LESSWRONG
LW

Comment Permalink

But I guess that there is a large class of interesting property protocols that can't be implemented with bitcoins.

Good point, on second thought this may apply to the type of transaction I described in the opening comment, since it requires some way to transfer funds from all of the contracting parties into the escrow account at the same time, otherwise one of the parties could hold back from making the escrow deposit, and then blackmail the other parties that did make deposits (since they require his cooperation to get the money back from escrow but he has nothing to lose). I'm not sure if this simultaneous transfer of funds is possible to implement in the current version of Bitcoin.

Gunnar_Zarncke9y20

If even such a simple case as escrow accounts can cause these kinds of bugs in ones intuition - and this probably gets much worse for people less versed in correctness proofs - then it seems sensible that people don't do big The DAO style constructions upfront but start using a limited number of small protocols for small transactions.

See in context

18 Are smart contracts AI-complete?

by Stuart_Armstrong

22nd Jun 2016

1 min read

18

Many people are probably aware of the hack at DAO, using a bug in their smart contract system to steal millions of dollars worth of the crypto currency Ethereum.

There's various arguments as to whether this theft was technically allowed or not, and what should be done about it, and so on. Many people are arguing that the code is the contract, and that therefore no-one should be allowed to interfere with it - DAO just made a coding mistake, and are now being (deservedly?) punished for it.

That got me wondering whether its ever possible to make a smart contract without a full AI of some sort. For instance, if the contract is triggered by the delivery of physical goods - how can you define what the goods are, what constitutes delivery, what constitutes possession of them, and so on. You could have a human confirm delivery - but that's precisely the kind of judgement call you want to avoid. You could have an automated delivery confirmation system - but what happens if someone hacks or triggers that? You could connect it automatically with scanning headlines of media reports, but again, this is relying on aggregated human judgement, which could be hacked or influenced.

Digital goods seem more secure, as you can automate confirmation of delivery/services rendered, and so on. But, again, this leaves the confirmation process open to hacking. Which would be illegal, if you're going to profit from the hack. Hum...

This seems the most promising avenue for smart contracts that doesn't involve full AI: clear out the bugs in the code, then ground the confirmation procedure in such a way that it can only be hacked in a way that's already illegal. Sort of use the standard legal system as a backstop, fixing the basic assumptions, and then setting up the smart contracts on top of them (which is not the same as using the standard legal system within the contract).

Personal Blog

18

New Comment

46 comments, sorted by

top scoring

Click to highlight new comments since: Today at 12:24 PM

[-]Wei Dai9y190

In b-money I had envisioned that a common type of contract would be one where all the participants, including a third-party arbitrator, deposit funds into an escrow account at the start, which can only be released at the end of the contract with the unanimous agreement of all the contracting parties. So the arbitrator would make judgments on performance and damages, and be incentivized to be fair in order to protect their reputation and not lose their own deposit, and the other parties would be incentivized to accept the arbitrator's judgments since that's the only way (short of direct account adjustment by everyone, aka forking) to get their escrow funds out.

Not exactly the kind of "the code is the contract" smart contracts that some people are so excited about, and I have to say I don't quite understand the excitement. Without an AI that can live on the blockchain and replace human judgments, smart contracts are restricted to applications where such judgement are not required, and there doesn't seem to be many of these. Even when contracting for the production and delivery of digital goods, we still need human-like judgments when disputes arise regarding whether the goods delivered are the ones contracted for (except in rare cases where we can mathematically define what we want, like the prime factors of some integer).

[-]Gunnar_Zarncke9y30

With smart contracts you can implement such escrow accounts. Which is a step into the right direction I think.

[-]Wei Dai9y50

You don't need Ethereum-style smart contracts that can do general computation to implement escrow accounts. Multi-signature addresses, which Bitcoin already supports, are enough.

[-]Gunnar_Zarncke9y70

Yes. But I guess that there is a large class of interesting property protocols that can't be implemented with bitcoins. Like the variants of 'two-phase commit' that are part of many step by step property transactions ('concurrent' in financial jargon). I wonder whether there is a non-turing complete set of primitives that suffices for more current legal transactions. Probably a lot can be learned by asking a notary with programming experience...

[-]Wei Dai9y30

But I guess that there is a large class of interesting property protocols that can't be implemented with bitcoins.

[-]Gunnar_Zarncke9y20

[-]HungryHobo9y80

ok, for some context here, I think a lot of people are getting hung up on the words "contract" or "smart contract".

If we want to talk about it intelligently it helps to taboo the term "contract" or else people get terribly terribly confused like in some of the existing comments.

I'm going to say "independent program" instead of "smart contract" for clarity

Ethereum allows for the existence of independent programs which can hold and transfer money. The rules have to be hardcoded into them when you create them. They cannot be changed once launched.

For example if you wanted to create a prize fund for people who've factored large numbers you could create an independent program which accepts a set of numbers, decides if they're the prime factors of another number and if it is then it transfers a prize fund to the first person to do so.

Years later, someone factors the number, connects and gets their payment.

You might be a thousand years dead but the independent program is still in the system and has control of the funds.

Depending on how you write it you may even not be able to retrieve the funds yourself without solving the problem.

It doesn't matter if a court orders you to pay out because they have a law declaring pi to be exactly three and someone has come forward with a kooky proof for their "factored" number. If it doesn't match the rules of the program there's nothing you or the court can do.

If you've not given yourself control at the start it will sit there until the end of time until someone actually factors the number.

Or perhaps you set up the program badly and it will accept numbers which aren't the factors as correct and gives a payment to someone who's not factored anything.

it is not a legal contract which says "I will give money to the person who solves this problem", it's a piece of code which, when followed, may give the money in it's control to someone who connects to it depending on the rules programmed into it.

Some funds have been set up controlled by independent programs and their "about" pages tend to say something along the lines of "you're agreeing to the code being followed, anything we write here is just our best try at explaining what the code does, here is the full source code, if you're happy with this then you're free to give control of some funds to this code or a copy of this code"

[-]HungryHobo9y70

AI is complex. Complexity means bugs. Bugs in smart contracts are exactly what you need to avoid.

What is needed the most is mathematically proving code.

For certain contract types you're going to need some way of confirming that, say, physical goods have been delivered but you gain nothing my adding AI to the mix.

Without AI you have a switch someone has to toggle or some other signal that someone might hack. With AI you just have some other input stream that someone might tamper with. Either way you need to accept information into the system somehow and it may not be accurate. AI does not solve the problem. It just adds complexity which makes mistakes more likely.

When all you have is a hammer, everything looks like a nail, when all you have is AI theories everything looks like a problem to throw AI at.

[-]Wei Dai9y40

AI is complex. Complexity means bugs. Bugs in smart contracts are exactly what you need to avoid.

Security is one problem with smart contracts, but lack of applications is another one. AI may make the security problem worse, but it's needed for many potential applications of smart contracts. For example, suppose I want to pay someone to build a website for me that is standards conforming, informative, and aesthetically pleasing. Without an AI that can make human-like judgements, to create a smart contract where "the code is the contract", I'd have to mathematically define each of those adjectives, which would be impossibly difficult or many orders of magnitude more costly than just building the website.

With AI you just have some other input stream that someone might tamper with.

The solution to this would be to have each of the contracting parties provide evidence to the AI, which could include digitally signed (authenticated) data from third parties (security camera operators, shipping companies, etc.), and have the AI make judgments about them the same way a human judge would.

[-]HungryHobo9y00

If you're going to rely on signed data from third parties then you're still trusting 3rd parties.

In a dozen or so lines of code you could create a system that collects signed and weighted opinions from a collection of individuals or organisations making encoding arbitration simple. (does the delivery company say they delivered it etc)

You're just kicking the trust can down the road.

On the other hand it's unlikely we'll see any reasonably smart AI's with anything less than millions of lines of code (or code and data) and flaws anywhere in them destroy the security of the whole system.

This is not a great use for AI until we 1: actually have notable AI and 2: have proven the code that makes it up which is a far larger undertaking.

[-]NancyLebovitz9y50

What do you mean by full AI?

[-]ChristianKl9y30

For instance, if the contract is triggered by the delivery of physical goods - how can you define what the goods are, what constitutes delivery, what constitutes possession of them, and so on.

With the internet of things physical goods can treat their owner differently than other people. A car can be programmed to only be driven by their owner.

Reputation and escrow are also mechanisms that can be used. SilkRoad managed delivery of physical goods via reputation and escrew. SilkRoad did however had central servers that could be attacked. An Ethereum based system couldn't be taken down in a similar way.

[-]fubarobfusco9y10

With the internet of things physical goods can treat their owner differently than other people. A car can be programmed to only be driven by their owner.

Theoretically yes, but that doesn't seem to be how "smart" devices are actually being programmed.

[-]ChristianKl9y10

Theoretically yes, but that doesn't seem to be how "smart" devices are actually being programmed.

There's a IBM/Samsung project that wants to create a framework where smart devices move in that direction: http://www.coindesk.com/ibm-reveals-proof-concept-blockchain-powered-internet-things/

Slock.it basic model is also about creating infrastructure for this.

Current smart-devices often rely on a central server. If you buy a device from a startup that might go out of business you have an interest in there not being a central point of trust. Does that mean that success of Ethereum is a certainty? No, it doesn't. But a possible model of how success would look like is there.

It's also worth noting that various luxury brands have a problem with forgeries. There can be a clear chain of purchase for a smart product that makes it clear that the product is authentic.

[-]Stuart_Armstrong9y00

With the internet of things physical goods can treat their owner differently than other people. A car can be programmed to only be driven by their owner.

Which shift the verification to the imperfect car code.

[-]root9y30

Haven't people been making contracts for a pretty long time? What is this new 'smart contract' thing and how is it unique?

in a way that's already illegal.

Someone cracking a smart contract wouldn't really mind the law.

[-]WalterL9y30

So, the theory goes:

In a normal contract you agree to abide by some rules. If you break them penalties, etc.

But you don't have to 'just' trust those rules to agree to the contract. You have to trust the oversight body. If you get the better of me on the text of the contract I might turn around and appeal to a judge that you are still violating the spirit of the contract.

The idea of the 'Smart contract' is that the code is the contract, and there is no appeal. Our 'contract' is just an executable which does what it does. You only have to trust it, and not some random judge.

This instance, where someone is unhappy with how their smart contract worked out in practice, and the dev/community at large are playing judge, has a lot of people wondering whether they are ending up with the worst of both worlds.

[-]tsathoggua9y10

Right, except Is there a section in the code that says the parties agree to have no legal recourse? Because if not, I can still appeal to a judge. The simple fact is that in the legal eyes of the law, the code is not a contract, it is perhaps at best a vehicle to complete a contract. You cannot simply set up a new legal agreement and just say "And you don't have any legal recourse".

[-]TimS9y20

You cannot simply set up a new legal agreement and just say "And you don't have any legal recourse".

It depends. You probably can't write a contract that literally says "no recourse for breach." But you probably could achieve substantially the same effect.
For example, you might define substantial performance so low that it is always met, then explicitly waive any right to good faith and fair dealing) and any injunctive relief. If a court found the contract enforcible, I'm not sure how they could fashion a remedy.

[-]Lumifer9y10

But you probably could achieve substantially the same effect.

That depends. Courts can, and on occassion do, rewrite contracts (or refuse to enforce them) because they consider the contract to be inequitable or, in simpler terms, unjust.

[-]HungryHobo9y00

Though unfortunately for them once launched the particular type of smart contract in question enforces itself (since it handles the transfers itself) and re-writing it isn't really possible without destroying the entire system so the court isn't being asked for help enforcing the contract and a ruling asking to change it is about as enforceable as a ruling declaring the moon to be an unlicensed aircraft that needs to cease flight immediately if you can't get your hands on both parties to physically force them to make adjustments using new transactions.

It's complicated even more by the fact that contracts can themselves be recipients/actors within this system.

[-]WalterL9y00

I guarantee that if they could appeal to a judge, they would be. That's just not possible.

Ultimately, one of two things will happen.

Parties: The attacker: They used an exploit to transfer ether from one 'account' to another.

The victim: They no longer have ether that they used to.

The miners: They trade electricity/computation for network tokens in order to protect history from being rewritten. They are the reason I can't just write a program to give myself every bitcoin. They wouldn't run it. If they did, their users would abandon them for a fork from before my patch.

The way crypto works, you can basically count on consensus winning out. Thus, ultimately one of two things will happen.

1: The miners accept an update and fork to rewrite history such that the victim retains their ether. 2: The miners accept the attacker's bribe (or not) and do not do so. The thief keeps the ether.

In order to influence whether 1 or 2 happens a judge would have to compel the actions of the miners. That is, he would have to seize control of the currency.

It has never happened. If you think that it will in this case, I'm willing to bet you that you are wrong.

[-]Slider9y00

From what I gather its a contract that is so spesific there isn't any room for interpretation.

Normal contracts refer more strongly to a "reasonable human being fluent in the language its written in". This leaves some of the basic concepts somewhat open and some fitting is needed to make spesific sense for the circumstances. For example we can refer to "chairs" without there being any rigourous definition of such. But a smart contract can define rigourously complex hypotheticals on what migth happen in a way that doesn't leave any ambigity.

I guess the theory of it could be way more sound if humans were capable of logical omniscience. But given a piece of code you probably only understand its main modes of function. If you brough up some weird edgecase on how the spesification binds you and ask "did you really will this?" a typical human can't answer yes to all such questions. Its like committing to following the bible and then afterwards finding out it involves stoning people (and then not being so willing after learning this fact). Someone who doesn't know that marriage influences inheritance etc is not capable of agreeing to a marriage, even if he says yes during some ritual. But marriage is simple enough that it can be externally verified when a person does understand it or atleast ought to.

In a way we do somethign similar when we include terms of service that are boring enough and skippable enough that lots of people do not read them. But here the whole text is readable. It is just so dense in mathematical/technical coding that reading it in a comphehensive way would take significant effort which is not usually done. Its like saying "here read this schrödinger equation. Congratulations now you understand quantum mechanics completely". But the comprehensiveness can be executed and the ability to prescan it for known tricks/bugs makes it not automatically socially useless. But if the code ends up later to have a property that neither of the parties were aware off and could not be expected to come aware off upon prescanning the code are they legally stuck on following it? You either have to acknowledge that the parties have incomplete information on the functioning of the code or you have bindings that nobody knew about or intended. Which is pretty bad for informed consent.

[-]ChristianKl9y00

The contract isn't enforced by a court of law but is enforced by computer code.

[-]tsathoggua9y40

But that isnt even true. If two people enter into a contract they are governed by law, regardless of whether it is a paper contract or computer code. I highly doubt there is any legal language in the computer code saying that the agreeing parties waive any US legal rights.

The code is not the contract, but rather a vehicle to effect the contract. You can have the exact same setup without the code.

On top of that, there is some legal questions as to what the DAO stuff actually is as a legal matter.

[-]scarcegreengrass9y30

Just to clear some things up:

In some contexts, 'smart contract' is a misnomer: it's just a computer program that resembles a legal contract but does not interact with the government in any way. It just moves money according to agreed-upon rules. I don't think it's common to use both a legal contract and a 'smart contract' to enforce the same agreement.
In the specific case of the project known as 'TheDAO', the terms of service does indeed waive all legal rights and says that whatever the computer program says supersedes all human-world stuff. (https://daohub.org/explainer.html)
All of this stuff is so experimental that there's an exception to everything at this point.

[-]TimS9y10

In some contexts, 'smart contract' is a misnomer: it's just a computer program that resembles a legal contract but does not interact with the government in any way.

Typically speaking, a legal contract does not interact with the government - only a very small percentage of contracts are adjudicated by a court or reviewed by any government body.

In other words, moving around money, tangible objects, services, and intangible rights is a reasonable shorthand for > 80 % of the things the law would call a contract.

[-]tsathoggua9y00

In the specific case of the project known as 'TheDAO', the terms of service does indeed waive all legal rights and says that whatever the computer program says supersedes all human-world stuff.

I may have missed it, but that is not at all what the link you posted says. It has a waiver of liability against 3rd parties (basically the DAO operation). It does not say that you cannot have liability between to parties subject to a contract, or even seem to mention anything about dispute resolution.

Also, I would like to point out that you CANNOT have a contract that requires an illegal act. For instance, you cannot create a contract that says "Person A waives all legal recourse against Person B if Person B murders them." The act of murder is still illegal even if both parties agree to it.

Finally, the TOS for DAO is not the contract, it is merely the TOS for using the service. So the individual contracts between two people are going to override that.

[-]HungryHobo9y10

You're still conflating the term "smart contract" and the idea of a legal contract.

That's like conflating "observer" in physics with a human staring at you or hearing someone talking about a Daemon on their server and talking as if it's a red skinned monster from hell perched on the server.

Imagine someone says

"This is a river, if you throw your money in it will end up somewhere, we call the currents a 'water contract', the only difference to a normal river is that we've got the paperwork signed such that this doesn't count as littering"

It does indeed end up somewhere and you're really really unhappy about where it ends up.

Who do you think you're going to take to court and for what contract?

[-]ChristianKl9y10

Finally, the TOS for DAO is not the contract, it is merely the TOS for using the service. So the individual contracts between two people are going to override that.

Which two people do you mean? The creators of the the DAO don't have control over it. When people who brought tokens sue them, they can't give them the money back.

[-]scarcegreengrass9y00

You might be correct. I suspect you know more about the law side of this than i do.

[-]ChristianKl9y-10

Law might want to govern them, but the power of the state is limited. A court can't compel a computer that executes code to do anything.

[-]tsathoggua9y40

The law cannot compell you not to murder either, but does that mean you can go out an do it freely? No.

The law doesnt need to compell the computer code, it can force people to do things, it can force the code to be rewritten, it can shut down servers that run the code, it can confiscate the money used in the processes.

These are not some magical anonymous items that are above the law and inviolate. While it is true that they have not been litigated yet, that time is quickly coming, and they still rely on outside individuals to complete the contracts, and are still governed by all the same laws that everything else is.

[-]ChristianKl9y40

The law doesnt need to compell the computer code, it can force people to do things, it can force the code to be rewritten, it can shut down servers that run the code, it can confiscate the money used in the processes.

The idea of the blockchain is that there no single server that runs the code and that could be attacked that way.

A lot of de jure illegal transactions happened on the bitcoin blockchain without a court confiscating the transactions. When MtGox was hacked they couldn't simply ask a court to confiscate the Bitcoins that the hacker stole.

There are a lot of drugs sold via Bitcoin and the courts also don't confiscate those.

If people make a bet in Augur that the US government doesn't like, the US government can't shut down Augur. At least that's the idea on which Ethereum and Augur are build.

Augur can trade a market about whether a certain drug will get FDA approval and the market participants are anonymous. That means they can use insider information. It's impossible to backup that anonymous transaction with standard contracts but smart contracts can.

[-]Lumifer9y00

These are not some magical anonymous items that are above the law and inviolate

It is an article of faith is some circles that the blockchain is exactly this kind of magic :-/

[-]tsathoggua9y00

I hate this so much, and it happens so often with Tech stuff. Just because something is brand new, and does not have laws or regulations relating to it right now does not mean that people can simply do whatever they want.

Courts are still going to litigate this stuff, and people are definately going to sue if they start losing huge amounts of money, and it is just worse that the creators are basically not planning for these issues, but just going off the basis that it is all going to work out.

[-]Lumifer9y70

Just because something is brand new, and does not have laws or regulations relating to it right now does not mean that people can simply do whatever they want.

Well, it's a bit more complicated than that.

When people say that some things (like the blockchain) are outside of the law, they don't usually mean that no one can be sued or that the courts won't try to enforce judgements. What they mean is that those things are hard for the law to reach. A court might issue a judgement but it won't be able to enforce it. The general idea is that enforcement is so difficult and expensive so that it's not worth it.

For a simple example, consider piracy (of the IP kind). It is very much illegal and... so what? I can still go online and download the latest movie in a few minutes. It's not that the FBI can't bust me if it really wants to. It can. But it's inefficient and cost-prohibitive.

As to smart contracts, that's just a misnomer. They are not contracts. They are determistic mechanisms, set up for a particular purpose. Bespoke machines, if you wish. A contract in law implies a meeting of the minds which these algorithms cannot provide. Instead, they offer a guarantee that if you do A, B happens.

They are more akin to vending machines: you feed in some money and you get the item. It's not a contract between you and the vendor -- it's just a machine which you used.

[-]WalterL9y20

Lum has the right of it. Thanks for writing that. I was trying to phrase it right and kept ending up with "Physics doesn't care if you hate it so much".

[-]ChristianKl9y10

it is just worse that the creators are basically not planning for these issues

Of course the creators do plan for the issue. They make sure that there no central point of failure that can easily be attacked.

[-]ChristianKl9y10

Courts are still going to litigate this stuff, and people are definately going to sue if they start losing huge amounts of money

Which of those people who lost bitcoin when MtGox has hacked sued the miners to transfer the stolen money back to their accounts?

[-]Slider9y00

Court can order computers dismantled. And I think there are methods for state to aquire property if it can be shown to be a "vechicle of crime". It is afterall the state that controls the monopoly on violence needed to enforce private property in the first place.

[-]scarcegreengrass9y20

Note however that in this case the code is being run on thousands or millions of anonymous machines; physical dismantling would be very difficult.

[-]ChristianKl9y-10

This is basically the idea that the state could decide to try to outlaw bitcoin mining and fight it.

Secondly you are wrong that any state has a monopoly on violence these days. There are multiple states and not none of them have a monopoly on violence. If you want to fight crypto-currencies you have to enforce laws in every country.

[-]Slider9y00

Its usually seen as very rude to go exercise violence on another states soil.

[-]Lumifer9y00

Doesn't bother the United States in the least.

[-]ChristianKl9y00

Yes, and therefore no state has a monopoly on violence for the purpose of this discussion. To control Bitcoin or Ethereum an entity would need to make mining illegal in all jurisdictions.

Moderation Log