Peer

-to-PeerERC20 Token
Anti-
Theft

FernandoUr danet
a
gi
thub.com /
ETHPlus

Abst ract .Vi talik But er i

n's originalvi sion f or Et her eum was t o cr eatea
peer -to-peerver sion ofel ectronicm oney.Mostsuccessf ulpr ot ocolhol der s
attem ptt of ur therenhance t his vision and pr ovi de a m or e scal abl e and
efficient paym ent syst em .W e see Bi t
coi n's gr eatest pr om ise not as a
m edium ofexchange,butasast oreofval ue:abet t
erf or m ofgol d,notcash.
W e pr opose asetofm odi ficat i
onst ot he or i
gi nalpr otocoli n ordert ofulfill
this pr om i se by cr eating the best val ue el ectronic st ore.By i ncr easing
Bitcoin' s ef f
ect ive transact i
on confir m at ion t ime f rom 1 0 mi nutes t o 24
hour s,we can addr ess Bi t
coi n's biggest flaw as a f or m of gol d:t heft
suscept i
bi l
i t
y.A syst em gear ed less t owar ds payi ng f orcof fee and m or e
aboutsavi ng l i
fesavi ngswi tht otalpeaceofm i nd,wher eeacht ransact ioni s
alerted in achai nf or144 blocksand can becancel ed in an em er gencywi t h
ar ecover ykeyt hathasneverbeen used bef or eand t her ef
or ei nvulner able.
The st artup oft hissyst em isnott hrough a har df ork butt hr ough a f airer
m echani sm ofaccel erated m ining,whi ch al lowst hesyst em t or each Bi t
coi n
inashor tper iodoft im e.W ewoul dliket ogi vef ullcredi tt othecr eatoroft he
Bitcoin Royal e whi te paper[ 1]thatcr eated t he vision f orel ect r
oni c gol d
withoutt hef t.Asat eam ,wewoul dl iket o m ovef orwar d wi tht hati deaand
start i m pl em ent ing al lt he cr ucial f eat ures m ent ioned bel ow and
m akei teven m or eadvanced.

1
.-I
ntr
oduct
ion
Bit
coin[ 2]is an innovative decentrali
zed paym entsyst em l aunched in 2009 t hatallows
parti
estot r
ansactdi rectl
ywi thoutgoi ng through atrust
ed financi alinsti
tuti
on.Thesyst em
rel
ieson proofofwor ktom aintain adistri
but ed l
edgerwi t
houtar eli
ableoper ator,which is
saf
e as long as honest nodes cont rolm ore CPU power t han any cooper ati
ng gr oup of
att
acking nodes.Bi t
coin was or i
ginally descri
bed by its creator SatoshiNakam ot o as a
"El
ectroniccash system "
.

Mul tipl
esuccessfulm odificationsoft heoriginalprotocolhavebeen released overtheyear s
int heform offorksfrom theBi tcoin codebase.Thesei ncludeLitecoi
n[ 3]thatwasl aunched
in 2011toreducet ransacti
on confir m ation t
im eand changet hepr oof-of-
workal gorit
hm t o
favorconsum er -
grade har dwar elike GPUs;Bi tcoi
n Cash [4]thatwas l aunched in 2017t o
scalet he perf
orm ance oft he originalprotocolt r
ansactions by i
ncreasing the si
ze ofthe
block;and Bi t
coin Gold[ 5]whi ch was also launched in 2017to m ake speciali
zed m ini
ng
equi pm entobsoletebychangi ng thehashing algorit
hm

Truetotheoriginalvi si
on,t hepr im aryfocuson thesehol der
sand othersistom akeBi tcoi
n
abet t
ercash system .Thel imi tat
ionsoft heor i
ginalprotocol
,such ashigh tr
ansaction f
ees,
10-minut
e confir m ati
on t im es,and the approxim atethroughputofj ust4 transact
ionsper
second,hinderBi tcoin's abili
tyt o com pete with Key onl
ine cent
ral
ized paym entsystem s
today.
2.El
ect
roni
ccash orel
ect
roni
cgol
d
W hile Bit
coi n di
d notsee m uch successwi t
h consum eradopt i
on aselectroni
ccash,i thas
been signi ficantlym oresuccessfulasaf orm ofel ectroni
cgol d.Thereisalong debateint he
industryaboutwhet herBitcoinissuper iorasam edi um ofexchangeori ndeed asast oreof
value.Gol d i s not an eff
ective m eans of paym ent f or day-to-day goods and services.
Consum er si nvestpr i
m ari
lyin goldt o pr otectthem selves againstinflati
on and preser ve
future pur chasing power.Unl i
ke nationalcur rencies,Bitcoi
n'sfixed and limit
ed m onet ary
policyt heof f
erm akesi tpart
icularl
yat tr
act i
vei nthisregard.

Historyshowst hatsyst
em scan sel dom be designed to m eetm ultipl
e com pet i
tive goalsat
once.Opt imizi
ngBi t
coi
nt obecom eabet term edium ofexchangedi mini shesit
spot entialas
a st
ore ofvalue.On t he sam e note,byf urthersacrifici
ng t he properti
esr equired foruseful
el
ect r
oni ccash,wecan gr eatl
yi m proveitsusefulnessasel ectronicgol d.Inthisdocum ent ,
we pr opose a seri
es ofm odificat ions tot he or
iginalBitcoin protocolf ocused on a single
objective:t
ocr eateThebestval uest ore.

Ifweno l ongerpr iori

tizecom pet i
tion asan onl i
nepaym entsyst em ,wedon'tneed t ofocus
on tr
ansact ion feesort ransact i
on perform ance.Af terall,goldisexpensivetot ranspor
tand
isnorm allypur chased f orl ong-term invest m ents.Onepr opertythatisparti
cul ar
lyrel
evant
toouref f
or t
sist het ransact i
onconfir m at i
ont im e.Offset
sont hi
sfront,suchasasubst antial
incr
ease i n Bi tcoin'
s 1 0-mi nute aver age confir m ati
on t im e, can gener ate cardi
nal
advantages.Si ncewewoul dn'texpectt otranspor tagol dshipm entt hr
oughl ocationsi
nless
than 10m inutesanyway,t hissacrificeseem snat ural.

3.The pr
obl
em oft
hef
t
Thekeyr equirem entofast oreofval ueisnott obeper i
shable.Thef tisoneoft hem ainrisks
ofl osswhen i tcom est o som ething ofvalue.Gol d worksqui t
e wel lint hisregard.Physical
thef tofgoldi ssignificant lym orer i
skyt o executethan anyvi rt
ualat t
ack on an electr
oni c
asset .Furt
her m ore,a t
hi efwoul d find i
tdi fficultto hi
de a considerablel oad ofstol
en gol d
from t heaut horit
ies,especi al
lyacrossbor ders.Launder i
ng and liquidation ofstol
en goldi n
largequant i
tieswhi l
est aying anonym ousi salsonotasi m pletask.

Unf ortunat ely,Bitcoi

n doespoor l
ybycom par ison.The f undsar e pr
otected bythe pr otocol
with set sofcr yptographic pr i
vate keys.Gai ning elect ronic accesst othese keysal l
owst he
attackert o confiscat e allfundsr em ot el
y,i m m ediately and irrevocably.Launder i
ng st ol
en
fundsi sal so significant ly easiersince tr
ansact i
onsar e pseudonym ous,t r
aceabili
t y can be
disrupt ed byt heuseofm i xers[6],and Sybilident i
t i
escan bem ass- cr
eated.Asar esul t
,the
thef tofcr ypt ocurrencies is on the rise with m oret han $ 1bi lli
on stolen i
n 2018[ 7].The
com m uni ty-cur at
ed list
sofm aj orincident s[8]show t hateven pr of
essionalinst
itutionsar e
wel linform ed aboutt hel at estsecurit
y.Pr acticesar epr onet oat tack.

Secur e m anagem entofpr i

vate keys by end usersi s proving to be one ofBitcoi
n's m ain
challenges.Si nce the keys m ust be used r egularlyt oi nteract with f
unds and si gned
tr
ansact ions m ust be t ransm it
ted over t he I nternet, each key event uall
y becom es
vulnerabl e.Securi
ty conscious pract
ices such as dividing funds bet ween "hot"and "cold"
walletsar ecum bersom eand do notsol vethepr oblem att her oot.Inci
dent sshow thathot
walletsinevitablycontainsigni
ficantam ount s[9,10]andt heuseofcol dwal l
etsonlyreduces
keyint eracti
on butdoesnotcom pl etelyeli
minat eit[11]
.
4.Ant
i-Thef
tSol
uti
on
Asa m eansofel i
mi nati
ng t hef
t,we propose a solution based on a new and sophi st
icated
protocolblocking and m odi ficati
on script.By def ault
,a t ransact i
on m ade withthe new
blockingscriptwillbedel ayed24hour s.W henam i neraddsat r
ansact i
ont oanew block,the
transacti
on willno longerbecom m itted im m ediat
ely.Instead,i twillbeadded inthechai n
asanal ertf
ort hedur ati
onof1 44blocks( assum i
nga1 0-mi nut ebl ockti
m e).I
fiti
snotaltered
for 144 blocks, t he t ransact
ion wi l
l change f rom t he al ert stat
e t o "confirm ed"
.

Thebenefitofchai n alertsisthatcoin owner swi llr

eceiveuncensor ed advancenot ifications
everytim etheym ove t heircoins.The ownerwi l
lhave 24 hoursto acton the aler
tand can
cancelt he transfer ifiti s not authorized.Del ayed withdrawals are a proven ant i-
theft
indust
ryst andar d on escrow walletsand thet r
aditi
onalbanking system .CoinbaseVaul t[12]
,
for exam pl e, has a 48 hour t im eout. Our pr oposed sol uti
on pr ovides
Thesam epr ot ecti
on wi thoutat rusted t
hi r
d par t
y.

Em ergency r eversalofan al erttransact

ion r
equires a speci
alrecoveryt r
ansact
ion and is
perform edim m ediat el
ywi t
houtbei ngsubjecttot
he24- hourdelay.Therecover
ytransacti
on
requires a specialr ecovery key t
hatm ustbe ent ered intot he l
ock scri
ptduring wallet
creati
on. Once a r ecovery key has been r egist
er ed for a gi ven wallet, it is
itcannotbechanged.

The pri
vater ecoverykeyused f orem er gencyover ri
de isint ended to be anew keyt hathas
neverbeen used bef or e.Thiskeycan begener ated of fli
neand m ustneverbeconnect ed to
the Int
ernet ori ncor porated into any device.The r egistration process onlyr equires the
publicpartoft hiskey,ensur i
ng t hatthe pri
vat e keycan r em ain unused.Unl ike cold wallet
keyswhi ch need to be used occasi onall
yand t husvul nerabl etot hef
t,the recoverykeywi l
l
be used fort he firstt im e onlyin em ergency over r
ide and t hus can be com pl etelyt heft
resi
stant.Oncet her ecoverykeyhasbeen used,i tm ustbeconsi dered com prom ised and all
funds m ustbe t ransferred im m ediat
elyt o a new wal l
etpr otected by a new unused Key
Recovery.

Theor i
gi nalconceptoft heDi gi
talGold Bit
coin Royaleinvol
ved del
aying al
ltransacti
onsin
thesystem f or24hours,m aking thecoinasafe,slow-m ovi
ng st
oreofvalue.W ewoul dliket
o
extendt hisconcepttot akeadvant ageofthebestoft wowor l
ds:digi
talgol
danddi gi
talcash,
withoutcom pr om i
sing secur
ity.
Al
ong with sl
ow m oti
on alerts,we conditi
onal l
ykeep transactionsqui
ckand "snapshot
".To
pr
ovide m axi
m um securi
ty,sending such at ransaction wil
lrequir
e ausert
o perfor
m a2FA
bl
ockchain,using t
het hi
rd keyprovided duri
ng wal l
etcr eati
on.

5.Bl
ocks
Like the ori
ginalBi tcoin protocol,each bl ock containsal i
stofcom m i tt
ed tr ansactionsand
cont ai
nst he Mer kler oothash oft hese transactionsi nitsheader .Si nce som e transact i
ons
m ustwai t24 hour si nt he chain,t hey cannotbe i m m edi ately added t ot he transact i
ons
section ofa bl ock.Inst ead,t hey are added t o a new speci alsect i
on t hatdoesn' texistin
Bitcoin'sorigi
nalpr ot ocol:the alertssect ion.The Mer kler oothash f ort he alertssection is
stored intheent r
yoft hecoi nbaset ransact i
on keepi ng thebl ockheadercom pat ibil
itywi t
h
the originalBitcoin.W hen a new bl ock ism ined,t he m inerl ooksback at1 44 blocksand
exam inest he alertsect ion ofblock N- 144.Al lal
er t
sf ort ransact ionst hatar e sti
llvalid are
confir m ed and populat e the t r
ansact i
ons. sect i
on of t he new block.

Thest
epst
om i
nebl
ockN ar
easf
oll
ows:

1
)Add new r
egul
art
ransact
ionst
obl
ockN al
ert
ssect
ion (
unconfir
m ed)
.

2)Add new i
nst
antt
ransact
ionst
obl
ockN t
ransact
ionssect
ion (
confir
m ed)

3)Add new r
ecover
ytr
ansact
ionst
othet
ransact
ionssect
ion ofbl
ockN (
confir
m ed)
.

4)Gotoal ert
ssection ofbl
ockN-
144 and add val
idt
ransact
ionst
obl
ockt
ransact
ion
sect
ion N (
confirm ed).
6.Scr
ipt
s
Them ainfunctionali
tyofETHP i
savail
ablethrough t
hesophi
sti
cated bl
ocki
ng scr
ipt
,whi
ch
behaves di f
ferently depending on t he num ber of si gnatures present
ed in
theunlockscript.Twovari
antsareavail
able:

1
.Alertblocki
ng scr
ipt:requi
resone ort
wo si
gnatures.Ifa si
gnat
urei spresent
ed,an alert
t
ransacti
on is generated.Iftwo si
gnatur
es are presented,a transact
ion of Recovery.

2.Alert+ instant lock scr

ipt - r
equires one,two,or three si
gnat ur
es.Ifa si
gnat ur
ei s
present
ed,an al er
tt ransacti
on is generated.I
ftwo signatures ar
e present
ed,an instant
tr
ansaction i
s gener ated.If al
lt hree si
gnatures ar
e presented,a recoverytransacti
on.

7.Tr
ansact
ions

Currencytransf
ersarem adeusi
ng regul
art
ransacti
onsidenti
caltothoseoftheBi
tcoi
n
prot
ocol.Theirfor
m atdoesnotchangeastheym ovefrom thealer
tssecti
on t
othe
tr
ansactionssecti
on.

7.
1.Recoveryt
ransact
ions
Ar ecoverytransactionspendst hesam eUTXO ast her ecoveredal ert
.Thedi fferencei st hatit
presentsm or esignaturest ot
hesam eUTXO:2i n caseofal ertblocking scri
pt ,or3i n caseof
alert+instantscriptblocking.W henar ecoverytr
ansact i
oni sprocessed,t herecover edUTXO
isspent,thusi nvali
dating anyexisti
ng al
ertsbased on thisUTXO and pr event ing t
hem f rom
being acknowl edged aftertheir24 hourdelay.
7.
2Inst
antTr
ansact
ions
An instant t r
ansact i
on all
ows you t o overri
de t he def ault 24-hour delay for transacti
on
confir m at
ion and speed up transacti
on confir m ation toaround 10m inut es.I
tsm echani sm is
si
mi lartot he m ul
tisig.wal
let.Requi r
esan addi tionalsi gnature ofasepar ate pri
vate keyt o
be stored securelyin asepar atelocation.Thati swhyi nstanttransactionscan onl ybe sent
fr
om speci al P2SH addr esses: snapshot addr esses, generated f rom t he scr i
pt of
alert+instantl ock

8.Com pat
ibi
lit
y
Ourdesi gn t
riesto m ake t
he protocolascom pat
ibl
e aspossi
ble wi
ththe standard Bi
tcoin
protocol
.Theunder l
ying goali
st om ini
mizethenecessarycodechangest oexist
ing Bi
tcoin
fullnodes,wal l
ets,and groups.and m iner
s.However,ifchangesare m ade t
o an exi
sti
ng
blockchain,t
heyr equireahar dfork

To avoi
d changi ng t
hef orm atoftheblockheader,m aki
ng thecoinincom pat
iblewit
h ASIC
bit
coin Mi ners,the Mer kl
er oothash f
orthe al
ert
s secti
on is st
ored i
nt he ent
ry ofthe
st
andar d coin basetransaction.

Ifhardforkisr equir
ed,ourgoalistom akethet r
ansit
ion aseasyaspossi bl
ef orexi
sting coin
users.Allexisti
ng scri
pttypesdo notchanget heirbehavior,so al
lexi
sting coi
nsbef oret he
hard for k areexpendable in a norm al way. However , we strongly recom m end t hat
switch t
ot henew,m or esecurescri
pt

9.I
ncent
ive
Thesystem borrowst heBi tcoini ncentivem odelt hathaspr oven successfulinr ecentyears.
decade.The incorporati
on ofal er t
sr equir
esm inorm odi ficat ionst othism odel .Minersar e
encouraged toinclude transaction alertsto ablockbypr om ising afee calculat
ed from the
dif
fer
ence between t he value ofexi t
sand ent r
ances.Feesar e cal
culated from future bl
ock
tr
ansactions and ar e di str
ibut ed t o the or iginal m iner, whi ch includes al ert
s f or
tr
ansactions.
Thefuturei
nvestorwi l
lcontinuetor eceiveablockrewardform i
ninganew bl ock,allt
hef ees
ofthenew m om ent,regist
ration and recoverytr
ansacti
onsand theprom i
seofaf utur ef ee
fortr
ansact
ion al
erts.TheFut ureThem i nerisbound byconsensusrul
estoi ncludeal lalerts
from block N- 144 t o transaction sect i
ons excluding those that wer e r ecover ed.

I
n case of cancel
lati
on of t
he alert
,the rat
es for t
he ori
ginalm i
ner of t
he alert are
i
rrecoverabl
e and the t
otalcost isthe r
ate of t
he ori
ginalaler
t plus t
he fee for the
r
ecover y transact
ion.

1
0.Rel
ated wor
k

W earepar ti
cularl
yi m pressed wi
ththewor kofMal teMöseretal .intheBi tcoin conventions
[1
3].Its Bi
tcoin's scri
pt language ext ensi
on allows for r
estr
ictions on the f uture use of
currenci
es,whi ch can be used t oim plem enta variet
y ofsecurity m easures.The m ain of
which is vaultt r ansacti
ons, which t hey resem ble our proposed del ayed wi t
hdr awal
m echanism .

W e have opted f
ora sim pl
eri m pl
em ent
ati
on thatdoes notrequir
ear ecursive ar
ray of
custom scriptsto be im pl
em ented by wal
let
s.Our proposalis m or
et han an opt i
onal
extensi
on,i tisa fundam entalchange tothe prot
ocolwi t
h a wide eff
ect m andatoryi n
tr
ansactions.

Changi ng t
he im pl
em ent
ati
on burden for m i
ners and l
eaving t
he end user t
ransact
ion
experienceidenti
caltothedefaul
t,al
lowsust oim pr
ovecar r
youtourm issi
on t
ocr eat
etrue
elect
ronicgold.
1.Ian Duot el iFl em i ng,ht tps: /
/bi t
coi nroyal e.org/ bitcoi nroyal e.pdf
2.S.Nakam ot o,“ Bi tcoin:A Peer -to-PeerEl ect roni cCash Syst em ” ,
ht t
ps: /
/www. bitcoi n.or g/bi tcoin.pdf ,2008.
3.Li tecoin Pr oj ect ,“Litecoi n,open sour ceP2P di gi talcur r
ency” ,https: /
/lit
ecoi n.or
g,201 4.
4.“ Bitcoin Cash” ,ht tps://www. bitcoincash. or g,201 8.
5.bi tcoingol d. org,“ Bitcoin Gol d”,ht tps://bitcoingol d.or g,201 8.
6.J.H.Zi egel dor f,F.Gr ossm ann,M.Henze,N.I nden,and K.W ehr le,
“Coi npar ty:Secur em ul ti
- par t
ym i xing ofbi tcoi ns”,I n:CODASPY’ 15,201 5.
7.Ci pher Tr ace,“ Cr ypt ocur rencyAnt i-MoneyLaunder ing Repor t,201 8Q4” ,
ht t
ps: /
/cipher trace. com / cr ypto- am l-repor t-201 8q4,201 9.
8.“ BLOCKCHAI N GRAVEYARD” ,ht tps://
m agoo. github. io/Blockchai n-Gr aveyar d,201 9.
9.C.Zhao,“ Bi nanceSecur ityBr each Updat e( May7201 9)”,
ht t
ps: /
/binance. zendesk. com / hc/en- us/ar ti
cles/ 360028031 711,201 9.
10.J.Buck,“ Coi ncheck:St ol en $534M l n NEM W er eSt ored On Low Secur ityHotW al l
et “,
ht t
ps: /
/coi nt elegr aph. com / news/ coincheck- st olen- 534- mln-nem - were- stored- on-low- secur i
t
y-hot wal let ,201 8.
11.J.Pr eissler ,“ Im por t
antNot i
ce:Onl yt r
adeTI O on t rade. i
o” ,
ht t
ps: /
/m edi um . com / @t rade. i
o/ im por tant -
not i
ce- onl y- t
rade- tio-on- t
r ade- io-823d59f d71 04,
201 8.
12.KM.Cut ler ,“Coi nbaseLaunchesA Mor eSecur eBi tcoin Stor ageOpt ion Cal l
ed ‘Vaul t
’”,
ht t
ps: /
/techcr unch. com / 201 4/
07/ 02/ coinbase- vaul t,201 4.
13.M.Möser ,I.Eyal ,E.Gün Si rer,“ Bitcoin Covenant s” ,In:Financi alCr ypt ogr aphyand Dat a
Secur i
ty,
FC 201 6,Lect ur eNot esi n Com put erSci ence,Vol .9604.Spr inger ,Ber lin,Hei delber g.
W ELCOME
TO THE FUTURE

ht
tps:
//et
hpl
us.
net