The Bitcoin DAO: Jury Rigging a DAO with Multiple Meshed Multi-Sig Wallets [ORIGINAL, v.0]

A lazy workaround for a working DAO, TODAY.

Contact DAOtoshi@protonmail.com

“I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.”

― Bill Gates

Explain it to me like I’m a college student

First, you should google both “decentralized autonomous organization (DAO)” and “multi-signature cryptocurrency wallets”. Consume as much information as you can. I recommend reading/watching these in particular:

• DAO — Wikipedia
• TEDx Talk
• YouTube Vlog
• Multi-signature — Bitcoinwiki

In the end, you should feel like you have a pretty good understanding of both DAO’s and multi-signature wallets. This will help you understand the rest of this document.

Before continuing, I should disclose that I am NOT a blockchain expert, so it is possible that my solution to the DAO problem is not a good one. BUT, I have confidently concluded that there are very few blockchain experts, and so blockchain is still “anyone’s game”, i.e. if anyone tells you they are certain of anything in blockchain technology, you should be very skeptical and pessimistic that they are selling you something and have hidden motives. As well, of course, none of this is financial advice. I personally hold bitcoin, Ether, EOS and several other cryptocurrencies, so as an investor I do have a vested interest in all of this. Finally, the regulatory nature of blockchain and DAO’s is still very uncharted, and I know very little on this topic, so treat everything I’ve written here as strictly theoretical.

If you did your research, you likely concluded that DAO’s are still a young and experimental technology. You probably also noted that there are many different people and projects that are trying to develop DAO platforms, but that there is still no consumer friendly DAO solution. If there was a consumer friendly DAO solution, you and your friends would be able to create a DAO about as easily as you can create a Facebook group. Certainly, this is not the case.

My proposal is that it’s possible to create a functional DAO just using bitcoin multi-signature wallets. I call this solution “The Bitcoin DAO”. The Bitcoin DAO is very simple, it is not meant to be as feature rich as something like The DAO that was built on Ethereum, but I think it could still be valuable for many people, and it can work TODAY. I also believe that there is currently a problem of hype versus reality in blockchain technology. We can almost think of bitcoin as a car, and the other blockchain projects as spaceships and hoverboards. Bitcoin is boring and energy inefficient, but it does currently work, so it is a reality. Ethereum, EOS and other projects are brilliant, but they are still work in progress, just like spaceships and hoverboards. When spaceships and hoverboards work, we will likely be happy to use them instead of cars. The thing is, I think that most people still don’t even realize what bitcoin is. It is as if people are still riding around on horses, even though the car (bitcoin) has been invented, because they are waiting for the spaceships and hoverboards to be ready (Ethereum). You probably still commute using a car or a bus, right?

“It doesn’t matter how beautiful your theory is. It doesn’t matter how smart you are. If it disagrees with experiment, it’s wrong. In that simple statement is the key to science.”
― Richard Feynman

It will be easiest to explain The Bitcoin DAO through an example. Imagine that you have 9 people that want to create a DAO together. Their requirements are:

1. They want the DAO to hold cryptocurrency as its asset (they don’t need it to control other assets like titles, deeds or intellectual property)
2. They want the DAO to be transparent
3. They want the DAO to be governed by a two-thirds majority vote — at least 6 out of 9 people need to agree on what to do with the cryptocurrency

If you did your recommended reading, you may be realizing that these requirements can at least partially be met by a multi-signature wallet. For this example, let’s assume that the members only have access to multi-signature wallets that can have up to 6 signatures (for example, they are using copay, but in other cases there are wallets with 15 signatures). The problem is, this allows 6 people at most per wallet, which is less than the 9 members that want to form a DAO. DAO’s are usually intended to have many members, for example The DAO had more than 18,000 members, so clearly one multi-signature wallet won’t be enough. My solution with The Bitcoin DAO is to “mesh” multiple multi-signature wallets to make adequate space for all 9 people to have votes withing their DAO so that it’s still trustless, i.e. still meet the third requirement of two-thirds vote for all of this DAO’s cryptocurrency resources.

In detail, my solution for this example would be:

• To meet this DAO’s first and second requirements I would choose the cryptocurrency bitcoin. Bitcoin is a transparent cryptocurrency. Check.
• To meet the third requirement, I would create 5 multi-signature bitcoin wallets
• Each multi-signature wallet will be 4-of-6 (corresponding to m-of-n), in order to meet the two-thirds vote requirement
• Randomly add, and thereby “mix and mesh”, each of the 9 members into each of the 5 wallets. For each wallet, give each member one of the n keys, where each element in the set [a, b, c, d, e, f] is a member holding one of the n keys of the wallet. For example:
• Wallet 1 = [1, 2, 3, 4, 5, 6], means Wallet 1 contains members 1, 2, 3, 4, 5 and 6, each of which has a unique key of the n keys for Wallet 1
• Wallet 2 = [7, 8, 9, 1, 2, 3]
• Wallet 3 = [4, 5, 6, 7, 8, 9]
• Wallet 4 = [1, 6, 7, 2, 5, 8]
• Wallet 5 = [3, 6, 9, 1, 2, 8]
• Systematically add bitcoin to each of the 5 wallets. So, if there is 100 bitcoin to be added to this DAO, I would send 1 bitcoin at a time to each wallet, so that in the end each of the five wallets contains 20 bitcoin.

The important outcome in this solution is that the members will still act as if they had one large multi-signature wallet, even though they are split across multiple wallets. For example, imagine that members 1, 2, 3 and 4 “went rogue” and decided they wanted to take all of the DAO’s bitcoin for themselves. Members 1, 2, 3 and 4 have a two-thirds majority in Wallet 1, so they could send all of this bitcoin to their own personal wallets that they control. BUT, they do not have two-thirds majority in any of the other wallets, and so in the end they would actually lose more than they will gain. For example:

GAIN:

• Wallet 1 has 20 bitcoin
• These 20 bitcoin are shared across members 1–4 that have gone rogue
• 20 bitcoin / 4 members = 5 bitcoin gained per rogue member from Wallet 1

LOSS:

• Wallets 1–5 have a total of 100 bitcoin (this is the DAO itself)
• These 100 bitcoin are shared across all 9 members
• 100 bitcoin / 9 members =~ 11 bitcoin per honest member of the DAO
• When members 1–4 go rogue they will be kicked out of the DAO, and blocked access to wallets 2–5, and so they will no longer have ~11 bitcoin as a DAO member:
• ~11 bitcoin per honest member — 5 bitcoin gained per rogue member from Wallet 1 =~ 6 bitcoin total lost per rogue member

(NOTE: This is only a rough solution, but it can be made more rigorous through game-theoretic analysis, as I will do in the next section.)

Again, the requirements of this example DAO are quite simple, especially compared to the spaceships and hoverboard DAO’s that we are hoping to develop with Ethereum and other generalized platforms. But, if we look to a platform like OpenCollective, we see that there is already great demand for this kind of simple functionality, and that The Bitcoin DAO could fully replace it, i.e. OpenCollective is left with little or no unique value proposition to its users relative to The Bitcoin DAO (unless fiat is required). If you are living in Sudan or Venezuela, you may not have time to wait for the hoverboards to be ready, or even be able to use OpenCollective (as fiat is required for it). And how hard is it to construct The Bitcoin DAO above? I’d say it’s just a little harder than creating a Facebook group.

You may have already realized that there are other m-of-n key multi-signature wallets, and that if we can make 3 or 15 n key wallets, then why not make 1,000 key wallets for 1,000 members. 1,000 signature wallets don’t work well for a number of reasons, but in the spirit of this document, the biggest problem with 1,000 signature wallets is that they don’t exist yet, so they still aren’t a reality. We are lazy, we jury rig, we don’t like vaporware and we make do with what has already been built.

Finally, we have only used an example of 9 members, but I am quite certain that, ceteris paribus, The Bitcoin DAO should easily scale beyond 9 members and up to thousands of members. Eventually The Bitcoin DAO may have problems scaling for many reasons, including “bounded rationality”, but this is a topic for further discussion and is something that any DAO design will struggle with, not just The Bitcoin DAO.

“If you’re so smart, then why doesn’t your DAO work?”

― Satoshi

Explain it to me like I’m a STEM graduate

First, you should easily understand the “Explain it to me like I’m a college student” section, above.

The main addition to this section will be the discussion of Nash equilibrium in The Bitcoin DAO. I recommend you do your own research, and at least read the following, if you are not already familiar:

• Nash equilibrium
• Prisoner’s dilemma

…. Actually, I’m sorry, but I’m too lazy to write all of this up right now. I’ve done what looks like a pretty good proof on paper, but it’s too much work to transfer it to this document. Any economics or computer science grad student should be able to do this. The conclusion I’ve reached: there is a Nash equilibrium for members of The Bitcoin DAO to cooperate with each other. The way to represent this problem is using the value of each key as units in the decision matrix, where if rogue members defect in one wallet, they will lose their keys in other wallets where they don’t have the super-majority, m, of co-conspiring rogue members.

There’s further analysis required on what the bounds are to this solution. This will be relevant to implementation. For example, how much can the balances of each wallet drift apart from each other (remember we start with equal balances in each wallet) before incentives change and The Bitcoin DAO snaps into a non-cooperative Nash equilibrium? This will also be relevant to how we build The Bitcoin DAO piecemeal, and likewise how we would dismantle The Bitcoin DAO piecemeal.

General analysis is needed as to what kind of m-of-n wallets (2-of-3, 4-of-6, etc.) are required for different DAO membership size, as well as how many wallets are required for a cooperative Nash equilibrium. My analysis currently points to 4-of-6 multi-sig being sufficient for any membership size Bitcoin DAO, with a ratio of at least 5 wallets for every 12 members (to have proper mixing to disincentivize rogue groups from forming within).

Finally, a basic combinatorial algorithm for mixing members across groups wallets to ensure there’s a cooperative Nash equilibrium will be useful.

A useful heuristic, for limits to scaling: look to Dunbar’s number. If this is a Dunbar-squared sized DAO, it can have up to 150 x 150 = 22,500 members. After this it may become hard for the members to detect defection and eject rogue members from their DAO, as Dunbar’s number gives an approximation to bounded-rationality for this group. This is only a ballpark limit for how many members can be in The Bitcoin DAO, at least as it is currently designed. I imagine it would be very easy to create some tools to make it easier to detect defection, rather than relying just on human patroling.

Explain it to me like I’m a blockchain expert

I’m not an expert, and this is a working paper and a request for comments. Some of my thoughts/questions:

• Am I missing something? Is there something that makes this irrelevant?
• Part of me thinks this will bloat bitcoin with too many transaction, but the other part of me thinks it’s actually more efficient as a 1000 member DAO wouldn’t require 1000 signature for all transactions, but just a subset wallet would be required for small transactions.
• How much confidence do we have in bitcoin multi-sig wallets these days? If it helps, we could even use different multi-sig providers for each wallet, to diversify our risk.
• If your comment is how easy it will be to do this on Generalized Platform X when the spaceship is built, then my response is skepticism. I’m a fan of the spaceship too, but that is another discussion. I want something almost as easy as a Facebook group, built of pieces that already work. Likewise, painkillers not vitamins.