How Chainless Tokens Will Change the World of Digital Accounting

Blockchain has been revolutionary, but the innovation is still ongoing

A chainless token is something I invented while working on cookiejar.

Cookiejar is a simplified custodial based payments system. It relies on token accounts being managed by trusted custodians, albeit with important caveats:

• The database is shared publicly (with user-anonymized data).

• Every custodian or every individual account can appoint a custodial successor, that handles the account if the original custodian goes offline.

• If desired, you can run a “self-custodianship” service. This is comparable to running your own email service provider.

But cookiejar is not the point of this post. Chainless tokens have applicability well outside of cookiejar, especially for things like user licenses, NFTs, video game items, and more. Chainless tokens can be held and owned without any trust or any blockchain. But the way a chainless token is transferred is completely unique from any existing blockchain technology.

A chainless token is simply a published hash value, with an associated secret pre-hash. The published hash value can be published on a blockchain, on a website, through email, anyway you want it to get published for a particular use or purpose.

Redeeming a chainless token involves a one-time “time trusted” event. Time trust is not like traditional trust, it only requires the ability to assert the order in which messages are published. A chainless token is redeemed by incrementally revealing the prehash secret. Unlike a public key, once that prehash is published, anyone can perform what amounts to a replay attack. With a public key, you can verify that messages are signed by the holder of the private key. But a prehash secret is not used to sign messages the way a private key is used. So that is why it is important to be able to recognize who published the prehash secret first, and what they stipulate to happen to that token when it is published.

The point of proof of work and bitcoin’s blockchain, is to create an immutable informational artifact that proves time. So publishing messages to such a blockchain is certainly one method to establish “time trust”. Importantly, proof of work based of time trust is forensically auditable. This means that a party with no active observation of a network, can still prove the order of events after the fact with just the blockchain’s history. In other words, it is impossible to forge a proof of work based blockchain. This is a unique cryptographic property.

But proof of work is not the only option for creating digital time trust. There are other forms of time trust that can be established through active observation, as opposed to proof of work’s forensic proof. Active observation may include techniques like merkle trees without proof of work. It could also involve merely broadcasting messages to a network, so that each observer can independently verify the ordering of events after the fact.

A chainless token is redeemed by “binding” it to a new form, whether that is a new chainless token, a blockchain based token, a trusted custodial account like what cookiejar uses, or even a blindly trusted account like a conventional bank or hosted video game.

Importantly, hashes are necessarily a cryptographically more robust form than public key cryptography. This does not mean that every hash scheme is more secure than any public key cryptoscheme, only that any public key scheme could be used as a hashscheme, but not vice versa. Many blockchains like bitcoin already use hashes in addition to public keys to secure wallets, so any such wallet could defacto be treated as a chainless token.

The fact that hash schemes are a strictly more robust cryptographic form, means that it should be expected that hash schemes need to be updated much less often than public key schemes. We have already seen RSA need to start using very long key lengths, and it is vulnerable to quantum attacks with Shor’s algorithm. ECDSA, as far as I am aware, has no known quantum vulnerabilities, but quantum computing and machine learning are still domains with a ton of active research, so it is possible that that ECDSA as well could be gradually phased out as a cryptoscheme at some point.

Public key schemes are essentially a hash scheme with a built in back door, so we would expect hash schemes to be much more cryptographically resilient. This means that cryptographic tokens secured by hashes only, by design, could potentially be longer lived than comparable wallets, tokens, or accounts secured by public key schemes.

But chainless tokens do require “time trust” at their time of redemption, and many chainless tokens might elect to have even more trust than that, whether that is “database trust”, a centralized service with a published auditable database, or “service trust”, the way we trust a traditional online bank connection or credit card processor.

When it comes to NFTs, some may elect to keep a digital work private, and the work itself becomes a chainless token. Artists may offer to make works redeemable for other works, rather than have the original work transfered. To sell such an nft, the of a work authorizes the release of the artists next work to the NFT buyer, and then they can choose to publish the original work or not.

I hope this idea of chainless tokens is enlightening and inspires many useful applications.