Re: Atomic payments from David Nicol on 2017-08-04 (public-interledger@w3.org from August 2017)

From: David Nicol <davidnicol@gmail.com>
Date: Fri, 4 Aug 2017 12:16:25 -0500
To: Michiel de Jong <michiel@unhosted.org>
Cc: Stefan Thomas <stefan@ripple.com>, Ryan Fugger <arv@ryanfugger.com>, Interledger Community Group <public-interledger@w3.org>
Message-ID: <CAFwScO_4RZo-DNYNk=zR-tm-FNHKiMhQzEYUmXpqoj6ad7akVg@mail.gmail.com>

On Fri, Aug 4, 2017 at 11:43 AM, Michiel de Jong <michiel@unhosted.org>
wrote:

> Hi David,
>
> This is similar to Sprites
> <http://www.coindesk.com/faster-than-lightning-sprite-proposes-new-design-for-bitcoin-payments>
> in the sense that the AAA ledger completes the conditional payment, not
> based on Bob presenting the fulfillment, but based on the CCC ledger (and
> in your case also the BBB ledger) doing so. This indeed eliminates Bob's
> fulfillment risk, but what makes it not really ILP-compatible is that it
> requires the AAA ledger to "know about" the CCC ledger. One beautiful
> aspect of Interledger chaining is that everything that happens on the AAA
> ledger is local to that ledger and its direct account holders (in this case
> Alice and Bob).
>

it might not have been clear that AAA, BBB and CCC are each currencies, not
ledgers dealing in accounts in a common currency.



> One thing that becomes more complicated in this approach is that if all
> ledgers exchange signatures, except CCC fails to send its signature to AAA,
> then Bob doesn't get paid. This means Bob now needs to trust the CCC
> ledger. A solution for this would be to say all ledger need to either sign
> "accept" or "reject", and nobody does anything until all ledgers have
> signed one of the two. But this then allows CCC to tie up Bob's money for a
> long time.
>

Nobody would get paid and the whole thing would time out. Signatures can be
re-requested through an interface, or passed in a growing data block. The
hard timeout is important; the atomic purses are where the funds are tied
up.



> A solution to that would be to agree on a hard timeout, so the payment on
> the AAA ledger is final if an agreement is reached, and if not, then it's
> rolled back. But that can put Bob in the situation where ledger BBB says
> "accepted" and ledger AAA says "comms network timeout". So then you're back
> at needing either a notary, or forwarding of the fulfillment back along the
> chain. In ILP's chaining setup, Bob always knows he has, say, 2 seconds to
> submit the fulfillment to AAA after BBB has presented it to him. Ledger CCC
> can do nothing to interfere with that.*)
>

Using lots of signing with public keys, and timeouts, and ledger-provided
"atomic purses" to mitigate double-spending, instead of a central notary
authority.


Thank you; this is clearly a carpe diem message that I really should write
the whole thing up in detail and publish it as soon as I can.

Received on Friday, 4 August 2017 17:16:48 UTC