In some scenarios, *moving* a piece of data would be an extremely useful thing to be able to do. That is: To transmit data to a recipient and provide evidence to said recipient that it no longer exists with the sender, or has been transformed in such a way that it cannot be used for its original purpose anymore.
3) This brings me to the root of the problem I'm trying to solve: The necessity of having a distributed ledger in order to have a working cryptocurrency. In my opinion, it's the world's ugliest solution.
I'm not interested in mining or speculation. Anonymity isn't my top priority. I'm interested in something that doesn't require an infrastructure at all, except perhaps for the agent that originally issued the currency.
@xj Yeah, I got as far as each coin having its own ledger when I was taking notes about this earlier, but you could always trick people into thinking that they're the only one to receive it, and then you've got 2 or more recipients with mismatching ledgers.
@xj I was trying to reframe it a bit by having the recipient sign something, until I realised that a malicious sender could be their own, earlier recipient.
@xj Being able to prove that you got something before anyone else got it is basically crucial in this scenario. It's possible to use timestamp servers to sign a piece of data together with a timestamp, which would let you prove that a piece of data existed before time T.
@xj There are these things called timestamp authorities, and there's an RFC for it, so you can prove that a piece of data existed at time T or later, and I'm wondering if you could use that in some clever way.
@xj You could always use a combination of keys and signatures to produce a piece of data that proves that a sender and a recipient agreed to change the ownership of an object at a certain time T.
@xj The tough part is proving that the sender made no such agreement with an an earlier recipient. You don't want there to be the possibility of a dispute because someone can suddenly produce a receipt that's older than your own.
@xj The timestamp server could always refuse to sign a transaction it has seen before, but then it needs to remember them, and hello ledger.
that sounds like it would be very difficult to prove. the closest safe approximation i can think of in a crypto capability system would work something like this:
a "move operation" is a copy with a new read cap.
it doesn't prevent other actors who have the old cap+data from reading what they have, but it does prevent them from reading from the new cap (as long as you don't share it with them).
2) This would of course also be an extremely useful property for certain kinds of physical objects too, like bank notes. With some skill, a bank note can be replicated, and the only solution we have for that is to make it very tricky and very illegal to do so. Data? It's the world's easiest thing to replicate, and it can be done thousands of times per second, and destroying it completely is actually quite hard.