|
There are various forms of decentralization. Bitcoin tries to be as extremely decentralized as possible but you can greatly increase energy efficiency by centralizing a few aspects. Here is a thought experiment: Imagine a system where the money is issued by a central authority. The users would register their identities with the authority, and receive a certificate. When the bank issues money, it assigns a random serial number R, and it signs it with the bank's key and specifies whose money it is by the user's public key U: S[U, R]. Now suppose Alice has S_Bank[Alice, R] and wants to pay Bob. She can sign the money over to Bob: S_Alice[Bob, S_Bank[Alice, R]]. Bob could do the same to give Charles some money. Eventually, someone will deposit the money they received with the bank. The bank will check if money with the same serial was ever deposited previously. It can then catch the cheater who double-spent the money by looking for the "fork" in the signature chain. So if the bank tied identities to some offline ID, the police can go arrest the fraudster (or you can imagine other punishments, like blacklisting them from the entire system, etc.). Notice that even though money creation, identification, and double-spending defense are all centralized, payments remain decentralized: unlike credit cards etc., in this system, one need not contact the bank in order to spend money. True, there may be more of a delay in catching double spending; on the other hand, we have gotten rid of the very expensive mining process. We have also avoided one of the more subtle and annoying issues with Bitcoin: bootstrapping the P2P connection (you only need to connect to whomever you are trying to pay when you are trying to pay them). [This is just a simplified version of "ecash," which cryptographers have been studying since the 1980s. What I left out is the mechanism for ensuring payment privacy, which is pretty interesting in the offline payments case.] |