All right, so now we're going to change gears. Like I said, we're gonna be changing gears quite a bit in this lecture, and we're gonna talk about using Bitcoins to represent smart property. So using Bitcoins to represent something other than simply one unit of currency in the Bitcoin system. So recall from the lecture on anonymity especially, we talked about the transaction graph of Bitcoins, and the fact that you can trace ownership of value in the Bitcoin system over time. So every Bitcoin has a history. Of course, keeping the caveat in mind that there's no such thing, really, as a Bitcoin, just unspent transaction outputs, but we'll think about them as coins. And every coin has this long history attached to it, which anybody can view in the block chain. A history of everybody who's owned any piece of a coin, which, through transfer and transactions with other coins, has turned into that current unspent transaction output, or that current Bitcoin that you may hold today. In fact, for any Bitcoin, you can trace its history all the way back to some coin-based transactions when coins were originally minted. And of course, there will be a bunch of other transactions that branch off that aren't included in this final Bitcoin, but every Bitcoin has this history that carries around within. And as we've said, as we spent a whole lecture discussing, this is bad for anonymity, because you can try and track ownership of coins, and it also potentially enables blacklisting. If you wanna blacklist coins owned by a specifically person, you can do so using the fact that history is maintained as coins move around. So there's an interesting observation here, which is Bitcoins aren't fungible, and fungible is an economical term which means every Bitcoin has the same value as any other, and they can be exchanged with no loss or change in value. So, with Bitcoins that's not exactly true. Every Bitcoin is, in fact, unique, and has a different history, and if the history is meaningful to people, it may mean that my one Bitcoin is not the same as your one Bitcoin. And maybe I'm not willing to trade you, or maybe you're not willing to trade me, because one of us likes the history of the coin we currently have more than the history of another coin we might exchange it for. So could this property be useful? I've argued that it's bad. It's bad in that it has problems for deanonymizing people or for potentially blacklisting. And that maybe it means Bitcoins aren't even fungible, which is a very interesting property for a currency to have from an economic standpoint. But I'll actually be arguing in the rest of this section that this can be a very useful property if we give meaning to that history. So let's think about what this would look like offline. What if we wanted to add metadata to offline currency? So some people actually do this. They like to stamp various things on bank notes, as I have some examples of here. And you'll notice that most of these are actually political protests talking about campaign finance or the fact that George Washington grew hemp. And the reason is that if anybody can stamp whatever they want on currenc, it doesn't have that much value except as a form of speech. It's really just a novelty. So the question is, what if we could have authenticated metadata attached to our currency? So we wanna add some metadata to the currency that has some authenticity and not anybody can simply duplicate. And the way that we're gonna do this is to have a cryptographic signature on the metadata that we want, tied to the serial number of the banknote. So somebody who has some authority and has a sign-in key, is gonna sign the combination of some metadata plus the banknote's serial number, and that's gonna tie the metadata specifically to this note. How might this work? So let's say that a baseball team wants to start using dollar bills as tickets. So they don't wanna go through the hassle of printing their own tickets anymore, they say we wanna just have bank notes function as tickets. So the Yankees would simply assert that this specific serial number now represents a ticket to a specific game, maybe with a specific seat. And that whoever is holding that note has the right at the gates of the stadium to come in and sit down and watch the game with no other questions asked. The bank note is their ticket. And to add some authenticity here, there's gonna be a sign-in key that the Yankees use, or whichever team we happen to be talking about, and they're gonna sign that message saying the specific game number and the date and all of that sort of information along with the serial number of the bill. And then they may just wanna just stamp that right onto the bill, say they use a 2D barcode to represent that signed data. Now if you show up to the gates of the stadium and hand that bill over, maybe somebody can look up in a database and say, yes, there actually is a signature saying that this serial number of the bill is designated to function as a ticket for this specific game. And you wouldn't necessarily need to use a stamp. Another solution that works just fine here, which doesn't illustrate quite as well, is you could just have a database at the stadium that has a list of different serial numbers and which seats the holder of the note with that serial number is entitled to. And when you showed up at the gate, they would just look at the serial number on your bill and then look up in the database which seat you are allowed to sit in. So [COUGH] what has this bought us? Why would we wanna do this? Now currency can represent anything, so I had the example of a sports ticket, but we'll discuss more in a few slides there's a lot of applications here. And we're inheriting the anti-counterfeiting properties the bill already has. So if you believe that it's hard to duplicate the bank note and have the same serial number. And there's a whole bunch of people in the Washington, DC area who are working really hard to make sure that it's difficult to duplicate a bank note and have the same serial number, cuz currency would certainly be very different if that property wasn't true. So if you trust that the anti-counterfeiting properties of the bill are pretty good, you get to use those for free cuz you simply tie that serial number to whichever metadata you want. And the other neat thing is that the underlying value of this bill's currency is maintained. So, it may be a problem if everybody wants to physically stamp metadata on currency all the time. But if we use the database solution, where you don't have to actually write anything on the currency, then you can have somebody use this dollar bill as a ticket to get into the baseball game, and then once they're in the game, they could use it to but a soda. Of course, all of the authenticity here, all of the meaning in this new metadata, is only as good as how much we trust the issuer that signed it. So everybody has to know that there's a specific key that's used to sign valid Yankee's tickets or whatever other metadata you're interested in. Everybody else will look at this and just see a dollar bill. They may not realize that it's actually worth perhaps $100 if it's a lower box seat game, but that's okay. That's actually a desired property here, because once it's fulfilled it's mission ticket, it can go back into circulation as a regular bill. So can we do this digitally in Bitcoin? There's a bunch of reasons, perhaps, why this offline scheme of banknotes hasn't quite taken off, perhaps some legal reasons, or perhaps the cost of printing simply isn't that high. But can we do this in a digital way on top of Bitcoin, which will give us all of the cool digital features we like about Bitcoin, the ability to do online exchanges, the ability to use the system quickly and without trusting a bank. We could have all of those properties for any type of metadata that we want. So the idea here is that we want coins to track a specific color. So just like we were able to stamp that metadata onto currency, the idea here is that you can color in Bitcoins with the color of your choice. They still function as valid Bitcoins. You haven't taken away anything from the fact that they're valuable as Bitcoins, but you've added a little bit of extra color. And of course, in reality that color will be the metadata that we care about, but for the purposes of this illustration or the metaphor that's commonly used, we think of it as just adding color. So how does that work? Well, in one transaction, we're gonna insert a special extra bit of metadata that declares that some of the outputs have a specific color. So we'll say we're issuing five purple Bitcoins. And the other output is seven Bitcoins that continue to be normal bit coins of no color. And perhaps somebody else with a different sign-in key and a different transaction has issued four green Bitcoins. So now we have Bitcoins that have different colors attached to them, and we can do all the normal things that we do with Bitcoin transactions. So we could have one Bitcoin transaction that takes several inputs, some green coins, some purple coins, some uncolored coins, and it shuffles them around and has outputs which maintain the color. And there's gonna be some metadata there to do all the bookkeeping and make sure the right color goes to the right coins. We can do all the other normal things that we'd wanna do with a Bitcoin transaction. We can split a transaction out, put a four green coins into smaller values, [COUGH] and later on we could combine it, we could combine multiple transaction outputs with green coins to make one big transaction output with all of the incoming green coins. So, the only thing that we've added here to the basic Bitcoin picture, is the ability to add a little bit of metadata in transactions, that designates some of the coins in one output transaction to have a certain color. And of course, there's gonna need to be a signature in there somewhere, so that not just anybody can use any color that they want. So, the most popular proposal for actually implementing this is called open assets, and how does it work? Well, [COUGH] the issuance is done through a special pay-to-script hash address. So if you wanna issue colored coins, you have to choose a pay-to-script hash address that will issue whatever color you want, and of course, the color might really be the fact that these are Yankees tickets. And then any coin that transfers through that address that comes in without a color will leave with the color designated to that address. And you have to publicize that somewhere so there's various exchanges that track which addresses info which color onto coins. And it's fine for coins to have more than one color, that's really no problem. Now every time that you have a transaction that involves colored coins, you have to insert a special marker output. So this is an unspendable output, kind of like in the case of commitments, that allows us to write some extra metadata into the transaction. And that metadata, which I'm not gonna discuss in detail cuz it's fairly tedious, but it simply says of all the colored coins coming into this transaction and all the outputs of the transaction, how the color is divided between the different outputs. So just like in any Bitcoin transaction, the normal metadata specifies how the value of all the input transactions is divided amongst the output transactions, you need to add this marker output when you're dealing with colored coins to decide how you're gonna divvy up the color. And you can add some extra metadata in there if you want, the protocol supports that. So [COUGH] what can we say about this system? Well, the advantages are that it's compatible with Bitcoin, you don't have to change anything. And it gives you the flexibility for anybody to declare [COUGH] any color that they want and start putting any metadata on any coin that they want, and the system will track that. And it's a good thing that since it's compatible with Bitcoin, the rest of the community will ignore this. So the miners won't take any position on who can issue which color, or rules for transferring colors. So nobody can censor this, you don't have to ask any central authority for the right to start issuing coins in a new color. If anybody believes you and thinks that you have a good reason to do so, they can start trusting your signature in the form of sending the coins through that pay-to-script hash address. And if they respect the color that you're putting on coins, then they have some value. The disadvantages of this scheme is that we do have to put that unspendable marker output into every transaction that involves colored coins. So, we're adding a little bit of overhead, losing a little bit of money in the form of regular Bitcoins every time we wanna trade colored coins. And because that marker output is special and the miners aren't enforcing any properties of it, it means that to verify that you actually own some colored coins, you have to check the entire transaction history. So it's not enough to just see that you're colored coin transaction made it into the bock chain, because the miners aren't verifying it. They don't understand colored coins, and they don't care. And we've argued that that's an advantage of the system, but it means that you can't have a thin client doing SPV verification like we can for regular Bitcoin. If you wanna verify colored coins, you have to download the whole block chain, every previous transaction, and trace the color of your coins from the time that they were originally issued that color. So this means that it's harder to use colored coins on very limited platforms on phones or on anything that can't store the entire block chain and maintain an up to date copy. So what are some applications of colored coins? [COUGH] I mentioned the ticket example, so you could have colored coins represent tickets that give you admission to some event. Another popular example that people have proposed is to have colored coins represent stock in a company. So every time you wanna issue some new stock, you pass some Bitcoins through the pay-to-script hash address, which you say is issuing stock on behalf of my new corporation, and then people can trade the stock. And you don't need a stock exchange or any of the infrastructure that is used in the offline world, people can just trade the stock in exchange for regular Bitcoins. [COUGH] Of course, people have to trust that you're actually going to honor that stock, but assuming that they do, then you can do all of your stock trading just like regular Bitcoin transactions. And there's also the somewhat more outlandish idea that color coins might actually represent a deed to some real world property. So maybe a colored coin says that you actually own a house or a car. And maybe you have a very sophisticated car that actually tracks the block chain and will start and drive for anybody who owns this specific coin that confers ownership of that car. And then you could see a car with just one transaction in the Bitcoin block chain. So maybe we're still a little bit, a little ways, away from making that happen, and we'll be talking more in lecture 11 about some of the obstacles, legally and socially, to making that happen. But that's the dream of colored coins, is that any real world property, you can represent in the world of Bitcoin, and you can trade just like any other Bitcoin. And finally, one more interesting example I think, is ownership of domain names. So maybe you could trade ownership of a domain name and the ability to run a server there on the Bitcoin block chain just like anything else. That has enough caveats and enough weird properties, like you want to avoid people squatting on domain names and just buying up all the good domain names. That's actually been launched as a separate Altcoin called NameCoin. And in the next lecture, when we talk more about Altcoins, we'll talk a little bit more about NameCoin, which is specifically launched to try to handle this property of domain name ownership. So you could do a domain name ownership with simple colored coins, but in practice there's enough extras properties that you want to enforce, that the community has been pursuing a separate Altcoin for that.