Tree1

Atomically purchasing digital files with digital currency is an idea that has a long history in this space. Digital goods, digital money, the two seem like a perfect pairing together. Digital goods, i.e. information, are also massive markets. Think about all the video, audio, text, games, and other forms of digital content that people purchase and consume on a regular basis. These are markets worth billions and billions of dollars that people interact with on a daily basis.

Most of the serious attempts at implementing paid file sharing have gone down bad roads. Filecoin was an attempt to do this on top of IPFS, but ultimately the project is absurdly over engineered. BitTorrent (the company, not the protocol) was bought by Justin Sun and integrated its own cryptocurrency and blockchain. Both of these projects have effectively gone nowhere productive, with extremely overengineered systems on the technical side, and very dubious incentives on the economic side.

BitStream is a proposal by Robin Linus (ever consider slowing down and taking a break Robin?) to attempt to address the requirements of atomicly purchasing data without the pointless addition of altcoins and over engineered technical protocols for the exchange.

All files can be uniquely identified by a single hash, this is a very important detail in this scheme. Selling a file atomically requires encrypting the file using a function that allows the user to verify what is encrypted, and after having done so the user atomically purchases the encryption key for the file. The problem is the verification process, and more importantly proving if you were cheated and the file decrypts to incorrect data, is expensive. Naively done, you would need to produce the entire encrypted file and the decryption key so others could decrypt it and verify the decrypted data did not match the expected hash value when hashed.

File-sharing systems like BitTorrent frequently break files up into standard sized chunks and build a merkle tree out of them, which allows the root hash to function as a file identifier in a magnet link and to verify each individual chunk of a file you download is a valid piece of that file. This is a property that can be taken advantage of to drastically improve the efficiency of fraud proofs showing a file distributor cheated you.

The seller of the file can generate a random value and use this to encrypt each file chunk using a XOR operation against that random value. They can then sign an attestation of the encrypted file root hash and the hash of the encryption value. The encrypted file tree is set up in a special way to facilitate simple fraud proofs.

Instead of building the merkle tree out of just the normal file chunks, but encrypted, the tree creates pairs of leaves that consist of one encrypted file chunk and the hash of the unencrypted file chunk next to it. Now at this point the buyer can download the encrypted file, and after verifying by taking all of the hashes of the unencrypted chunks and creating a merkle tree from them to ensure they match the root hash of the unencrypted file, can atomically purchase the decryption value. This is accomplished by the seller using it as the preimage to an HTLC over the Lightning network or a chaumian ecash mint like Cashu which supports HTLCs.

If the file does not decrypt correctly, either because the encrypted data is a different file or the preimage is not the actual encryption key, the merkle path in the encrypted file tree to any two leaves can show the seller cheated the buyer. Providing just the path to any encrypted file chunk and its corresponding unencrypted chunk hash with the preimage the buyer purchased will prove definitively the seller did not provide the buyer with the file they claimed they were.

Any file seller using the BitStream protocol can deposit a bond that can be slashed with a fraud proof as designed above if they cheat a customer. This can be enforced by simply depositing a bond at a chaumian mint in the simplest case. Platforms like Liquid offer alternative methods of building a bond that can actually be enforced trustlessly with functionality like OP_CAT. Scripts could be constructed that actually take the BitStream fraud proof and validate it on the stack, allowing the creation of a UTXO that would be spendable by anyone who had a valid fraud proof. If OP_CAT ever became available on the mainchain, this could even be done completely trustlessly without needing a federated execution environment. 

BitStream is an incredibly promising protocol for atomically selling digital information with a very efficient scheme for proving fraud, no shitcoins required.