[go: up one dir, main page]

WO2019241287A1 - Apparatus and method for assuring performance attributes of a digital asset - Google Patents

Apparatus and method for assuring performance attributes of a digital asset Download PDF

Info

Publication number
WO2019241287A1
WO2019241287A1 PCT/US2019/036605 US2019036605W WO2019241287A1 WO 2019241287 A1 WO2019241287 A1 WO 2019241287A1 US 2019036605 W US2019036605 W US 2019036605W WO 2019241287 A1 WO2019241287 A1 WO 2019241287A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital
expert
consideration
network connected
stakeholder
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2019/036605
Other languages
French (fr)
Inventor
Richard Ma
Steven Stewart
Jan Joseph Bogacki GORZNY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Quantstamp Inc
Original Assignee
Quantstamp Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Quantstamp Inc filed Critical Quantstamp Inc
Publication of WO2019241287A1 publication Critical patent/WO2019241287A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Definitions

  • This invention relates generally to communications in computer networks. More particularly, this invention is directed to assuring performance attributes of a digital asset. BACKGROUND OF THE INVENTION
  • Digital assets are manifested in a variety of forms, such as executable code and a computerized transaction structure that executes the terms of a contract, sometimes referred to as a smart contract.
  • the performance attributes of a digital asset are of great concern to the publisher of the digital asset and various third-parties that may have an interest in the digital asset. It is known to use experts for manual audits and code inspections. Unfortunately, this prior art approach is not scalable and is completely centralized.
  • a computer implemented method includes maintaining at a first network connected server a record of a group of stakeholders with an interest in the performance attributes of a digital asset. Maintaining includes collecting stakeholder digital consideration from the group of stakeholders.
  • a second network connected server stores a list of experts on the performance attributes of digital assets.
  • a first endorsement of the performance attributes of a digital asset and expert digital consideration are received at the first network connected server from a network connected expert client machine.
  • a second endorsement of the performance attributes of the digital asset and non-expert digital consideration are received at the first network connected server from a network connected non-expert client machine.
  • the first network connected server periodically distributes stakeholder digital consideration increments of the stakeholder digital consideration to the network connected expert client machine and the network connected non-expert client machine.
  • the expert digital consideration and the non-expert digital consideration are distributed to the stakeholders in the event that the endorsements of the performance attributes of the digital asset do not match defined criteria. Distributing is initiated by the first network connected server utilizing the network to distribute to network connected stakeholder client machines.
  • FIGURE 1 illustrates a system configured in accordance with an embodiment of the invention.
  • FIGURE 2 illustrates a protocol violation associated with an embodiment of the invention.
  • FIGURE 3 illustrates successful execution of a protocol associated with an embodiment of the invention.
  • FIGURE 4 illustrates a protocol violation associated with an embodiment of the invention.
  • FIGURE 5 illustrates a matrix for a protocol without a minimum stake requirement.
  • Figure 1 illustrates a system 100 configured in accordance with an embodiment of the invention.
  • the system includes a set of client devices 102 1 through 102_N in
  • Network 106 may be any combination of wired and wireless networks.
  • Each client device 102 may be a computer, tablet, smart phone and the like.
  • a processor (e.g. central processing unit) 110 is connected to input/output devices 112 via a bus 114.
  • the input/output devices 112 may include a keyboard, mouse, touch display and the like.
  • a network interface circuit 116 is also connected to the bus 114 to provide connectivity to network 106.
  • a memory 120 is also connected to the bus 114.
  • the memory 120 stores instructions (e.g., client module 122) executed by the processor 110 to implement client side operations disclosed herein.
  • the client machines 102 may be associated with experts and non-experts, terms that are described below. As such, they may be referred to as a network connected expert client machine or a network connected non-expert client machine.
  • the client machines 102 may also be associated with stakeholders, as described below. As such, they may be referred to as stakeholder client machines.
  • Each server 104 (e.g., 104 1) includes a processor 130, input/output devices 132, bus 134 and a network interface circuit 136.
  • a memory 140 is connected to bus 134.
  • the memory stores a digital asset performance attributes assurance module 142, which includes instructions executed by processor 130 to implement operations disclosed herein.
  • the module 142 is part of a distributed computer system that implements the operations of maintaining a record of a group of stakeholders with an interest in the performance attributes of a digital asset.
  • the performance attributes are machine
  • interpretable requirements such as security measures.
  • Maintaining a record of a group of stakeholders includes collecting stakeholder digital consideration from the group of stakeholders.
  • a second network connected server 148 stores a list of experts on the performance attributes of digital assets.
  • a first endorsement of the performance attributes of a digital asset and expert digital consideration are received by module 142 from a network connected expert client machine.
  • a second endorsement of the performance attributes of the digital asset and non-expert digital consideration are received at module 142 from a network connected non-expert client machine.
  • the module 142 periodically distributes stakeholder digital consideration increments of the stakeholder digital consideration to the network connected expert client machine and the network connected non-expert client machine.
  • the expert digital consideration and the non-expert digital consideration are distributed to the stakeholders in the event that the endorsements of the performance attributes of the digital asset do not match defined criteria.
  • Server 148 includes a processor 150, input/output devices 152, a bus 154 and a network interface circuit 156.
  • a memory 160 is also connected to the bus 154.
  • the memory 160 stores instructions executed by processor 150 to implement an expert Token Curated Registry (TCR) 162, the details of which are discussed below.
  • TCR Token Curated Registry
  • a precise notion of expertise is hard to define, but expertise is often determined by experience and reputation.
  • an expert is a professional security auditor, whereas a non-expert is someone who may be familiar with security concerns but is untrusted, unknown, inexperienced, or simply a speculator. According to this definition, non-experts may still be able to contribute to digital asset security in the right setting.
  • a decentralized ecosystem there may be users other than the digital asset owner who are willing to pay for the financial protection of the digital asset. These participants, along with the digital asset owner, are referred to as stakeholders. There is no need to prohibit these actors from participating in the security of the digital asset.
  • a shareholder in a company that sells computer programs may have an interest in assuring that published computer programs are bug free to avoid damage to company reputation and share price.
  • any number of entities may have an interest in the performance of that digital asset.
  • the disclosed protocol enables a form of security that is complementary to the traditional security provided by code inspections, testing, and formal methods. Moreover, the protocol decreases the need for security experts as well-funded non-experts may suffice to assure digital asset performance attributes, such as security vulnerabilities.
  • the protocol develops security expertise by enabling non-experts to observe and possibly determine an expert’s motivation for staking (or not-staking) contracts. It also enables and incentivizes both experts and non-experts to participate in the digital asset ecosystem.
  • a digital asset is correct by staking digital consideration, such as a digital currency, a digital resource (e.g., memory, processor cycles), etc.
  • digital consideration is called a stake.
  • Each stakeholder wishes to have a minimum amount staked as digital consideration.
  • Each stake is associated with one stakeholder.
  • each stakeholder can claim digital consideration of the users who assured the performance of the digital asset.
  • these users regularly receive digital consideration as long as the digital asset meets performance attributes.
  • the performance attributes of executable code may be a scaling attribute, a security attribute and the like.
  • the performance attribute of a smart contract may be that its balance is correct.
  • the stakes, and a deposit of fees to be paid by the stakeholders to the stakers, are held in escrow in accordance with the protocol.
  • expert stakers earn a higher return than non-expert stakers.
  • this protocol is roughly analogous to insurance.
  • the stakers are underwriters of the contract security.
  • this analogy is not perfect: in this model, there is no actuary model which underwriters (stakers) are following.
  • stakers are free to stake as much or as little as they wish, based on their opinion of the digital asset, or the stakes of more expert stakers.
  • the protocol leverages the automated evaluation of digital, contrary to the manual claim approval of traditional insurance agencies. Users may wish to develop their own actuary models, but this is not expected or required.
  • stakeholders are free to set the conditions of the policy, which is often not the case in centralized insurance settings.
  • a stakeholder may request collateral which exceeds the value of the digital asset to which the stakeholder has an interest. This is acceptable provided that they are paying sufficiently high fees, the market will dictate whether or not stakers find the risk acceptable. If the digital asset is seen as secure, the collateral will never be forfeited by the stakers, and there is no reason to limit the size of funds they wish to stake. The size of the stakes on a digital asset may indicate the community’s confidence in the security of the digital asset. In the event that an insecure digital asset misbehaves, the stakeholder claims the entirety of their stakes, even if that is worth more than the funds that were compromised.
  • Stakers may wish to take care not to stake more than is appropriate, in order to prevent hard-to-fmd back-doors in the digital asset to be exploited, resulting in a large profit for the stakeholder, or to do their due diligence in checking the security of the digital asset in the first place.
  • the stakeholder may also submit a policy that they can change over time, and in this case it is the
  • this protocol is roughly analogous to banking.
  • a staker deposits a sum (their collateral) into the protocol contract, and earns a portion of fees paid by the contract stakeholder.
  • the protocol is not exactly the same as a bank account: the amount earned is not a fixed percentage, and is relative to the size of a staker’ s contribution to the total funds staked (i.e., the total size of funds held by the bank in the analogy), and there is no guarantee that the funds are safe.
  • the staker can view the protocol as a bank whose security they are free to assess, and store funds only if they deem the bank is secure. If the funds are lost because the protocol deems that the relevant digital asset misbehaves, there is no way to recover the staker’ s funds: it will automatically be transferred to the stakeholder.
  • QSPb The protocol is referred to as the QSPb protocol.
  • QSPb encourages further adoption of digital assets by providing an additional level of economic security. As people are willing to pay for insurance, it is believed that people will pay to secure their digital assets.
  • Participants in the QSPb protocol can be of two types: stakeholders (who include the digital asset owner, if in existance), and stakers. Recall that stakeholders are participants who are willing to pay to ensure the contract’s funds are not stolen. Stakers are participants with funds available who are willing to stake collateral against the security of a smart contract; they can be experts or non-experts. A list of experts may be maintained via a Token Curated Registry. A TCR is used to vote in community members as security experts. Perhaps not on the TCR is a non-expert.
  • the protocol is designed to be implemented in a smart contract which accepts the addresses of other smart contracts.
  • a smart contract Contract with owner Owner is submitted to QSPb.
  • the address of Contract may be submitted by Owner , who is seeking financial assurance that their contract’s funds are secure, or by another stakeholder. In fact, there is no distinction between the contract owner and another arbitrary stakeholder.
  • Whoever submits the address of Contract to QSPb outlines (formally) a set of rules indicating their definition of misbehavior, e.g, the balance of Contract is withdrawn by an address which is not specified somewhere in the contract.
  • Stakers who may include non-experts, contribute to pools of funds that are available to the stakeholder if the protocol detects that the Contract has misbehaved. While the protocol deems the submitted contract is secure, stakers are periodically paid by the stakeholder who
  • the funds in the staked pool are sent to the stakeholder if the protocol detects misbehavior.
  • the QSPb smart contract can automatically rule if the contract misbehaved. QSPb will check this at the time the protocol checks if a periodic payment is due to take place. Additional pools of funds may be collected for each stakeholder who is willing to pay stakers.
  • Each stakeholder, along with the digital asset owner indicates a separate minimum amount of assurance required for their pool. For example, suppose that a digital asset Wallet is expected to hold 20,000 QSP digital currency, which may be accessible by many users. A stakeholder Alice may determine that she wishes to be compensated with 30,000 QSP in the event that these funds are stolen, as she thinks it will be costly to transition to a new smart contract if her funds in Wallet are lost. On the other hand, a stakeholder Bob may only have 3,000 QSP in the Wallet , and therefore only request a pool worth at least 3,000 QSP. It is expected that Bob will pay a smaller rate compared to Alice.
  • the protocol allows non-experts, who either genuinely believe the contract to be secure, or are merely guessing that it is, to stake funds.
  • the protocol does not assign or calculate odds, and bets are not placed (and fixed). If participants are assumed to be rational actors, then collateral will only be placed on secure contracts with fixed policies.
  • QSPb does not require wealthy individuals to stake collateral. Many small stakers can make up the staking pool.
  • the protocol is complementary to the idea that digital assets can be automatically verified. Automatic verification is not able to capture all aspects of digital asset execution - if this was the case, manual audits would never be necessary. Many automated tools require additional formal specifications from digital asset writers, and therefore put an additional burden on digital asset writers, who may not be experts in these tools or their languages. Automatic verification often results in false positives, which require manual review in order to determine if they are true positives.
  • the successful adoption of this protocol slows the velocity of the digital currency staked.
  • the velocity of the currency refers to how fast the currency“passes from one holder to the next”.
  • a token s velocity is inversely proportional to the value of the token; often-traded, rarely-kept tokens are therefore worth less than those which are held for longer.
  • a token s velocity affects its future value.
  • the QSPb protocol slows the velocity of the tokens used as collateral as it temporarily locks up these funds. QSPb does not affect the total supply: staked tokens are either returned or paid out; never destroyed.
  • the use of a TCR enables further token utility as it is required for interactions governing this list.
  • a requirement that submitted digital assets are also subjected to an automated security check also increases the utility of the security network token (i.e., QSP).
  • QSP security network token
  • the report will be published so that stakers can determine for themselves if the concerns are warranted.
  • This requirement helps to prevent digital assets with obvious back-doors being submitted, increasing the trust of the network by reducing possible cases of malicious behavior.
  • QSPb is deployed on the blockchain and may be open sourced; therefore it may be possible to clone the protocol. Strong network effects will make the successful deployment of this protocol useful for new digital asset developers and increase the difficulty of copying the protocol.
  • QSPb does not guarantee the absence of issues in the contracts that are submitted to it. There is a risk involved in staking funds and stakers must take care to ensure that they are comfortable with this risk, and digital asset owners believe that the cost is worthwhile.
  • the protocol may not need to restrict the definition of an attack to the simple one assumed above.
  • a definition of an attack, or unintended behavior of a digital asset may be defined and published by the stakeholder. This definition could be in some standard, machine verifiable language, or simply in plain language that allows a panel of (human) judges to determine if the attack has occurred. This may mean that an attack may not conform to a standard,“moral” definition of an attack: a rule may say that if the owner withdraws all funds, that is undesirable - even though this may not be seen to be an attack by others. Provided the rules are published externally to the stakers, it is up to them to determine if they wish to fund the staking pool.
  • the disclosed protocol resolves the problem of scalable verification.
  • This protocol provides a solution by providing a marketplace that will allow anyone to stake collateral. If participants are rational, such collateral is validation that an audit process has taken place and no errors are found.
  • QSPb is a complementary protocol to automated mechanical checks which can scale with the market while mitigating the risk of false positives by providing financial compensation in the event a contract is exploited.
  • Participants in this protocol may be of three types.
  • the two primary types are:
  • a staker may be of two subtypes:
  • Non-Expert Staker a staker who is not on the TCR for this protocol.
  • Non-experts may be security experts who are new to this protocol or otherwise untrusted.
  • an expert staker may not be a security expert, but the use of a TCR greatly decreases this risk and increases the costs of impersonating an expert.
  • Stakeholders are not necessarily directly connected to, or working with, the contract owner, but may have an interest in the continued success of the contract.
  • the operators of a service may wish to protect a contract’s account balance, but users may also desire the continued existence of the service, and may wish to receive some funds to compensate for inconvenience caused by its failure (e.g ., the cost of transferring to a new service).
  • a digital asset owner may not be clear, and users may wish to pay for the security of the service’s up time in lieu of an owner guaranteeing its security.
  • the stakers need not contribute to a single pool; they may split their funds to multiple pools associated with multiple stakeholders. The stakers are free to choose the pools which pay the most in order to maximize their return. An individual staker can contribute any amount of funds to any pool.
  • the initial governance will be in the form of deploying the QSBb smart contract with fixed addresses that point to the TCR to be used and the QSP main network for automated audits.
  • This actor may be a corporate entity or decentralized organizations. Such an actor may also be responsible for bootstrapping, e.g., populating the initial list of experts on the TCR.
  • TCR Token Curated Registry
  • TCR membership is desirable.
  • expert stakes are weighted more heavily than those of non-experts. This is to encourage the participation of experts and reward their time for manually inspecting an audit. Additionally, the stake of the first experts to stake are weighted even more heavily, as they are most likely to have actually performed an inspection, as opposed to experts who may simply follow other experts. If multiple experts stake the security of the same smart contract, each subsequent expert who stakes a value is weighted less than those experts who staked before them, but at least as much as a non-expert staking the same amount would be weighted. There may be multiple “first” expert stakers.
  • the protocol is initialized as follows:
  • the protocol owner establishes a TCR which will be used to classify expert stakers.
  • the protocol owner determines the address of an automated auditing platform that accepts a digital currency, say, Q.
  • Integers eh(C)0 and fh(C)0 which are respectively the bonuses for expert stakes and first-expert stakes;
  • ch(C) kh(C)ph(C) (where kh(C) is some natural number) which is the number of blocks that funds must be staked for;
  • the digital asset C is sent to the controlling network, and a report is published.
  • the report is not post-processed by any security expert; false positives may remain.
  • the ith staker can stake V(Si) for contract C by sending (V(Si, h), h, C) where h indicates the stakeholder to which they wish to stake funds, to QSPb.
  • the bonus factors (l+eh(C))i and (l+fh(C)) are applied if, at the time funds were staked, the address staking the funds is on the TCR. That is, if the expert is no longer deemed an expert, they are still treated as one for the purpose of this contract.
  • FIG. 2-4 An example use of the protocol for some digital asset C is depicted in Figures 2-4.
  • O is the owner; there is no differentiating experts and non-experts.
  • Figure 2 shows the protocol in the event that a staker backs out successfully
  • Figure 3 shows the protocol in the event that a staker attempts to back out too close to the attack.
  • Figure 4 shows the protocol in the event that a stakeholder wishes for more security. Additional stakers eventually arrive to provide the assurance required to the stakeholder.
  • a staker may wish to stake more than the minimum requested by the stakeholder. This may encourage the stakeholder to increase their periodic payouts, but stakeholders are under no obligation to do this.
  • One reason to enable arbitrarily large staking pools and an arbitrarily large set of stakers is to encourage the liveness of the protocol and enable non-experts to participate, which may increase the available security expertise. Even if an arbitrarily large amount of stakers have staked funds, a stakeholder never pays more than the amount they wish to, as each staker earns a fraction of this fee proportional to the amount of funds that they have staked.
  • An initial deposit is required from stakeholders. This is required in order to prevent a malicious party from posing as a stakeholder promising a large periodic payout. This may attract many stakers, resulting in the funding of this pool instead of others. A deposit ensures that these stakers are paid, so that these malicious parties do not scare away stakers. The size of the deposit is not set - it is up to the stakers to ensure they are comfortable with a small deposit - this may mean the pool is cancelled earlier than expected.
  • QSPb will be implemented in one smart contract, which will handle the stakes and fees of all contracts submitted by stakeholders.
  • the single smart contract enables the protocol to be released once, and exist in perpetuity without intervention from a controlling entity or others. It also means that users would not need to write their own pool contracts (though they may still write their own policy rules).
  • the QSPb protocol has a web interface (operated by the protocol owner) tracking the amount staked and the current return rate for submitted contracts.
  • a web interface may also provide a place to comment on automatically generated reports.
  • Alternative implementations could move the burden of advertising this information to contract stakeholders, or decentralize this service in some other manner.
  • the gas used to update the TCR and any values associated with a submitted contract are the responsibility of the appropriate party calling the functions on the QSPb protocol (or TCR) smart contract. For example, if a contract owner wishes to update their maximum payout amount per pay period, they are responsible for paying the gas to update the appropriate variable.
  • misbehavior may be contract specific, and is a significant challenge. Initially, the goal will be to implement such a definition in a small script that can be enforced by the QSPb smart contract.
  • Each pool may have its own rules defining misbehavior, and they will be public in order to ensure that stakers know the conditions of the pool. Race conditions are a concern when ordering of expert staking matters. For simplicity, the protocol will order experts who stake at the same block as being in the same position.
  • a contract owner may intentionally hide a back-door into a contract that is relatively hard to detect, offer to pay significant returns, and claim a self-inflicted breach shortly after being staked by a large value, therefore netting a significant return. This is mitigated in part by the requirement that contracts have“obvious” bugs reported, which may prevent some backdoors. This requirement is enforced by the requirement that an automated report be published for the contract. This attack is closely related to“classic insurance fraud”.
  • One way to mitigate this concern is to have a maximum pool size for each pool.
  • a maximum staking pool size may be desirable, but a limit that an individual can stake is not. This is because such a limit would discourage experts from staking large amounts: if they wish to stake more than any one staker can stake, they will need to split their stakes across multiple source addresses, or identities. It is not likely the case that all these identities will belong to the TCR, and therefore they will not receive the expert (or the first-expert) bonuses. For non-expert stakers, this is not a concern.
  • a variable return rate may result in a malicious attacker staking a large amount of wealth in order to drive the rate down to near zero for the other stakers. In turn, this may force legitimate stakers to withdraw their funds. After doing this, the attacker may withdraw all staked value and exploit a breach in the contract, causing the owner to be attacked without receiving any staked values. The success of this attack is unlikely, as it requires the high- value target contract to be attacked only after the stakers have staked their funds on the contract (i.e., inspected the contract), and no other attackers to exploit the issue prior to the withdrawal of the stakers.
  • the QSPb smart contract must be seen as secure.
  • One way to do this is to publish a report of a white-glove audit of the contract.
  • a minimum required staked value is necessary to ensure stability.
  • Figure 5 outlines the payout matrix of this protocol without a minimum required staking amount. Stakeholders are never incentivized to increase their periodic payouts if they are not guaranteed any security; in fact, they always prefer to pay as little as possible. Stakers are not collectively incentivized to stake large amounts given a particular payout without the periodic payout being a function of their staked value; that would yield inadequate protection for stakeholders or, increase risk without any added value to the stakers.
  • the following illustrates the first case.
  • a stakeholder promises to pay 10 units of digital currency every period regardless of the amount staked, two stakers could each stake 1 and receive 5 units each every pay period (for which the attack is secure, ignoring expert and first-expert bonuses).
  • the stakeholder is not getting the desired level of security even though they are paying.
  • this might lead to the stakeholder reducing their payments, which may result in the stakers withdrawing (part of) their stakes. This process may repeat until the stakeholder is too inconvenienced and ceases to use the system.
  • An example of the second case is as follows.
  • a stakeholder promises to pay 10 units of digital currency every period regardless of the amount staked
  • two stakers could each stake 100 units and receive 5 units each every pay period (for which the attack is secure, ignoring expert and first-expert bonuses).
  • each staker could alternatively have staked 50 units, and each would still have received the same amount (5 units) as a payout. Staking 50 units is less of a risk: in the case the contract is hacked, now each staker only loses 50 units instead of 100 units. Therefore, this situation is preferred.
  • the disclosed protocol can be applied to specific use cases where stakeholders may be particularly interested in getting a return in the event of misbehavior.
  • a relayer on the OxProtocol [12] operates a node that hosts an off-chain order book.
  • the OxProtocol must be adapted by decentralized applications.
  • the relayer may wish to pay for an increase in confidence that the contracts are secured, so that their relay node continues to be valuable.
  • DAICO Decentralized Autonomous Initial Coin Offering
  • token holders can vote on resolutions.
  • project stakeholders may have a particular vision in mind for the project, and may wish to acquire economic security that token holders will fulfil this vision.
  • the DAICO contract can be submitted to a generalized version of this protocol with the constraint that an“attack” is the unfavorable resolution of a particular vote, i.e., a hijacking of the direction of the project by its token holders, and a waste of the project developers’ time and resources, and a betrayal of any potential investors’ funds.
  • a payout of this protocol can be used to e.g., pay back the investors in the event that the community is unfaithful.
  • This protocol can be generalized or improved. There are several ways in which this protocol can be generalized or improved. There are minor improvements. A stakeholder may wish to provide several pay rates corresponding to different lengths of stakes, which would result in longer stakes earning a larger return. It may be possible to allow stakers to withdraw stakes subject to some conditions, or to allow stakeholders to vary payout rate dynamically while funds are staked.
  • the protocol need not target smart contract balances exclusively. It can be generalized to allow people to stake the security of arbitrary data that is accessible on the underlying blockchain. In this sense, stakers may be able to underwrite almost anything. In this sense, the protocol describes a decentralized full insurance model without explicit actuarial risk models.
  • A“bug-bounty” period can be implemented after smart contract submission but before stakers are able to submit their stakes. Such a period may increase the confidence of the stakers that they are staking funds on a secure contract.
  • the QSPb protocol contract could be updated to accept multiple staking currencies, so that stakers have the choice of staking whichever currency they are most comfortable using.
  • a contract may ultimately be published without any stakers staking its security. In the event that this system is widely adopted, this may mean that this contract is
  • Transitioning away from a centralized protocol owner may be desirable, and should be considered alongside other governance concerns.
  • a fully decentralized implementation may wish to separate itself from a company network or use a different currency. Staking pools may be enhanced so that contract owners can specify a whitelist of stakeholders to split their pot with. These stakeholders could be those who the contract owner has determined has a valid interest in the contract security without a need to compete for premium prices, just as the owner in the original scenario.
  • Some protocol owners may require at least one expert should be staked before non experts can stake an arbitrary contract. Feedback from users or monitoring the system will determine if this is the case for the disclosed implementation. However, this raises additional questions: What happens if an expert is elected, stakes a contract, and is removed from this list: does their stake get returned to them, are other (non-expert) stakes invalid? The answer may also depend on whether the expert voluntarily removed themselves from the TCR or if they were voted off.
  • An embodiment of the present invention relates to a computer storage product with a computer readable storage medium having computer code thereon for performing various computer-implemented operations.
  • the media and computer code may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well known and available to those having skill in the computer software arts.
  • Examples of computer-readable media include, but are not limited to: magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD-ROMs, DVDs and holographic devices; magneto-optical media; and hardware devices that are specially configured to store and execute program code, such as application-specific integrated circuits (“ASICs”), programmable logic devices (“PLDs”) and ROM and RAM devices.
  • Examples of computer code include machine code, such as produced by a compiler, and files containing higher-level code that are executed by a computer using an interpreter. For example, an embodiment of the invention may be implemented using JAVA®, C++, or other object-oriented
  • Another embodiment of the invention may be implemented in hardwired circuitry in place of, or in combination with, machine-executable software instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A computer implemented method includes maintaining at a first network connected server a record of a group of stakeholders with an interest in the performance attributes of a digital asset. Maintaining includes collecting stakeholder digital consideration from the group of stakeholders. A second network connected server stores a list of experts on the performance attributes of digital assets. A first endorsement of the performance attributes of a digital asset and expert digital consideration are received. A second endorsement of the performance attributes of the digital asset and non-expert digital consideration are received. The first network connected server periodically distributes stakeholder digital consideration increments of the stakeholder digital consideration to the network connected expert client machine and the network connected non-expert client machine.

Description

APPARATUS AND METHOD FOR ASSURING PERFORMANCE ATTRIBUTES
OF A DIGITAL ASSET
CROSS-REFERENCE TO RELATED APPLICATION This application claims priority to ET.S. Provisional Patent Application No.
62/685,135 filed June 14, 2018 and ET.S. Patent Application No. 16/262,515 filed January 30,
2019, the contents of which are incorporated herein by reference.
FIELD OF THE INVENTION
This invention relates generally to communications in computer networks. More particularly, this invention is directed to assuring performance attributes of a digital asset. BACKGROUND OF THE INVENTION
Digital assets are manifested in a variety of forms, such as executable code and a computerized transaction structure that executes the terms of a contract, sometimes referred to as a smart contract. The performance attributes of a digital asset are of great concern to the publisher of the digital asset and various third-parties that may have an interest in the digital asset. It is known to use experts for manual audits and code inspections. Unfortunately, this prior art approach is not scalable and is completely centralized.
Thus, there is a need to develop scalable and decentralized techniques to assure the performance attributes of a digital asset.
SUMMARY OF THE INVENTION
A computer implemented method includes maintaining at a first network connected server a record of a group of stakeholders with an interest in the performance attributes of a digital asset. Maintaining includes collecting stakeholder digital consideration from the group of stakeholders. A second network connected server stores a list of experts on the performance attributes of digital assets. A first endorsement of the performance attributes of a digital asset and expert digital consideration are received at the first network connected server from a network connected expert client machine. A second endorsement of the performance attributes of the digital asset and non-expert digital consideration are received at the first network connected server from a network connected non-expert client machine. The first network connected server periodically distributes stakeholder digital consideration increments of the stakeholder digital consideration to the network connected expert client machine and the network connected non-expert client machine. The expert digital consideration and the non-expert digital consideration are distributed to the stakeholders in the event that the endorsements of the performance attributes of the digital asset do not match defined criteria. Distributing is initiated by the first network connected server utilizing the network to distribute to network connected stakeholder client machines.
BRIEF DESCRIPTION OF THE FIGURES
The invention is more fully appreciated in connection with the following detailed description taken in conjunction with the accompanying drawings, in which:
FIGURE 1 illustrates a system configured in accordance with an embodiment of the invention.
FIGURE 2 illustrates a protocol violation associated with an embodiment of the invention.
FIGURE 3 illustrates successful execution of a protocol associated with an embodiment of the invention.
FIGURE 4 illustrates a protocol violation associated with an embodiment of the invention.
FIGURE 5 illustrates a matrix for a protocol without a minimum stake requirement.
Like reference numerals refer to corresponding parts throughout the several views of the drawings.
DETAILED DESCRIPTION OF THE INVENTION
Figure 1 illustrates a system 100 configured in accordance with an embodiment of the invention. The system includes a set of client devices 102 1 through 102_N in
communication with servers 104 _ 1 through 104_N via network 106. Network 106 may be any combination of wired and wireless networks.
Each client device 102 (e.g., 102 1) may be a computer, tablet, smart phone and the like. A processor (e.g. central processing unit) 110 is connected to input/output devices 112 via a bus 114. The input/output devices 112 may include a keyboard, mouse, touch display and the like. A network interface circuit 116 is also connected to the bus 114 to provide connectivity to network 106. A memory 120 is also connected to the bus 114. The memory 120 stores instructions (e.g., client module 122) executed by the processor 110 to implement client side operations disclosed herein. The client machines 102 may be associated with experts and non-experts, terms that are described below. As such, they may be referred to as a network connected expert client machine or a network connected non-expert client machine. The client machines 102 may also be associated with stakeholders, as described below. As such, they may be referred to as stakeholder client machines.
Each server 104 (e.g., 104 1) includes a processor 130, input/output devices 132, bus 134 and a network interface circuit 136. A memory 140 is connected to bus 134. The memory stores a digital asset performance attributes assurance module 142, which includes instructions executed by processor 130 to implement operations disclosed herein. In particular, the module 142 is part of a distributed computer system that implements the operations of maintaining a record of a group of stakeholders with an interest in the performance attributes of a digital asset. The performance attributes are machine
interpretable requirements, such as security measures.
Maintaining a record of a group of stakeholders includes collecting stakeholder digital consideration from the group of stakeholders. A second network connected server 148 stores a list of experts on the performance attributes of digital assets. A first endorsement of the performance attributes of a digital asset and expert digital consideration are received by module 142 from a network connected expert client machine. A second endorsement of the performance attributes of the digital asset and non-expert digital consideration are received at module 142 from a network connected non-expert client machine. The module 142 periodically distributes stakeholder digital consideration increments of the stakeholder digital consideration to the network connected expert client machine and the network connected non-expert client machine. The expert digital consideration and the non-expert digital consideration are distributed to the stakeholders in the event that the endorsements of the performance attributes of the digital asset do not match defined criteria.
Server 148 includes a processor 150, input/output devices 152, a bus 154 and a network interface circuit 156. A memory 160 is also connected to the bus 154. The memory 160 stores instructions executed by processor 150 to implement an expert Token Curated Registry (TCR) 162, the details of which are discussed below.
A precise notion of expertise is hard to define, but expertise is often determined by experience and reputation. Typically an expert is a professional security auditor, whereas a non-expert is someone who may be familiar with security concerns but is untrusted, unknown, inexperienced, or simply a speculator. According to this definition, non-experts may still be able to contribute to digital asset security in the right setting. Additionally, in a decentralized ecosystem, there may be users other than the digital asset owner who are willing to pay for the financial protection of the digital asset. These participants, along with the digital asset owner, are referred to as stakeholders. There is no need to prohibit these actors from participating in the security of the digital asset. For example, a shareholder in a company that sells computer programs may have an interest in assuring that published computer programs are bug free to avoid damage to company reputation and share price. In the case of a smart contract, any number of entities may have an interest in the performance of that digital asset.
The disclosed protocol enables a form of security that is complementary to the traditional security provided by code inspections, testing, and formal methods. Moreover, the protocol decreases the need for security experts as well-funded non-experts may suffice to assure digital asset performance attributes, such as security vulnerabilities. The protocol develops security expertise by enabling non-experts to observe and possibly determine an expert’s motivation for staking (or not-staking) contracts. It also enables and incentivizes both experts and non-experts to participate in the digital asset ecosystem.
In accordance with the protocol, anyone can claim that a digital asset is correct by staking digital consideration, such as a digital currency, a digital resource (e.g., memory, processor cycles), etc. Such digital consideration is called a stake. Each stakeholder wishes to have a minimum amount staked as digital consideration. Each stake is associated with one stakeholder. In the event that a digital asset does not match defined criteria, each stakeholder can claim digital consideration of the users who assured the performance of the digital asset. In exchange for their stake, these users regularly receive digital consideration as long as the digital asset meets performance attributes. The performance attributes of executable code may be a scaling attribute, a security attribute and the like. The performance attribute of a smart contract may be that its balance is correct. The stakes, and a deposit of fees to be paid by the stakeholders to the stakers, are held in escrow in accordance with the protocol.
In one embodiment, expert stakers earn a higher return than non-expert stakers. In a very broad sense, this is“Proof-of- Stake” for digital asset correctness: instead of staking that a block is correct, participants stake that a digital asset is secure.
From the point of view of a stakeholder, this protocol is roughly analogous to insurance. In this analogy, the stakers are underwriters of the contract security. However, this analogy is not perfect: in this model, there is no actuary model which underwriters (stakers) are following. Moreover, stakers are free to stake as much or as little as they wish, based on their opinion of the digital asset, or the stakes of more expert stakers. Furthermore, in this setting, the protocol leverages the automated evaluation of digital, contrary to the manual claim approval of traditional insurance agencies. Users may wish to develop their own actuary models, but this is not expected or required. Lastly, stakeholders are free to set the conditions of the policy, which is often not the case in centralized insurance settings.
A stakeholder may request collateral which exceeds the value of the digital asset to which the stakeholder has an interest. This is acceptable provided that they are paying sufficiently high fees, the market will dictate whether or not stakers find the risk acceptable. If the digital asset is seen as secure, the collateral will never be forfeited by the stakers, and there is no reason to limit the size of funds they wish to stake. The size of the stakes on a digital asset may indicate the community’s confidence in the security of the digital asset. In the event that an insecure digital asset misbehaves, the stakeholder claims the entirety of their stakes, even if that is worth more than the funds that were compromised. Stakers may wish to take care not to stake more than is appropriate, in order to prevent hard-to-fmd back-doors in the digital asset to be exploited, resulting in a large profit for the stakeholder, or to do their due diligence in checking the security of the digital asset in the first place. The stakeholder may also submit a policy that they can change over time, and in this case it is the
responsibility of the staker to ensure that those possible changes introduce an acceptable level of risk.
From the point of view of a staker, this protocol is roughly analogous to banking. A staker deposits a sum (their collateral) into the protocol contract, and earns a portion of fees paid by the contract stakeholder. The protocol is not exactly the same as a bank account: the amount earned is not a fixed percentage, and is relative to the size of a staker’ s contribution to the total funds staked (i.e., the total size of funds held by the bank in the analogy), and there is no guarantee that the funds are safe. In particular, the staker can view the protocol as a bank whose security they are free to assess, and store funds only if they deem the bank is secure. If the funds are lost because the protocol deems that the relevant digital asset misbehaves, there is no way to recover the staker’ s funds: it will automatically be transferred to the stakeholder.
The protocol is referred to as the QSPb protocol. QSPb encourages further adoption of digital assets by providing an additional level of economic security. As people are willing to pay for insurance, it is believed that people will pay to secure their digital assets.
Participants in the QSPb protocol can be of two types: stakeholders (who include the digital asset owner, if in existance), and stakers. Recall that stakeholders are participants who are willing to pay to ensure the contract’s funds are not stolen. Stakers are participants with funds available who are willing to stake collateral against the security of a smart contract; they can be experts or non-experts. A list of experts may be maintained via a Token Curated Registry. A TCR is used to vote in community members as security experts. Anyone not on the TCR is a non-expert.
In one embodiment, the protocol is designed to be implemented in a smart contract which accepts the addresses of other smart contracts. Suppose that a smart contract Contract with owner Owner is submitted to QSPb. The address of Contract may be submitted by Owner , who is seeking financial assurance that their contract’s funds are secure, or by another stakeholder. In fact, there is no distinction between the contract owner and another arbitrary stakeholder. Whoever submits the address of Contract to QSPb outlines (formally) a set of rules indicating their definition of misbehavior, e.g, the balance of Contract is withdrawn by an address which is not specified somewhere in the contract. Stakers, who may include non-experts, contribute to pools of funds that are available to the stakeholder if the protocol detects that the Contract has misbehaved. While the protocol deems the submitted contract is secure, stakers are periodically paid by the stakeholder who
initialized the pool to which the stakers have contributed. The funds in the staked pool are sent to the stakeholder if the protocol detects misbehavior. The QSPb smart contract can automatically rule if the contract misbehaved. QSPb will check this at the time the protocol checks if a periodic payment is due to take place. Additional pools of funds may be collected for each stakeholder who is willing to pay stakers.
Each stakeholder, along with the digital asset owner indicates a separate minimum amount of assurance required for their pool. For example, suppose that a digital asset Wallet is expected to hold 20,000 QSP digital currency, which may be accessible by many users. A stakeholder Alice may determine that she wishes to be compensated with 30,000 QSP in the event that these funds are stolen, as she thinks it will be costly to transition to a new smart contract if her funds in Wallet are lost. On the other hand, a stakeholder Bob may only have 3,000 QSP in the Wallet , and therefore only request a pool worth at least 3,000 QSP. It is expected that Bob will pay a smaller rate compared to Alice. If no stakers stake in either pool, it may be the case that Wallet is not secure; it may just be that neither Alice nor Bob are paying a high enough fee to warrant the risk of staking funds for this contract. Neither Alice nor Bob will pay any fees (or be eligible for any staked collateral) until their respective pool has at least the minimum amount of requested QSP in it.
In exchange for their stake, stakers are periodically paid. To continue the example above, if Alice wishes to have a payout of 30,000 QSP in the event the Wallet is hacked, she may pay 300 QSP every p blocks. This 300 QSP will be split amongst the stakers once at least 30,000 QSP is staked for Alice. Each staker is paid a portion of the 300 QSP
proportional to the proportion of the (at least) 30,000 QSP which is staked, subject to bonuses if they are an expert, or the first expert, to stake. This system favors the stakeholders, as stakeholders are guaranteed a minimum payout if enough collateral is available, whereas stakers are not guaranteed a minimum payout amount, even if the minimum amount of staked collateral is sufficiently high.
The protocol allows non-experts, who either genuinely believe the contract to be secure, or are merely guessing that it is, to stake funds. The protocol does not assign or calculate odds, and bets are not placed (and fixed). If participants are assumed to be rational actors, then collateral will only be placed on secure contracts with fixed policies. QSPb does not require wealthy individuals to stake collateral. Many small stakers can make up the staking pool.
The protocol is complementary to the idea that digital assets can be automatically verified. Automatic verification is not able to capture all aspects of digital asset execution - if this was the case, manual audits would never be necessary. Many automated tools require additional formal specifications from digital asset writers, and therefore put an additional burden on digital asset writers, who may not be experts in these tools or their languages. Automatic verification often results in false positives, which require manual review in order to determine if they are true positives.
The successful adoption of this protocol slows the velocity of the digital currency staked. The velocity of the currency refers to how fast the currency“passes from one holder to the next”. Informally, a token’s velocity is inversely proportional to the value of the token; often-traded, rarely-kept tokens are therefore worth less than those which are held for longer. A token’s velocity affects its future value. The QSPb protocol slows the velocity of the tokens used as collateral as it temporarily locks up these funds. QSPb does not affect the total supply: staked tokens are either returned or paid out; never destroyed. Moreover, the use of a TCR enables further token utility as it is required for interactions governing this list. A requirement that submitted digital assets are also subjected to an automated security check ( e.g ., through a computer network) also increases the utility of the security network token (i.e., QSP). As there may be false positives in such a report, the report will be published so that stakers can determine for themselves if the concerns are warranted. This requirement helps to prevent digital assets with obvious back-doors being submitted, increasing the trust of the network by reducing possible cases of malicious behavior. In one embodiment, QSPb is deployed on the blockchain and may be open sourced; therefore it may be possible to clone the protocol. Strong network effects will make the successful deployment of this protocol useful for new digital asset developers and increase the difficulty of copying the protocol.
QSPb does not guarantee the absence of issues in the contracts that are submitted to it. There is a risk involved in staking funds and stakers must take care to ensure that they are comfortable with this risk, and digital asset owners believe that the cost is worthwhile.
The protocol, developed in full generality, may not need to restrict the definition of an attack to the simple one assumed above. A definition of an attack, or unintended behavior of a digital asset may be defined and published by the stakeholder. This definition could be in some standard, machine verifiable language, or simply in plain language that allows a panel of (human) judges to determine if the attack has occurred. This may mean that an attack may not conform to a standard,“moral” definition of an attack: a rule may say that if the owner withdraws all funds, that is undesirable - even though this may not be seen to be an attack by others. Provided the rules are published externally to the stakers, it is up to them to determine if they wish to fund the staking pool.
The disclosed protocol resolves the problem of scalable verification. This protocol provides a solution by providing a marketplace that will allow anyone to stake collateral. If participants are rational, such collateral is validation that an audit process has taken place and no errors are found. Thus, QSPb is a complementary protocol to automated mechanical checks which can scale with the market while mitigating the risk of false positives by providing financial compensation in the event a contract is exploited.
Participants in this protocol may be of three types. The two primary types are:
• Stakeholders, which may be of two sub-types:
o Digital Asset Owners, who publish their digital asset code for inspection, and pay stakers a return on their stake and are the owner of the digital asset; and o General Stakeholders, who are interested in the security of a digital asset and pay the stakers a return on a new stake; and
• Stakers, who stake currency against the claim that a digital asset is flawed. A staker may be of two subtypes:
o Expert Staker, a staker who is on the TCR for this protocol; or
o Non-Expert Staker, a staker who is not on the TCR for this protocol. Non-experts may be security experts who are new to this protocol or otherwise untrusted. Similarly, an expert staker may not be a security expert, but the use of a TCR greatly decreases this risk and increases the costs of impersonating an expert.
Stakeholders are not necessarily directly connected to, or working with, the contract owner, but may have an interest in the continued success of the contract. The operators of a service may wish to protect a contract’s account balance, but users may also desire the continued existence of the service, and may wish to receive some funds to compensate for inconvenience caused by its failure ( e.g ., the cost of transferring to a new service). For a fully decentralized digital asset, a digital asset owner may not be clear, and users may wish to pay for the security of the service’s up time in lieu of an owner guaranteeing its security. The stakers need not contribute to a single pool; they may split their funds to multiple pools associated with multiple stakeholders. The stakers are free to choose the pools which pay the most in order to maximize their return. An individual staker can contribute any amount of funds to any pool.
Implicitly there is also a third actor, the Protocol Owner, who governs the smart contract in charge of managing payouts and accepting contract owners and stakes. The initial governance will be in the form of deploying the QSBb smart contract with fixed addresses that point to the TCR to be used and the QSP main network for automated audits. This actor may be a corporate entity or decentralized organizations. Such an actor may also be responsible for bootstrapping, e.g., populating the initial list of experts on the TCR.
Since some stakers are expected to be considered security experts, a method for their classification is important. A decentralized method for the classification of experts is the use of a Token Curated Registry (TCR). A TCR is a smart contract that keeps a short list of member addresses who are deemed to satisfy some property as determined by a voting community. Each TCR maintains a list of users who can be voted onto the list or voted off of the list by anyone with the token used to operate the TCR. A TCR using the QSP token can be deployed which tracks users as security experts.
TCR membership is desirable. When a stakeholder pays stakers, expert stakes are weighted more heavily than those of non-experts. This is to encourage the participation of experts and reward their time for manually inspecting an audit. Additionally, the stake of the first experts to stake are weighted even more heavily, as they are most likely to have actually performed an inspection, as opposed to experts who may simply follow other experts. If multiple experts stake the security of the same smart contract, each subsequent expert who stakes a value is weighted less than those experts who staked before them, but at least as much as a non-expert staking the same amount would be weighted. There may be multiple “first” expert stakers. All stakers who submit a stake in the same block are considered to be in the same position; therefore two expert stakers who submit at the same time may both become“first” stakers. This is to encourage the experts to spread their effort out to new contracts, which encourages the liveness of the system. As a side effect, it may also encourage the development of more rapid inspection techniques, but experts must take care to ensure the accuracy of these methods to avoid damaging their reputation and their removal from the TCR (in addition to the loss of any funds staked on insecure contracts). Conversely, non-experts are all paid without any bonus applied to the weight of their collateral.
In one embodiment, the protocol is initialized as follows:
1. The protocol owner establishes a TCR which will be used to classify expert stakers.
2. The protocol owner determines the address of an automated auditing platform that accepts a digital currency, say, Q.
After initialization, the protocol operates as follows:
1. A stakeholder h (it could be the case that h=owner in which case this is the owner, which is indicated by an owner field of the contract) submits
1. the address C of a contract to QSPb;
2. Integers eh(C)0 and fh(C)0, which are respectively the bonuses for expert stakes and first-expert stakes;
3. a natural number ph(C)l which is the payout period, in terms of blocks (a larger p will result in a longer delay before a payout after bad behavior);
4. a natural number ch(C)=kh(C)ph(C) (where kh(C) is some natural number) which is the number of blocks that funds must be staked for;
5. the maximum amount paid to stakers for each payout period mh(C)
6. a minimum amount required to be staked lh(C);
7. a staking timeout period th(C) (in terms of blocks);
8. an initial deposit of kh(C)mh(C) and
9. the requisite amount of QSP needed to audit the contract on the controlling network.
2. The digital asset C is sent to the controlling network, and a report is published. The report is not post-processed by any security expert; false positives may remain. 3. Until at least lh(C) is staked in a pool, the ith staker can stake V(Si) for contract C by sending (V(Si, h), h, C) where h indicates the stakeholder to which they wish to stake funds, to QSPb.
4. If, after the report for C is published, th(C) blocks pass without the pool collecting lh(C) funds, the pool is cancelled and the stakers may withdraw their funds.
5. Every p blocks after lh(C) is staked in the pool, provided that the protocol has not determined a breach of the contract C has taken place, stakers of a pool can claim their payout. In particular, for each pool h, each staker Si (for all i) is entitled to an additional
V(Si, h)[(l+eh(C))i [(l+fh(C))]]/Sum(P) x mh(C)
where (l+eh(C))i is applied to the numerator if the staker is the ith expert, fh(C) is also applied if the staker was the first expert to stake funds (i.e., i=l), and (P) =Y(Sl,h)(l+eh(C))(l+fh(C))+V(S2,h)(l+eh(C))2++V(S\E\,h)(l+eh(C))\E\
+ V(S\E\ +Jh)+ + V(S\E\ + \N\,h ). The bonus factors (l+eh(C))i and (l+fh(C)) are applied if, at the time funds were staked, the address staking the funds is on the TCR. That is, if the expert is no longer deemed an expert, they are still treated as one for the purpose of this contract.
6. If at any point, the QSPb protocol deems C to have been breached (by query from the stakeholder), stakeholders can claim the staked funds and unassigned deposit funds.
An example use of the protocol for some digital asset C is depicted in Figures 2-4. O is the owner; there is no differentiating experts and non-experts. Figure 2 shows the protocol in the event that a staker backs out successfully, while Figure 3 shows the protocol in the event that a staker attempts to back out too close to the attack. Figure 4 shows the protocol in the event that a stakeholder wishes for more security. Additional stakers eventually arrive to provide the assurance required to the stakeholder.
There is no maximum amount of stakers, nor is there a maximum amount that can be staked for a given pool. Therefore, a staker may wish to stake more than the minimum requested by the stakeholder. This may encourage the stakeholder to increase their periodic payouts, but stakeholders are under no obligation to do this. One reason to enable arbitrarily large staking pools and an arbitrarily large set of stakers is to encourage the liveness of the protocol and enable non-experts to participate, which may increase the available security expertise. Even if an arbitrarily large amount of stakers have staked funds, a stakeholder never pays more than the amount they wish to, as each staker earns a fraction of this fee proportional to the amount of funds that they have staked.
An initial deposit is required from stakeholders. This is required in order to prevent a malicious party from posing as a stakeholder promising a large periodic payout. This may attract many stakers, resulting in the funding of this pool instead of others. A deposit ensures that these stakers are paid, so that these malicious parties do not scare away stakers. The size of the deposit is not set - it is up to the stakers to ensure they are comfortable with a small deposit - this may mean the pool is cancelled earlier than expected.
One implementation of the TCR and the QSPb protocol will operate using QSP tokens. QSPb will be implemented in one smart contract, which will handle the stakes and fees of all contracts submitted by stakeholders. The single smart contract enables the protocol to be released once, and exist in perpetuity without intervention from a controlling entity or others. It also means that users would not need to write their own pool contracts (though they may still write their own policy rules).
In one embodiment, the QSPb protocol has a web interface (operated by the protocol owner) tracking the amount staked and the current return rate for submitted contracts. Such a web interface may also provide a place to comment on automatically generated reports. Alternative implementations could move the burden of advertising this information to contract stakeholders, or decentralize this service in some other manner.
The gas used to update the TCR and any values associated with a submitted contract, are the responsibility of the appropriate party calling the functions on the QSPb protocol (or TCR) smart contract. For example, if a contract owner wishes to update their maximum payout amount per pay period, they are responsible for paying the gas to update the appropriate variable.
Precisely defining what constitutes misbehavior may be contract specific, and is a significant challenge. Initially, the goal will be to implement such a definition in a small script that can be enforced by the QSPb smart contract. Each pool may have its own rules defining misbehavior, and they will be public in order to ensure that stakers know the conditions of the pool. Race conditions are a concern when ordering of expert staking matters. For simplicity, the protocol will order experts who stake at the same block as being in the same position.
A contract owner may intentionally hide a back-door into a contract that is relatively hard to detect, offer to pay significant returns, and claim a self-inflicted breach shortly after being staked by a large value, therefore netting a significant return. This is mitigated in part by the requirement that contracts have“obvious” bugs reported, which may prevent some backdoors. This requirement is enforced by the requirement that an automated report be published for the contract. This attack is closely related to“classic insurance fraud”.
However, it is less of a concern because the data is publicly available from the beginning, and is immutable. Ultimately, it is the responsibility of the stakers to avoid staking funds on contracts that are not secure.
One way to mitigate this concern is to have a maximum pool size for each pool.
A maximum staking pool size may be desirable, but a limit that an individual can stake is not. This is because such a limit would discourage experts from staking large amounts: if they wish to stake more than any one staker can stake, they will need to split their stakes across multiple source addresses, or identities. It is not likely the case that all these identities will belong to the TCR, and therefore they will not receive the expert (or the first-expert) bonuses. For non-expert stakers, this is not a concern.
If a contract is submitted alongside a rule which indicates misbehavior is something other than a theft of funds, creating a maximum pool size may be difficult to justify. In the event that a rule indicates misbehavior is financial loss, it is reasonable to set the limit to the maximum funds held by the contract in question; this is not possible for other behavior.
A variable return rate may result in a malicious attacker staking a large amount of wealth in order to drive the rate down to near zero for the other stakers. In turn, this may force legitimate stakers to withdraw their funds. After doing this, the attacker may withdraw all staked value and exploit a breach in the contract, causing the owner to be attacked without receiving any staked values. The success of this attack is unlikely, as it requires the high- value target contract to be attacked only after the stakers have staked their funds on the contract (i.e., inspected the contract), and no other attackers to exploit the issue prior to the withdrawal of the stakers. Moreover, as the value of the collateral increases, it becomes more and more expensive for an attacker to“buy-out” the majority of the pool, and some stakers, like the first-mover expert, may still be rewarded with a high enough multiplier to maintain their stake. Another way to mitigate this concern is to limit the size of a pool, but this introduces concerns discussed in the previous point.
This is mitigated in part by the prevention of new members joining an active pool, as it means this must be done all at once, reducing the possible number of other stakers aside from the malicious actors who want to stake.
The QSPb smart contract must be seen as secure. One way to do this is to publish a report of a white-glove audit of the contract. A minimum required staked value is necessary to ensure stability. Figure 5 outlines the payout matrix of this protocol without a minimum required staking amount. Stakeholders are never incentivized to increase their periodic payouts if they are not guaranteed any security; in fact, they always prefer to pay as little as possible. Stakers are not collectively incentivized to stake large amounts given a particular payout without the periodic payout being a function of their staked value; that would yield inadequate protection for stakeholders or, increase risk without any added value to the stakers.
The following illustrates the first case. Suppose that a stakeholder promises to pay 10 units of digital currency every period regardless of the amount staked, two stakers could each stake 1 and receive 5 units each every pay period (for which the attack is secure, ignoring expert and first-expert bonuses). In this way, the stakeholder is not getting the desired level of security even though they are paying. In turn, this might lead to the stakeholder reducing their payments, which may result in the stakers withdrawing (part of) their stakes. This process may repeat until the stakeholder is too inconvenienced and ceases to use the system.
An example of the second case is as follows. Suppose that a stakeholder promises to pay 10 units of digital currency every period regardless of the amount staked, two stakers could each stake 100 units and receive 5 units each every pay period (for which the attack is secure, ignoring expert and first-expert bonuses). However, each staker could alternatively have staked 50 units, and each would still have received the same amount (5 units) as a payout. Staking 50 units is less of a risk: in the case the contract is hacked, now each staker only loses 50 units instead of 100 units. Therefore, this situation is preferred. It may not be feasible for stakers to collude in order to enact this scenario - which is necessary, as otherwise the proportion of payouts to each individual staker would change - but in the event that this happens, the payouts would reduce to the degenerate case described above. Each individual staker would still be incentivized to stake more than their peers, in order to control as much of the staking pool as possible.
The disclosed protocol can be applied to specific use cases where stakeholders may be particularly interested in getting a return in the event of misbehavior. For example, a relayer on the OxProtocol [12] operates a node that hosts an off-chain order book. In order for this order book to be relevant, the OxProtocol must be adapted by decentralized applications. The relayer may wish to pay for an increase in confidence that the contracts are secured, so that their relay node continues to be valuable.
A more interesting case is the integration of staking into a Decentralized Autonomous Initial Coin Offering (DAICO). In this version of an initial coin offering, token holders can vote on resolutions. However, project stakeholders may have a particular vision in mind for the project, and may wish to acquire economic security that token holders will fulfil this vision. The DAICO contract can be submitted to a generalized version of this protocol with the constraint that an“attack” is the unfavorable resolution of a particular vote, i.e., a hijacking of the direction of the project by its token holders, and a waste of the project developers’ time and resources, and a betrayal of any potential investors’ funds. A payout of this protocol can be used to e.g., pay back the investors in the event that the community is unfaithful.
There are several ways in which this protocol can be generalized or improved. There are minor improvements. A stakeholder may wish to provide several pay rates corresponding to different lengths of stakes, which would result in longer stakes earning a larger return. It may be possible to allow stakers to withdraw stakes subject to some conditions, or to allow stakeholders to vary payout rate dynamically while funds are staked.
The protocol need not target smart contract balances exclusively. It can be generalized to allow people to stake the security of arbitrary data that is accessible on the underlying blockchain. In this sense, stakers may be able to underwrite almost anything. In this sense, the protocol describes a decentralized full insurance model without explicit actuarial risk models.
A“bug-bounty” period can be implemented after smart contract submission but before stakers are able to submit their stakes. Such a period may increase the confidence of the stakers that they are staking funds on a secure contract.
The QSPb protocol contract could be updated to accept multiple staking currencies, so that stakers have the choice of staking whichever currency they are most comfortable using.
In the event that stakers wish to stake a currency that differs from the stakeholder’s periodic payment currency, there may be challenges to ensure that currency conversion is accurate and payment is fair.
A contract may ultimately be published without any stakers staking its security. In the event that this system is widely adopted, this may mean that this contract is
untrustworthy, or it may mean that the payouts should be increased in order to meet the market demand. Other incentives may prove more useful or effective at increasing the liveness of the protocol, and these should be investigated.
Transitioning away from a centralized protocol owner may be desirable, and should be considered alongside other governance concerns. A fully decentralized implementation may wish to separate itself from a company network or use a different currency. Staking pools may be enhanced so that contract owners can specify a whitelist of stakeholders to split their pot with. These stakeholders could be those who the contract owner has determined has a valid interest in the contract security without a need to compete for premium prices, just as the owner in the original scenario.
An additional layer of“re-insurance” could be implemented on top of this framework. However, care is required to ensure that this does not result in the unintentional loss of funds. In this case, an“expert of experts” actor may be crucial and introduce new technical challenges.
Some protocol owners may require at least one expert should be staked before non experts can stake an arbitrary contract. Feedback from users or monitoring the system will determine if this is the case for the disclosed implementation. However, this raises additional questions: What happens if an expert is elected, stakes a contract, and is removed from this list: does their stake get returned to them, are other (non-expert) stakes invalid? The answer may also depend on whether the expert voluntarily removed themselves from the TCR or if they were voted off.
An embodiment of the present invention relates to a computer storage product with a computer readable storage medium having computer code thereon for performing various computer-implemented operations. The media and computer code may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well known and available to those having skill in the computer software arts. Examples of computer-readable media include, but are not limited to: magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD-ROMs, DVDs and holographic devices; magneto-optical media; and hardware devices that are specially configured to store and execute program code, such as application-specific integrated circuits (“ASICs”), programmable logic devices (“PLDs”) and ROM and RAM devices. Examples of computer code include machine code, such as produced by a compiler, and files containing higher-level code that are executed by a computer using an interpreter. For example, an embodiment of the invention may be implemented using JAVA®, C++, or other object-oriented
programming language and development tools. Another embodiment of the invention may be implemented in hardwired circuitry in place of, or in combination with, machine-executable software instructions.
The foregoing description, for purposes of explanation, used specific nomenclature to provide a thorough understanding of the invention. However, it will be apparent to one skilled in the art that specific details are not required in order to practice the invention. Thus, the foregoing descriptions of specific embodiments of the invention are presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed; obviously, many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the invention and its practical applications, they thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the following claims and their equivalents define the scope of the invention.

Claims

In the claims:
1. A computer implemented method, comprising:
maintaining at a first network connected server a record of a group of stakeholders with an interest in the performance attributes of a digital asset, wherein maintaining includes collecting stakeholder digital consideration from the group of stakeholders;
storing at a second network connected server a list of experts on the performance attributes of digital assets;
receiving from a network connected expert client machine a first endorsement of the performance attributes of a digital asset and expert digital consideration, wherein the first endorsement is received at the first network connected server;
receiving from a network connected non-expert client machine a second endorsement of the performance attributes of the digital asset and non-expert digital consideration, wherein the second endorsement is received at the first network connected server;
periodically distributing by the first network connected server stakeholder digital consideration increments of the stakeholder digital consideration to the network connected expert client machine and the network connected non-expert client machine; and
automatically distributing to the stakeholders the expert digital consideration and the non-expert digital consideration in the event that the first endorsement and the second endorsement of the performance attributes of the digital asset do not match defined criteria, wherein automatically distributing is initiated by the first network connected server utilizing the network to distribute to network connected stakeholder client machines.
2. The method of claim 1 wherein the digital asset is a computerized transaction structure that executes the terms of a contract.
3. The method of claim 1 wherein the digital consideration is digital currency.
4. The method of claim 1 wherein the digital consideration is a digital resource grant.
5. The method of claim 1 wherein the performance attributes include security vulnerabilities.
PCT/US2019/036605 2018-06-14 2019-06-11 Apparatus and method for assuring performance attributes of a digital asset Ceased WO2019241287A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201862685135P 2018-06-14 2018-06-14
US62/685,135 2018-06-14
US201916262515A 2019-01-30 2019-01-30
US16/262,515 2019-01-30

Publications (1)

Publication Number Publication Date
WO2019241287A1 true WO2019241287A1 (en) 2019-12-19

Family

ID=68843557

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2019/036605 Ceased WO2019241287A1 (en) 2018-06-14 2019-06-11 Apparatus and method for assuring performance attributes of a digital asset

Country Status (1)

Country Link
WO (1) WO2019241287A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111127103A (en) * 2019-12-24 2020-05-08 北京阿尔山区块链联盟科技有限公司 Value evaluation method and system for digital assets

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050246193A1 (en) * 2002-08-30 2005-11-03 Navio Systems, Inc. Methods and apparatus for enabling transaction relating to digital assets
US20140123218A1 (en) * 1996-01-11 2014-05-01 Intellectual Ventures Ii Llc System for controlling access and distribution of digital property
US20140280952A1 (en) * 2013-03-15 2014-09-18 Advanced Elemental Technologies Purposeful computing
US20150156148A1 (en) * 2012-07-10 2015-06-04 Daniel Doulton Method of automatically augmenting an electronic message
US20170232300A1 (en) * 2016-02-02 2017-08-17 Bao Tran Smart device
US20170262897A1 (en) * 2012-12-12 2017-09-14 Rokt Pte Ltd Digital Advertising System and Method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140123218A1 (en) * 1996-01-11 2014-05-01 Intellectual Ventures Ii Llc System for controlling access and distribution of digital property
US20050246193A1 (en) * 2002-08-30 2005-11-03 Navio Systems, Inc. Methods and apparatus for enabling transaction relating to digital assets
US20150156148A1 (en) * 2012-07-10 2015-06-04 Daniel Doulton Method of automatically augmenting an electronic message
US20170262897A1 (en) * 2012-12-12 2017-09-14 Rokt Pte Ltd Digital Advertising System and Method
US20140280952A1 (en) * 2013-03-15 2014-09-18 Advanced Elemental Technologies Purposeful computing
US20170232300A1 (en) * 2016-02-02 2017-08-17 Bao Tran Smart device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111127103A (en) * 2019-12-24 2020-05-08 北京阿尔山区块链联盟科技有限公司 Value evaluation method and system for digital assets
CN111127103B (en) * 2019-12-24 2023-10-24 北京阿尔山区块链联盟科技有限公司 Digital asset value assessment methods and systems

Similar Documents

Publication Publication Date Title
Xu et al. Sok: Decentralized exchanges (dex) with automated market maker (amm) protocols
US12354097B2 (en) Resource transfer system
Werner et al. Sok: Decentralized finance (defi)
US12229286B2 (en) Method and apparatus for creating and managing user configurable objects and functions on distributed ledger networks
Eskandari et al. Sok: Transparent dishonesty: front-running attacks on blockchain
US20210304311A1 (en) Apparatus and method for assuring performance attributes of a digital asset
Swan Blockchain for business: Next-generation enterprise artificial intelligence systems
US11521290B2 (en) Systems and methods for storing contract information on multiple blockchain ledgers
EP4439431A2 (en) Blockchain transaction safety using smart contracts
Carvalho et al. When good blocks go bad: Managing unwanted blockchain data
US20250232013A1 (en) Secure resource management to prevent fraudulent resource access
Khalil et al. Tex-a securely scalable trustless exchange
CN112734561B (en) Processing method and device for bill mortgage loan
Nardini et al. A blockchain-based decentralized electronic marketplace for computing resources
Kehrli Blockchain 2.0-from bitcoin transactions to smart contract applications
US20200250778A1 (en) System and Method for Managing Patent Risk
AU2024200307A1 (en) Systems and methods for obtaining accountant prepared financial statement confirmation
Beutin et al. The great web 3.0 glossary: All you need to know about blockchain, crypto, nft, metaverse, service robots & artifical intelligence
Sheng et al. Proof of diligence: Cryptoeconomic security for rollups
CN120894188A (en) A method, system, and related apparatus for real estate fund management
WO2019241287A1 (en) Apparatus and method for assuring performance attributes of a digital asset
US20230113947A1 (en) System and Method of Managing Patent Risk
CN114930373B (en) Method and apparatus for managing spare credit
US12277599B2 (en) Systems and methods for obtaining accountant prepared financial statement confirmation
US20250166061A1 (en) Distributed ledger-based securing of shared collateral assets

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19819791

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30/03/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19819791

Country of ref document: EP

Kind code of ref document: A1