A partially decentralized market, with beneficial ownership both tracked and rewarded cryptographically?

SUMMARY: We propose a partially decentralized market, consisting of perhaps a few dozen nodes, hosted and controlled by a closed group of market owners. The network remains usable as long as at least one node is up, and no more than half the ownership is under malicious control. Any number of nodes, or any minority of the owners, may be compromised without bad consequences. Buyers and sellers will preferably run a special client on their computers, but may also connect through a web browser and Tor only, with security properties similar to those of a centralized market.

Payment is made in Bitcoin or other similar currency, with the usual multisignature approach. Commission on an order is paid both to the node through which it was placed, as compensation for the cost of hosting the node, and to all owners in proportion to their stake, as compensation for the other work involved in operating the business (for example, evaluating new sellers, handling customer inquiries, or adjudicating disputes). If the market becomes successful, then ownership should become valuable. That ownership may be traded analogously to shares in a small private company, with its cap table recorded in a distributed ledger. That lets initial owners incrementally transfer control and beneficial ownership of the market to new investors. We think this structure does things that neither existing fully centralized markets nor fully distributed markets can.

BACKGROUND: A centralized market is convenient, and accessible even to users with very limited technical skills, who can place orders using tor2web and open WiFi in relative safety. No rational operator will run such a market forever, though. As the operator gets richer, the value of further income diminishes, and at some point no longer offsets the (also increasing) legal risk. The operator's options at that point are limited. A normal business could be sold; but a successful market is worth enough that few qualified buyers will exist, and it's hard to conduct a large one-shot transaction with an anonymous, untrusted party. Anyone trusted and familiar is likely to have ties to the original operator that increase the risk that the site will later be traced back to him. So at some point, the market is likely to disappear. If multisig is used, then it gets liquidated worthless, which is bad---the reputation that the market has developed is real value, and it's destroyed here. If not, then exit scam.

This has driven interest in fully decentralized markets. These are interesting---but we think they face legal risks greater than those faced by any decentralized system in current existence, and in most proposed forms fail to decentralize the core function of the market as a trusted intermediary.

The US government developed and continues to significantly fund Tor, and has so far taken no steps to limit civilian access to it. That seems at least slightly surprising, and we can only speculate on the reasons---perhaps NSA monitoring really is good enough to deanonymize traffic from certain high value targets, who will use it with a false sense of security, or perhaps government agencies use it themselves, and are glad to support drug trafficking if it helps mask their own traffic, or perhaps they really do just want to show people with censored access the open Internet, for the same reasons they fund Voice of America. Regardless, we don't see an obvious analogy to any of these justifications in a fully decentralized market selling illegal goods.

A market selling to the public necessarily must describe the products on sale in cleartext to anyone. That makes the illegal nature of transactions in a decentralized market much more obvious than, for example, in the Bitcoin blockchain. That also makes it straightforward for a node's operator to identify sellers of illegal goods, and decline to forward messages for them. It seems plausible to us that anyone running such a network openly will at some point be forced to do that, by something like a DMCA notice to a BitTorrent user but much worse. So the market should run over Tor, and any open developers of the client should dissociate themselves from the dark version of their network. That makes them likely to develop with goals that don't closely suit---or that actively inhibit---illegal transactions. Loss of anonymity from a JavaScript exploit is a low-priority bug for the operator of an open market, but potentially life-changing for his dark counterpart. (The exception to that might be decentralized services using their own currency, where the developers hope to profit from appreciation of that currency driven by popularity of the arm's-length darknet market. That still feels dangerous, if public information can show that many or almost all transactions in that currency are with sellers of illegal goods.)

Beyond that, there's nontechnical work involved in running a market. Amazon and eBay hire thousands of computer scientists, but they also hire thousands of customer service reps, who exercise human judgment in resolving questions and disputes. In a fully decentralized market, that work presumably falls to the escrow agent, a role that anyone can take on. That role has a winner-take-all character: all other things being equal, I'd rather use whichever agent has processed the most transactions (or burned the most currency for her "bond", or collected the most endorsements, or whatever other metric) in the past, because the reputation she'd be risking if she cheated me is more valuable, even if her commission is slightly higher. So that role seems likely to become centralized and valuable, with characteristics similar to those of a centralized market using multisig.

So we think:

THE MARKET: Our proposed market exists as a set of hidden services, one per node---so a few dozen services. Anyone linking to the market is encouraged to reproduce the full set, or a random sample of as many as possible. An owner has two incentives to run a node. First, he gets commission for orders placed through that node. Second, those nodes are the face of the market to users not running the client themselves. A malicious owner can run whatever software he wants on his node, to steal buyers' money, or to just keep operating a real market but entirely for his own benefit. (This risk is faced only by a user connecting through a web browser only. Anyone running her own client will recognize and drop a malicious node without harm.) The owner has incentives against doing that: he will soon be discovered, at which point the other owners can destroy his stake in the legitimate network. That's still an argument to limit the share of transactions processed by nodes controlled by a given owner to some small multiple of his ownership share, which is auditable (since the other nodes know how many transactions are flowing out of that one).

An owner's stake is a private key. He never discloses that key to anyone else. The key may be used to sign a message transferring ownership of some fraction of his stake to a new owner, with that new owner identified by his public key, according to agreed rules. Initial ownership of the market derives from a public key hard-coded in the software. These private keys are stored somewhere safe, certainly not on the operating nodes or other servers at high risk of capture. A vote by some specified fraction of all users should probably allow them to destroy another owner's stake, since there's otherwise no remedy if a minority owner becomes malicious, and no way to maintain a quorum if owners disappear. The key may also be used to specify an address to which commission should be paid, or to deputize "customer service keys" to become valid for escrow and messages to or from the owners, for a limited time determined by the owners' trust in the people using them, of perhaps a few days, and perhaps a limited transaction count or dollar value too.

A buyer or seller's identity is a private key. She never discloses that key to anyone else. Sellers can post listings, any two users can exchange private messages, buyers can request transactions, buyers and sellers can comment and provide standardized feedback on transactions, and administrators can release transactions from escrow---so all the usual features of a market. Broadcast information (e.g., listings, feedback) is signed by the sender, and unicast information (e.g., messages, transactions) is signed by the sender and encrypted such that either the receiver or, in case of dispute, the owners and sender together can decrypt it, identically to in a fully decentralized market. It may be necessary to in most cases let the owners read messages from sellers to buyers, to stop them from bypassing escrow and commissions. The keys used to encrypt unicast information should be signed by a user's permanent key and rotated perhaps every month, with keys older than the maximum possible time to complete a transaction discarded. That sets a retention policy, limiting the damage if a user's private key is accidentally disclosed. Nodes can discard outdated messages to save storage, but malicious nodes will exist and can always keep full history; so only the key retention matters for security.

A client may request a public "customer service key" from the market, along with a list of owners who have approved it for use. By consulting the market's cap table, the client can confirm that the approvers are a majority of owners. This allows the owners to delegate their authority to lower-level employees, avoiding the need for them to personally vote on every transaction. That key may be used for encryption and signature of messages to and from the owners, and to confirm validity of a proposed arbitrator's key for escrow in a multisig transaction. Commission may be paid to all owners (with one output per owner), or may be paid to only a subset of them to decrease transaction size, with that subset rotated to distribute commission fairly over time. Nothing stops a node or client from distributing the commission unfairly, but this is auditable, and a misbehaving owner or seller can be expelled. That risk could be further mitigated technically, but it's not that different from the risk that buyers and sellers will bypass the transaction process entirely (for example, if the seller sends a payment address by private message), which is always present.

All information is flood-routed to all nodes, and all nodes hold the complete data set. We don't see the need for a distributed data structure. A cheap virtual server can store millions of transactions. If the system scales beyond that, then commission revenue should make the cost of better hosting irrelevant, and hosting costs would probably be dominated by front end server capacity (to tolerate DoS attacks) anyways.

A customer service rep can maliciously release escrow, disclose messages readable by the owners (but not other messages), or send messages as if from the owners. His key is valid only for a limited time, transaction count, or dollar value, limiting the possible damage. A malicious minority owner can't do much of anything. The server hosting a node can likewise be compromised without much harm. A powerful adversary (for example, law enforcement) might quietly buy out or compromise more than half the owners, and then shut down the entire network. If that happens, then a user running her own client still faces relatively low risk. The adversary can finalize escrow, but that's okay unless the seller becomes malicious too. The adversary can read messages that the user has sent to the owners, but that's probably not much. (In general, messages between buyers and sellers are stored encrypted such that only either the intended recipient, or the sender and the owners together, can decrypt them. If a buyer or seller wants help resolving a dispute, then she can reveal any relevant messages to the owners only then.)

If the majority shuts down the market, then the minority legitimate owners still have a full copy of the data set and all software, and hosting infrastructure in place. At that moment, they can change the hard-coded key from which all ownership flows, and restart the market under new ownership. That new ownership is arbitrary, so a dispute is likely, with multiple forks of the market competing to become the replacement. A single fork might ultimately displace all the others, or the market might forever split, but the value that was created---in the form of the market's software, and its accumulated reputation for buyers and sellers---isn't lost.

A colluding majority of owners could steal the market, by destroying everyone else's stake and continuing to operate. That would almost double their stake. (In most places where we discuss a majority, the threshold is arbitrary, though higher thresholds for malicious action decrease the threshold for malicious deadlock.) We don't see any way to fix that, but owners who chose to do that would be unlikely to find new investors afterward. So they'd be stuck owning the market forever, or selling to someone who trusts them for out-of-band reasons. So something analogous to the liquidity premium of public companies (which generally---excluding venture-backed madness---trade at a much higher earnings multiple than private ones) may be enough to stop that behavior. That theft may also cause some buyers and sellers to lose faith in the market, further impairing its value.

As described above, the market requires its buyers and sellers to run special software, beyond a web browser and Tor, since those users encrypt, decrypt, sign, and verify signatures using private keys that shouldn't be disclosed to anyone else. We don't see how to avoid that without trusting the node running the hidden service through which the user connects. For most casual buyers, that seems acceptable, though---at worst, if that node is compromised, then the buyer loses a few hundred dollars. Her mailing address probably isn't revealed, and certainly isn't if she uses PGP or equivalent by hand (as with centralized markets now). The leakage of mailing addresses can be mitigated, for example by encouraging sellers to periodically place fake orders with themselves using fake addresses, making payment from one address that they control to another. That of course could be automated. So the market should probably implement a "guest interface" requiring only that web browser, where a new user can choose a login and password, and the server will use a private key derived from a slow function of her password. That provides a user experience similar to that of centralized markets, with similar security.

The set of decisions that can be restricted to a majority shareholder vote cryptographically is small compared to the set that can be restricted by contract law and a functioning judicial system. Despite that, a few simple votes and the threat that an owner will lose his stake if he misbehaves may be enough to let a mutually anonymous and untrusting group operate a company.

To build this market, a developer might start by finding well-known vendors who wanted to "invest", trading their listings, marketing, and reputation for a stake in the market. We're pretty sure we could develop a usable version of this software---like with the distributed ownership mechanism implemented, but transactions processed partially by hand, and limited automation for the audit functions necessary to detect slow malicious behavior---within a few months. This seems generally like an easier problem than a fully decentralized market---it's okay if an owner can steal or cause other harm at a limited rate, as long as he'll be discovered before the cost of that harm exceeds the value of his stake. At the moment, we're interested mostly just in the concept.

We ask:

Thanks.


Comments


[2 Points] -El_Presidente-:

We ask:

Is this (very high-level, obviously) description clear?

Yes, very well articulated.

Is anyone aware of existing projects similar to this already underway?

Yes. Your description sounds almost identical to /r/Axis_mundi although the shareholder concept is a variation

If the answers are "yes" and "no", is this interesting?

It's still interesting though. Why don't you bring some ideas to Axis Mundi as it has already adressed most of the points in your description.

love

EP


[1 Points] young_k:

I've read about half of it (the summary and background sections so far, and wanted to comment a few things, so my post isnt too long (cough like cough yours cough hehe)

Anyway, firstly, I'd like to see a fully decentralized market use a cryptocurrency that was slightly more designed for anonymity then bitcoin has...something like DASH, or ShadowCoin, something that has been launched already, and not something that can be manipulated by being used in this case for personal gain, premining and pump and dump type things.

This pretty much means that any "new" coin will not be a suitable currency in my mind.

Secondly, you've thought about the whole structure quite a bit, and while I agree in the sense that you will probably need to pay all those individuals in this case, as its decentralized, I don't exactly know if that makes the market better or worse. So let me see if I can't start a few conversation points..

Requiring a vast amount of people whom wish to remain anonymous, yet get paid (if this is in bitcoin, it could present problems) to do a job, and form relationships with vendors, customers, etc, could essential create a risk. If the agent decides they like a customer/vendor enough to form a relationship beyond the dispute, or perhaps accidentally disclose some information in the dispute that reveals too much to the agent/vendor (if the customer for instance, gives their shipping address over in plain text, thinking that its secure to do so and they dont have to use pgp cause its decentralized...I know this is a stupid thing for them to do, but people do this all the time right now...typically vendors auto-cancel orders where the person fails to PGP their address...in this model, would their dispute be permanently stored on all the servers/nodes?

Does that mean there will be a dozen copies of this persons address spread across a dozen nodes? I'm sure this can be addressed in some special exception code, but really, there could be any number of things that can crop up like this, and it definitely requires alot of thought to make sure the structure in this case is safe for all parties involved, fair for the customer/vendor/operators, and secure in the sense that a single node being seized/hacked does not reveal more information then absolutely neccesary....but preferably any information.


EDIT/ADDED: Question that just flood to mind after reading... the client that you speak of, will it automatically run through tor? something like torchat? or will we need to run a copy of tor for us? Perhaps I'm jumping the gun a bit....

Some relevant thoughts though, you speak of a client...thats a big concern of mine. Have you thought at all about who will be developing the client? Will they be doing this alone? On a team? Is there a team already formed that you may or may not be a part of? Will these people be required to replace themselves if they intend on leaving the project at some point? Afterall, we have seen many times (bitcoin core comes to mind) that people develop a client or project, bring some other members to the team, and proceed to leave and the power vacuum that exists gets filled with someone elses huberus. Will they be paid for their work somehow as well, since they will be pretty much the cornerstone of the entire project...

Anyway, back to reading...hopefully this provides some good food for thought to get a discussion going. Sounds like a very interesting project if its not just a concept/vaporware :) I look forward to seeing if it materializes.


Final edit: So after installing a TTS app (lol lazy and its soooo long :P) - I've noticed that some of my points we're actually addressed in the very large (borderline wall of text despite the paragraphs) MARKET section...

So for those of you reading my initial post above and have already read the entire post, and have failed to see that I posted this ahead of reading the Market section to break my post into peices (as it would end up being as long as the OP's) you don't need to address the already addressed questions/points at all :P


[1 Points] donwasteyourtime2322:

You didnt have to write all that to describe your ideas. Ive read a good portion of it and can stop you in short order. The issues facing markets are (in order of importance):

  1. Admins exiting
  2. Vendors exiting
  3. Government takedowns

When you are considering decentralization you must point out what part you are decentralizing, hosting and/or administration?

The reality is decentralizing hosting increases the barrier to entry to buyers and forces sellers to carry the burden of hosting, and all for what to prevent the rare government takdown? A network such a Zeronet presents the only semiviable solution as its not a "market" but a "distributed hosting platform" that a market could be built atop of, everyone hosts a piece of everything sort of like bittorrent and freenet, and unlike openbazaars and most decentralized market solutions where vendors must host their stores and the network exists only for the market. Zeronets approach offers a wider utility and level of plausible deniability that would allow sufficient participation for decentralization to exist.

The other issue which decentralized hosting does not solve is administration. As long as one person controls a market the biggest problems will exist. Your theory that anonymous persons holding stake in a market will not become malicious due to risk of being found and loss of stake is, well, misled. The gains in scamming always outweigh the costs, thats why it exists, everywhere, and is growing worldwide at an alarming rate. The only instance in which malicious behavior is not rewarded is when the cost of such behavior outweigh the rewards, in this instance whatever the "stake" one has would monetarily have to cost more than the gains of theft. The only way to conceivably do this is to have a 1:1 bond that the operator would have to add to in order for the market wallet, that is the total economic activity, to grow. So if a market operator had $1m in btc the market wallet could hold $1m. This is basically the premise behind money-services-business laws and why it costs $100m+ to operate an exchange in the US, except there is also the threat of violence which doesnt exist here.

This then leads to other questions, who controls this bond and decides when it is forfiet? The potential for scamming and fraudulent bond-custodians in an anonymous environment is immense.

So then the only real solution is Openbazaars model, decentralized administration in the form of multisig escrow agents (or direct deals) with the market developer acting independently of what the market does. Unfortunately openbazaar doesnt allow for Tor anymore, and its decentralization is market-focused which lowers participation and increases the burden on vendors to provide hosting, a risk most arent willing to take.

Perhaps one day if something like openbazaar could be ported to zeronet there might exist a solution, but for now buyers mostly are unaffected by exit scams and will continue to force vendors into using risky unstable and outdated schemes.


[1 Points] pewpew5000:

[deleted]

What is this?


[1 Points] 2005C:

How much technical skill will a basic customer or vendor need?


[1 Points] Vendor_BBMC:

The weak point in decentralization is escrow disputes. It usually requires a marketplace admin to decide. Marketplaces earn their comission by administering escrow.

I thought of a way round this. A pool of volunteer users who are randomly selected for "jury duty" on a 3-man jury. The vendor and customer state their case, one wins, then THE COMMISSION FOR THAT TRANSACTION GOES TO THE VOLUNTEER JURY.

No admins to arrest. It can be unmanned, just a couple of scheduled reboots a week.