Blockchain as a Platform
Typically, a blockchain is used to host cryptocurrencies or in some cases smart contracts. But they can also be utilized as a platform for other purposes. In the following topics, we explain four applications, Bitcoin can serve beyond cryptocurrencies.
Timestamping
In some cases, it is important to prove that a certain knowledge existed at a certain point in time without revealing the knowledge itself. Therefore, it is helpful to think of blockchains as an append-only log. It is possible to store data in it but it is not possible to delete them.
An example might make this a bit clearer. Imagine someone claims to know the result of the upcoming football match. This person could tell everybody who is going to win. But for some reason, he doesn’t want to reveal his knowledge.
Instead of telling everybody the results in advance he could write the results on a sheet of paper, put it in an envelope, seal the envelope, and put it in a public place so nobody can change the content of the envelope anymore. This means he commits to the content in the envelope. Once the match is over, he gathers all witnesses and opens the envelope. Thereby he reveals his forecast. If it matches with the results it is proven that he told the truth.
The same is possible with blockchain. Instead of using a sheet of paper and an envelope, he could use a cryptographic hash function. He would write down the forecasted results and hash them. He would then store the hash (or digest) block in the Bitcoin blockchain. Since the block cannot be altered after it is appended to the blockchain, he commits to the value. The blockchain serves as the public place and the hash function as the envelope.
After the match, he would reveal his forecast and everybody could calculate the hash and compare it with the hash value in the given block.
At the time t1 the hash of the results is being compared with the value stored in block 2 back in time t0.
With this approach, he proves that he knew the secret (football results) already at the time when the block was mined.
This simple approach has a downside. Witnesses could guess the secret, hash it, and compare it to the hash in the block before the match. That way they can find out the forecast. To avoid such brute force attacks, the secret needs to get concatenated with a random value r only known to the forecaster. This adds some entropy to it and makes it infeasible to find the secret value by brute force. The random value is sometimes also called salt. The forecaster would then store the hash of the secret and a secret random value H(f + r).
The blockchain servers here as the immutable log and the timestamp provider. The time in a blockchain is not given by its date and time values, but by the order of the block.
In our football match example, it is important that the block and the hash are made public before the match takes place. If the prover fails to do so, he could calculate hashes for all possible outcomes and store them in the blockchain. And after the match has finished he could just point to the hash that contains the correct forecast.
Bitcoin as Smart Property/Colored Coins
The idea of using cryptocurrencies like Bitcoin as smart property boils down to the following idea. A coin can be transferred from one holder to another. And the same could be done with other properties like cars, houses, licenses, tickets, stocks, etc. With Bitcoin, this could be achieved by adding additional information to a certain coin. This information states that the holder of this coin also owns the property of the car, house, license, etc. Adding that information is sometimes called coloring those coins.
In Bitcoin, this can be achieved by the P2SH (Pay to Script Hash).
Technically, those colored coins are valid Bitcoins. They just have extra information on top of it.
The problem with those colored coins in Bitcoin is that it requires special wallets and a protocol that states how the information should be stored.
With blockchains supporting smart contracts, creating smart property is much easier and more versatile. However, the link between the information on the blockchain and the real world still remains problematic. For example, if you transfer the ownership of a house by a colored coin or in a smart contract, you need to prove that the coin is really representing the house and that you are entitled to sell this house at all.
Lotteries in Bitcoin
The above-mentioned commit reveal scheme can also be used as a lottery. The idea is that a group of users contributes to a lottery and the winner is chosen randomly based on the contributions.
Let’s assume we have three users and each of them is supposed to contribute to the creation of a random number by which the winner is determined.
In the first step, every user thinks of a number but keeps it secret. They then hash the number together with a random value and publish the hash on the blockchain. This is our commitment. Once, every user committed to the chosen value the reveal phase starts.
In this phase, each user reveals its value and the random number. It is then compared to the published hash. If it is correct, it is used to calculate the random value. In order to get a random number from all inputs, we use a cryptographic hash function. It makes sure that the result is evenly distributed and nobody can pre-calculate the result as long as not all input values are known.
Last actor problem
If two of our users reveal their values the third (and last) user can calculate the outcome. If he finds out that not revealing his value is beneficial for him, he could claim he forgot it or simply not respond. In order to avoid this, the contributors need to deposit a certain amount when committing. The deposit is returned only if the revealed value is correct.
The lottery is safe if the deposit is higher than the price.
Bitcoin as Random Number Generator
The blockchain can also be used as a random generator by using the nonce or the block hash itself as a random value. Both values have their benefits and limits.
Lets’ say at time t0 (at block height h) you agree that the block hash of future block with block height h + x is our random value. At block h it is impossible to predict what the block hash will be. Once the block h + x is found, the random value is known to everybody. It then could be used in a lottery.
The advantage is that new blocks are generated regularly on average every ten minutes in Bitcoin. The “beacon” is completely decentralized and publicly visible.
A weakness is that a miner gets to know the block hash before it is published when finding a valid block. He could now decide to withhold the block if the hash doesn’t suit him. With such behavior he would win a second chance. What makes it risky for him is that another miner might find a block before him and then he has to accept this value.
The cost for withholding a block is to lose the block reward and the transaction fees.
Again, this scheme is safe as long as the cost is higher than the expected revenue from cheating.
Another downside is that the timing is difficult. While blocks are generated on average every ten minutes it may take considerably longer or shorter for individual blocks. This may lead to delays. Another source for delays is that forks could occur. Therefore, one must wait for at least a few blocks as confirmation.
Using the block hash has the downside that the value is limited by the current mining difficulty. That’s why certain values will never occur. This has to be taken into account. The advantage is that it is difficult to influence. A miner would have to drop the whole block which is very expensive. The nonce however can be used over the full range of their data type. In Bitcoin the nonce is a 4-byte field. This limits the range to 4294967295 different values. The block hash has much more value available.
While this seems sufficient, the nonce is not manipulation safe. A miner can fix the nonce and change other fields of the block header instead. Possible values are timestamp, version and Merkle root by altering transactions.
You can read more about Bitcoin as a randomness source here: https://eprint.iacr.org/2015/1015.pdf