -1000 and any funds that happen to be in that wallet will be destroyed by the Network. This does not prevent them from simply using a new wallet, but the new wallet’s reputation will be zero, and any previous benefits will be gone.
6. Economic and Monetary Policy
The goal of EnCoin’s economic and monetary policy is to maintain a consistent amount of value per coin that is not affected by fluctuations in the value of world currencies; or in fact not affected by the supply or demand of itself. In simple terms: if a loaf of bread costs 1 ENC now, unless the fundamental process for making bread has gotten more or less expensive, a loaf of bread will always cost 1 ENC.
6-1) 1 ENC Equals 10kWh of Electricity—Maintaining Value Vs. Fiat
EnCoins are designed to have an intrinsic value that tends toward 10kWh of electricity. Because electricity prices vary around the globe (see Section 11) and because EnCoin can only make educated guesses as to how much electricity is being used to produce coins, 1 ENC can never be exactly equal to 10kWh.
Additionally, 1 ENC can not be traded back for 10kWh of electricity like a gold certificate could be exchanged for gold—then again, historically this has never been the eventual case for gold certificates either. For technical details on how EnCoin works toward 10kWh, see Sections 8-2 and 8-3.
6-2) Market Factors; Supply and Demand—Maintaining Value Vs. Itself
When too much money is available to go around for too few products and services, prices inflate. When too little money is available to go around for too many products and services, prices deflate. In a perfect economy, the amount of currency in circulation would automatically adjust to keep either situation from happening. In theory, entities such as the US Federal Reserve exist to facilitate this process. In practice, they are often corrupt in that they do not have the best interest of the people in mind but their own machinations or those of politicians.
EnCoin has a set monetary policy that does not change. It is indiscriminate of creed, color, wealth, or influence. It is controlled and distributed by The People, with no intervening authority.
Since the Network itself has no knowledge, and can not effectively be programmed with the knowledge, of how factors are affecting supply and demand and the exchange value of 1 ENC, the Network guides its users into making their own decisions that will effect the desired result. This is achieved through three major attributes:
7. Network Details
This section contains details of various aspects of how the Network operates.
7-1) Sending and Receiving Transactions; Confirmations
Sending a transaction to the Network is fairly simple: a peer need only connect to a FreeNet peer and give them the signed transaction. Receiving transactions or transaction confirmations is a little bit more tricky. For the network to consider a transaction as confirmed, greater than 50% of the total FreeNet reputation must sign it.
For example: there are 4 FreeNets in total named A, B, C, and D. Their RPs are respectively as follows: 25, 100, 4, and 75; the “total reputation” being 204 points. Every FreeNet and peer is aware of the total amount of reputation that exists. If FreeNets A and B or FreeNets A, C, and D have signed a transaction, then it is confirmed and is guaranteed to be in the next primary block. If only A and D, A and C, or C and D have signed it, then there is not enough reputation points to confirm the transaction yet.
To receive a transaction or verify enough FreeNets have confirmed a transaction, a peer must ask a FN peer to “keep an eye out” for transactions related to him. Because transactions are not confirmed individually but in blocks, these blocks may be very large in the future with many transactions per second. Instead, a FreeNet peer stakes his reputation by signing a message that says the transaction is confirmed. This is a potential point of attack (unlikely as the FN peer cannot control who uses his confirmations) so it should be addressed later. A client should not have to receive multiple “confirmed” confirmations to be sure a transaction is confirmed.
7-2) Communicating with the Network; Anonymity
Communications throughout the network are unencrypted (see Section 9-1). This means that an ISP or government agencies can see what wallet addresses belong to you if you use it to send or (potentially) receive transactions. The FreeNet peer(s) with which you are communicating will be able to associate your wallet(s) with a specific IP address, though they will not know who you are. The Network makes no promise of secure anonymity at all. This is up to the user. There are many services available nowadays to mask your IP address; most of then are encrypted. Free services such as Tor and I2P; pay services such as virtual private networks and proxy servers (which can also sometimes be free).
To be a part of a FreeNet, your connection must allow incoming connections. This excludes Tor and possibly I2P (NB: author is unsure) and proxy servers from being valid ways to be a member of a FN. Being part of a FreeNet means that other peers associate your IP address directly with your FN wallet.
See Sections 9-2 and 9-3 for more information on possible anonymity-helping features that could be part of the Network.
7-3) Achieving Consensus; Primary Block Creation
The first order of business to achieving consensus is agreeing on a time at which it will happen. Each Primary Block contains a figure that represents the number of seconds since the original PB. 87,300 seconds later (24 hours and 15 minutes) is the designated time for the next consensus. It is longer than a day so that consensus does not happen around the world at the same time every day. Rather than a normal timestamp, this number of seconds is used as an internal Network timestamp.
At this point, no new transactions or FreeNet block solutions will be accepted into this PB. Transactions will still be confirmed as normal, but the balance changes they imply will not be reflected in the new PB. Transactions that occur on the cusp of a new PB will be added based on whether or not greater than 50% of the reputation has signed it with a timestamp before the set consensus time.
At this point, if a FreeNet has any transactions that are not confirmed by greater than 50% of the total FreeNet reputation, they will attempt to rectify this by checking with other FNs get those remaining confirmations. Now, due to the nature of the Network, each FreeNet should know exactly how the new PB should look. Each FN will then build this PB, have each member sign the hash value, then sign the PB hash value and signatures and pass it along to each other FN.
All FreeNets should agree on exactly the same PB. If there are minor disputes, they will be resolved by providing missing information. If a FreeNet continues to dispute the correct PB in the face of supplied information, this FreeNet and all of its members will have their reputation set to 0. This situation could only occur during an attack on the network—see Section 10-1 for more details.
Once consensus is achieved, FN peers will begin propagating the new PB to regular peers.
7-4) Inter- and Intra-FreeNet Communication
In an effort to reduce required bandwidth and number of needlessly open connections, members of an individual FreeNet will only be openly connected with 4 or 5 other members of that FN. They have information on all the active members such as their IP address and wallet keys, but they will only indirectly communicate with the entire FN—unless, of course, there is a major problem.
When it comes time for a FreeNet to agree on something as a group—such as sign a block of transactions—one member will be randomly selected based on a function that everyone knows, and the information that that member supplied will be distributed throughout the FN.
Additionally, each member of a FN will be connected to members of other FreeNets. The FN will attempt to arrange this in an optimal matter so that too many peers are not connected to one FN while too few to another. However, the FN will work to make sure that they are connected to at least 2 members of each other FN so that in the case that there is someone subverting the trust of a FN, all data can be double-checked. Which member connects to which other FNs will again be randomly chosen and known so that it is not possible to infiltrate multiple FNs with the intent of spreading disinformation.
7-5) Modules
While the concept of modules has not been fully fleshed out, they will essentially be options for which FreeNet peers can vote. Some will be options that only affect an individual FreeNet based on how the members of that FN vote; most others will be Network-wide options or upgrades that improve the Network. Modules should never affect the basic economic or monetary principles of the Network, but it is possible that a fork of the Network could be made if a significant number of clients agree to it. As the Network expands, this possibility will grow less and less likely, however.
8. Energy Equilibrium
This section contains details on how the Network achieves to reward coins as equally as possible for the amount of energy used while giving a bonus to those that make a serious effort to secure the Network.
8-1) Creating Coins; Rewarding Work and Reputation
Each FreeNet is given a mathematically difficult problem to solve. This problem is based on finding a cryptographic hash value that is lower than a target amount (i.e. it has more zeros in front of it). This process is fundamentally the same as Bitcoin’s except that each FreeNet works on its own problem instead of the network as a whole competing. This significantly reduces the amount of luck involved in minting coins. As computer processing power increases with time, the target amount becomes proportionately lower. This means it is more difficult to find a target value. The result is that more processing power per computer does not mean that more coins will be created.
Because creating coins is in effect both a “proof-of-work” and “proof-of-security”, the Network can generally assume that anyone creating those coins is doing so for the benefit of the Network. One can not create coins and not also confirm transactions and secure the Network. However, to always assume that this is the case would be short-sighted. That is why the reputation system exists. With the reputation system, the Network can know which individual peers have actually been working for the security of the network for a significant length of time.
Since peers that have worked for the security of the network for a long time are more likely to be trustworthy, they receive benefits to reward them for their service and to encourage their continuing service. The premier benefit is a tiered payout award that is described as follows:
During times of economic stability, new coins need only be minted to replace those which have been lost to the transaction fee. To encourage many FreeNets to stay active—the more FreeNets the more security—FNs will have the option to go into a “cool-down” mode where they mint less coins for an easier difficulty. These difficulties are proposed to be 1/5th, 1/10th, and 1/20th of the normal difficulty with an equivalent number of coins awarded—with exceptions; see the next paragraph. FreeNet and peer reputation will increase only at the same, divided rate so that this can not be used to gain reputation for a lower cost. Effectively, this can mean a FreeNet can be run as merely a background process that does not use a significant amount of the computer’s energy or resources; this makes it much less invasive for the user and more likely that they will continue to work for the Network even when little profit is promised.
During times of price inflation when even mining at 1/20th of the difficulty could be for a loss or to only break even, FreeNets need to be encouraged to continue securing the Network. Therefore, Level 3 FNs will be awarded 1/16th of the coins for a 1/20th cool-down. Level 4 FNs will be awarded 1/8th of the coins for a 1/10th cool-down as well as 1/16th for 1/20. Level 5 FNs will be awarded 1/4th for 1/5th as well as the other two benefits. The inherent reward remains the same, but the higher level networks will be able to produce more coins at once if they so desire. This may further help reduce inflation in a stable economy as higher level networks are encouraged to reduce their output.
Other benefits will be available to higher level peers as the Network is discussed more and fleshed out.
8-2) 10kWh of Electricity; 200W per Peer
To approach the value of 1 ENC equaling 10kWh of electricity, the Network makes a very big assumption that the average computer is using 200W of electricity dedicated to the process of creating coins. If the average computer is instead using 100W or 300W, this by itself poses no problem—the sell price and value of 1 ENC will simply reflect that amount of work instead (5kWh or 15kWh respectively). The 200W figure was chosen because that is a ballpark estimate that is quite reasonable based on modern computers. The 10kWh figure was chosen because it is on an equivalent scale to the world’s most traded currencies (i.e. 1 ENC will be worth 1-2 USD/CAD/EUR/etc.). The number of coins that are awarded are based on these two figures.
In the future, if the average user would be using more than 200W of electricity in the effort of producing coins and securing the network, the solution is very simple: reduce the amount of energy used by lowering the amount of computer resources dedicated to the task. If users, on average, continue using more than 200W, they will increase the value of all coins beyond 10kWh. While this is not a terrible effect, it does not benefit these users in any way as this value is spread across all coins.
If the average user would be using less than 200W, then a problem arises. If, for example, 1 million coins were created at a cost of 10kWh each then another million coins were created at a cost of 5kWh each, the combined value of the coins would be 2 million @ 7.5 kWh. This means that coins saved go down in value (NB: compared to themselves; fiat inflation and increasing electricity prices may easily counteract this). Based on current and past indicators, the likelihood of this happening is low but not impossible with future technology.
To reduce the effects of this happening, EnCoin may have another form of built-in deflation: gradually increasing the amount of time (per solution) it takes to create coins, over time. For example, today, if it takes 6 hours for an average FreeNet to find a solution, then tomorrow—what tomorrow means is not yet defined but must be worked out in the development process—it may take 7 or 8 hours or even 10 hours for an average FN to find a solution. If the energy usage used to create coins stays stable or increases, users only need to adjust the output of their computers as described in the case of increasing energy usage. If the energy used to create coins does in fact decrease, then they keep running at full power and “cheap coins” are not added to the economy.
This has an unintended side effect of requiring more people to make the same amount of coins in the same period of time, but for a combined amount of the same use of electricity. This is probably a good thing. No one is losing value or increasing value of other people’s coins; coins are just not as easily available to create. This means more users will be part of FreeNets; the Network is more secure.
8-3) Rewarding Electricity instead of Efficiency
The goal of EnCoin is to not have the most expensive and fastest computer. The goal is that electricity equals coins. Since there is no way for the Network to know precisely how much electricity someone is using, the Network implements a major mitigating factor in the structured payout awards in FreeNet blocks.
While the payout structure itself is TBD, the biggest, fastest hashing machine will not be rewarded as much as they would hope. It will be based on a set percentage given to the final placement of each peer’s best hash value. For example: you could throw the biggest super computer in the world in a FreeNet, but if the winning hash value only gets 20% of the pot, this supercomputer is subsidizing everyone else in that FreeNet.
So this encourages people to simply use their normal, everyday computer for making coins. There is little incentive to build a massive, 4x GPU machine to mint coins faster. It will not benefit you much, and the costs of the hardware may take years to recoup. If an average everyday computer used by an average everyday person can join the Network and have some fun while making a little bit of money on the side, the Network has the ability to be much more popular.
On the flip side, it is obvious then that someone could run the most pathetic computer in the world and still retain the minimum payout for last place. To prevent this from happening, there will be a minimum hash value required to receive any payout.
Hopefully, a balance can be achieved where computers that are more efficient in the amount of hashes per the amount of energy can subsidize computers that are not as efficient—while still being in everyone’s best interest to remain at full power and compete for a better prize. It will never be perfect, but it can come closer than not.
By not using a “share” system that has to be employed by Bitcoin pools due to their nature, there is little point in FreeNet hopping. But, if exploits in the system are discovered at a later time, the payout structure can change as it is a module (see Section 7-5).
9. Additional Features
These are topics that may or may not be additional features of the Network.
9-1) Encryption
There is a possibility that the Network may at some point be encrypted so that transactions can not be easily associated with an IP address by unwanted observers. Whether or not it is feasible or worthwhile is up for discussion.
9-2) “The Cloud”
Without even having an effect on the FreeNets, an outer layer of obfuscation could be added to the Network that peers may use to semi-anonymously send transactions and request information so that it would be difficult for any other peer to assign an IP address to a wallet key. Each request would have a random number of hops to travel before a peer would send the information on to “The City”, or the FreeNets. However, requesting information would not be all that reliable as if any peer in the chain of hops drops out, the request will not make it back to where it was requested from. It can always be requested again, though.
However, using a FN peer to “keep an eye out” for your transactions (Section 7-1) would seem to break the anonymity. Though I suppose since most every peer will want this service, it might not have much effect. But, because there is no way to know if a peer in the chain has disconnected, at least two requests would have to be made (resulting in more data requests for the FNs). It would make things very tricky. Perhaps some kind of “hello” signal that is sent back along the chain every so often.
Even better, groups of small “clouds” that work together to get all the information from one FN peer, then propagate it to all members of that cloud. This could even significantly reduce the load on the FNs. However, it would seem anonymity would definitely be broken when a new member joins this cloud. Needs to be discussed. Perhaps this could be a great use for a PGP-type public/private key encryption. How to keep the FN peer and the peer connected to that FN peer from colluding or doing something malicious though. Still, the viability of that kind of attack would be low, as there would be many clouds and no guarantee a user of interest would be in one of them. And there may yet still be a way around it. Definitely a good topic of discussion.
9-3) Blind Signatures; “Mixing” coins
Although transactions are not quite so easily traceable in EnCoin as they are in Bitcoin, some peers would find the feature of disassociating coins with a certain wallet useful. This could be provided as a service of the Network itself.
An example of how this process would work: A user creates a transaction with a set amount that is from a list of available amounts (likely E10, E25, E100). Then, using a blind signature algorithm, they hide the wallet address of where these coins are supposed to go. This transaction is then added to a pool that is maintained by the FreeNets. Once there are a significant enough amount of transactions for that same coin value (to prevent users from using them too soon and revealing the source), the FreeNets will deposit these coins into wallets set aside for this purpose. Each wallet signs a specific transaction, and these transactions are available for anyone to view. Only the original person who blinded each transaction may then “unblind” it and send it as a normal transaction (from a different IP address, preferably). The unblinded transaction is then checked against the list of available blinded transactions, and if it matches one, it is processed.
Because this leaves a lot of transactions around that haven’t been processed, these transactions will eventually be dropped if they are not used. There will also be a significantly higher fee involved over a normal transaction fee, probably 2.5%.
9-4) Global, Private, and FreeNet messaging
The EnCoin Network is not just a lump of computers used for making and transacting in digital currency; it is also and should be a community. Being able to talk to other people is a big part of being a community.
Global messages will have a significant fee attached as these will be broadcast to the whole Network. 5 or 10 ENC seems reasonable. Vendors can use it as a way to advertise places that accept ENC. Users could use it as a soap box for all kinds of issues that will hit a wide audience of like-minded individuals. And it could be used for good ol’ spam. But it’s spam that helps support the network and create new demand for currency.
Private messages will work almost identically to transactions, but they will have a set fee schedule based on certain amounts of allowed data.
FreeNet messaging will be a way for FN members to communicate with each other easily. There is no fee as it is just communication that is sent to other members of the same FN.
9-5) Escrow Service
As with Bitcoin, the EnCoin Network has a strict policy of “no takebacks.” Transactions are final; or are they? By implementing a remedial escrow type service in the Network, users could avoid an extra transaction fee from first transferring money to the escrow service, then that service passing the transaction on to the next user. Instead, allow a special transaction type that has an “escrow wallet key” field, charge an additional small flat rate, and the transaction is not released until the escrow service gives the OK.
This also could work for market exchanges as well, but the transactions would have to be agreed upon beforehand, not simply put into a big pool and paid out as demanded.
It could be a viable and secure option for users that do not want to trust someone else holding on to their coins.
There would, of course, have to be a set amount of time that, if it passed, the transaction amount would be returned to the sender’s account.
10. Attacks on the Network
It goes without saying that a service of this size and scale—not to mention being mostly related to money—would be the subject of attack. May as well start with the scariest first.
10-1) The Sybil Attack – Status: Possible but costly, and does not accomplish much
May as well let Wikipedia explain:
“A Sybil attack is one in which an attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous entities, using them to gain a disproportionately large influence. A reputation system's vulnerability to a Sybil attack depends on how cheaply identities can be generated, the degree to which the reputation system accepts inputs from entities that do not have a chain of trust linking them to a trusted entity, and whether the reputation system treats all entities identically.”
So what happens if a group of people dead-set on disrupting the Network manage to somehow take control of 50% or more of the total reputation of the Network? They could change wallet balances on a whim. They could prevent any transactions from being approved. They could simply have their merry way with the Network.
Well, their network.
The “honest” FreeNets are designed to fork away from malicious FNs. As stated in Section 7-3, FreeNets that refuse to reach consensus will have their reputation set to 0. This applies from both sides. The evil network will set the good network’s reputation to 0, and the good network will set the evil network’s reputation to 0.
So what’s a poor client to do in the face of two opposing networks? Ask for proof. As long as the client is connected to at least one honest node, that node will be able to inform them of a network split. The honest network will be able to prove that the Primary Block is as exactly as it should be; the dishonest network will be incapable of doing so.
What’s a poor client to do in the unlikely event that they are not connected to a single honest node? Check the signatures. Clients will do this every time they receive a new Primary Block. All of the signatures of every single FN and FN member sign the PB with their unforgeable signatures. If, all of a sudden, there are only half the amount of signatures from the previous block, major red flags are set off in the client software that Something Is Not Right. But not being connected to a single node is a highly unlikely event when the client can have a list of all IP addresses they have recently used in the Network, plus the IP addresses contained in the previous PB for each FreeNet.
Couldn’t this attack cause repeated disruptions of service, and an all around general hassle? Well, that depends on whether or not the malicious group of peers enjoys lighting money on fire.
Take for example a Network size of 50,000 users, approximately equivalent to Bitcoin’s network right now. Say the average amount of FreeNet reputation is around 180 and stays there (some users go up, some quit and new users lower the average). Also, to avoid variance and the potential for losing 2 RP from missing a block, each FreeNet they create will have to create about 3 blocks a day. They will also want to aim for at least 60% of the current trust in case of more honest members joining. 3 blocks a day, plus hardware, for each of 600 FreeNets (assuming 50 users per FN), for 180 days, will cost approximately $10,000 in hardware and electricity. Per FreeNet.
$6,000,000 and 6 months for one shot. And the honest Network continues along just fine.
10-2) The Entire Network Decides to Start Paying Itself Double – Status: Impossible
An idea spreads through the interwebs like wildfire, “y don’t we pay out double 4 r ecpextional service 2 tha world?” and it is responded to with cries of “YA!” and “totally d00d” and so on. Well, while theoretically this could happen, untheoretically no client will ever accept a PB with non-standard payouts (among many other things). So they could totally pay themselves double, but their money would be totally worthless as no one uses the network. If the entire FreeNet and all of the clients that use the service agreed, then and only then could it happen.
10-3) A FreeNet Member Uses the FN’s Signature to Approve a Bad Spend – Status: Possible, but stupid
A “bad spend” is defined as a spend for more than the balance in the wallet in question. The FreeNet member in question would likely be using one of his own wallets for this purpose. Every FN does not necessarily know how much exists in a given account because they may not have received every transaction yet. If a FN receives what it considers a bad spend, it will ask for all transactions to date (since the last primary block) for this wallet. Since FNs should be connected to more than one person from each other FN (if not, they can still check with other FNs), they can multiply verify that they have missed a transaction, or that the node that originally sent the bad spend is being subversive. If the node is being subversive, a broadcast will be announced showing proof. They will have their trust set to 0 and funds removed.
11. Q&A
A random assortment of questions and answers that have come up in discussions of EnCoin.
Q: How will you prevent application-specific devices such as FPGAs or ASICs from making nearly free money?
A: The concern is that FPGAs and ASICs can run the Network and make coins for a very low cost to produce; much lower than what the average user would pay. At least for the current algorithm that Bitcoin uses, FPGAs use a tiny amount of electricity for a slightly larger amount of hashes/s. They are more efficient than a GPU in terms of hashes/W or hashes/J. However, FPGAs have a very high start up cost in the range of $400-$500 and have no other use besides hashing. This means it is never a “sunk cost” as a part of a computer, so making coins would be the sole way to make a return on the investment. Two FPGAs would probably required to make about 15 coins per month. If there were a $1 profit per coin, this would take around 5 years just to break even.
ASICs, on the other hand, have an initial start up cost in the hundreds of thousands of dollars; sometimes into the millions. These are the types of chips in cell phones and other electronic devices. There is no feasible way these processors would ever see a return on investment unless a company mass-produced them specifically for EnCoin.
So what if a company does specifically mass produce ASICs for EnCoin? Well, I’m glad you asked. The hashing algorithm used by EnCoin and Bitcoin is currently SHA256(SHA256()). However, EnCoin will change this algorithm every so often, and randomly. With new hashing algorithms being designed all the time, the possibility of ever even coming close to getting a return on an ASIC investment is nil. This changing algorithm scenario also applies to FPGAs.
Q: How long will it take to confirm a transaction?
A: Including latency, between approximately 18-33 seconds, depending on if the transaction makes it into a FreeNet’s transaction block right before or right after it is sent to other FNs. By sending the transaction to several different FreeNets, it should tend toward the lower side.
As soon as transactions are confirmed (Section 4-2), they may be immediately re-spent.
Q: If I make 5 ENC for $5 in electricity, then sell that 5 ENC for $5, then use that $5 to pay my electric bill, won’t this paradox cause the universe to implode?
A: Yes.
Just kidding. You have added 5 ENC to the economy that can never be removed (save for the transaction fee). The electricity that went toward that purpose had no other significant use. Now someone has approximately $5 worth of digital electricity, and you have no electric bill.
Q: Why is there a transaction fee? Don’t people who make coins already get a profit?
A: The transaction fee does not go to the people who make coins. It goes to everybody who has coins. The value of each coin increases ever so slightly. So even though someone who just bought 5 coins may have only received 4.95 coins, every other transaction fee across the network is always making those 4.95 coins worth a little bit more. But, as the prices of coins increase it creates demand for new coins as well. Since creating coins and securing the Network go hand-in-hand (Section 8-1), there needs to be an incentive for new coins in a perfectly stable economy.
Any time a coin is actually used for trade of goods or services (i.e. not exchanged for fiat), the coins may actually be worth more than what the transaction fee takes. The main reason for this is because every single merchant that accepts Visa, MasterCard, PayPal, or any other payment processor has a 1-3% fee included in the cost of those goods or services to cover the fee of those processors. Since the fee for ENC is lower, they can charge a lower equivalent price and make the same profit.
Additionally, if the Network economy slightly shrinks, the transaction fee can help return the value of coins to 10kWh. This means that merchants can feel confident in charging the same amount of ENC even if the market price may fall slightly.
Q: My electricity cost is high. How will you prevent businesses that get electricity discounts or countries that have cheap electricity from making all the coins?
A: Unfortunately, there really is nothing that can be done about this. Each person will have to decide for themselves if minting is profitable—though there will be a helpful calculator in the client software to assist. Even if minting is only a break even or slightly losing venture, being a part of the community and helping secure the Network may just be enough of a profit margin for some. Additionally, if the amount of users that pay more for electricity far outweigh those that can do it cheaply, the exchange value of 1 ENC will reflect this and it will be profitable for a much larger number of people. It will just be slightly more profitable for those with electricity cost advantages.
However, there are some additional factors that might not be obvious at first, at least on a global scale. For example, Ukraine is known for having cheap electricity costs because of nuclear power. If EnCoins become so popular that they are accepted nearly everywhere, goods and services in Ukraine would most likely cost more EnCoins because merchants know they are cheap to make locally. In most of Europe where electricity costs are generally higher, goods and services might cost less EnCoins because the overhead of converting EUR to the currencies of cheaper electric economies will have an affect.
Q: I don’t get it. How will 1 loaf of bread always equal 1 ENC?
A: There are two primary factors involved in this. The first is that if the ENC is truly stable because of its monetary and economic policy (Section 6), people will demand ENC as a replacement for fiat. This increases the value of ENC vs. fiat. The second is that as fiat currency generally inflates, the cost of electricity will eventually follow. Now this second factor is likely to be a much slower process as the value is only gradually added to each coin. Combine the two, and you have a currency that may completely cancel out fiat inflation.
Q: Give me the nitty gritty. What kind of insane return on investment can I expect by being an early adopter to EnCoin?
A: Ok nobody asked this question, but I feel in the interest of full disclosure it must be answered. You won’t make very much money minting ENC. The average computer will (always) mint about 15 ENC per month. I have no idea how the market price will fair, but I’m guessing you will make between $0.50 or $1.00 per coin. This profit margin may be much higher if you are smart and actually sell in times of high demand as demand won’t stay too high for long since there is no limit on the amount of people who can mint new coins. The problem is, it takes a lot of time, so people who were around before will have that slight early adopter bonus.
As it is now, this is around the same profit margin you’ll get with BTC but without the risk of the value dropping to $0.01 in a sell-off. Also, as it will be possible to use hash values from the EnCoin Network as proof-of-work in the Bitcoin network, there is a very high probability that using EnCoin software will award both EnCoins and Bitcoins for the same work. This will be the real “early adopter” bonus as anyone can hedge their bets for either currency. Eventually, at a pre-determined block, the hashing algorithm will change and this exchange of hash values will no longer work. Then it will be up to survival of the fittest to see which network comes out on top.
12. Failures and Fallacies of Bitcoin
While the title of this section and my tone throughout it may offend some, I really mean to emphasize the danger of using Bitcoin. The fact of the matter is that Bitcoin’s economy is not stable and is unlikely to ever be stable. Buying or mining coins is a significant risk for little or negative reward.
12-1) The Pyramid of Wealth
Let’s get the most obvious and most hotly debated issue out of the way first. Whether intentionally designed this way or not, Bitcoin transfers real, measurable and immense amounts of wealth from those who don’t have coins to those who do. Let’s cover some facts first before delving into the deeper meaning of this.
FACT: Satoshi and likely a few other select people mined millions of coins for a total investment of a few hundred dollars. The first 1.6 million coins were mined at a difficulty of 1.
ANALYSIS: A difficulty of 1 means it would take approximately 3-5 CPUs 10 minutes to find 50 BTC. The average length of time to find these coins was over 10 minutes; somewhere in the range of 13 minutes, meaning that less than 3-5 CPUs were mining. By my calculations, each one of these coins cost approximately $0.00016 to produce.
FACT: Nobody knows who Satoshi is. He remained completely and utterly anonymous throughout the entire discussion and creation of Bitcoin. It has been said (NB: hearsay) that he made use of the Tor network to anonymously browse and post on the bitcoin.org message board.
FACT: Once Bitcoin’s popularity started hitting mainstream, Satoshi completely disappeared and has not been seen nor heard from since.
FACT: Bitcoin’s system of “pseudo”-anonymity makes it incredibly difficult to know if any of these early coins have been spent or merely moved to a different wallet. I have not studied the movements of these early coins, so there may be obvious signs that they are in fact in the same general hands. Even if they have been “spent” or rather traded to someone else, the large quantity of sums passed in the early days for tiny amounts of money simply move the power somewhere else.
ASSERTION: Add all of these facts together, and it appears as if Satoshi had designed everything from the start to be a pyramid scheme. What possible reason could Satoshi have for going to such extreme lengths to maintain anonymity if not for the possible backlash when the market eventually crashes and burns and tens of thousands lose all kinds of money? “He’s a private person.” Really? That’s the best excuse? He is so modest and noble that he doesn’t want credit for a system that could revolutionize the planet? And went to such lengths that nobody could ever figure out who he is? (Except perhaps the owner of Mt. Gox when he cashes out his winnings.) “He’s a very private person.”
ANALYSIS: By my gross estimates, a single BTC currently costs about $4.30 to produce, including the cost of expensive GPU hardware. A current BTC sells for less than $5.00. This is over a 3,000,000% return on investment for the entirety of those 1.6 million coins, and a pitifully small 16% ROI for newly mined coins.
ASSERTION: By the time real demand showed up with the Gawker article that brought Bitcoin and Silk Road into the spotlight, it was incredibly obvious that massive amounts of coins were still being hoarded to drive up the price. Analysis: Driving up the price is a very good way to get people sucked into mining with the promise of insane profit and driving the system even further.
ASSERTION: Bitcoin will never be accepted by legitimate, reasonable businesses because of these factors. Bitcoin can never be more than a speculative game that requires new, unsuspecting people to deposit money and try to play the market themselves without fully understanding what it is that they’re getting into.
ASSERTION: Due to the nature of Bitcoin and its anonymity, it is not trivially obvious as many would like to argue that the danger of these astronomical hoards of coins can enter the market on a whim. I believe this is part of the logic game that the pyramid scheme of Bitcoin plays to envelop new suckers.
Wikipedia:
“In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual”
Would the possibility of being charged with fraud be one reason why he’s a very private person?
SOLUTION: Provide a stable base for currency that is controlled by the will of the people, not the wealthy elite. Section 6.
12-2) Bitcoin is Deflationary / Not Fiat
We’ll start with fiat first.
Again from Wikipedia:
“The term fiat money has been defined variously as:
Fiat translates to “let it be so” or “by decree.”
If all 21 million coins have been mined and there are 1 million people using Bitcoins and Satoshi has sold all but 100k coins until now that are completely unaccounted for in the market, then decides to sell. 20.9 / 1 M is 20.9 BTC per person. When he sells those 100k coins, there are now 21 BTC per person. This means 1 million people have each lost 4.8% of their net BTC worth. The value of BTC will go down; prices will rise. This is the very definition of inflation, is it not? Millions upon millions of dollars was just simply transferred from millions of people to one individual. This will occur on smaller and smaller scales until the end of Bitcoin, but it will keep happening if the network keeps expanding. Bitcoin draws a libertarian “fight the man” mentality, but is it not the case of exchanging one man for another? And when or if the economy collapses for various reasons, it will be a rush to see who can get to the market first. The experiment will be ended, a few tens of people made immensely wealthier while many thousands are now poorer and they no longer even have the immense intrinsic value of a pseudo-anonymous cryptocurrency. :rolleyes:
Many other arguments revolving around bitcoins such as “scarcity creates value” and “the total bitcoin worth is the sell price multiplied by the number of coins” are fallacies that are probably unintentionally spread by the masses because they have been fed this information by the earlier adopters. All of this shit goes out the window when someone puts a block of 100,000 coins on the market. Even if everybody who has enough coins to move the economy (there are probably at least a hundred or more) was a “rational actor” (i.e. always looking out for their own best interest), the slow trickle of these coins into the economy is still transferring money to themselves from everyone else. It may be a “zero sum game” but there are two sides: one with a small amount of people and a lot of money, and another with a lot of people and an equally negative amount of money.
SOLUTION: Provide a stable base for currency that is controlled by the will of the people, not the wealthy elite. Section 6.
12-3) The 51% Attack
Most often I see the discussion of a potential 51% attack revolving around the potential to double spend. However, the resources required to do this for just a double spend would be downright silly. The Bitcoin wiki acknowledges that there are other things a 51% attack could accomplish:
“An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
Then, of course, to assuage people’s fears about this attack, the wiki says this:
“Since this attack doesn't permit all that much power over the network, it is expected that no one will attempt it. A profit-seeking person will always gain more by just following the rules, and even someone trying to destroy the system will probably find other attacks more attractive.”
Wait, what? Preventing some or all transactions from gaining confirmations and preventing some or all other miners from mining any valid blocks is not much power? What the FUCK was the guy smoking who wrote this? Of course, nobody would do this because they will “always gain more profit by following the rules” (how? By a few bitpennies in transaction fees?) and there are “other attacks more attractive.” The wiki does not mention any other attacks that might be more attractive other than an attack on all IP addresses used by bitcoin from the world’s governments.
I have more to say about this topic, but it is covered in the next section.
SOLUTION: Use a reputation system that equates to proof-of-work multiplied by the number of times work has been proven rather than just proof-of-work. Section 5. Make it impossible to completely subvert this reputation by ensuring peers aren’t stupid. Sections 7-3 and 10-1.
12-4) The BTC Award Halve
This really has to be, single-handedly, the most boneheaded design flaw in the history of pyramid schemes.
“In order to create more demand, I’ll halve the award every 4 years! Haha I am a mad genius!” – Satoshi Nakamoto, sometime, somewhere
Instead of gradually lowering the award like any idiot should have realized, Satoshi decided instead to halve it at specific intervals (the BTC’s never end! It just gets closer and closer to zero!). It was either borne out of a complete lack of foresight, or such an arrogant outlook that he assumed BTCs would be so valuable that the network would keep on chugging like nothing happened.
The eventuality of these award halves is that the network is going to have less people mining, and therefore it is less secure. Now you have a bunch of miners that are likely annoyed that they are no longer profitable and want Bitcoin2.0, and you have Three Letter Government Agency or Seven Letter Self-Righteous Hacking Group that are now drooling over the possibilities. Let it be known that I think an attack by most governments against bitcoin is ridiculously unlikely. But A) I don’t completely discount the possibility and B) I sure as fuck don’t discount China.
If any group decides that they feel bitcoin needs to go down, all they need to do is sustain the attack for a few months and all confidence will be lost in bitcoin as transactions go unconfirmed and miners barely make any coins. This will further make it easier to sustain the attack as miners drop out. Not enough miners are going to care about their pitiful amount of coins to keep throwing useless electricity at the problem. None of the early adopters have upgraded their GPUs in years (well ok, maybe they bought a few with their cash) so it is unlikely they will come to the rescue. People start selling—oh wait, they CAN’T because they can’t transfer to Mt. Gox! Crash ensues, network dies.
Again, I don’t think this is a likely possibility, but I did not discount it either in my design for EnCoin.
What might be a more likely possibility is that half the mining network drops out and it takes 4-6 weeks or more for the difficulty to adjust while in the mean time everyone is mining at a loss. Assuming they keep mining. This could create a cascade of effects that crashes the economy itself. Who is going to want to mine at a loss for 4-6 weeks? The people who have a few coppers worth of BTC in their accounts? I doubt it. Will the elite come to the rescue? Probably. But the damage may have already been done.
SOLUTION: Don’t be an idiot while designing a pyramid scheme disguised as an electronic currency.
12-5) Scalability
A few, choice quotes from the Bitcoin wiki:
“Let's assume an average rate of 2000tps, … 1kb per transaction.”
“Shifting 60 gigabytes of data in, say, 60 seconds means an average rate of 1 gigabyte per second, or 8 gigabits per second.”
Eight gigabits per second?!?
Since EnCoins do not need to know the history of every divisible piece coin, transactions will most certainly be smaller. In fact, the nature of the system should even allow a simple mapping of an integer ID to a wallet ID. 4 billion wallets available before even needing to think about switching to a 64-bit integer.
Using integers that reference this mapping that is stored on each node could bring a reasonable transaction of 200 bytes or so down to tens of bytes.
And since only FreeNet members actually need all of this data, regular peers do not have to worry about even the majority of that. You won’t have to connect to EnCoin VISA to send or receive a transaction because your 500 terabyte drive ran out of space holding the Bitcoin block chain:
“A 3 terabyte hard disk costs less than $200 today and will be cheaper still in future, so you'd need one such disk for every 21 days of operation (at 1gb per block).”
The wiki’s solution is that a few “supernodes” will take over handling the bitcoin network. Who do you think is likely to pay for and maintain these supernodes? The average, everyday user or the corporate regime that the bitcoin philosophy is so vehemently trying to stay away from? Not very decentralized, now is it?
On the other hand, the Primary Block will extremely tiny and efficient, only giving hash values where necessary with the rest of the information available on request. And you only need the most recent one to function on the Network. You won’t need an iPhone 65G and you won’t need to wait 12 weeks to download the block chain to be able to send a transaction.
FreeNets will likely be required to hold at least 30 days of PBs so that information can be requested for missed transactions and such. Likely for a fee, FreeNet members that decide to hold more than 30 days will find historical information for you.
SOLUTION: Think of the actual future viability of a stable medium of exchange rather than how much money it can make you.
13. The Final Word
If you have made it this far, you are beyond reproach. I hope this proposal has convinced you to spread the word about EnCoin so that people with the skills to fill the big gaping holes in the potential development of this project can come through.
Thank you to the original two members of the Bitcoin discussion board that I first started discussing my terrible ideas with and for gradually helping me refine them.
Thank you to the forum members that discussed and criticized “version 2” of this proposal.
Ron Paul 2012