Verisign Files Patent Application For Cryptocurrency Double Spend Solution
UPDATED 3/25/16: Includes Information on Using DANE to associate payment information with email addresses.
While I have been writing about patents for quite some time now, I do not have the technical background to completely appreciate the merits of some of these applications. While in most cases I have made great effort to comprehend the inner workings of these “technological marvels”, the companies I write about do not ordinarily want to comment on their intellectual capital.
In this article I would like to crowdsource from Reddit, Bitcointalk and Medium some of your thoughts and ideas into this piece. Please include your real name rather than your handle if you would like to be quoted.
On March 17th, the United States Patent and Trademark Office published Verisign’s patent application, 20160080156, “Systems, Devices, And Methods For Detecting Double Signing In A One-Time Use Signature Scheme.” Verisign filed the application on September 11, 2015.
This patent attempts to solve the existential problem of a double spend that can only happen prior to a transaction being adopted and proven to be irreversible by a blockchain. For example in Bitcoin it takes an average of 10 minutes for block and it usually takes 6 blocks or about 60 minutes to ensure the transaction is immutable. It is an existential problem because for the type of transaction that needs immediate gratification (i.e. in-person) like a cup of coffee it seems to be a bit absurd to add this level of “security”. If a vendor is already using a proprietary solution (rather than free open source software) the technology that Verisign offers may be useful. But why expose (taint?) a Bitcoin transaction with an extra layer of proprietary complexity if 98% (a number I made up) of your coffee sales are legitimately processed?
Of note the patent application makes no note of everyone’s favorite cryptocurrency Bitcoin.
Following are extracts from the patent which explains the need for Verisign’s technology
“…[T]he sender can exploit a vulnerability in cryptocurrency and other systems based on transaction logs. In particular, the sender can clone the one-time use private key and attempt to engage in a second transaction with the same or a second receiver using the cloned private key. Because of network delays, for example, the receiver(s) might not be aware of both transactions before verifying their respective transactions and/or, in the case of a cryptocurrency transaction, the available funds of the sender may not be up to date.
Accordingly, either the first transaction or the second transaction may exhaust the funds in the sender’s account and/or only one transaction may be added to the transaction log. As a result, while the receiver(s) may verify both the transactions, only one transaction may result in a payment.
Therefore, there is a need for systems and methods for detecting and responding to double signing in a one-time use signature scheme.”
And here is some techno-jargon for those of you curious what might be going on under the hood:
“hash-based one-time use public/private key pair is associated with at least one of a Lamport signature scheme, a generalized Bos-Chaum signature scheme, a Lamport-Diffie-Winternitz signature scheme, or a generalized Bos-Chaum-Winternitz signature scheme.”
“The Fonz” Stealing Soda from a Vending Machine
The application even make note that the tech can be used by a vending machine and that the buyer could be a malicious buyer… a problem that has been around since vending machines were analog:
“[T]he buyer can be a malicious buyer that is attempting to send multiple messages signed using a single one-time use private key to force the vending machine to dispense multiple products, even if the buyer does not have sufficient funds for all the purchased products. In other embodiments, another buyer using the same account and one-time use private key can make a similar purchase at another vending machine in a different location. Accordingly, due to the double signing, the vending machine may only be able to receive payment for one transaction or only one of the vending machines may receive payment…”
In other news today… “SBIR U.S. Air Force Funded Bitcoin Vending Machine Files Patent Application”
Ex Chief Executive Officer CEO of Verisign (1995 to 2007) Stratton Sclavos announced in 2014 that his firm Radar Partners was part of a syndicate of investors at BitGo.
Forbes also described BitGo’s “proof of reserve” technology as a “Verisign-Like Certificate.”
Verisign and Armory also worked together in 2015 on a Draft for the IETF (Internet Engineering Task Force) “Using DANE to associate payment information with email addresses.” DANE is an acronym for DNS-Based Authentication of Named Entities. An abstract follows:
There is no standard, interoperable method for associating Internet service identifiers with payment information. This document specifies a means for retrieving information sufficient for a party to render payment using various payment networks given the recipient’s email address by leveraging the DNS to securely publish payment information in a payment association record. A payment association record associates an Internet service identifier such as an email address with payment information such as an account number or Bitcoin address.
Also of note there was another application published today that did mention Bitcoin or should we say “commercial-valued credits (e.g., bitcoins, altcoin, or any other type of digital currency system)” and that would be Cisco’s Peer-to-Peer Transaction System (20160086175).
Cisco became familiar with Bitcoin relatively early with a Blog post dating back to July 2011 entitled “Bitcoin Security Architecture: A Brief Overview.” In May 2015 Bitcoin firm 21 announced that Cisco became an investor in a Medium post “A bitcoin miner in every device and in every hand.”
