75 lines
3.2 KiB
Plaintext
75 lines
3.2 KiB
Plaintext
Subject: Montana — manifesto for review
|
|
|
|
Dear list,
|
|
|
|
This list discussed Bitcoin as a peer-to-peer electronic cash system
|
|
before it discussed it as anything else. I would like to share for
|
|
review a manifesto for a protocol I have been building since
|
|
January 2026.
|
|
|
|
The position the manifesto takes:
|
|
|
|
Bitcoin's title was "A Peer-to-Peer Electronic Cash System". The
|
|
cryptographic answer is famous; the cash-system answer was never
|
|
delivered. Bitcoin's anti-spam is denominated in the same money the
|
|
system creates; settlement waits for block confirmation that is ten
|
|
minutes at best and unbounded under congestion; the seven-cent
|
|
transaction is uneconomical because the fee consumes it. Bitcoin
|
|
became digital gold.
|
|
|
|
Montana takes the two pieces that an actual peer-to-peer electronic
|
|
cash system needs and Bitcoin did not deliver:
|
|
|
|
1. A cash-system tokenomics: zero fees on every operation;
|
|
asynchronous finality at window cementing (within one window
|
|
of the canonical order, approximately one minute on commodity
|
|
x86_64); closed-form linear emission of 13 Ɉ per window — no
|
|
fees, no halving, no premine, no founder allocation, no
|
|
governance.
|
|
|
|
2. An economics of time: a non-monetary scarcity that replaces
|
|
fees in anti-abuse — per-identity rate per window, account
|
|
chain-length thresholds, and a sequential SHA-256 entry
|
|
barrier for node registration (~14 days of wall-clock on a
|
|
commodity core). Time-based scarcity does not require a price
|
|
feed, an oracle, or an exchange to measure. Anti-abuse cannot
|
|
undermine the cash properties because it is not denominated
|
|
in money.
|
|
|
|
On the cryptographic primitives:
|
|
|
|
The chain advances by an iterated sequential SHA-256 hash chain
|
|
T_W = SHA-256^D (T_{W-1}) with D = 325 000 000 per window. This is
|
|
deliberately not a verifiable delay function in the Boneh-Bonneau-
|
|
Bünz-Fisch [CRYPTO 2018], Pietrzak [ITCS 2019] or Wesolowski
|
|
[EUROCRYPT 2019] sense: production-grade post-quantum succinct
|
|
VDFs do not yet exist, and verification cost equals computation
|
|
cost (verifiers re-run the iterations). SHA-256 is already required
|
|
for addressing, hashing and Merkle commitments, so the cryptographic
|
|
surface stays at one primitive. Consensus signatures are ML-DSA-65
|
|
(FIPS 204); transport key encapsulation is ML-KEM-768 (FIPS 203);
|
|
the transport handshake is Noise_PQ XX over TCP/Yamux with
|
|
ChaCha20-Poly1305 AEAD (RFC 8439). PeerId is the SHA-256 multihash
|
|
of the ML-DSA-65 identity public key; routing identity and
|
|
consensus identity are bound to the same key material.
|
|
|
|
Quorum is 67% of active_chain_length, not headcount. Capital does
|
|
not enter the threshold. The lottery seed incorporates
|
|
cemented_bundle_aggregate(W-2), signatures from honest operators
|
|
two windows back, which closes the hardware-asymmetry grinding
|
|
attack class without rational-cost arguments.
|
|
|
|
Manifesto (English, also Russian and Chinese):
|
|
https://github.com/efir369999/Montana/tree/main/Manifesto
|
|
|
|
Whitepaper:
|
|
https://github.com/efir369999/Montana/blob/main/Whitepaper%20Montana.md
|
|
|
|
I would value the list's reading — on the cryptographic choices,
|
|
on the cash-system / time-economics framing, or on the relation
|
|
between them.
|
|
|
|
Best regards,
|
|
Alejandro Montana
|
|
github.com/efir369999/Montana
|