Rarebit Overview
Abstract
Rarebit is a protocol designed to enable collectible digital works to be issued and traded on the bitcoin network.
Using Rarebit client software, an artist or author can issue digitally signed limited editions of a work online, and collectors can trade units of the edition with the assurance they are authentic.
Protocol summary:
1.
A work is signed by the author:
A digital certificate is created to
accompany the work, and a bitcoin address is
generated that uniquely identifies the signed work.
2.
Editions of a signed work are issued by the author:
Transactions are broadcast to the bitcoin network that
record the work's ID and quantity.
3.
Units of an edition are aquired and traded among collectors:
a.
The author signs over units to collectors in new transactions.
b.
Current owners sign over units to new owners
in additional transactions.
4.
The provenance of a unit is demonstrated:
The linked transactions stored in bitcoin's public ledger
are scrutinized to ensure a unit originates from the author
and has not been duplicated.
A work is typically a digital file such as a photo, video, or ebook. In the simplest case, a work is just some text, which can relate to anything an author can imagine and make a statement concerning.
Rarebit, like bitcoin, is "trustless", i.e., confidence is placed in cryptographic proof instead of a central authority.
Rarebit is not a copyright enforcement ("digital rights management") scheme. The protocol defines no capability for restricting how a work can be consumed. Rarebit merely distinguishes collectible copies from all others.
Protocol layer specification
A standard bitcoin address is used to identify an author or other entity who issues editions or lots of some work. The work is signed with the author's private key, producing a certificate [*].
Another bitcoin address is generated which uniquely refers to the signed work (the certificate ID, or CID). The certificate's hash is used to create the CID.
To issue an edition, a transaction is broadcast to the bitcoin network which includes a special output [*] that encodes the owner's bitcoin address, the CID, and a quantity specifying the number of units to issue. In the origination output, the issuer is the owner. A Rarebit output is designed so that only the owner can redeem it using a Rarebit client.
The quantity is recorded in the output's value field, where one unit is equal to one satoshi. For example, 1000 units would show as 0.00001BTC when viewing the transaction in a block explorer. The origination transaction is seeded with sufficient funds to cover the quantity and any fee required.
Units are transferred to one or more new owners in the same way normal coins are spent, i.e., the output is signed in an input of a new transaction. The new transaction includes Rarebit outputs recording the new owner(s).
Rarebit transactions may contain any number of non-Rarebit inputs and outputs. Typically, standard inputs would be used to add funds for fees and seeding, and standard outputs would be used to refund the change from those inputs.
Validating ownership claims
Since it is possible to forge what appear to be legitimate Rarebit outputs, the provenance of a given unit must be examined to determine if it is valid. The unit must trace back to an originating output that was redeemed by the issuer, otherwise the entire branch of transaction outputs is rejected. The author's certificate should also be valid and meet expectations, i.e., its CID should be regenerated and compared to the one in the given output.
In addition, since it is possible for a legitimate owner to forge outputs containing duplicated units, output quantities for each transaction in a branch must sum to corresponding input quantities.
Some technical details
A Rarebit lot is recorded in a multi-signature bitcoin output requiring two signatures for redemption (M=2, N=2). One signature is calculated from the owner's private key, and the other is calculated from the hash of the associated certificate, which is treated as a private key (the hash takes the place of the random number generated when producing random keys normally). The CID is simply the standard bitcoin address derived from that private key in the usual way.
The motivation for requiring two signatures is to protect Rarebit outputs from accidental redemption by normal bitcoin wallets. Since a certificate hash is not likely to be imported into a wallet as a private key (at least not unintentionally), normal wallets will not be able to spend Rarebit outputs.
A Rarebit output in JSON form looks like:
"value": "0.0000001",
"scriptPubKey": "OP_2
0417c0114834f5f92557457fdda64be7f753dedf5f8e5a0212bf28af1e49801a813952571
a34877117dfdc193abde7b7f1d6421cf0bde5d04a5e3eb85d713c07be
04338974af6cecbf6e265fd215fa17e7b2702890948b7f005c17b76ed3edf63bfbd28e70e
77e6e8bf0102bd78d9d0f5b2278e1cb044608d55071cd78c069895f15
OP_2 OP_CHECKMULTISIG",
"M": 2,
"N1": "13gwL7pTe6Pn42XMTKJPpWJYkczHFCudoc",
"N2": "12Z2cnYgeUyDzw2weuRcXiUQeWy39BjYtd"
}
A Rarebit certificate looks like:
"signature": "G4ERv/4YqX1s9gKv54eSjTs6FV1olN0o8PfTlibrfEkn
SugBOdq5Z2PzpJlUyvQn7hE3+wDmdsBxnVr+4O8w82A=",
"content": {
"signer": "11126ij2aRzVDCTixDBVZ4ft2LS2KJmZUC",
"date": "Sat Nov 30 2013 12:12:12 GMT-0800 (Pacific Standard Time)",
"clientcontent": {
"work": "foo bar"
}
}
}
Information specific to the client is placed in the content.clientcontent field prior to signing.
References
Colored coin protocols are similar in some respects to Rarebit (a Rarebit CID can be thought of as a user defined color), see BitcoinX.pdf by Meni Rosenfeld.
Last updated 2013.12.04