Before bitcoin Alice and Bob needed a middleman to pay each other

With bitcoin they can pay each other directly

You can require multiple signatures too

But the world is full of trust problems that have needed courts or middlemen

Transactions are connected to reality

But bitcoin nodes don't know what reality is

The internet used to have the same problem with identity

We solved it with the Certificate Authority

The Certificate Authority for facts

The Certificate Authority for facts

The network looks after the money

The result is known, the winner unlocks funds

m of n

www.realitykeys.com

Trust (Ew)

Transparency

Redundancy helps - but watch out for correlated risk!

SchellingCoin and TruthCoin

SchellingCoin

https://blog.ethereum.org/2014/03/28/schellingcoin-a-minimal-trust-universal-data-feed/

TruthCoin

https://github.com/psztorc/Truthcoin

People much cleverer than me working on this

They'll have to be - it's crazy hard

Leibniz and Svabo

Leibniz

Turn human language into formal grammar
Then let's calculate!

Leibniz

Nick Svabo

Crypto-systems that manage assets can enforce contract logic
http://szabo.best.vwh.net/formalize.html

Trusted parties could do more than just data

Manage assets		External data
Traditional trust-based systems
Bitcoin / Ripple	Codius
Bitcoin / Ripple	Orisi
Bitcoin / Ripple		Reality Keys
Counterparty, Ethereum etc		Feed Providers
TruthCoin

Bit-thereum: http://gavintech.blogspot.jp/2014/06/bit-thereum.html

Using Reality Keys: The API

https://www.realitykeys.com/api/v1/runkeeper/400/?accept_terms_of_service=current


{"no_pubkey": "024e31a070c2c9dff13fbbeccc7ebe394caf3e82eae7092caf5602b55283c98bda", "user_profile": "edochan", "settlement_date": "2014-09-12", "objection_period_secs": 86400, "human_resolution_scheduled_datetime": null, "measurement": "cumulative_distance", "evaluation_method": "ge", "is_user_authenticated": true, "objection_fee_satoshis_paid": 0, "machine_resolution_scheduled_datetime": "2014-09-12 00:00:00", "user_id": "29908850", "goal": "1000", "created_datetime": "2014-09-05 23:14:02", "winner": "No", "value": "1000", "id": 400, "source": "runkeeper", "yes_pubkey": "02c4ec9347fa2cf7ab347a35f9816d4481e18811dfacfce9812b9896b0b4c34c89", "activity": "walking", "objection_fee_satoshis_due": 1000000, "user_name": "edochan", "winner_privkey": "L17zZNj1qfpSNMzRNK7FcfVeza6kwLUsmKA5uuLAChx6dxTnCgNw"}

Using Reality Keys: Multi-multi-sig

Traditional multi-sig

2 A-pub B-pub 2 OP_CHECKMULTISIG

Multi-sig branches

OP_IF
2 A-pub Yes-pub 2 OP_CHECKMULTISIG
OP_ELSE
2 B-pub No-pub 2 OP_CHECKMULTISIG
OP_ENDIF

Add a flag when you sign

0 A-sig Yes-sig 1 [p2sh-script]
0 B-sig No -sig 0 [p2sh-script]

Standard scripting with ECC math

ECC addition

Private key	produces	Public key
x-priv	G(x)	x-pub
y-priv	G(y)	y-pub
x-priv + y-priv	G(x-priv+y-priv)	x-pub+y-pub

Alice: A-pub + Yes-pub = A-Yes-pub
Bob: B-pub + No-pub = B-No-pub
1 A-Yes-pub B-No-pub 2 OP_CHECKMULTISIG

Alice wins: A-priv + Yes-priv = A-Yes-priv

But be careful...

How stealth addresses work

Handy ECC fact


        x-priv * Y-pub 
        ==
        y-priv * X-pub

Make a secret key that only participants know, eg

shared-secret-x-priv = Hash(x-priv * Y-pub)

Derive `shared-secret-x-pub` and pay it.

Whover knows `x-priv` can derive `shared-secret-x-priv`

For stealth addresses, this is the payee

https://wiki.unsystem.net/en/index.php/DarkWallet/Stealth

Same operations on Reality Keys keys make them private to participants.

(Other methods to make the shared secret work too.)

Multiple funders? You can fund atomically.

	Create transaction: 2 BTC out But only 1 BTC in Sign transaction (If you don't know what coins the other party wants to spend, use SIGHASH_ANYONECANPAY) Publish / send / tweet transaction (Can't broadcast yet)
	Get transaction, recreate and check Add funds 1 BTC + 1 BTC = 2 BTC Add signatures Broadcast transaction

Before bitcoin Alice and Bob needed a middleman to pay each other

With bitcoin they can pay each other directly

You can require multiple signatures too

But the world is full of trust problems that have needed courts or middlemen

Transactions are connected to reality

But bitcoin nodes don't know what reality is

The internet used to have the same problem with identity

We solved it with the Certificate Authority

The Certificate Authority for facts

The Certificate Authority for facts

The network looks after the money

The result is known, the winner unlocks funds

m of n

www.realitykeys.com

Trust (Ew)

Transparency

Redundancy helps - but watch out for correlated risk!

SchellingCoin and TruthCoin

SchellingCoin

TruthCoin

https://github.com/psztorc/Truthcoin

People much cleverer than me working on this

They'll have to be - it's crazy hard

Leibniz and Svabo

Trusted parties could do more than just data

Using Reality Keys: The API

Using Reality Keys: Multi-multi-sig

Traditional multi-sig

Multi-sig branches

Add a flag when you sign

Standard scripting with ECC math

ECC addition

But be careful...

How stealth addresses work

Handy ECC fact

Make a secret key that only participants know, eg

Derive shared-secret-x-pub and pay it.

Whover knows x-priv can derive shared-secret-x-priv

For stealth addresses, this is the payee

Same operations on Reality Keys keys make them private to participants.

(Other methods to make the shared secret work too.)

Multiple funders? You can fund atomically.

www.realitykeys.com

support@realitykeys.com

@RealityKeys

Examples

https://www.realitykeys.com/developers/resources

https://github.com/edmundedgar/realitykeys-examples

https://github.com/bymycoins/bymycoins.github.io

Derive `shared-secret-x-pub` and pay it.

Whover knows `x-priv` can derive `shared-secret-x-priv`