Matthew Roberts

I am a cryptobiologist specializing in the study of digital life forms like blockchains and certain kinds of unbounded smart contracts. “We must not let our politics harm these beautiful creatures.” – Myself.

Page 3


Building a decentralized cryptocurrency exchange using zero-knowledge proofs

7/12/2017: The protocol is flawed and contains a black mail risk. The other side cannot claim a refund without knowledge of the secret so even if the TXIDs can be validated with ZK-proofs the scheme still doesn’t work. I guess its back to the drawing board with this idea.

Edit 5/9/2016: I’ve updated the scheme. I’ll update it again if I get time to think of a way to avoid using timelock encryption for the refunds since that will make it more secure. Although I want to add that timelock encryption depends on the security assumptions of hash functions so its also not like this is particularly crazy (as new and scary as things may sound.)

Quite recently its become possible for those outside the field of cryptography to construct zero-knowledge proofs. One such proof is a proof for SHA256 hashes that basically allows anyone to state that “yes, I know some value that produces some known

Continue reading →


Decentralized atomic cloud storage using Bitcoin

 Update: 7/12/17: The biggest flaw with this proposal is that its not atomic with respect to a user’s bandwidth (and this is a crucial concern in a decentralized cloud storage systems.) My conclusion is that payment protocols for these systems cannot be made much more low trust than a standard micro-payment channel (unless there is some use-case where bandwidth can be ignored but I can’t think of one.)

 Update: 13/01/17. A recent paper has emerged describing a “new technique” for doing “Atomic Verification Via Private Key Locked Bitcoin Transactions.” This paper is so similar to the scheme I described here 10 months ago that its hard to tell if this is plagiarism or a genuine mistake. It’s also interesting to note that the author’s scheme won’t work on the Bitcoin network since it depends on OP_AND which is currently disabled and their proposal won’t guarantee a file’s availability

Continue reading →


Introducing the timechain

 By Matthew Roberts and Elías Snær Einarsson

Update: April 20, 2017 - See “Turning back the clock on timechains -
a follow-up” for a discussion on security.

Historically companies and individuals have struggled to uphold adequate security practices when it comes to the handling and storing of cryptocurrencies and this can be seen in the numerous hacks that have plagued this industry.

Probably almost every large Bitcoin exchange and wallet provider have seen at least one major security incident which either lead to (or could have lead to) the loss of customer’s funds. The problem at hand is actually very simple and comes down to one basic issue: the need to keep ECDSA private keys around for signing withdrawals.

 Example 1

Imagine you’re a currency exchange for cryptocurrencies. To be able to credit customer’s accounts you generate Bitcoin addresses on the fly and associate them

Continue reading →