Atomically buying digital files with digital currencies is an idea with a long history in this field. Digital goods, digital money, the two seem like a perfect combination. Digital goods, i.e. information, are also huge markets. Think about all the video, audio, text, games, and other forms of digital content that people buy and consume on a regular basis. These are markets worth billions and billions of dollars that people interact with every day.
Most serious attempts to introduce fee-based file sharing have ended badly. Filecoin was an attempt to do this on top of IPFS, but ultimately the project is absurdly over-engineered. BitTorrent (the company, not the protocol) was bought by Justin Sun and integrated its own cryptocurrency and blockchain. Both projects have essentially not been productive anywhere, with extremely overdeveloped systems on the technical side and very questionable incentives on the economic side.
BitStream is a proposal from Robin Linus (have you ever considered slowing down and taking a break, Robin?) to try to meet the demands of atomically buying data without the pointless addition of altcoins and overdeveloped technical protocols for the exchange.
All files can be uniquely identified by a single hash, this is a very important detail in this scheme. Selling a file atomically requires encrypting the file using a function that allows the user to verify what has been encrypted, and after doing so, the user atomically purchases the encryption key for the file. The problem is the verification process, and more importantly, proving that if you have been cheated and the file is decrypted into incorrect data, is expensive. Done naively, you would have to produce the entire encrypted file and decryption key so that others could decrypt it and verify that the decrypted data did not match the expected hash value when hashed.
File sharing systems such as BitTorrent often divide files into standard sized chunks and build a merkle tree out of them, allowing the root hash to function as a file identifier in a magnet link and verify that each individual chunk of a file is you download is a valid piece of that file. This is a feature you can take advantage of to dramatically improve the efficiency of fraud proofs that show that a file distributor has defrauded you.
The file seller can generate a random value and use it to encrypt each file part using an XOR operation against that random value. They can then sign an attestation of the encrypted root hash of the file and the hash of the encryption value. The encrypted file tree is set up in a special way to enable simple fraud proofs.
Instead of building the merkle tree from just the normal file fragments, but encrypted, the tree creates pairs of leaves consisting of one encrypted file fragment and the hash of the unencrypted file fragment next to it. Now at this point the buyer can download the encrypted file, and after verifying it by taking all the hashes of the unencrypted parts and making a merkle tree of them to make sure they match the root hash of the unencrypted file, he can purchase the decryption value atomically. . This is accomplished by the merchant using it as a preimage for an HTLC over the Lightning Network or a Chaumian ecash coin like Cashu that supports HTLCs.
If the file is not decrypted correctly, either because the encrypted data is a different file or because the preimage is not the actual encryption key, the merkle path in the encrypted file tree to any two leaves may show that the seller has deceived the buyer. Providing only the path to each encrypted file fragment and its corresponding unencrypted chunk hash with the preview image the buyer purchased conclusively proves that the seller did not provide the buyer with the file it claimed it was.
Any file seller using the BitStream protocol can post a deposit that can be reduced with a fraud certificate as designed above if he defrauds a customer. In the simplest case, this can be enforced by simply depositing a deposit with a chaumian coin. Platforms like Liquid offer alternative methods of building a tie that can actually be reliably enforced with functionality like OP_CAT. Scripts could be constructed that actually take the BitStream fraud proof onto the stack and validate it, creating a UTXO that can be issued by anyone with a valid fraud proof. In fact, if OP_CAT were to ever become available on the main chain, this could be done completely reliably without the need for a federated execution environment.
BitStream is an incredibly promising protocol for atomically selling digital information with a highly efficient scheme for proving fraud, without the need for shitcoins.
