@Seneca shared his Amsterdam presentation a few days ago. It’s called: “ALT-COINS ON SAFE - Using obfuscated transaction trees”. Now I don’t know about you, but I really bugged my head on this one . That’s why I decided to troll @Seneca with PMs until I finally understood his idea and the reason why it prevents double spending. I’ll use this topic to explain it as best as I can in my own words using both Alice and Bob and maybe some others. Let’s keep this topic about the inner workings of this idea and how alt_coins (maybe like PDC) could flow over SAFE.
The idea
Divisible coin transactions over SAFE using MutableData as a transaction record.
Bob and his Wallet
Bob has a Decorum_wallet which is filled with his private key and public key. This is the exact same principle as Bitcoin for example. Bob got a message from Alice that there’s 0.001 project Decorum Coin (PDC) waiting for him at address: “1HAmFJ7vd3vZaa1YDTBPkSj7zpoKmWMjwD”
Now how does this stuff works?? Bob’s wallet will browse to this address and finds the following:
- A piece of MutableData which was PUT by Alice in which Alice signs 0.001 PDC over to Bob. It also contains a digital signature by Alice of the previous transaction. And it also contains another transaction of Alice sending 0.999 to herself again.
The transaction in the MD
So how do we know for sure that Alice has moved the 0.001 PDC to Bob alone and no one else? How can we be sure there’s no double spending??
First of all, this MutableData piece containing the transaction is no longer owned by Alice. Alice transferred the ownership of this MutableData to a “dummy”. To the SAFE Network this might look like:
- address: “1HAmFJ7vd3vZaa1YDTBPkSj7zpoKmWMjwD”
- owner: “DECORUMxxDUMMYxxDUMMY”
- tagtype: 12333 (decorum protocol)
And now things get weird: Alice isn’t the owner of this address, but as you can see it doesn’t belong to Bob either. How does Bob get his 0.001 PDC? Well, just think of the wallet again. Bob is the owner of his private and public key. And Alice is the owner of her private and public key. Alice assigned 0.001 PDC over to Bob’s public key in this piece of MutableData. She also assigned 0.999 PDC over to her own public key. If she would still own the MutableData she could change these values over and over again. So Alice moved the ownership of the “MD with the transaction in it” to a dummy. This means that no one in the SAFE network can ever change this data again, as no one has the private key to create a weird public key like: “DECORUMxxDUMMYxxDUMMY”.
It’s like carving the transaction in stone. And this is what the Decorum wallet will look for. All transactions are MutableData types that got PUT to the network by the owner of the coin. The owner forwards the MD to the dummy so no one can ever change that piece of data again.
Only Bob can move this 0.001 PDC
So how could Bob send over this 0.001 PDC to Catherine? How is it prevented that Bob can’t double spend this coin? Here’s the trick:
- Bob can only do 1 transaction with this 0.001 PDC.
- The address of the MutableData which Bob creates can only have 1 address.
- The address is the same as Bob’s signature of the “carved in stone” transaction done by Alice.
So when Bob’s wallet signs the transaction done by Alice, he will get a digital signature. He’ll use this signature as an address to go to his close nodes saying: I would like to PUT some MutableData on this address. He pays some Safecoin and becomes the owner of a piece of MutableData which has the same address as the signature of the transaction done by Alice.
Bob creates the transfer to Catherine by signing over his 0.001 PDC to her public key. Next he moves the ownership of this “MutableData with the transaction” to the dummy so no one can ever change it. He then sends a message to Catherine saying: “hey, there’s 0.001 PDC for you in this MD address”.
Looking up the tree
Catherine her Decorum wallet just got a message from Bob saying there’s 0.001 PDC waiting for her public key. Her wallet will browse to the MutableData address and checks the for the following:
- Is this piece of MutableData owned by dummy: “DECORUMxxDUMMYxxDUMMY”
- Is the address of this MutableData the same as the signature which Bob did on the previous transaction?
- Are there any coins assigned to my public key?
If this is all correct, Catherine her wallet will look one step back and also browse to the MutableData with the transaction Alice did. Catherine her wallet is browsing up the tree and sees all the transactions done with this PDC coin. The wallet will only approve transactions in MutableData types that are owned by the dummy. It will also check all the digital signatures.
Notice that you can’t go the other way around, so you can’t start with the first transaction and “guess” where all the MutableData items with the transactions are. Only the person that signs a coin over to someone else knows what the signature (and therefore the next address in the tree) is. Only when it’s shared with the next owner, someone else will verify this MutableData address to see if it’s correct.
The difference with other proposed coins on SAFE is that this protocol doesn’t work with person A owning a coin at address Y. This is more like: person A signed a coin over to person B and all details are in this piece of MutableData which is owned by a dummy, and therefore owned by no one.
A big pro is that this idea by @Seneca could be implemented and tested the moment that MutableData and the “transfer of ownership” are live. Maidsafe told us already that we are quite close to this one. Another big pro is that these coins are divisible just like Bitcoin is. No problem to sign over 0.00000000013 PDC to someone else.
I hopefully explained it in a way that more people can understand it. It was confusing to me in the beginning as I was quite used to a person owning a coin because he owned an address.