Abstract
Turing-completeness of smart contract languages in blockchain systems is often associated with a variety of language features (such as loops). On the contrary, we show that Turing-completeness of a blockchain system can be achieved through unwinding the recursive calls between multiple transactions and blocks instead of using a single one. We prove it by constructing a simple universal Turing machine using a small set of language features in the unspent transaction output (UTXO) model, with explicitly given relations between input and output transaction states. Neither unbounded loops nor possibly infinite validation time are needed in this approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For example, in the Bitcoin backbone protocol model from [8], block validation should happen within finite and a-priori known round duration.
References
One bit per output rule 110 implementation in ergoscript smart contract language. https://git.io/vj6rX
One layer per output rule 110 implementation in ergoscript smart contract language. https://git.io/vj6sw
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Begicheva, A., Smagin, I.: RIDE: a smart contract language for waves. Apograf.io, v1.1 (2018). https://apograf.io/articles/14027
Buterin, V., et al.: A next-generation smart contract and decentralized application platform. white paper (2014). https://git.io/vj6X9
Chepurnoy, A.: \(\sigma \)-state authentication language, an alternative to bitcoin script. In: International Conference on Financial Cryptography and Data Security. pp. 644–645. Springer (2017)
Cook, M.: Universality in elementary cellular automata. Complex Syst. 15(1), 1–40 (2004)
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Miller, A.: Ethereum isn’t turing complete and it doesn’t matter anyway. IC3 NYC Blockchain Meetup, talk (2016). https://www.youtube.com/watch?v=cGFOKTm_8zk
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)
Post, E.L.: Formal reductions of the general combinatorial decision problem. Am. J. Math. 65(2), 197–215 (1943)
Turing, A.M.: On computable numbers, with an application to the entscheidungs problem. Proc. Lond. Math. Soc. 2(1), 230–265 (1937)
Turing, A.M.: Systems of logic based on ordinals. Proc. Lond. Math. Soc. 2(1), 161–228 (1939)
Von Neumann, J.: The general and logical theory of automata. Cereb. Mech. Behav. 1(41), 1–2 (1951)
Von Neumann, J., Burks, A.W.: Theory of self-reproducing automata. IEEE Trans. Neural Netw. 5(1), 3–14 (1966)
Wolfram, S.: Theory and Applications of Cellular Automata: Including Selected Papers 1983–1986. World scientific, River Edge (1986)
Acknowledgements
Authors thank Manuel Chakravarty, Oksana Klimenko, and Georgy Meshkov for the discussions and helpful comments on early drafts of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
AÂ Â Â Appendix
AÂ Â Â Appendix
This section addresses a question of guarding script conversion into the procedure being executed by a client or a miner. Note that the guarding script itself does not explicitly prescribe the course of computational actions needed to produce a valid transaction. It rather describes the algorithm of telling whether the result of the actions is correct or not. As an example, one could set a guarding script in the form \(5^{out[0].x}\,\text {mod}\, 23 = 13\). This script structure is admissible, but it is hard to say that it describes an actual program of discrete logarithm calculation. In our particular case the solution is simple. If the guarding script is of the form \((out[0].x=f(in))\wedge (something)\) with f being some function, then in order to satisfy the condition one can replace the equality check with a variable assignment. Hence if we require the script to be conjunction of equality checks containing the fields of the outputs solely on the left hand sides, and functions of the inputs on the right hand sides, then it actually defines the program (assuming that the inputs are fixed). It is fully present in the Algorithm 2. Another problem is collecting the right set of inputs for the transaction. Suppose one wants to spend in[0]. If the condition for in[1] is conjunction of the expressions of type \(in[1].x=f(in[0])\), then finding the suitable in[1] is the lookup over the possible inputs with field x being the key. Therefore, if the guarding script can be represented in the form
it can be efficiently converted to the transaction generation algorithm:
Here the last if-statement is the consistency check. Note that both Algorithms 2 and 3 can be represented as the desired form (1) with the length checks.
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Chepurnoy, A., Kharin, V., Meshkov, D. (2018). Self-reproducing Coins as Universal Turing Machine. In: Garcia-Alfaro, J., Herrera-JoancomartÃ, J., Livraga, G., Rios, R. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2018 2018. Lecture Notes in Computer Science(), vol 11025. Springer, Cham. https://doi.org/10.1007/978-3-030-00305-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-00305-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00304-3
Online ISBN: 978-3-030-00305-0
eBook Packages: Computer ScienceComputer Science (R0)