$ IssuerContract Host #1

Alice

StockIssuer

Bob

OptionsIssuer

The Electronic RightsTransfer Protocol

Mark S. MillerOpen Source Coordinator, ERights.org

CTO, Combex Inc.PhD. student, Johns Hopkins University

Talk Overview

● Our rights-handling systems are badly broken.Failures of layering and composition

● What should a solution look like?Decentralized networks of contracts-as-games

● What are adequate building blocks?CapTP: Distributed cryptographic capabilities

● Capabilities vs. trade of erightsexclusive, bilateral, 3rd party assayable, fungible

Layering Failure

Expedia Custom ACLs --disconnect-- Unix or NT ACLs

The “single sign-on problem”is just a symptom

Composition Failure

vs.

Smart Contracts

Contract as Program CodeTerms partially enforced by program’s

execution

Inescapable arrangement vs. punishment.

Contract host == trusted escrow & enforcerVending machine example

Nick Szabo’s http://szabo.best.vwh.net/

Lessig’s “Code and other Laws of Cyberspace”

Our “Capability-based Financial Instruments” at FC’00,and “The Digital Path” at Austrian Perspectives on.. 2001.

Contracts as Board Games

Players make moves, but only “legal” onesMove changes state of board

Board-state determines move “legality”

ERights are “pieces” placed on boardGame escrows pieces,

Pieces/ERights released only by play

A Simple Exchange Game

Separation of Duties

Contract Host

$ Issuer

Alice

Stock Issuer

Bob

The Game Design Game

Contract Negotiation as Game Design

Framework as the Game of Game Design

Design rules for game all are willing to play

Write “board manager” for that game

Agree on a mutually trusted host

Pay host to run the board manager

Host verifies everyone agreed on same game

A Covered Call Option

Contract CompositionCreates Virtual Property

$ IssuerContract Host #1

Alice

StockIssuer

Bob

Fred

$ Issuer

OptionsIssuer

Contract Host #2

What Are Object-Capabilities?

●By Introduction•ref to Carol•ref to Bob

•decides to share●By Parenthood●By Construction●By Initial Conditions

● Absolute Encapsulation● Only source of authority

Alice says: bob.foo(carol)

CapTP: Capability Transport Protocol

Capability

Object

Message

Vat

Process /Machine

Solving BothImpostor Problems

A false Carol doesn't knowthe Vat private key.

A false Bob doesn't knowthe SwissNumber.

From Capabilities to trading erights

● Shared● One-way asynch● Opaque● Specific

● Often exclusive● 2-way all-or-nothing● 3rd party assayable● Often fungible

Alice

Bob

Alice

Bob

Carol

Distributed Cap Example: Moneydef makeMint(name :String) :any { def [sealer, unsealer] := makeBrandPair(name) def mint { to makePurse(var balance :(int >= 0)) :any { def decr(amount :(0..balance)) { balance -= amount } def purse { to getBalance() :int { balance } to sprout() :any { mint.makePurse(0) } to getDecr() :any { sealer.seal(decr) } to deposit(amount :int, src) { unsealer.unseal(src.getDecr())(amount) balance += amount } } } }}

Almost erights,but not 3rd party assayable.

interface Issuer { to vouchForAssay(candidate :Assay) :Assay to makeEmptyPurse() :Purse # subtypes will usually provide a # to makeAssay(description...) :Assay}

interface Assay { to transfer(src :Purse, dest :Purse) # subtypes will usually provide some form of # to getDescription() :...}

interface Purse {}

The Essential ERTP

Mutual Acceptability by “Equality”Contract Host says:def issuerB := E.join(bAccordingToAlice, bAccordingToBob)

Mutual Acceptability by “Equality”Contract Host says:def issuerB := E.join(bAccordingToAlice, bAccordingToBob)

Putting a Piece on the Board

Bob says:host.place(argPurse, argAssay)

Putting a Piece on the BoardContract Host says:def assayB := issuerB.vouchForAssay(argAssay)purseB := issuerB.makeEmptyPurse()assayB.transfer(argPurse, purseB)

Putting a Piece on the Board

Alice asks “What's that piece?”Contract Host responds: assayB

ERTP Summary

● Intermediaries manipulate erights they don't understand• No prior knowledge or trust in Issuers• Exclusive? Fungible? Perishable? Blinded Transfer?

The Contract Host Needn't Care

● 3rd party assayability enables mutual acceptability to Alice and Bob, who care about these specifics.

Conclusions

● ERTP is but one example of the power of Object-Capability protocol design.

● Patterns of Cooperation Without Vulnerability

● Field is wide open with fresh opportunities.

The Analog Analogy

Messy Analog

Analog circuit design is hard

Abstraction Funnel

Messy Computer Hardware

Unlimited need fornew logic

Abstraction FunnelsExample: digital logic as a simple, highly

reusable set of analog circuit designs

● Preserves source of much poweruniversality, parallelism

● Abstracts away distracting featuresAC analysis, sine waves, complex numbers, ...

● In-model causality only on provided pathsunidirectional bit-wires

● Composability; signal interoperabilityA bit from an ALU is good as a bit to a register

Why CapTP?

Messy Crypto

Crypto protocol design is hard

Crypto Object-Capabilities

Messy Commerce

Unlimited need fornew contracts

A Simple, Highly ReusableCrypto Protocol: CapTP

● Preserves source of much powerCooperation without vulnerability

● Abstracts away distracting featuresCryptographic protocol design

● In-model causality only on provided pathsEncapsulation, message passing

● Composability; signal interoperabilityMessage passing, polymorphism

Other Capability Paradigms

“Capability Myths Demolished” Equivalence? Revocability? Confinement?

http://zesty.ca/capmyths/usenix.pdf

Capabilities as Rows Capabilities as Keys/Tickets