Backward compatible coin name reservation

[theoreticalbts]

WARNING: DO NOT USE THIS NAME RESERVATION MECHANISM ON THE MAIN NETWORK UNTIL CODE FOR A CLI_WALLET IMPLEMENTATION OF THIS FEATURE LANDS IN A NUMBERED RELEASE IN THE MASTER BRANCH OF STEEMD.

Earlier today @nedsteem raised the following problem:

Projects are going to announce before they can buy their coin names

After some discussion, @mvandeberg and I actually think the problem may be more precisely stated as follows:

Projects want to announce before the hardfork; since the design of SMT's does not allow names to be reserved until the hardfork occurs, it is a logical consequence that projects will announce before they reserve their names.

This restatement of the problem suggests a potential solution: Alter the design to allow a mechanism to reserve names before the hardfork occurs. Then the situation becomes:

Projects want to announce before the hardfork; since the design of SMT's now allows names to be reserved before the hardfork occurs, it is now technically possible (and highly advisable) for projects to reserve their names before they announce.

So what would be the requirements and implementation details of this pre-registration of names mechanism?

• (1a) Should not require any hardfork
• (1b) Upgrade may be required for users wishing to reserve an SMT name
• (1c) Upgrade may be required for witnesses
• (1d) Upgrade is not required for any other users
• (2) Reserving an SMT name must burn STEEM or SBD
• (3) The fee must have a fixed dollar value
• (4) The SMT creator must privately decide on their token name before they can register it
• (5) The SMT creator need not publicly reveal their token name until 0.21 (the hardfork which enables SMT's)

From these requirements we have the following consequences:

• Requirements (1) and (2) imply we cannot use a custom operation, we need to re-purpose some existing operation capable of sending STEEM / SBD to the null account. The transfer operation is the obvious choice, but we might also be able to make it work with some other operation (e.g. escrow operation).

• Requirements (1) and (3) imply we cannot use STEEM, because we have no way to reject a transfer that's too small. Potential solutions are either (3s1) fix the amount of STEEM fee and hope the price of STEEM does not fluctuate too much between now and 0.21, or (3s2) require the fee to be paid in SBD.

• Requirement (5) suggests a cryptographic commit/reveal scheme. Basically you pay the fee and say "I want to register a token name," but you only publish a cryptographic commitment, not the name itself. The cryptographic commitment expires a few days after hardfork 0.21 takes effect. After you reveal the name matching your commitment, your registration can't become effective until all prior commitments by all other users have either been revealed or expired (because one of those users might have happened to create a commitment the same name, and in this case, we want to give the commitment to the earlier registration even if it revealed later).

[theoreticalbts]

@mvandeberg asks,

How do we prevent collisions that use the same token name but different nonces?

We can't. We could forgo the nonce, but that would allow the name to be extracted by brute-force search (the name itself is quite low entropy, all ~26^6 possible names can be checked in seconds with a simple CPU implementation).

Even if we have a way for partners to reserve their names in advance with this mechanism, if it become first come first served on the reveal, then there is still a race to see who can reveal first.

Re-read the OP carefully (particularly the last sentence or two). It's first-come first-served for commitments not reveals. The "race" is between commitments. Once the commitment is made, the order of reveals doesn't matter. Effectively we FIFO queue commitments in the order they're submitted, and then process the commitments as we're able to resolve them (either by a user-submitted reveal, or by expiration time arriving).

If a user hasn't revealed their commitment (i.e. they've dropped out), they will effectively block all later users in the FIFO from receiving their names. This is why we have an expiration, it forces a resolution of the queue item at a defined point in time. So from individual user Alice's point of view, as long as she reveals before her commitment's expiration, in the best case (Alice is first in the queue when she reveals) she will get her name immediately upon revealing it, in the worst case (Eve committed to a name before Alice in the same block and then dropped out) Alice will get her name at the expiration time.

Note, the FIFO logic's correctness relies on an assumption about expiration times. Namely, if Alice makes a commitment before Bob, then Alice's expiration time must be less than or equal to Bob's expiration time.

[mvandeberg]

Thinking this through, I have come to the conclusion that using the transfer op, a $1000 SBD fee (easily obtained from an exchange) and a hash in the memo is the easiest route forward.

The hash in the memo would consist of a symbol name (at most, 6 capital letters), a dash, and then a nonce. For the semantics of the hash, we should assume the seed is a string so that we do not need to provide a tool to create the platform independent binary representation.

So long as this protocol is well defined, we can interpret old operations during reindex when the release is made.

This needs to be well documented and clearly explained to partners because transferring steem to the null account is a non-refundable operation.

[realnedscott]

We should extend name management.

Unused coins have their names relinquished to the market after one one year.

Users can transfer ownership account control of the coin to another account (this needs to be possible whether the coin is launched or not)

Sent from my iPhone

On Sep 8, 2017, at 10:58 AM, Michael Vandeberg notifications@github.com wrote:

Thinking this through, I have come to the conclusion that using the transfer op, a $1000 SBD fee (easily obtained from an exchange) and a hash in the memo is the easiest route forward.

The hash in the memo would consist of a symbol name (at most, 6 capital letters), a dash, and then a nonce. For the semantics of the hash, we should assume the seed is a string so that we do not need to provide a tool to create the platform independent binary representation.

So long as this protocol is well defined, we can interpret old operations during reindex when the release is made.

This needs to be well documented and clearly explained to partners because transferring steem to the null account is a non-refundable operation.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[theoreticalbts]

@mvandeberg I think I will create a command reserve_smt_name MYTOKEN "1000.000 SBD" command in cli_wallet, which will automatically generate the operation. It will pick a nonce by signing the symbol name with the active key and hashing the signature. This way the is no danger of forgetting the nonce, as long as you still have the account's active key and remember the token name, you will be able to regenerate the nonce.

[theoreticalbts]

Unused coins have their names relinquished to the market after one year

In order to implement this, we'd have to figure out a precise definition of "unused" that can be programmed into the blockchain, and cannot be fooled. This seems impossible.

For example, suppose that just before the one-year anniversary is up, you have an ICO which fails. What happens? It seems like the coin's being used, it attempted an ICO, which could be an honest attempt to launch a project that just failed to reach its minimum. But it could also be the case that the ICO was a deliberate failure designed to extend the deadline.

Or what happens if it has a successful ICO, and all the coins happened to go to a single account, which doesn't do anything with them. Or maybe there's plenty of activity transferring the tokens every day, but in reality it's a few dozen sock puppet accounts transferring them back and forth between each other, and all the coins are still controlled by the founder (but there is no obvious way for the blockchain to "tell" that this is the case).

[mvandeberg]

But it could also be the case that the ICO was a deliberate failure designed to extend the deadline.

At 1000 SBD an ICO, I think it is a reasonable fee to park a name for a year.

[theoreticalbts]

@mvandeberg Say we have the following sequence of events:

• Alice reserves MYTOKEN on January 1, 2018. The reservation expires on January 1, 2019.
• Alice starts the MYTOKEN ICO just before the expiration, on December 31, 2018.
• Bob attempts to register MYTOKEN in February 2019, while Alice's ICO is still ongoing.

What happens?

[mvandeberg]

Alice gets MYTOKEN. I am saying this is not a problem because of the fee. If this behavior is exploitative of a 1000 SBD fee, then maybe the fee needs to be 2000 SBD.

We assume that the original registration locks up the name forever. Alice paid for it, it is hers. However, if, after some amount of time we determine that the coin is dead (defined by no ICO or a failed ICO) then the blockchain takes the name back to be used by somebody else.

[theoreticalbts]

@mvandeberg Are you OK with Alice being able to keep the MYTOKEN name indefinitely for a one-time $1000 fee?

[mvandeberg]

If the ICO succeeds, then yes.

[theoreticalbts]

@mvandeberg What if the ICO fails? What if Alice sets the ICO to last 10 years?

[theoreticalbts]

What if Alice's failed ICO attempt was honest, and now users associate MYTOKEN name with Alice's company -- but Bob then scoops up the name and does his own ICO, taking advantage of the fact that users are now confused about who the name belongs to?

I think having a name permanently associated with an account is the best way to go.

[mvandeberg]

What I am saying is that we have been operating under the assumption that these names will last forever for a $1000 fee. Why do we then care so much about preventing squatting once we introduce a system for recovering the name? The progression of ideas seems backwards to me.

[mvandeberg]

The system is a heuristic of recovering a name after a sufficient amount of time. Extending the deadline and squatting the name is not a concern of mine because that is the behavior of all ICOs, regardless of success, if we do not have a recovery system.

[mvandeberg]

Most accounts will not go to those lengths to troll and squat names. We at least make the job a little more difficult for those that choose to, which they would do regardless of whether the recovery system is in place or not.