Presenting Bitcoin Cash — Semi-centralized, Bitcoin-pegged, Scalable, Instant, Anonymous Electronic Cash System
Abstract. A semi-centralized version of electronic cash would allow online Bitcoin payments to be sent from one party to another instantly, anonymously and free of charge without the permission of the backing financial institution. Chaumian e-cash provides part of the solution, but the main benefits are lost if a trusted third party is, that is required to prevent double-spending is not accountable. Our smaller contribution in this paper we propose an improvement to the accountability problem using a semi-centralized system. The system accepts Bitcoin deposits and withdrawals, similarly to custodial Bitcoin wallets. Contrary to these systems the backbone of the Bitcoin Cash wallet, in short b-cash wallet backbone is required to expose its master public key to the public. Therefore anyone can see the activity of this watch-only wallet on the Bitcoin Blockchain. Furthermore anyone who deposits and withdraws can independently verify the addresses are derived from the seed extended public key. Properly utilizing the accountability of the Bitcoin network is a major improvement to the accountability of centralized systems, however it is not a complete solution. The b-cash wallet backbone can still inflate the money supply, however it has less leg room for that. This improvement on Chaumian e-cash is not the main innovation of b-cash. From another point of view, b-cash is a second layer Bitcoin scaling solution, that has a side effect of enabling instant, anonymous transactions within its system for free of charge. The anonymity properties of Bitcoin Cash is orders of magnitude stronger, than the anonymity any decentralized or peer to peer network can hope to achieve. Thus the internal b-cash transactions cannot be prevented by the central issuer, since the central issuer is a blindly signing entity, it does not hold any information on the transaction, other than the fact that a transaction happened at a given time with a given value.
Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties and peer-to-peer cryptocurrencies to process electronic payments. While the both systems are satisfying different needs and together they work well enough for most transactions, they still suffer from the inherent weaknesses of the trust based models and blockchains. Completely non-reversible transactions are only possible for high transaction costs, due to inherent design problems of open, permissionless, peer-to peer blockchains. On the other hand, financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for nonreversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party.
What is needed is an electronic payment system, that brings the best of both Worlds, with minimal compromises, allowing any two willing parties to transact directly with each other without the need for a trusted third party. While other second layer scaling solution had been proposed, such as Lightning Network, they are complex and need time to be implemented and to mature. With Chaumian Bitcoin Cash, these financial institutions are also incapable of mediating disputes, because of the lack of transaction information they know about.
Unlike the Lightning Network, Chaumian b-cash can be abused by fractional reserve, but it is orders of magnitude less complex and orders of magnitude more fungible.
We define an electronic coin as a digital serial number. Every one of these serial numbers represent 0.0001 bitcoin, otherwise known as 1 finney. Introducing multiple denominations are possible. Each owner transfers the coin to the next by sending some of his serial numbers to the payee.
The problem of course is the payee can’t verify that one of the owners did not double-spend the coin. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be double-spent. The problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank. In Chaumian b-cash, we improve upon this scheme, by utilizing blind signing. With this, the payee can make the central issuer to reissue the coins to him anonymously.
3. Blind Signing Server
The solution Chaumian e-cash proposes begins with a blind signing server. A blind signing server works by taking, newly generated, blinded serial numbers to be signed and the old, already signed serial numbers to be invalidated. The server verifies that the old serial numbers are valid, if they are, it signs the new, blinded serial numbers, marks the old ones used and responds to the client with the signatures. At last, these signatures are unblinded by the client and verified that they are properly signed.
4. Accountability And Decentralizing the Servers
Deposits and withdrawals to the system happens on the Bitcoin network. The server must publish a master public key to provide complete transparency about its Bitcoin transactions and Bitcoin holdings.
N people who are independent and widely considered trustworthy come together to create a multisig address. You need 80% (or whatever) of the N people to agree in order to send money secured by the multisig address. This multisig group is called “the bank”, though it ideally should not actually be a single monolithic organization, but rather a more decentralized selection of independent entities.
Furthermore the server should make public every internal transaction it knows about. In this case, if the server tries to print more money, it would not go unnoticed.
The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. In Bitcoin the necessity to announce all transactions publicly precludes this method, but a form of privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. Since the invention of Bitcoin, we learned this pseudonymity is fragile. Bitcoin Cash improves upon both Bitcoin and the traditional privacy model. b-cash gets as close as it is possible digitally to the privacy model of physical cash.
The third party, while it is not completely untrusted, it is less trusted than traditionally third parties are. Transactions happening within the b-cash network are semi-peer to peer. First b-cash users must exchange information with each other, then the payee must invalidate the payer’s coins with the help of a third party in a privacy preserving way.
Because the server does not have any meta information about the transaction, the server cannot prevent or reverse transactions. The server does not know what serial numbers it signed, because it signed it blindly, therefore it does not know what serial numbers it has to withdraw from circulation in case of for example government intervention.
We have proposed a system for electronic transactions that minimalizes trust. We started with the usual framework of coins made from digital serial numbers, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, centralized server to record a public history of transactions and a peer to peer network that exchanges value with each other, with anonymous help of the server. The network is robust in its unstructured simplicity. Transactions are instant and free. The fungibility properties this system achieves is better than any purely decentralized cryptocurrency can hope for. The server is more accountable, it has considerably less leg room to print money, than traditional financial institutions. Chaumian b-cash’s strong fungibility guarantees irreversible payments.