BitStream: a protocol for atomic data exchange

Atomic purchasing of digital files with digital currency is an idea that has a long history in this area. Digital goods, digital currency, the two seem like a perfect combination. Digital goods, i.e. information, also constitute massive markets. Think about all the videos, audios, texts, games and other forms of digital content that people buy and consume on a regular basis. These are markets worth billions and billions of dollars that people interact with every day.

Most serious attempts to implement paid file sharing have failed. Filecoin was an attempt to do this on top of IPFS, but ultimately the project is absurdly over-engineered. BitTorrent (the company, not the protocol) was bought by Justin Sun and incorporated its own cryptocurrency and blockchain. These two projects effectively failed to produce any productive results, with extremely over-designed systems on the technical side and very questionable incentives on the economic side.

BitStream is a proposal by Robin Linus (have you ever considered slowing down and taking a break, Robin?) to attempt to meet the requirements of atomic purchasing of data without the unnecessary addition of altcoins and technical protocols of too elaborate exchanges.

All files can be uniquely identified by a single hash, this is a very important detail in this scheme. Selling a file atomically requires encrypting the file using a function that allows the user to verify what is encrypted, and after that the user atomically buys the file’s encryption key. The problem is that the verification process, and more importantly, proving whether you have been tricked and the file is decrypted into incorrect data, is expensive. Naively, you will need to produce the entire encrypted file and the decryption key so that others can decrypt it and verify that the decrypted data does not match the expected hash value when hashed.

File sharing systems like BitTorrent frequently divide files into standard-sized chunks and construct a Merkle tree from them, which allows the root hash to function like a file identifier in a magnet link and verify that each individual chunk of a file you download is fine. a valid part of this file. This is a property you can take advantage of to greatly improve the effectiveness of fraud evidence showing that a file distributor has deceived you.

The seller of the file can generate a random value and use it to encrypt each piece of file using an XOR operation against that random value. They can then sign an attestation of the root hash of the encrypted file and the hash of the encryption value. The encrypted file tree is configured in a special way to facilitate simple fraud proofs.

Instead of building the Merkle tree from just the normal, but encrypted, file chunks, the tree creates pairs of leaves consisting of an encrypted file chunk and the hash of the unencrypted file chunk next to it. Now at this point the buyer can download the encrypted file and after verifying by taking all the hashes of the unencrypted chunks and creating a Merkle tree from them to make sure they match the root hash of the unencrypted file, it can atomically purchase the decryption value. . This is accomplished by the seller using it as a pre-image to an HTLC on the Lightning Network or to a mint like Cashu that supports HTLCs.

If the file is not decrypted correctly, either because the encrypted data is a different file or because the preimage is not the actual encryption key, the Merkle path in the encrypted file tree to two Any leaves may indicate that the seller has deceived the buyer. Simply providing the path to any encrypted piece of file and its corresponding unencrypted piece hash with the preimage purchased by the buyer will definitively prove that the seller did not provide the buyer with the file that he pretended to be.

Any file seller using the BitStream protocol can post a bond which can be cut with proof of fraud as designed above if they mislead a customer. This can be enforced by simply posting a deposit with a Chaumien mint in the simplest case. Platforms like Liquid offer alternative methods for building a link that can actually be applied without trust thanks to features like OP_CAT. Scripts could be built to actually take the BitStream fraud proof and validate it on the stack, allowing the creation of a UTXO that would be usable by anyone with a valid fraud proof. If OP_CAT ever became available on mainchain, this could even be done with confidence without the need for a federated execution environment.

BitStream is an incredibly promising protocol for the atomic sale of digital information with a very effective system for proving fraud, without shitcoins.