Skip to content. | Skip to navigation

Personal tools

Navigation

You are here: Home / Workspace / Protocol Design Decisions

Protocol Design Decisions

This document contains additional explanations to the protocol specification, it describes why certain design decisions have been made, which alternative options have been evaluated and their pros and cons.

The protocol specification is here.

General

opencoin is a use case agnostic protocol which can be used for a digital cash system but also for other usages such as for balloting and vouchers. Hence, the vocabulary used in the protocol specification intends to be practical and easy to understand but at the same time not sound to describe a financial system.

Coin Structure

 Coin =

{

    standard identifier     = http://opencoin.org/OpenCoinProtocol/1.0

    currency identifier     = http://opencent.net/OpenCent

    denomination            = denomination

    key identifier          = base64(hash(pP))

    serial                  = base64(128bit random number)  

    signature               = base64(sig(pP, content part))

}

Explanation:

  • standard identifier: An URL to the protocol standard being used for the coin. Currently only the following exists. http://opencoin.org/OpenCoinProtocol/1.0
  • currency identifier: An URL to the Currency Description Document (CDD) being used for the coin.
  • denomination of the coin, numbers like 0.01, 0.5, 1, 5, or 20 for instance.
  • key identifier is the base64 encoded SHA-256 hash of the issuer's public key. It may be different depending on denomination, validity period and currency.
  • serial: is a 128 bit long random value, generated by the user's wallet. It is used to identify coins and prevent double spending. Once the coin is spended, the serial will be stored in the issuer's DSDB. Because of its sufficient long length it is supposed to be unique for each coin.
  • signature: A base64 encoded RSA signature from the issuer (it's private key) over the SHA-256 hash of the five elements above.

The issuer has no insight into the coin it signs because it's a blind signature. Hence a correct signature of the issuer over the coin's hash does not guarantee that the elements are correct. As a consequence a receiver must not only verify the signature, but also verify the denomination and validity period associated with the issuer key used to sign the coin. In order to verify that a coin hasn't been (double) spend, the receiver needs to refresh the coin at the mint service.

Why then perform the signature over the coin's meta data and not over the random serial only? Because in this case an attacker could easily choose a random value and calculate the signature backwards. The signature over the meta data ensures that it can be performed by the mint only.

How to find out the validity period of a coin? The key used to sign a coin is associated with a certain currency, denomination, and validity period.

Why has the serial length chosen to be 128 bit?
How is the coin serialized/normalized before it's has is calculated?

Risk of (Distributed) Denial of Service (DoS)

Because the mint service performs computing-complex cryptographic operations and is accessible by every internet user, methods to prevent DoS have to be taken seriously. The fact that not the actual sender is requesting mint's service but a third party (the receiver) makes network-based DoS protection methods more difficult to apply. For instance an attacker sends false coins to an online shop or another legitimate receiver, the receiver will ask the mint to refresh the coins. In this scenario the attacker has no direct connection to the mint but receivers may be misused as proxies.

Average Amount of Coins

The following tests identify the average amount of coins used for a particular amount with these denominations [1,2,5,10,20,50,100,200,500,1000].

 

range 1 to 200

{1: 1000, 2: 2522, 3: 3900, 4: 4089, 5: 3162, 6: 2063, 7: 1324, 8: 817, 9: 473, 10: 272, 11: 164, 12: 84, 13: 28, 14: 2}

Average: 4.0

 

range 200 to 500

{1: 1013, 2: 2763, 3: 5219, 4: 7977, 5: 10395, 6: 11171, 7: 9513, 8: 6561, 9: 4168, 10: 2647, 11: 1615, 12: 954, 13: 556, 14: 318, 15: 142, 16: 38}

Average: 6.0

 

range 500 to 1000

{1: 1013, 2: 2763, 3: 5645, 4: 10846, 5: 19748, 6: 29878, 7: 34619, 8: 30350, 9: 21215, 10: 13306, 11: 8376, 12: 5305, 13: 3237, 14: 1907, 15: 1100, 16: 626, 17: 282, 18: 82, 19: 2}

Average: 7.0

 

range 1000 to 1500

{1: 1013, 2: 2763, 3: 5645, 4: 11272, 5: 22567, 6: 38911, 7: 52436, 8: 54116, 9: 43924, 10: 30158, 11: 19610, 12: 12949, 13: 8411, 14: 5206, 15: 3067, 16: 1782, 17: 1054, 18: 510, 19: 154, 20: 2}

Average: 8.0

 

range 1500 to 2000

{1: 1013, 2: 2763, 3: 5645, 4: 11272, 5: 22993, 6: 41730, 7: 61469, 8: 71933, 9: 67690, 10: 52867, 11: 36462, 12: 24183, 13: 16055, 14: 10380, 15: 6366, 16: 3749, 17: 2210, 18: 1282, 19: 582, 20: 154, 21: 2}

Average: 8.0

 

range 2000 to 5000

{1: 1013, 2: 4376, 3: 21475, 4: 86196, 5: 246278, 6: 505195, 7: 766216, 8: 882479, 9: 795939, 10: 591134, 11: 391463, 12: 249573, 13: 156228, 14: 95697, 15: 58763, 16: 36802, 17: 22967, 18: 13867, 19: 8135, 20: 4668, 21: 2522, 22: 1050, 23: 262, 24: 2}

Average: 8.0

 

range 5000 to 10000 {1: 1013, 2: 4376, 3: 21475, 4: 86196, 5: 249891, 6: 541025, 7: 938753, 8: 1409281, 9: 1925824, 10: 2384863, 11: 2569686, 12: 2332616, 13: 1786294, 14: 1202304, 15: 759514, 16: 474163, 17: 296182, 18: 182843, 19: 111121, 20: 67666, 21: 41781, 22: 25589, 23: 15125, 24: 8607, 25: 4776, 26: 2522, 27: 1050, 28: 262, 29: 2}

Average: 11.0

Anonymity

Untracability for issuer of p2p transactions is important. But opencoin doesn't contain any active anonymization.

  • buy and redeem: might require authentication
  • exchange: we might log IPs, don't want to block TOR

How do we do p2p transfers?

opencoin doesn't care, it's an implementation issue.

Reasons to encrypt coin containers

  • prevent copying of coins ("theft")
  • privacy
  • manipulation

What should be visible on the outside of encrypted containers?

  • whatever the recipient needs to make use of container
  • fact that its opencoin
  • keyid
  • maybe comment/subject etc.

Using opencoin in desktop browsers

its a known-to-be-untrusted environment, hence at users own risk.

Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments are moderated.

Question: open.....
Your answer: