Pycoin Officer
12 min readFeb 14, 2018

How a generalized realtime decentralized platform can enable hackproof secure smart contracts (SSCs) and power scalable long-running decentralized applications (DApps) for long-term wealth storage and fund management, decentralized exchanges, gaming, IoT networks, censorfree internet backbone and crypto-darkpools while reducing barriers to entry significantly?

DAO got hacked

Prologue: With the launch of Ethereum, a decentralized network powered by a PoW (Proof of Work) blockchain in July 2015, the world entered a new era of electronic agreements in the form of smart contracts that don’t require a centralized authority for interpreting and enforcing.

Since then hundreds of teams offering smart contract cryptotokens via ICOs have launched their decentralized applications on Ethereum platform. And value of Ethereum has increased more than 13,000% in 2017 itself. But all is not well in the smart contract land in particular and blockchain-based decentralized network-powered cryptocurrencies paradigm in general.

Persistent Problems and Unmet Needs: It all started with a catastrophic event in June 2016 triggered by draining of 1/3rd of funds from The DAO, a smart contract on Ethereum valued at almost US$60Million at the time of hack in terms of Ether value then.

The DAO had promised to act as a new type of decentralized crowdsourcing vehicle, like Kickstarter or Indiegogo but without the middleman and regulation. It was designed to let participants pool their cryptocurrency, collectively vote on projects looking for funding, then invest and reap the future rewards. Before catastrophe struck, over 100 projects had already been proposed, most of which were related to Ethereum itself.

The DAO was a smart contract that held funds on behalf of a number of users, and allows those users to withdraw their funds on request. The logic for the process might look something like this:

1. Wait for a user to request a withdrawal.

2. Check if that user’s balance is sufficient.

3. If so, send the requested quantity to the user’s address.

4. Check that the payment was successful.

5. If so, deduct the quantity from the user’s balance.

This all looks eminently sensible, and rather like an ATM which gives you some cash and deducts the appropriate amount from your bank balance.

So how this simple process could go wrong? Well, it turns out that if an Ethereum address belongs to a contract rather than a regular user, then this contract could run some code in response to receiving funds. And this code could, in turn, trigger other pieces of code on the Ethereum blockchain. Crucially, it could even trigger the same piece of code that caused it to be paid in the first place.

This means that, during step 3 above, the receiving address could send a new request for withdrawal, beginning a new process at step 1 before the previous process has completed. Since the user’s balance is only reduced in step 5, a new withdrawal will be approved based on the previous balance and the same amount will be paid out again. In response to this second payment, the receiving contract can request a third, and then a fourth, and so on until the funds are drained or some other limit is reached. At this point, the user’s balance will finally be reduced by the appropriate amount, entering the negative territory which step 2 was supposed to prevent.

The equivalent would be an ATM which delivers banknotes that trigger a free repeat withdrawal when waved at the screen. The first customer to find out could empty the ATM entirely.

This ability for a piece of code to wind up calling itself is called recursion, and is a very useful technique in general computer programming. However in the case of The DAO, it paved the way for this ruinous exploit. Nonetheless, if this had been the only problem, the attack’s potential would have been contained, because Ethereum applies a limit on how deeply recursion can occur. Unfortunately, several further bugs in The DAO amplified the effects, leading to the eventual loss of tens of millions of dollars.

Of course, if just a few lines of The DAO’s code had been written differently, none of this could have happened. For example, in the 5-step process above, if the user’s balance is reduced before the funds are sent, then recursive calling would be perfectly safe. But sadly, even if its creators’ intentions were pure, The DAO’s actual code was deeply flawed. And computers have a nasty habit of blindly following the instructions they are given, even if a five year old can see that the results don’t make sense. Having been embedded immutably in the Ethereum blockchain, the faulty DAO was granted stewardship over hundreds of millions of dollars by a horde of naïve investors, and then spectacularly went up in flames. The DAO turned out to be a complete and utter shambles, and it could never be fixed. A detailed technical explanation can be found here: http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/

After DAO hack, more such high profile hacks have been reported, most recent one being the US$30Million hack on Parity multisig wallet smart contract.

Besides being vulnerable to frequent hostile attacks, Ethereum is having very limited transaction throughput of 13 to 20 transactions per second(TPS) presently.

In contrast, VisaNet, world’s largest retail payment network in fiat currencies can process 56,000 transactions per second.

Another persistent issue with most cryptocurrencies and cryptocurrency-powered smart contract platforms is the issue of long-term network viability, lack of strategic planning making them vulnerable to unwanted regulation and censorship from centralized authorities and assurance that such a platform and its cryptokens will continue to exist 100 years from today.

Pycoin: A New Generalized Decentralized Platform and its Powerful Capabilities:

Pycoin is a decentralized application for writing, testing and deploying mathematically verifiable secure smart contracts in Python programming language that behave exactly as intended. Unlike Ethereum smart contracts with a history of repeated hacks and stolen funds, hundreds and millions of dollars, Pycoin ensures that no run time errors or intentional/unintentional bugs can be used as exploits to steal funds and corrupt Pycoin smart contracts.

Pycoin uses Simplicity, a new typed, combinator-based, functional language without loops and recursion, designed to be used for crypto-currencies and blockchain applications as its target language and Python, a highly popular and versatile high-level programming language as its source. Simplicity was released recently by Blockstream, an influential decentralized application development company.

Owing to its Turing incompleteness, Simplicity is amenable to static analysis that can be used to derive upper bounds on the computational resources needed, prior to execution. While Turing incomplete, Simplicity can express any finitary function, which we trust is enough to build useful “smart contracts” for blockchain and blockchain-free decentralized applications.

Deeper advantages and profound implications of PyLegal’s Turing Incompleteness can be explored here: https://rationalwiki.org/wiki/G%C3%B6del%27s_incompleteness_theorems

Other powerful features of Pycoin are:

1. Pycoin’s underlying dual synchronized blockchainfree DAG-based and Algorand-inspired Randomly selected Byzantine Agreements-based DexOS decentralized networks are capable of parallel processing transactions at minimum throughput of 7000 TPS and 2,000,000 TPS respectively.

2. Having integrated quantum-safe functional encryption and zero-knowledge zkSTARK layer for ultimate privacy of transactions and distributed computations as well as maintaining confidentiality of large datasets without hindering seamless borderless and censor-free collaboration and interactions of all types.

3. Complex Adaptive Dynamical System (CADS)-based Strategic Self-Governance Protocol for Long-Term Evolution of its Mainnet

4. An Alternative Space Backbone(codenamed ASB Freedom)comprising of multiple swarms of 18 mini and nano-satellites with distributed payloads of space-based routers and transceivers for building off-planet alternative infrastructure in low earth orbit(LEO) and high earth orbit(HEO-beyond of the range of all Anti-satellite missiles-ASATS of today’s major nuclear armed nation states) in order to provide a space-based functionally encrypted distributed cloud to peer-to-peer users/validators/miners and for persistent storage of application data.

Applications and Ecosystem: Pycoin can potentially power a number of scalable killer DApps. Primarily it can easily replace less-secure Ethereum smart contracts written in Turing Complete Solidity language. Being Turing Incomplete Pycoin is many times more secure than Ethereum Contracts.

In terms productivity, since Pycoin is based on an interpolation of Python language known as PyLegal, Pycoin will be more appealing to more than 4 million Python developers worldwide. It would cut the learning curve short for creating secure smart contracts(SSCs) in PyLegal.

Privacy-preserving Currency and Confidential Global Payment System: Pycoin will have quantum-safe privacy layer zkSTARK implemented in it making it virtually immune to censorship, cryptanalysis and chain analysis for ferreting out payer and payee information as well as payment data by most powerful supercomputers and even quantum computers/quantum circuits in the foreseeable future.

Unmanned DEXs: Unmanned Decentralized Cryptoasset Exchanges can be built using Pycoin platform. These unmanned DEXs will be infinitely scalable by design with built-in atomic swaps of both blockchain-based and blockchainfree cryptocurrencies/cryptoassets and can’t be controlled or blackmailed by any centralized authorities.

Large-scale Federated IoT Networks: Pycoin empowers IoT Node owners and IoT device

manufactures to implement and monetize securely share private/public IoT resources available on demand by building Federated IoT Networks without revealing any private and identifiable confidential data. Such Network members can be incentivized for sharing statistical aggregated data in Pycoin or Colored Pycoins/Appcoins. This will also make machine to machine micropayments instantaneously and seamless.

Realtime Gaming: Realtime gaming engines, online casinos and gaming apps can be built on Pycoin platform that can scale to tens of millions of users without associated cost of sever and costly maintenance of centralized cloud infrastructure.

Automated Betting & Lottery Pools: Pycoins will enable ordinary folks to build private/public betting and lottery pools for optimal high-probability of winning odds for crypto-betting and for buying lottery tickets to guarantee the highest RoIs.

Decentralized DNS Clusters: One can leverage Pycoin and its underlying binary chains of DAG and DexOS for assigning human-readable names to IoT nodes, machines, biometrically identifiable humans, secure smart contracts, platforms and so on.

Tokenized Financial Assets and Derivatives Contracts: Pycoin can tokenize all global/local remittances, payments, trading and hedging. Pycoin can also be used to create automated and decentralized financial instruments — such as derivatives, bonds, commodities, debt instruments and securities denominated in both cryptocurrencies and fiat currencies.

Automated Hedge Funds: Autonomous Goal-driven and Self-managing Crypto-Hedge Funds with portfolios of fiat assets and cryptoassets under their management. These automated funds will not require constant supervision of human fund managers to run investment operations profitably in a sustainable way. The preferred risk-reward profiles and choices made by investors/LPs will be followed and executed strictly without any scope for discretionary violations.

Crypto Darkpools: Autonomous Cryptodarkpools for providing privileged peer to peer trading facility and emergency liquidity support to high-frequency/low-frequency wholesale cryptoasset investors/traders.

Temporal Insurance Products: Insurance companies will be able to provide temporal liability insurance using permissioned version of Pycoins. For instance, using Pycoin, an insurance company could charge rates differently based on where and under what conditions customers are operating their vehicles. A car driven on a clear day (ascertained by gathering information about the weather conditions from a weather service), in an area where all the roads are repaired (verified with information about road repairs supplied by the Department of Motor Vehicles, for instance), would be charged a lower rate compared with a car that’s being operated in bad weather, perhaps on pothole-filled roads.

Global Supply chain: Pycoin will also be useful in the supply chain. One can execute contracts that say, If a consumer receives cash on delivery at this location in a developing, emerging market, then this other product, many, many links up the supply chain, will trigger a supplier creating a new item since the existing item was just delivered in that developing market.

Pycoin can be leveraged by logistic and shipping companies to power crewless unmanned cargo ships and coordinate global flow of goods and materials in the next decade.

Realtime Video Communication capable Anonymous Web Infrastructure: Pycoin enables realtime anonymous protocol for video calling, video chat and videoconferencing as well as for encrypted voice and texts.

Token Supply and Monetary Policy:

Total coins planned to be launched: 62,000,000,001

Maximum Supply(Hardcap): 62,000,000,001

Reserved for developers and founder team: 9,000,000,000

Reserved for Bounty Hunters: 2,000,000,000

Reserved for Controlled Emission (calibrated minting) to reward peer-to-peer random users-payment validators: 26,000,000,001

• Limited Supply, with total set by the token sale.

  • Genesis allocation to fund creation, development, deployment, and reward creators.
  • Backed by useful services and applications: Demand for Pycoin-powered applications e.g. privacy-preserving cryptocurrency and confidential hyperfast global payment system,scalable gaming infrastructure, unmanned DEXs, large-scale Federated IoT Networks,tokenized financial assets and derivatives contracts, crypto darkpools and automated hedge funds.

Software & Infrastructure Roadmap

Pycoin Mainnet will be comprised of synchronized decentralized networks of DAG-based fork of XRB/Nano and DexOS realtime unforkable blockchain.

Phase 1-Testnet One-Fall 2018

Phase 2- Testnet Two-Winter 2018

Phase 3- Security Audit and Stress Test-Spring 2019

Phase 4-Launch of Mainnet comprising of Synchronized Pycoin Binary Networks of DAG (forked XRB/Nano) and Realtime Unforkable Blockchain DexOS-Summer 2019

Phase 5-Launch of an Alternative Space Backbone(codenamed ASB Freedom)comprising of multiple swarms of18 mini and nano-satellites with distributed payloads of space-based routers and transceivers for building off-planet alternative infrastructure in low earth orbit(LEO) and high earth orbit(HEO-beyond of the range of all anti-satellite missiles (ASATs) of major nuclear armed nation states) in order to provide a space-based functionally encrypted distributed cloud to peer-to-peer users/validators/miners and for persistent storage of application data -BetweenWinter of 2019 and Summer 2022

Decentralized CADS-based Strategic Self-Governance Protocol of Pycoin Mainnet for Long-Term Evolution

Pycoin Mainnet will have three classes of participants; some of them are members of more than one class:

1. Users-Community

2. Variable Randomly-selected Judicial Enforcement Executives

They will be selected by leveraging the underlying transaction validation mechanisms its DexOS and DAG networks periodically.

3. Lawmakers-Developers and Infrastructure Providers

Although currently being developed by Cohomology Labs and other geographically distributed contributors together working as a core team of developers, the decentralized governance model of Pycoin Mainnet is designed to give equitable voting rights and empower all stakeholders of Pycoin including ordinary Pycoin users-validators with having coins. All stakeholders will be able to actively influence the outcome of any proposals with a YES/NO/Abstain vote to update and change Pycoin Synchronized Networks and its value-based protocol system.

Most importantly DSDM of Pycoin makes it the world’s first decentralized network and protocol modeled on evolvable Complex Adaptive Dynamical System-CADS. The emergent nature of evolution of life on planet earth follows this CADS system. In fact we humans and our societies/civilizations can be categorized as CADSs. Any goal-driven dynamic system that interacts with its environment (friendly, neutral or hostile) in a strategic and tactical manner to prolong its existence and ensure its long-term survival as well as to thrive and expand can be labeled as CADS.

A complex adaptive dynamical systems approach to strategic planning builds upon organizational learning methods while it emphasizes mindfulness, mission, and values based decisions, fostering relationships and systems of communication, symbiotic relationships and continuing to construct possibilities that contribute to a decentralized organization’s self organizing and resiliency in its immediate and distant environment.

The key fact here is that a vision of a near or distant future and the strategic plan itself are not blueprints for a future state but ways to prepare an organization to be more mindful of the constant changes and possibilities happening in the present.

Hence the CADS-inspired DSDM of Pycoin Mainnet will make everything self-recursive or subject to change themselves including the initial rules and mechanism of the DSDM to deal with unforeseen and uncertain events as well as radical changes taking place inthe external and internal environment.

This will ensure Pycoin survives and thrives even hundreds and thousands of years from now in one form or other eventually evolving into an exponentially growing monetary and financial metasystem for a futuristic interplanetary and interstellar civilization.

Pycoin Officer

Pycoin is a privacy preserving zero-knowledge decentralized protocol for writing, testing and deploying mathematically verifiable smart contracts and DApps.