You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fidelity bonds are an integral part of Coinswap, designed to enhance resistance against Sybil attacks, which in turn improves the system’s privacy.
A fidelity bond is a mechanism in which a user deliberately locks a certain amount of bitcoin, making it costly to create a new cryptographic identity. The lockup is done in such a way that its value can be publicly verified. In the Coinswap process, takers are more likely to initiate coinswaps with makers who have staked more valuable fidelity bonds. This makes Sybil attacks significantly more expensive because an attacker would need to lock up a large amount of bitcoin to frequently be chosen as a counterparty in the swaps.
For makers, locking bitcoin as a fidelity bond can increase their participation in coinswaps and, consequently, their fee earnings. The most practical way to establish a fidelity bond is by sending bitcoin to a time-locked address using the opcode [OP_CHECKLOCKTIMEVERIFY](https://en.bitcoin.it/wiki/Timelock#CheckLockTimeVerify). In this case, the "sacrifice" comes from the time-value of money, as the bitcoin is locked and unusable for a period. However, long-term bitcoin holders (or hodlers) can create time-locked fidelity bonds at minimal cost, assuming they don’t plan to use their funds for transactions in the near future.
Note on privacy
A Bitcoin transaction which creates a fidelity bond will be published to the entire world, so before creating them make sure the coins are not linked to any of your privacy-relevant information. Also, use a sweep transaction which does not create a change output when funding the timelocked address. Change addresses can also leak privacy information and the best way to avoid that is to not create change outputs at all i.e. use only sweep transactions.
Once the timelocked addresses expire and become spendable, make sure you don't leak any information then either, mix afterwards as well. If your timelocked address expires and you want to send the coins to another timelocked address then you don't need to mix in between, because no privacy-relevant information linked to you has been leaked.
Spending time-locked coins
Once the time-lock of an address expires the coins can be spent with Coinswap.
What amount of bitcoins to lock up and for how long?
A fidelity bond is valuable as soon as the transaction creating it becomes confirmed. The simplified formula for a fidelity bond's value is:
Here x is the 'exponent', a number larger than 1, for reasons we explain below.
A few important things to notice:
The bond value goes as the (locked_coins)^x of sacrificed value. For example if x is 1.3, the current default, and your sacrificed value is 5 BTC then the fidelity bond value is ~ 8.1. If instead you sacrificed 6 BTC the value is ~ 10.3. The point of this is to create an incentive for makers to lump all their coins into just one bot rather than spreading it over many bots. It makes a sybil attack much more expensive.
The longer you lock for the greater the value. The value increases as the interest_rate, which is configurable in the config file with the option interest_rate. By default it is 1.5% per annum and because of tyranny-of-the-default takers are unlikely to change it. This value is probably not too far from the "real" interest rate, and the system still works fine even if the real rate is something like 3% or 0.1%.
The above formula would suggest that if you lock 3 BTC for 10000 years you get a fidelity bond worth 2.03e+85 (~ 2 followed by 85 zeros). This does not happen because the sacrificed value is capped at the value of the burned coins. So in this example the fidelity bond value would be just ~ 4.17. This feature is not included in the above simplified equation.
After the locktime expires and the coins are free to move, the fidelity bond will continue to be valuable, but its value will exponentially drop following the interest rate. So it would be good for you as a maker to create a transaction with the UTXO spending it to another time-locked address, but it's not a huge rush (specifically, there's likely no need to pay massive miner fees, you can probably wait until fees are low).
Can maker use multiple timelocked addresses or UTXO?
Alternatively: Can I add more bitcoins to a fidelity bond that already exists?
No. Creating a new transaction which sends more bitcoins to a timelocked address will not add to the existing fidelity bond, but instead create a new one. The two fidelity bonds will not be combined. A maker only announces a single fidelity bond transaction UTXO, and it choses the most valuable one.
As a maker, you are generally stuck with the fidelity bond you create until it expires. You can still create a new fidelity bond and use that instead, but the old one will be unused. If you want to increase the value of a fidelity bond the best way to do that is to wait until it expires and then spend from the timelocked address combining with extra UTXOs you want to add, into a new timelocked address.
This is one reason why a maker who creates a fidelity bond for the first time should only lock up coins for a relatively short time, so that they can try out the whole thing, and don't have to wait too long before they add more coins.
Fidelity bonds in cold storage
To allow for holding fidelity bonds in cold storage, there is an intermediate keypair called the certificate.
Where the endpoint might be a IRC nickname or Tor onion hostname. The certificate keypair can be kept online and used to prove ownership of the fidelity bond. Even if the hot wallet private keys are stolen, the coins in the timelocked address will still be safe, although the thief will be able to impersonate the fidelity bond until the expiry.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
FIDELITY BOND
Introduction
Fidelity bonds are an integral part of Coinswap, designed to enhance resistance against Sybil attacks, which in turn improves the system’s privacy.
A fidelity bond is a mechanism in which a user deliberately locks a certain amount of bitcoin, making it costly to create a new cryptographic identity. The lockup is done in such a way that its value can be publicly verified. In the Coinswap process, takers are more likely to initiate coinswaps with makers who have staked more valuable fidelity bonds. This makes Sybil attacks significantly more expensive because an attacker would need to lock up a large amount of bitcoin to frequently be chosen as a counterparty in the swaps.
For makers, locking bitcoin as a fidelity bond can increase their participation in coinswaps and, consequently, their fee earnings. The most practical way to establish a fidelity bond is by sending bitcoin to a time-locked address using the opcode [OP_CHECKLOCKTIMEVERIFY](https://en.bitcoin.it/wiki/Timelock#CheckLockTimeVerify). In this case, the "sacrifice" comes from the time-value of money, as the bitcoin is locked and unusable for a period. However, long-term bitcoin holders (or hodlers) can create time-locked fidelity bonds at minimal cost, assuming they don’t plan to use their funds for transactions in the near future.
Note on privacy
A Bitcoin transaction which creates a fidelity bond will be published to the entire world, so before creating them make sure the coins are not linked to any of your privacy-relevant information. Also, use a sweep transaction which does not create a change output when funding the timelocked address. Change addresses can also leak privacy information and the best way to avoid that is to not create change outputs at all i.e. use only sweep transactions.
Once the timelocked addresses expire and become spendable, make sure you don't leak any information then either, mix afterwards as well. If your timelocked address expires and you want to send the coins to another timelocked address then you don't need to mix in between, because no privacy-relevant information linked to you has been leaked.
Spending time-locked coins
Once the time-lock of an address expires the coins can be spent with Coinswap.
What amount of bitcoins to lock up and for how long?
A fidelity bond is valuable as soon as the transaction creating it becomes confirmed. The simplified formula for a fidelity bond's value is:
Here
x
is the 'exponent', a number larger than 1, for reasons we explain below.A few important things to notice:
x
is 1.3, the current default, and your sacrificed value is 5 BTC then the fidelity bond value is ~ 8.1. If instead you sacrificed 6 BTC the value is ~ 10.3. The point of this is to create an incentive for makers to lump all their coins into just one bot rather than spreading it over many bots. It makes a sybil attack much more expensive.interest_rate
, which is configurable in the config file with the optioninterest_rate
. By default it is 1.5% per annum and because of tyranny-of-the-default takers are unlikely to change it. This value is probably not too far from the "real" interest rate, and the system still works fine even if the real rate is something like 3% or 0.1%.2.03e+85
(~ 2 followed by 85 zeros). This does not happen because the sacrificed value is capped at the value of the burned coins. So in this example the fidelity bond value would be just ~ 4.17. This feature is not included in the above simplified equation.Can maker use multiple timelocked addresses or UTXO?
Alternatively: Can I add more bitcoins to a fidelity bond that already exists?
No. Creating a new transaction which sends more bitcoins to a timelocked address will not add to the existing fidelity bond, but instead create a new one. The two fidelity bonds will not be combined. A maker only announces a single fidelity bond transaction UTXO, and it choses the most valuable one.
As a maker, you are generally stuck with the fidelity bond you create until it expires. You can still create a new fidelity bond and use that instead, but the old one will be unused. If you want to increase the value of a fidelity bond the best way to do that is to wait until it expires and then spend from the timelocked address combining with extra UTXOs you want to add, into a new timelocked address.
This is one reason why a maker who creates a fidelity bond for the first time should only lock up coins for a relatively short time, so that they can try out the whole thing, and don't have to wait too long before they add more coins.
Fidelity bonds in cold storage
To allow for holding fidelity bonds in cold storage, there is an intermediate keypair called the certificate.
Where the endpoint might be a IRC nickname or Tor onion hostname. The certificate keypair can be kept online and used to prove ownership of the fidelity bond. Even if the hot wallet private keys are stolen, the coins in the timelocked address will still be safe, although the thief will be able to impersonate the fidelity bond until the expiry.
Beta Was this translation helpful? Give feedback.
All reactions