Spam-resistant transaction ledgers on SAFE

On this forum we’ve talked before about having ledgers/chains per asset on SAFE, to get some of the benefits that the blockchain offers while being very fast and more scalable (because every asset has it’s own ledger). The idea relies on deterministic addressing and immutability of data, together preventing double spending. There was just the spam problem, everyone would be able to append invalid entries to the ledger, possibly making validation of such ledger an incredibly resource intensive task.

This morning an idea popped in my head. What if the deterministic address of the next entry can only be calculated by the latest owner of the asset, but which can be proven to be correct to everyone else once the entry has been made? I then proceeded to realize that that is exactly what cryptographic signatures offer.

So rather than a simple rule that for example the next entry’s address is the hash of the previous one, we change it so that the next entry’s address is the hash of the current owner’s signature over the previous entry.

Executing a valid transaction would be composed of the following steps (by current owner):

• Calc your signature over last ledger entry (which transferred the asset to you)
• Post new ledger entry under address SHA512(signature) containing:
• Signature of previous owner over second to last ledger entry
• Public key of the next recipient
• Change owner of this new ledger entry to some invalid value (making it immutable)
• Send your signature to the next recipient

Now the ball is completely in the recipient’s court, that person is now the only one able to append a new entry to the ledger. Using the received signature, that person can back-track and validate the entire ledger’s history to make sure no double spending took place.

There’s even a degree of privacy, as long as the previous owner and the current owner don’t tell anyone what the previous owner’s signature was, none else would be able to find the latest ledger entry.

It’s also possible to do this opt-in/opt-out style for SD assets, like SafeCoins. Then the actual SD should be transferred along with any new entries. The SD’s data field could be updated to the latest signature, removing the need to message this signature to the next recipient, and if left there, making the ledger publicly readable.

Using this system, we can have ledgers for all kinds of assets that operate at network speed, are very scalable, cannot be spammed, and that stay incredibly small compared to blockchains.

I actually think there’s a lot more to this concept of “right of exclusive knowledge of next entry’s address”. I’m pretty sure one could make a smart contract system out of this, without requiring any additional features from core. Rather than autonomous execution (by miners or close groups) of the next step of the smart contract, this “right of exclusive knowledge” gives someone (according to contract rules) the exclusive ability to make the next entry depending on previous conditions.

How does the next guy know you didn’t sign twice (created two outgoing outputs out of one incoming)?
He needs to know he is the only guy who’s got that token and wh can spend it.

Because there’s only one valid output address, the hash of the signature. The public key associated with that signature is defined in the previous entry, so it’s verifiable.

Should this be deterministic, to avoid cheats? e.g. “hash of the hash” or something

Wouldn’t double spending be taken care of by the core Safecoin protocol though… or am I missing something?

My understanding was that an additional public ledger would serve other kinds of accountability, if it’s required for some (e.g. legal) reasons.

Well, this wouldn’t necessarily use SafeCoin or even StructuredData. It defines its own transaction protocol.

But if I were to have two “next recipients”, how would they know about each other?

I think this is an ingenious idea and should absolutely solve the spam problem! As you say, only the owner can calculate what the next hash is and he cannot change it. Brilliant!

The fact that it can be public or private, depending on what is stored during exchange is a great feature too.

I wonder… could this mechanism be used to create a sort of ledger based clock too? If entries could count as a ‘ticks’, which were immutable, signed and could be verified by the public, a trusted time line could be created.

If you have several parties involved in a sequence, with each party owning the next ‘tock’, no single party can control every tick of the clock.

Other assets could then hash their data against a point in the chain (hash o’clock, ha!) to assert when it occurred.

The down side would be that the clock would be dependent on each party playing their part. Ofc, you could restart the clock with a new hash should the old one ‘stop’.

Problem is, if one node is “evil” and stops the clock, or signs a day late the whole ledger might be disrupted.

Apologies for probably displaying my ignorance, but: could assets be issued in a similar manner that have multi-sig elements that give the owner of the specific asset access to a specific data (data map’ / folder / data stream etc) hosted on Safe, only for as long as they hold the asset?

The potential of anyone being able to replicate what blockchains can do now, but faster, more secure, no transaction fees etc basically for free within Safe is already immense. If you can add smart contract ability, great, but being on the safe network may open up new options to make digital assets do things they’ve never been able to do before.

Sorry again if this is useless waffle, but it’s at least sharing my excitement at the potential Safe seems to have

Where would these rules live and execute?

No one can know how many parties are involved when it’s free to get involved. It could be one, it could be two, it could be N parties.

Although the OP appears to introduce that ability, it does not really.
It’s a ping pong between two accounts.
I also thought the proposal was about more than 2 accounts.