Some ideas on how to implement trustless feeds.
A trustless quote feed is by definition decentralized. Therefore, a trustless publisher of quotes has to be included straight into counterpartyd. All peers send and accept quotes. If there is sufficient consensus among peers for a quote, the quote gets published and becomes final.
Any price of any asset or any outcome of any bet that is to be published fully automated and trustless inevitably must come from one or more electronically published sources. That’s because the information has to be available to all peers and needs to be accessible algorithmically.
A price source must be public and internet based because all peers must be able to access it. It could be a stream or even a web page. The algorithm for retrieving the quote is hardcoded. All peers look up prices and disseminate it onto the network. A price should only be valid and published if there is consensus. Else, no price should be published and any bets or trades depending on this feed should be unwinded. (This however will be a rare event under normal circumstances as most of the time all peers will be in agreement since all peers use the same, hard-coded price source.)
Now the problem is reduced to having a trustless publisher. But no single entity can be trusted to publish reliable prices which are not manipulated. Therefore, a single peer must construct a price by retrieving multiple prices from multiple independent sources. For instance, the EUR/USD FX rate can be some weighted average of the price (time-averaged) taken from multiple exchanges.
Similarly the price for Gold or any other asset can be hard-coded to be looked up hourly at several websites such as Yahoo, Kitco, Google Finance, Bloomberg etc. When in agreement sufficiently, it could be accepted as a valid quote and fed to the network. If peers are in agreement then the price becomes final and is published.
[font=verdana]Exchanges of altcoins might cooperate with Counterparty and publish a reference price of their altcoins on a web page every hour for easy access by all peers.[/font][font=verdana]
The above approach is simplistic and clearly there are some serious, obvious issues.
1. Establishing a price.[/font]
[font=verdana]It should not be possible for any peer or a group of conspiring peers to flood the network with false quotes in order set a manipulated price. The price should be agreed to by a majority of the processing power in the network. At least 50% of the processing power of the network must agree on a price. Some mechanism must be devised to ensure this.[/font]
[font=verdana]2. Volatility of prices.[/font]
[font=verdana]The price of any traded asset changes constantly. At different moments in time, different prices will be seen by peers. The easiest way to mitigate this is to simply limit the speed of disseminating prices to for instance once per hour, and to only publish prices that time-averaged for that time period. During one hour, all peers will see the same price and can verify each other.[/font]
3. Many peers requesting the same resource.
[font=verdana]If all peers are going to retrieve prices themselves, then the web pages and publishers of these prices will have to handle these extra requests. This should not be much of a problem as long as the number of peers stay under 100,000. Above that number, measures will be required to prevent the counterparty peers from hammering publishers with requests. For instance, peers may decide to publish a quote every other hour, halving the number of requests per hour, at the cost of making an attack in which false quotes make it to the network twice as easy.[/font]
4. Changes in the way publishers publish their quotes.
A quote scraped from a web page might become inaccessible if the web page changes. Worse, the wrong number might be picked up by all clients, resulting in the wrong quotes being validated. To mitigate this, it must be possible for a majority to drop a publisher until the client software is adjusted. It is no issue if a quote is retrieved from multiple sources, as the odd one out can simply be ignored.