The agent-centric Holochain system provides a foundation for scalable shared systems such
as cryptocurrencies that span our solar system.
Instead of a single, shared data-centric consensus view, giving every agent an identical "total
order" view of all events (from which a single global "state" can be deduced by all participants),
Holochain implements a consensus agreement on rules agreed upon for all interactions between
Every participant agent agrees that they wish to join in a distributed, shared application with
certain rules, and every agent node ensures that every DHT entry they host (a copy of a commit by
some agent in the shared application) follows these rules. A single non-fraudulent DHT agent is
all that is required to detect a fraudulent transaction. The DHT entries generated during the
course of each transaction are automatically propagated to many DHT nodes situated in all
planetary bodies hosting the multi-planetary DHT, so any fraud is immediately detected, in every
locale, as soon as it arrives there.
These rules could include, if desired, an implementation of an aBFT global consensus total order
based on median signed validation timestamp (like Hashgraph). This might be necessary for certain
applications, such the core order-book matching component of a decentralized trading platform.
More often, much simpler and less complex and expensive forms of agreement are adequate. A simple
cryptocurrency can be implemented by multiple agents countersigning the identical record of
transfer of amounts between their ledgers to transfer funds in a mutual credit cryptocurrency
system, with validation that no sum of balance + credit is allowed to go below zero (with, of
course, at least one node allowed by the hApp DNA rules to issue credit).
Any agent that crafts and signs a commit that violates the agreed upon DNA rules will be
detected and "Warranted" by the first non-fraudulent DHT node that hosts such a commit. Every
other node that considers dealing with the agent can easily confirm the claimed fraudulent
behaviour, and reject the fraudulent node.
The entire "tree" of transactions is proven valid by induction; if no commit is validated until
the prior commit is validated (is also seen in the local DHT), then every commit back to the
"epoch" for each agent is also known to be valid – thus, every cryptocurrency ledger transfer
leading to a current ledger balance is known to be valid. As the pool of DHT agents validating is
constantly changing and the DHT validators are unpredictable to the transaction participants, no
invalid DHT entry can remain hidden (eg. hosted only by complicit agents), no matter how powerful
the fraudulent adversary is in the network. There is no "50% + 1" attack; a single
non-fraudulent node anywhere in the network is sufficient to cryptographically detect, prove and
destroy an attack – even if they hold 99.999% of the network "power".
Agreement Under High Latency
Holochain requires a two-way communication between each party to reach agreement on a particular
transaction, because global consensus is not required for most interactions (and certainly not
for a "total order" of all transactions).
Reaching this agreement between two agents typically requires a single round trip; one trip to
provide the first agent's validation state and the proposed transaction to the counterparty, and
then one trip back to provide the first agent with the second agent's approval, and all of its
validation state back to the first agent.
Therefore, agents nearby each-other can proceed as fast as their communications channel,
computation and storage allows; potentially, executing and completing thousands or even millions
of finalized transactions per second (if so required and optimized for). This transaction
throughput scales linearly with the number of agents; in aggregate, billions of system-wide,
finalized transactions per second are possible – easily handling any foreseeable transaction
load required by an interplanetary monetary system.
Assurance of Validity
If DHT validators can immediately detect attempts at fraud, an attacker could perform some valid
transactions (eg. accumulate a valid, positive cryptocurrency ledger balance), and then attempt
to use the communication latency between planets to attempt to perform one or more "double
By duplicating the agent's private source-chain simultaneously in 2 or more places separated by
long communication latency, each copy of the agent and its source-chain could attempt to
simultaneously "spend" the same balance! The same (currently valid) agent source-chain would be
"forked" in each separate communication context. This fork is trivially and automatically
detected as soon as the commit is "gossiped" to DHT agents across the latency divide.
If desired (ie. for high-valued transactions), a recipient agent might choose to simply wait
for the duration of a single one-way communications latency period. By waiting before
delivering the agreed upon product or service, the agent ensures that the counterparty hasn't
attempted to "fork" their personal source-chain on another planet. If the counterparty did
attempt fraud, the evidence (in the form of DHT records indicating a "fork" of the agent's
source-chain) would appear locally after a single one-way latency period, as they are
automatically published to many agents in every other locale.
Attempting a double-spend would thus immediately be detected and produce a "Warrant" implicating
the agent(s), and destroy the fraudulent agents' ability to ever transact again – the instant
the DHT entries containing the "fork" propagate to a single DHT node on the other planet.