Bootstrapping A Decentralized Autonomous Corporation: Part I

US presidential candidate Mitt Romney reminds us that corporations are people. There is certainly a lot of truth in this statement, whether you agree with the conclusions his partisans draw from that claim or not. After all, isn’t a corporation just a specific group of people working together under a specific set of rules? When a corporation owns real estate, what that actually means is that the real estate is currently owned by directors. This means that there is a legal contract that states that it can only be used for specific purposes under the control of the people who are in charge of the meeting. The designation itself can be changed by specific groups. of shareholders. If a company does something, it’s because the board of directors agrees it should be done. When a company hires an employee, it means that the employee agrees to serve the company’s customers according to certain rules, especially regarding payment. The limited liability of a corporation means that certain people are given special privileges to act with less fear of legal prosecution by the government. A group of people with more rights than the average person acting alone, but ultimately still a people. In any case, it is just a contract with a person until the end.

But here a very interesting question arises. Do we really need talent? On the one hand, the answer is yes. Some machines in the post-Singularity future will be able to survive on their own, but for now they will simply need some human action to interact with the physical world. But on the other hand, over the past 200 years, the answer has increasingly become “no.” The Industrial Revolution enabled us for the first time to replace human labor with machines on a large scale, and now advances in digitized factories and robotic arms produce complex products such as cars all by themselves. I am. But this is just automating the bottom part. It eliminates the need for general manual labor and replaces it with a small number of experts who maintain the robots while still running the company. The question is, can we approach this problem from another direction? Even if humans are still needed to perform certain specialized tasks, can we instead take management out of the equation?

Most companies have some kind of mission statement. Often it’s about making money for shareholders. Sometimes they also include other goals, such as moral obligations regarding the particular product they are creating or, at least in theory, helping the community participate from time to time. For now, that mission statement only exists as long as it is interpreted by the board of directors, and ultimately shareholders. But what if you could harness the power of modern information technology to encode your mission statement into code? So does that mean creating an inviolable contract to generate revenue, pay people to perform some function, and automatically find the hardware to do it, without the need for top-down human direction? ?

Let’s talk about Bitcoin’s Daniel Ramier It pointed out In his own exploration of this concept, in some ways Bitcoin itself can be considered a very early prototype of just such a thing. He has 21 million shares in Bitcoin, and these shares are owned by people who are considered Bitcoin shareholders. The company has employees and a protocol that pays a random member of the workforce approximately 25 BTC every 10 minutes. The company also has its own marketing department, which is largely made up of shareholders themselves. However, it is also very limited. It knows almost nothing about the world outside of its current time. There’s no way to change any aspect of its functionality other than difficulty, and it doesn’t really change. do What is that in itself? It just exists and it is up to the world to recognize it or not. The question is, can we do better?


The first challenge is obvious. How do such companies actually make decisions? At least given a predictable environment, it’s easy to write code that takes a given input and calculates the action to take. But who runs the code? If the code simply exists as a computer program on a particular machine, the owner of that machine could shut down the whole thing or change the code and keep all the money for themselves. What’s stopping people from sending money? There’s only one valid answer to this problem, and that’s distributed computing.

However, the kind of distributed computing we’re looking for here is not the same as the distributed computing of projects like SETI@home and Folding@home. Even in such cases, there is a central server that collects data from distributed nodes and sends requests. Rather, we need distributed computing of the kind found in Bitcoin, a set of rules that self-verify its own computations in a decentralized manner. In Bitcoin, this is done by simple majority voting. If you do not cooperate with the blockchain calculation by a majority vote of the network, the block will be discarded and you will not receive the block reward. In theory, no single attacker has enough computer power to subvert this mechanism, so the only viable strategy is to essentially “go with the flow” and use the network to support Act honestly to receive your block reward. So, can this mechanism be simply applied to distributed computing? That is, we can simply ask all computers in the network to evaluate a program, and reward only those whose answers match the majority vote. Can I give it to you? Unfortunately, the answer is no. Bitcoin is a special case because of its simplicity. Bitcoin is just a currency and has no property or personal data of its own. On the other hand, virtual companies are likely to need to store private keys in Bitcoin wallets, and some data must be available in its entirety. no one, it’s not for everyone in the same way as Bitcoin trading. But, of course, the private key must still be available. So what we need is some kind of system that can compute in a decentralized way to sign transactions and even generate Bitcoin addresses. Fortunately, Bitcoin allows you to do just that.

The first solution that immediately comes to mind is multi-signature addresses. Imagine a set of 1,000 computers that are trusted, perhaps for continued support of the enterprise, and have each computer create a private key, generating 501/1000 multi-signature addresses between them. To use the funds, simply construct a transaction using signatures from any 501 nodes and broadcast it to the blockchain. The problem here is obvious. It means the transaction is too large. Each signature consists of approximately 70 bytes, so 501 of them would create a 35KB transaction. It is very difficult to be accepted by the network as Bitcoin by default. Reject transactions for scripts larger than 10,000 bytes. Second, this solution is specific to Bitcoin. Multi-signature scripts are useless if a company wants to store personal data for non-financial purposes. Multi-signature addresses work because the Bitcoin network evaluates them and places transactions on the blockchain depending on whether the evaluation is successful or not. For private data, a similar solution essentially requires a decentralized authority to store the data and optionally serve it only if the request contains 501 out of 1000 signatures. You will need. So we’re back to where we started.

However, there is still hope for another solution. The common name given to this by cryptographers is “secure multiparty computation”. In safe multiparty computation, the input to the program (or more precisely, the input to the simulated “circuit” since safe multiparty computation cannot handle “if” statements or conditional loops) is called It is divided using an algorithm.Sharing Shamir’s secrets, and some of that information is given to each participant. Shamir’s secret sharing allows you to split any data into N parts such that only any K of them can restore the original data. Choose what K and N are when you run the algorithm. 2/3, 5/10, 501/1000 are all possible. The circuit is then evaluated based on the pieces of data in a decentralized manner such that at the end of the computation, everyone gets a portion of the computed result, but at any point during the computation, no single individual can You won’t even get any good results. You can get a glimpse of what’s going on. Finally, put the pieces together to reveal the result. The execution time of the algorithm is O(n3). This means that the number of computational steps required to evaluate a calculation is approximately proportional to the cube of the number of participants. 10 nodes is 1000 computational steps, 1000 nodes is 1 billion steps. A simple 1 billion step loop in C++ takes about 20 seconds on my laptop, but runs in a fraction of a second on the server, so 1000 nodes is about the limit of computational practicality for now. has reached.

After all, secure multi-party computation can be used to generate Bitcoin addresses and sign transactions. The address generation protocol is simple.

  1. Everyone generates a random number as their private key.
  2. Everyone calculates the public key that corresponds to the private key.
  3. Everyone publishes their public key and Shamir’s secret-sharing algorithm is used to calculate a public key that can be reconstructed from 501 of the 1,000 public keys.
  4. An address is generated from that public key.

because the public key is Can add or subtract , multiplying by integers, or even dividing, surprisingly this algorithm works exactly as expected. If everyone then puts together her 501/1000 private keys in the same way, that private key will be sent to the address generated by applying her 501/2000 algorithm to the corresponding public key. You will be able to use the funds you have earned. This works because Shamir’s secret sharing is actually just an algebraic expression. That is, it uses only addition, subtraction, multiplication, and division, and this expression can be calculated “on” the public key just as easily as an address. As a result, it does not matter whether the private key to public key conversion occurs before or after the algebra. Signing transactions can be done in a similar way, but the process is slightly more complicated.

The benefit of secure multiparty computation is that it’s not just limited to Bitcoin. It can just as easily be used to run the artificial intelligence algorithms that businesses rely on to operate. So-called “machine learning” is the common name for a set of algorithms that detect patterns in real-world data and enable computers to model them without human intervention, and is used in fields such as spam filters and self-driving cars. is frequently used in It’s “just algebra” and can also be implemented in secure multiparty computations. In fact, any computation is possible if you break it down into circuits of individual bits of input. Naturally, there are some limits to the possible complexity. Translating complex algorithms into circuits often becomes even more complex, and as explained above, Shamir secret sharing can become expensive on its own. So it really should only be used to implement the “core” of the algorithm. More complex high-level thinking tasks are best solved by outside contractors.

Are you excited about this topic? Stay tuned for parts 2, 3, and 4: How decentralized companies can interact with the outside world, some simple and secure multiparty computational circuits at a mathematical level. Two examples of how it works and how these decentralized companies can make a difference in the real world.

See also:

Related Article


Leave a Comment