[Bitcoin-development] Anti DoS for tx replacement

> Or are you talking about some sort of new decentralized high frequency > trading system that is self-matching and self-clearing? (I'd be very > interested in hearing more if this is the case). > I'm using the term "high frequency trading" because Satoshi did. Like the way he used the word "contract" it is perhaps a bit misleading, but we lack anything better to describe this new concept. Today HFT typically means companies that submits tons of micro-trades to centralised asset exchanges to try and exploit statistically expected correlations. HFT using tx replacement has nothing to do this with - it is instead a way that N parties can negotiate amongst themselves as fast as they can compute and verify signatures. Here is how Satoshi explained it to me, in his words: An unrecorded open transaction can keep being replaced until nLockTime. It may contain payments by multiple parties. Each input owner signs their input. For a new version to be written, each must sign a higher sequence number (see IsNewerThan). By signing, an input owner says "I agree to put my money in, if everyone puts their money in and the outputs are this." There are other options in SignatureHash such as SIGHASH_SINGLE which means "I agree, as long as this one output (i.e. mine) is what I want, I don't care what you do with the other outputs.". If that's written with a high nSequenceNumber, the party can bow out of the negotiation except for that one stipulation, or sign SIGHASH_NONE and bow out completely. The parties could create a pre-agreed default option by creating a higher nSequenceNumber tx using OP_CHECKMULTISIG that requires a subset of parties to sign to complete the signature. The parties hold this tx in reserve and if need be, pass it around until it has enough signatures. One use of nLockTime is high frequency trades between a set of parties. They can keep updating a tx by unanimous agreement. The party giving money would be the first to sign the next version. If one party stops agreeing to changes, then the last state will be recorded at nLockTime. If desired, a default transaction can be prepared after each version so n-1 parties can push an unresponsive party out. Intermediate transactions do not need to be broadcast. Only the final outcome gets recorded by the network. Just before nLockTime, the parties and a few witness nodes broadcast the highest sequence tx they saw. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130417/d5a479ab/attachment.html>