*** some abstract thing. Overview* E's data-comm layer that provides SSL-like secure data pipes between vats, but with a handshake based on the logic of the capability introduction rather than CAs. Also provides for vat mobility via the Vat Location Service (sort of a secure decentralized DNS). Can be layered on top of an IP-mix network like Freedom, in which case the two orthogonal forms of pseudonymity complement each other well. * E's CapTP layer that provides cryptographic capabilities, given the VatTP layer. This is where E's fundamental engineering premise is explained: "capability == object reference". For this paper, I would not explain Promise Pipelining, but I would explain live vs Sturdy references, and a bit about distributed fault recovery. * ERTP: How capabilities are used to build the kinds of exchangeable rights that rich electronic markets should/will be made of. * The Game Design Game: Rather than have separate mutually trusted third parties for escrow exchange, for auctioning, for bonding, for notary timestamping, etc.., rather we can better leverage the difficulty of finding mutually trusted third parties by simply trusting them to execute code provided jointly by the contracting parties. Contract negotiation becomes collaborative design of rules for a game that both parties would be willing to play, the embodiment of these rules in the code for a board manager for this game, and the election of a trusted third party GameMaster to run the game. Contract commitment becomes turning the game over to the GameMaster, which verifies for the contracting sides that they have agreed on the same game and on their respective roles. Contract execution becomes the interaction of the two parties by making moves in the game. Once they are committed, their interaction through the game is governed solely by the logic of the game they mutually agreed to play. This requires 1) secure execution of untrusted code, since the GameMaster will generally not trust the contracting parties. 2) capability & erights confinement, since the game must be able to escrow erights obtained from the players, only to be released according to further moves that may be taken. Ie, erights placed on the board may only be picked back up according to the rules of the game. 3) information confinement, since the game must be privy to information not revealed to the players. 4) Non-repudiatable behavior: my (proud proud) new invention. (patent pending -- sorry. But I'm not expecting to use the patent aggressively.) Non repudiatable behavior leverages E's "loggable non-determinism" so that, under dispute, an honest GameMaster can show that the game behavior that was reported corresponds to a correct execution of the agreed game code. |
||||||||||
Unless stated otherwise, all text on this page which is either unattributed or by Mark S. Miller is hereby placed in the public domain. |