Category:Voting Pools

From Open Transactions
Revision as of 19:39, 17 April 2014 by Justusranvier (talk | contribs) (Initial page creation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

Open-Transactions (OT) is a financial cryptography library that implements triple entry accounting with destructible receipts. OT allows for creditors to issue liabilities in the form of digitally signed and notarized receipts whose balances are tradable as a currency and available for manipulation via smart contracts and other financial instruments. Transactions are constructed by users and notarized by transaction servers. OT maintains a real-time, cryptographically secured state of all liability balances for a given issuance type. Account balances in OT protected from tampering with strong cryptography, which eliminates the co-mingling of funds between unrelated accounts. As an accounting system, OT does not normally have the ability to manipulate actual underlying assets, such as physical gold reserves.

Bitcoin is a digital asset ledger the includes its own currency and payment system. Bitcoins are not backed by any issuer, and therefore carry no counterparty risk. The validity of the global Bitcoin ledger (blockchain) is enforced by a global P2P network which requires, on average, ten minutes to update.

With regards to OT, Bitcoin (and other crypto-currencies) form a unique case. Since crypto-currencies can be manipulated digitally in the way that other assets can not, OT servers can provide additional functions beyond merely ownership accounting. Importantly, in the case of crypto-currencies, OT can provide auditing and safe storage of reserves on the blockchain itself. Since OT servers can process transactions more rapidly and inexpensively than a blockchain, it is desirable in many cases to allow an OT server to handle financial transactions off-chain, rather than performing them directly on the blockchain itself.

Many services in the crypto-currency space already require this functionality. Currency exchanges and other trading platforms usually desire to perform order matching more rapidly than what is possible on the blockchain itself. These services accept custody of user funds, perform transactions in a separate off-chain system, and use a database to track customer balances. Typically these services are not cryptographically secured, or independently auditable. Customers also give full control of their deposited funds to the custodial service, which exposes them to the risk of theft or loss of their coins.

Unlike legacy currencies, crypto-currencies can be irrevocably lost or stolen, and it’s typically not possible to distinguish between insider or external theft. Historically, this ambiguity appears to have been routinely exploited.

Voting pools are an arrangement of OT transaction servers to securely store and account for customer crypto-currency deposits, and to redeem valid withdrawal requests even in the event the custodial entity has completely disappeared. They are designed to ensure that no single person or organization can ever perform unilateral actions on deposited funds in order to reduce the risk of loss or theft, and custodial liability.

The basic design promise of voting pools is: Any denial of service attack which can cause customers to lose access to their Bitcoin deposits must involve more than (n minus m) members of an m-of-n voting pool. Any attack that can result in a permanent loss of customer funds must involve more than m members to be successful.

Voting pools are an open standard intended to be a universal replacement for bespoke systems that handle customer crypto-currency deposits. The first implementation of voting pools will be for Bitcoin, and throughout the rest of this document “Bitcoin” should be considered a synonym for crypto-currencies in general.

Design Criteria

Voting pools bridge two worlds - OT and Bitcoin. OT is responsible for tracking the exact BTC-denominated balances of every user of a service, as well as the service’s balance. The OT transaction server is the portion of a voting pool which is closest to the users themselves. The transaction server acts as a backend processor for a deposit-accepting business (such as a currency exchange or issuer), and handles all issues related to cryptocurrency deposits, withdrawals, and balance updates.

In order to manage the actual bitcoins held by the pool, each transaction server will need a corresponding Bitcoin wallet. The wallet must understand a hierarchical, deterministic, multisig structure and be robust enough to handle the high deposit and withdrawal volumes experienced by a popular service, including the security requirement to hold most funds in cold storage.

The transaction server and the bitcoin wallet communicate via an auditing server. The auditing server independently verifies the OT operations of all transaction servers in the voting pool, as well as the bitcoins held by the pool on the blockchain itself. It uses this audit data to know when it should direct the wallet to create a withdrawal transaction, and it is also the component responsible for information sharing and achieving consensus between all members of the pool.

In order for voting pools to function, the transaction server must be publicly accessible. For this reason the audit servers must be physically separate from the transaction servers and they must communicate over a messaging system (Tor, Bitmessage, or equivalent) that obscures the location of the audit servers. This prevents an attacker who manages to compromise a publicly-facing transaction server from identifying the audit servers in order to attack them and steal from the pool’s hot wallets.

The audit server must have a direct communication path with the bitcoin wallet. The wallet should connect to the rest of the Bitcoin network via Tor, I2P or equivalent in order to prevent an attacker from identifying the location of the audit server and bitcoin wallet based on their broadcast transactions.

In order to achieve the desired security and robustness goals for voting pools, the following criteria are enforced:

  1. Customers should be strongly discouraged from reusing deposit addresses. The voting pool itself must never intentionally reuse a bitcoin address.
  2. All Bitcoin addresses used by the pool must be deterministic for auditing purposes. Each member of the pool should be able to calculate all members’ series of deposit and change addresses.
  3. Withdrawal transaction input selection must be deterministic in order to minimise the cost of coordinating transaction signing.
  4. It must be possible to keep a majority of the private keys offline for security reasons, and bring them online as needed to process withdrawals.
  5. It must be possible to alter the voting pool by adding, removing, or replacing members in a coordinated and secure fashion.

Security Model

Goal: Users of deposit-accepting services should never experience a loss of deposited funds.

We can group the various ways in which this goal might not be met into two general categories:

Type 1 Event (Theft/Loss): A user permanently loses their funds because a third party has gained control of them without the user’s consent, or because the private keys needed to spend them have been irrevocably lost.

Type 2 Event (Denial of Service): A user temporarily loses some or all of their ability to use their funds, but no third party has gained control over them.

Note: Type 0 Events will be used throughout the rest of this document to describe all other abnormal conditions which do not directly involve a loss of customer deposits.


Voting Pool Security Theorem

If the probability of m+1 (Type 1 Event) or n-m+1 (Type 2 Event) services simultaneously and identically behaving in a malicious or incompetent manner is lower than the probability of any individual server behaving in a malicious or incompetent manner, user deposits on that service are at less risk of loss if the service is a member of an m-of-n voting pool than they would be at risk if the service is not a member of a voting pool.

The design of voting pools assumes that in any given situation at least m pool members are well-behaving for Type 1 events and at least n-m pool members are well-behaving for Type 2 events.

Voting pools can guarantee the integrity of user deposits if this condition is met.