Bitcoin Forum

Was I the only person to find odd that they would download/parse blockchain.info webpages instead of downloading the blockchain itself and working with it? lol

may be they found official client too cumbersome to use, scraping webpages is much easier :)

Bitcoins are digital coins

It does bother me that the paper does not contain the word 'change'.  Any statistical analysis of bitcoin transactions that doesn't discuss the notion of change is likely to be flawed, since the ambiguity as to which output is the 'real' transfer and which is the change is one of the major ambiguities in the public blockchain.

Today I saw Adi Shamir (you know, the S in RSA) and managed to talk with him a bit about Bitcoin.

Here is our first surprising discovery. The total number of BTC’s in the system is linear in the number of blocks. Each block is associated with the generation of 50 new BTC’s and thus there are 9,000,050 BTC’s in our graph of owners (generated from the 180,001 blocks between block number zero and block number 180,000). However, if we sum up the amounts accumulated at the 609,270 addresses which only receive and never send BTC’s, we see that their owners have actually put aside in some kind of “saving accounts” 7,019,100 BTC’s, which are almost 78% of all existing BTC’s. 59.7% of all the coins are “old coins” which were received more than three month before the cut off date (May 13th 2012),
Quantitative Analysis of the Full Bitcoin Transaction Graph 7
and still had not triggered any outgoing transactions. This means that there are much fewer BTC’s in circulation than previously presumed.

7M unused coins...where are the hoarders at?!

Had to lol at the html scraping stuff though.

Wow, 7M sitting there (OK maybe minus a few thousand lost coins) and waiting to crash the market. That makes me feel unwell.

Also, this gives a new light to market capitalization so ca. 3M alive coins â 12$ --> 36M$.

That's how tiny BTC still is.

They found there were about 3.12 million accounts, which are known as "addresses" in Bitcoin parlance. They belonged to about 1.5 different owners, on average, since there's no limit on how many addresses a single individual may possess.

quoted from this ars technica article (http://arstechnica.com/tech-policy/2012/10/78-percent-of-bitcoin-currency-stashed-under-digital-mattress-study-finds/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29&utm_content=Google+Reader)

Didnt read the paper,

But I wonder how they managed to determine the exact number of unique address owners:


because I have read many times over that it is very hard if not impossible to determine with high probability the addresses that belong to one single entity, unless one uses outside information like web wallet login data or statements from the alleged owners that they own this or that address.

But I wonder how they managed to determine the exact number of unique address owners:

A very important feature of the Bitcoin network is that a transaction involving multiple sending addresses can only be carried out by the common owner of all those addresses, as it is demanded by the Bitcoin system that "Whoever sent this transaction owns all of these addresses". This legal requirement is also technically ensured by the fact that each received amount must have a cryptographic digital signature that unlocks it from the prior transaction.

Wow, 7M sitting there (OK maybe minus a few thousand lost coins) and waiting to crash the market. That makes me feel unwell.

Also, this gives a new light to market capitalization so ca. 3M alive coins â 12$ --> 36M$.

That's how tiny BTC still is.

Wow, 7M sitting there (OK maybe minus a few thousand lost coins) and waiting to crash the market. That makes me feel unwell.

If coin X gets split to 100 different addresses, and then a high percentage of those eventually end up at address Y, there's a pretty high probability that the owner of address Y is the same as owner of address X.

I do not accept the unreasoned legal conclusion that there are 'owners of addresses'. Please, show me some legal authority and then make the case for why there are 'owners of addresses'.

You may want to follow this thread (https://bitcointalk.org/index.php?topic=115257.0) where I started stirring the pot on this legal issue with this question: Whether 'bitcoins', the unit of account in the open source software governed under the MIT license, constitute property?

Read the gist link (above).

Their paper includes assumptions about addresses that are obviously wrong:

Read the gist link (above).

Their paper includes assumptions about addresses that are obviously wrong:

Wow, 7M sitting there (OK maybe minus a few thousand lost coins) and waiting to crash the market. That makes me feel unwell.

Also, this gives a new light to market capitalization so ca. 3M alive coins â 12$ --> 36M$.

That's how tiny BTC still is.

Most of those stationary bitcoins are on the hands of Artforz lol

I would say that he is right for certain values of "all".  If you pick a transaction at random from the chain, the odds are overwhelmingly high that a single owner controlled all of the input.  Thus, he is "mostly right", and his conclusions are likely to be approximately correct.

When those 7 million BTC are spent, they will just as likely be spent on goods and services, as on USD exchanges.

Theres no reason to believe these coins will be sold for fiat and "crash the market".

What happened November 2010? Anyone remember?

People would say, "why the f weren't you concerned about this lopsided wealth holding on something you were betting on, it was so obvious."

Why on earth would you think that a Bitcoin economy would be any different than a conventional economy in terms of wealth disparity?

Show me 1 (just one) modern, free economy in which .001% [1] of the people own 70% [2] of the wealth.  Just one.  Otherwise you're not thinking this through.


[1] assume cabal is 10 people and this number should reflect the percentage of those people against the number of people using btc today, so I may not have this number right, and someone can correct me
[2] 10MM btc in circualtion today 7MM is 70% of that

Show me 1 (just one) modern, free economy in which .001% [1] of the people own 70% [2] of the wealth.  Just one.  Otherwise you're not thinking this through.


[1] assume cabal is 10 people and this number should reflect the percentage of those people against the number of people using btc today, so I may not have this number right, and someone can correct me
[2] 10MM btc in circualtion today 7MM is 70% of that

Was I the only person to find odd that they would download/parse blockchain.info webpages instead of downloading the blockchain itself and working with it? lol

Department of Computer Science and Applied Mathematics,
The Weizmann Institute of Science, Israel
{dorit.ron,adi.shamir}@weizmann.ac.il

mcdett's assertion was that 30% of people controlling 70% of wealth is somehow unheard of.  In the US alone, 20% of people control 80% - 90% of the wealth (95% if you exclude home ownership and calculate only financial wealth).  

Show me 1 (just one) modern, free economy in which .001% [1] of the people own 70% [2] of the wealth.  Just one.  Otherwise you're not thinking this through.


[1] assume cabal is 10 people and this number should reflect the percentage of those people against the number of people using btc today, so I may not have this number right, and someone can correct me
[2] 10MM btc in circualtion today 7MM is 70% of that

I'm talking about a small group that can control virtually everything about btc, and we don't know who they are or what they want.

I'm talking about a small group that can control virtually everything about btc, and we don't know who they are or what they want.

As pointed out by Davout, the paper assumes shared wallets like mt gox are ONE owner of a lot of addresses. This logic is flawed.

Also - it seems a bit strange to count the 2Million+ sub 0.01 balance wallets as the poor end of some sort of wealth pyramid.
Many of these are surely people who just tried it out, e.g by getting some from a freebie site. They may or may not even have kept that wallet, let alone become engaged as an active Bitcoin user.

Subject: A couple comments on "Quantitative Analysis of the Full Bitcoin Transaction Graph"

Dear sirs,

I've read your paper "Quantitative Analysis of the Full Bitcoin Transaction Graph" with great interest.

I am however quite surprised about the assumptions you make in order to analyze the collected Bitcoin network data and the conclusions that you draw from there.

Transactions can be trivially constructed from different senders, without sharing private keys. This makes your assumption of transaction construction legality wrong.

Secondly you completely discard the impact of shared wallets on the way ownership can be followed through the blockchain. Even though you might, at the macroscopic level, follow some large chunks of coins, you do not account for the fact that shared wallets completely break the chain of ownership by sending out different coins than the ones that came in.

I have access to the production database of Instawallet so I took on myself to check some of your conclusions in page 10. At the date of your extraction, Instawallet received Bitcoins on 103,513 different addresses (your paper mentions approximately 23,000).

You may also be interested in this document put online by Gregory Maxwell : https://en.bitcoin.it/wiki/Real_peer_review#Linking_transactions_to_identify_ownership

I think I can speak for the whole Bitcoin community when I thank you for your work.

Don't hesitate to contact me if you wish to further discuss this, you may also want to connect to the #bitcoin-dev IRC channel on Freenode.

Best regards,
David FRANCOIS

Dear David,

We would like to thank you for your comments.

The main point you raised is that one cannot claim that different addresses participating as senders in the same transactions belong to the same owner. Our response consists of several observations:

1. We quoted from an official policy statement that this should be the case when transactions have multiple sending addresses.

2. We noted that knowledge of multiple private keys is required in this case, and while it is always possible that different owners will share their private keys, this is not likely to happen very often.

3. All the previous papers on issues of privacy in the bitcoin system which we quote in the bibliography make the same assumption, so this is not something that we invented.

4. The fact that some C++ code do not enforce this requirement is not a proof that this is not true in the vast majority of cases.

5. Most of our results are statistical in nature, and are not affected by a small number of exceptions. We are much more likely to underestimate the number of addresses which should be merged together (because we never saw those addresses in the same transactions) than to overestimate them because a few transactions had multiple owners as senders. You just demonstrated that our analysis indeed underestimated the number of addresses in which Instawallet received Bitcoins. We simply saw no evidence in the data suggesting that we should link the 103,513 different addresses you mentioned, so we gave the number of about 23,000 as a lower bound, not the real number which we had no way of knowing.

6. In particular, it is not clear why the issue of dormant coins would be affected by this issue. For example, we are counting how many old coins were sent to an  owner who did not initiate any outgoing transactions for three months. If we mistakenly add more addresses to that owner, we make it harder (and not easier) to satisfy this constraint, so we are underestimating the number of dormant coins.

7. Similarly, we do not understand why it would matter to mistakenly combine addresses in all our graphs. It's effect would be to make the graph look more reasonable, since it is easier to explain why someone would send bitcoinshamir to itself rather than send bitcoinshamir to many unrelated addresses only in order to receive them back at the end.

8. Finally, while one can be over cautious and never try to combine any addresses under any circumstances, this will give a greatly distorted picture about how many coins are kept and spent by owners. We believe that our methodology, which is clearly explained in the paper, gives a much better statistical picture even if a tiny number of decisions to unify addresses turn out to be incorrect.

We hope that this answer will clarify the situation.

Yours,

Adi Shamir and Dorit Ron

What the hell?

Relax, it's probably just another autocorrect failure.

http://www.autocorrectfail.org/

Hmmmmm, so we have his username. Now to find his password.

ITT: Trying to crack the user account of the father of cryptography. Muahahahaha!

lol! Probably "RSA123"

Read the gist link (above).

Their paper includes assumptions about addresses that are obviously wrong:

Nonetheless, clients that have an automatic mixing that is enabled by default would be very desirable.  If the vast majority of clients operate in the standard way, the small amount that don't is negligible for the purpose of reverse engineering someone's economic activity.  It would be hard to imagine a company finding it acceptable that their competitors can get a fairly good picture of their activity so easily.

There's no proof that they'll be used for goods and services.

When one person (small cabal of people) owns 30% of the worlds wealth, it is more powerful to yield that wealth in modifying society for your whims then it is to use it on goods and services.

If you look at the major finical players (soros, buffett, gross, etc (they combined control less then 1% of the economy)) they operate on another level.  They are found influencing government to enhance they're financial power (look at soros's hand in the eu).  They don't make stock bets, they make phone calls to presidents and talk policy.  They don't spend their wealth on goods and services (that won't grow their power/influence) they use their wealth to modify political structures which change society in making themselves largess.

When you own 30% you are THE political structure.

My simple fear is that I spend all of this time helping build btc out (on the bet my btc will be worth more), and it ends up being that the holders of the 30% are some quasi napoleonic dictators who think the world is best when they sit on top of it.... dictating it.

People would say, "why the f weren't you concerned about this lopsided wealth holding on something you were betting on, it was so obvious."

What journal was this paper published?

Been following this paper and the press resulting from it with interest...

And yet, am I incorrect in thinking the central thrust of the study is incorrect for the simple fact that most change goes to new addresses which are, by definition, unspent? This means that at any time, most coins will sit in "unspent" accounts, thereby appearing as though they are savings, when in reality they are just sitting there until they are spent normally.

Am I missing something or is this an absurd fatal flaw in their reasoning?

1. The paper does not mention the concept of "change" (https://en.bitcoin.it/wiki/Change), and some of the comments imply the authors do not recognize its role in the transaction graph. When outputs are spent in a transaction they must be spent entirely; if there is more value in the output than the amount one wishes to send, if he wants to keep the rest he must send it to an address of his, known as a change address. The widely used clients use a newly generated address for change as an anonymity feature; but for the typical user it is not a deliberate attempt to do anything, it is just what happens by default. This clearly explains the "long chains" behavior.

2. The paper seems to conflate the blockchain, a database replicated on every node on the network by broadcasting blocks to peers on the network, and individual efforts to make the data easily accessible, such as blockexplorer.com and blockchain.info. The blockchain itself does not of course have HTML pages or what can be considered "hyperlinks". It may be the case that scraping those public service sites is easier than parsing the arcane database format of the blockchain, but this needs to be specified explicitly, otherwise the focus on HTML looks bizarre.

3. It is generally accepted that currency amounts in Bitcoin aren't capitalized, just like "dollar" isn't. The creator of Bitcoin is Satoshi, but the smallest Bitcoin denomination is a satoshi; I can have bitcoins or send 3.7 bitcoins, and the value of a bitcoin is $12; this happens in the Bitcoin system following the Bitcoin protocol with Bitcoin software, and Bitcoin is invaluable. This mistake occurs several times in the paper.

4. You state that 7M bitcoins are in savings account, but it is not completely clear what you characterize as such. It looks like an address which has never sent coins is considered savings; that is a poor characterization, for if everyone follows the guideline of not reusing addresses, 100% of coins at all times will be in address which have never sent, regardless of how widely bitcoins are circulated. A better candidate would be an address which has never sent and has received some coins as early as, say, 2 months ago.

5. The infamous statement that "A very important feature of the Bitcoin network is that a transaction involving multiple sending addresses can only be carried out by the common owner of all those addresses".
a. You mention quoting an official policy to that effect. I would like to ask for a reference, as I know of no such policy and cannot imagine one.
b. Technically, for an input to be valid its script needs to be satisfied, usually by providing a signature for the transaction which matches the public key referenced by the input. Regardless of any current implementation details, the signatures can be independent, there is no need for the owners to be one or to share their keys.
c. The Bitcoin protocol supports more than just "moving coins from point A to point B" transactions. A glimpse of some of the potential applications can be seen at https://en.bitcoin.it/wiki/Contracts. Some of them crucially rely on this ability to have multiple owners constructing a transaction together. In this sense, it actually is a very important feature of the Bitcoin network that multiple inputs do not need to share an owner.
d. In fact, one such application is p2p mixing, of the kind I discussed at https://bitcointalk.org/index.php?topic=54266.0. These intentionally make it harder to use the transaction graph to deanonymize users.
e. In practice, most transactions on the network are simple transactions where multiple outputs of the same owner are merged, and advanced applications are not in wide use (if at all). Deducing that co-used addresses have a mutual owner is a reasonable assumption to make; but it is an assumption, it needs to be specified explicitly, and references to it being necessitated should be removed. Furthermore, this assumption - and any analysis dependent on it - will become increasingly less reasonable as advanced application find wider use.

Emailed them, got a nice response :

Official policy statement? Whose statement, of what policy, and what makes it official?

I believe you are correct, but I don't think it matters much. They say 60% of coins haven't moved in 3 months; those can safely be considered some kind of savings. So the actual amount of savings would be somewhere between 60% and 78%.

I believe you are correct, but I don't think it matters much. They say 60% of coins haven't moved in 3 months; those can safely be considered some kind of savings. So the actual amount of savings would be somewhere between 60% and 78%.

FWIW, I contacted them saying this (trimming opening and closing words):

FWIW, I contacted them saying this (trimming opening and closing words):

Since when did "not spending all of one's income" change from the noble and encouraged act of "saving" into the ignoble and condemned act of "hoarding"?

It seems thrift is not only absent in modern society, but actively frowned upon.  ???

I've been having the same thought. I think usually "saving" implies the capital is being made available for investment, while "hoarding" doesn't?

It has just been discovered that research causes cancer in rats.

Yeah, it's this.  Saving the money with banks that make loans to businesses/other people or investing directly with businesses keeps the money in circulation, with every time it exchanges hands generally being an instance of goods created or services rendered.

Dorit Ron and Adi Shamir have already answered.
See previous posts.

Simply citing "an official policy statement" with no reference and then use it as a fact does not suit such a paper well.

Personal opinion, I think others share is that:

Hoarding is the act of storing something merely for the purposes that it will be increasing in value by just sitting there idle, and typically in absurdly large quantities.
Saving is the act of storing something for the expected use when you need it, not due to the expectation it will be more valuable necessarily when the savings are used, and typically are in quantities reasonable for planned future activities/needs.

i.e. "I am going to hoard all of my bitcoins now because in 20 years they'll be worth $20 million each" vs. "I am going to save X bitcoins so that I can pay my rent for 6 months in case I loose my job"

It's all in attitude and purpose I believe.

Dear Meni,

First of all, I would like to thank you and several other members of the bitcoin community for your public comments and private emails, which provided us with a lot of authoritative information about someof the intricacies of the scheme. We will be happy to add more discussion and clarifications to a revised version of our paper, which will hopefully clarify our methodology and add more relevant materialabout the quantitative aspects of the transaction graph.

I would like to address two issues which created the most heated discussion over the last few days:

1. While the notions of a bitcoin and of an address are completely clear, the notion of an owner is quite fuzzy since it can not be derived in a precise way from the available data (this may be a feature ofthe scheme, rather than a bug!). There are several ways how to deal with this issue:

1.1 Ignore it completely, and derive from the graph only statistical information about the behavior of addresses. However, we believe that this will completely distort many types of statistical informationwe try to extract from the graph, e.g., what is the distribution of the number of bitcoins that users keep, how many bitcoins they receive and spend, how big are their typical transactions, etc. Since thescheme enables (and even encourages)  users to keep multiple addresses and to constantly shuffle bitcoins internally among their accounts, we believe that it is essential to find a way to distinguish between"internal" and "external" transactions, and thus to determine in some way what is the common ownership of different addresses.

1.2 Use our methodology, which is to assume that in most of the transactions, sending bitcoins from multiple addresses indicates that all these accounts are owned by a single entity. This classification istechnically easy to apply, but it creates two types of errors: We underestimate the common ownership of accounts just because we never saw it in the given transactions, and we overestimate it sinceoccasionally there may be multiple owners who send bitcoins in a single transaction. All the anecdotal evidence we saw so far indicates that overall we tend to underestimate the number of addresseswhich are associated with a single entity (as was demonstrated in the case of Instawallet, in which we found only about 1/3 ot the actual addresses associated with it), and that the errors in the otherdirection, while they exist, are not likely to distort our statistical conclusions in a major way.

1.3 Use a different methodology, which will be closer to the ground truth, and which can be derived either from the available data, or from reliable alternative sources. Here we need your help insuggesting such a methodology, which will be discussed by and accepted by most of the bitcoin community as better representing the issue of common ownership. It is always easier to complain about theshortcomings of one methodology than to suggest a better one!

2. The question of how many bitcoins are dormant. Even though this was only one of our many findings, it was the one statistic that caught the attention of most commentators and web journalists. Webelieve that measuring this aspect is extremely important, since it implies some fundamental truths about whether the bitcoin scheme is used mostly to trade in goods or to speculate, and how thescheme will behave if its current users will change their current pattern of behavior. Once again , we have several possible approaches, and I would like to recruit your help in initiating a frank discussionin your community about how to measure this fundamental statistics in the most accurate way. We have spent a lot of time and effort in collecting all the data, but once we have it, it will be easy for us toadapt our measuring methodology based on your suggestions as a service to your community and as a contribution to the scientific study of the bitcoin scheme. However, there is one thing I would like toclarify: I do not want to have a target-shopping experiment, in which once you will see the results you will decide whether you like it or would prefer to change the methodology again in order to geta politically more appealing result. We thus propose to wait until some consensus emerges, and only then run the selected methodology on the data and announce the results.

2.1 In order to start this discussion, I would like to make an initial suggestion: Fortunately, the issue of dormant bitcoins can be made independent of the issue of common ownership of addresses(even though several comments we received argues the politically convenient point  that since our decisions about the later point did not absolutely match the ground truth, our results about dormantbitcoins were completely invalid). Let us thus work entirely at the level of addresses, paying no attention to our attempt to find such common ownerships. We propose to compile the followingstatistics: For every amount of time x (e.g., in units of full months), we will measure how many bitcoins were deposited into addresses in transactions that took place more than x months before ourcutoff date (May 13-th 2012), and were not followed by any later transaction in which the address  was one of the sending addresses.

2.2 Notice that if someone keeps moving his bitcoins every few days from one address to the next (which seems to be a relatively common behavior), we will not count these bitcoins at all as dormant(and in this sense we will underestimate the number of dormant coins) unless that user stopped doing this sometime before the relevant point in time (x months before the cutoff date), and in this casewe will only count these bitcoins once, in the last transfer which he executed (since all the previous transactions had a later outgoing transaction).

2.3. To deal with the issue of coins which were minted at the earliest period, when they had little value and could have been abandoned by early experimenters, we can also consider only transactionthat took place after a certain date.

2.4. To be fair, we will have to take into account that if we consider a large value of x, there were fewer coins at that time, so when we compute percentages, we will have to use in the denominatorthe number of coins that had been minted up to x months before the cutoff date.

I would appreciate it if you can bring this proposal to the attention of the bitcoind community, in order to initiate some discussion (and hopefully some kind of consensus). Once you tell us how we shouldmeasure the number of dormant coins in a way that will be accepted to the community, and assuming that this proposal is scientifically sound and technically doable), we will be happy to run theexperiment and report our findings.

Finally, I would like to explain a point that seemed to raise the level of paranoia in your community, and this is the involvement of the Citi Foundation in the project. I can assure you that it was ourdecision to use some of the money that the Weizmann Institute got as a gift from this foundation in order to fund some research on alternative payment systems, that the Citi Foundation had zeroinfluence on the choice of topic, that they did not get any information about our findings while the research was going on, and that they did not see our scientific report before we published it. Our research wasthus motivated by scientific curiosity about the bitcoin scheme, and we had no hidden motives to support or discredit it when we embarked on this project.

Best personal wishes,

Adi.

Each coin is divisible into 100 million units, for the total of 2.1x10^15 units. You can hoard 90% of coins, and I will still be able to use Bitcoin system without any problems. There's plenty of room for everyone. The non-hoarded, circulating  coins can represent value just fine.

select year(from_unixtime(block.block_nTime)) as year, week(from_unixtime(block.block_nTime)) as week,  count(distinct block.block_id), sum(txout_value)*1E-8 from block_tx inner join block on block.block_id = block_tx.block_id inner join tx on block_tx.tx_id = tx.tx_id inner join txout on txout.tx_id = tx.tx_id left join txin txin2 on txin2.txout_id = txout.txout_id where txin2.txout_id is null group by year, week;

Once you tell us how we shouldmeasure the number of dormant coins in a way that will be accepted to the community, and assuming that this proposal is scientifically sound and technically doable),

Which would lead further into a deflationary spiral unless protocol is changed to get rid of the cap of units, except with the risk of someone trying to cash out those hoarded coins and crashing the economy as significant chunks enter the economy overnight.

1. They would like the help of the Bitcoin community for devising an optimal scheme to determine common ownership of coins.

One could argue that "hoarded coins" are not part of the money supply. This would mean bitcoins supply was elastic after all. The hoarders would act as a sort of central banks, injecting/removing bitcoins from the supply (inflating/deflating Bitcoin money supply) based on some policies (probably mostly driven by self-interest, just like with the fed).

While I don't think it can be done well enough, this is the best I have come up with so far (this makes the same flawed assumption about all transaction inputs having to belong to one "owner"):

• cluster addresses into wallets, assuming all inputs of a transaction are owned by the same wallet
• compile a list of wallets that are well-known to have multiple owners (e.g. mtgox, silkroad,...)
• remove those known multi-owner wallets from the initial list of wallets
• for the remaining wallets assume the same owner for each

This is only marginally better than Shamirs approach and makes the same underestimation/overestimation errors. It removes the "huge rich owner"-problem introduced by "shared wallets" at the (very high) cost of having to compile a list of well-known wallets by hand.

hmm, either Shamir has gotten "old and ignorant" (like Stallman?) or someone else did this "study" and he just put the name.

Perhaps it isn't a good idea to show too much understanding of Bitcoin when there are legions trying to out Satoshi, and you are a reknown cryptographer in the list of top-10 suspects. Endorsing a poorly researched whitepaper pretty much disqualifies Dr Shamir as a potential Satoshi in the public eye. What better way to divert attention?
I can't think of any other rational reason why a high-flying cryptographer as A. Shamir would associate his name with such an unchallenging and unscientific study.

I am not telling that A. Shamir is Satoshi.
Only that this looks like an attempt, for understandable reasons, to dissociate himself from Satoshi.

That somehow reminds of Paco Ahlgren's strange (but again totally understandable) badly acted denial (http://www.pacoahlgren.com/bottomviolation/2011/08/22/the-future-of-bitcoin-and-digital-currencies/) when he went under scrutiny after writing a (perhaps a bit too much) enthusiastic article about Bitcoin (http://www.pacoahlgren.com/bottomviolation/2011/07/25/bitcoin-cannot-fail).

The biggest flaw on the paper is the webscraping of blockchain data.
Right there they destroyed any assurance they could have of working with validated data.
How do they know they were fed the correct data by blockchain.info or blockexplorer.com?
The only way to be sure you have the correct blockchain data is to let your bitcoin client download it from the network and verify it. You may also download a blockchain snapshot, but you still need to let the client verify it to be sure what you have is real data and not some decoy.

Perhaps it isn't a good idea to show too much understanding of Bitcoin when there are legions trying to out Satoshi, and you are a reknown cryptographer in the list of top-10 suspects. Endorsing a poorly researched whitepaper pretty much disqualifies Dr Shamir as a potential Satoshi in the public eye. What better way to divert attention?
I can't think of any other rational reason why a high-flying cryptographer as A. Shamir would associate his name with such an unchallenging and unscientific study.

I am not telling that A. Shamir is Satoshi.
Only that this looks like an attempt, for understandable reasons, to dissociate himself from Satoshi.

That somehow reminds of Paco Ahlgren's strange (but again totally understandable) badly acted denial (http://www.pacoahlgren.com/bottomviolation/2011/08/22/the-future-of-bitcoin-and-digital-currencies/) when he went under scrutiny after writing a (perhaps a bit too much) enthusiastic article about Bitcoin (http://www.pacoahlgren.com/bottomviolation/2011/07/25/bitcoin-cannot-fail).

Now this is peer review as it should be.  :)

can someone post a diff or have the old version? I'd like to see what got changed.

https://s3.amazonaws.com/retep/2012BitcoinFinalNonAnonymous.pdf (https://s3.amazonaws.com/retep/2012BitcoinFinalNonAnonymous.pdf)

bitcoin

Bitcoin

Payments are made inAnd in the Acknowledgements: bitcoins (BTC's), which are digital coins issued and transferred by the bitcoin network. Nodes broadcast transactions to this network, which records them in publicly available web pages, called block chains, after validating them with a proof-of-work system.

Payments are made in bitcoins (BTC's), which are digital coins issued and transferred by the Bitcoin network. The data of all these transactions, after being validated with a proof-of-work system, is collected into what is called the block chain.

A common prominent practice of bitcoin users is to create chains of consecutive transactions as can be seen in Fig. 7: An initial amount of 50,000 BTC's is rapidly transferred from one address to another leaving out some small amounts. In this example 350 such transactions are carried out within the first two days during which the initial amount of 50,000 BTC's is reduced to 34,000 BTC's. In the next three weeks an additional 100 transactions follow and the amount is further reduced to merely 15,000 BTC's. A similar chain of length 120, with initial amount of 500,000 BTC's which decreases to 340,000 BTC's at the end of the chain, is shown in Fig. 1. Note that some of the transactions in this chain are carried out by Mt.Gox. Additional such chains can be found in Fig. 2, Fig. 3, Fig. 4 and Fig. 5, with lengths of 3, 15, 23, 26, 80 and 88 transactions.

A common prominent practice of Bitcoin users is to create chains of consecutive transactions. Some of these chains can be explained by the change mechanism in which small payments are accompanied by the creation of a new address, into which the user transfers the dierence. Such chains can be found in Fig. 2, Fig. 4, Fig. 5 and Fig. 7, with lengths of 3, 15, 26, 80, 88 and 350 transactions. However, the behavior seen in Fig. 3 deviates significantly from this pattern, since the same amount of 5,000 bitcoins is repeatedly split off the main sum and put into accounts which have no additional transactions associated with them.

Finally, we would like to thank all the members of the bitcoin community who sent us excellent comments criticisms and suggestions.

Finally, we would like to thank all the members of the Bitcoin community, and in particular Meni Rosenfeld and Stefan Richter, who sent us excellent comments, criticisms and suggestions.

https://s3.amazonaws.com/retep/2012BitcoinFinalNonAnonymous.pdf (https://s3.amazonaws.com/retep/2012BitcoinFinalNonAnonymous.pdf)

This isn't the old version, it's something between the old and new. As such, there are many changes not appearing in molecular's diff. I'll try to look for the original version.

This isn't the old version, it's something between the old and new. As such, there are many changes not appearing in molecular's diff. I'll try to look for the original version.

You know, it'd be worth it for someone to try to replicate the whole paper with our own toolchain, such as znort's blockchain parser, and publish our own findings. If I had the free time I'd look into doing so myself.

If there was an expectation of getting meaningful results I guess the incentive to do this might be higher.

Just "showing Adi how it's done right" is not worth the effort in my mind. I don't think the way he did it invalidates the results.

Still: if you find the time: go for it! Maybe you can find even more interesting results.

If I'd do something like this, I'd use bitcoin-abe and sql-queries.

(1) We shouldn't forget it's not really Adi Shamir's paper, but his grad student Dorit Ron's paper, who according to her linked-in page is working on a masters degree.

She would have done essentially all the work with Adi only supervising.

Quite possibly prior to publishing the paper Adi didn't actually know much about Bitcoin.

Why doesn't Dorit Ron pop in here and suck all knowledge from us and use our resources? Is there some formal reason like having to write the thesis on her own?

In case someone missed it, I posted a link to the old version in the previous post.

Link? According to http://www.wisdom.weizmann.ac.il/~dron/ she's been writing papers for 28 years (and in case there is another Dorit Ron at WIS, the emails match).

Probably due to low signal to noise ratio on this forum. I agree that they should have consulted with local and global Bitcoin experts at a much earlier point. (Speaking of which we're talking about me coming to visit for a meeting of faculty interested in Bitcoin and/or the paper).

Some of those might be miners, collecting a lot of little bits of change.

In case someone missed it, I posted a link to the old version in the previous post.

Probably due to low signal to noise ratio on this forum. I agree that they should have consulted with local and global Bitcoin experts at a much earlier point. (Speaking of which we're talking about me coming to visit for a meeting of faculty interested in Bitcoin and/or the paper).

By the way Adi and probably also Dorit are reading these threads.

thanks. I tried to make another diff, but I'm having a hard time (line breaks have to be removed, my pdf reader's copy to clipboard function screws up on many chars, hyphenation marks need to be removed, etc). It'd be awesome to have the sources (tex or whatever they are).

Right now it's too much effort for me unless someone has a great idea on how to get clean(er) text from the pdfs.


Cool!


Hello! *waves*

thx for trying.  it would indeed be helpful at some pt to see the changes they have acknowledged.

thx for trying.  it would indeed be helpful at some pt to see the changes they have acknowledged.

yeah, would like to see them, too. I got stuck at trying to figure out wether it'd be more work/cost to do it manually, hack up a script, search for existing tools or put up a bounty in the newbie subforum ;)

By the way Adi and probably also Dorit are reading these threads.

It'd be awesome to have the sources (tex or whatever they are).

do you think they will update the paper once more? molecular already posted first diff few days ago.

do you think they will update the paper once more? molecular already posted first diff few days ago.

not sure how computer readable the sources are and how frequently they change but I'm sure ms word can compare two files (I'm thinking about copy-paste the versions into separate files and use standard office tool, not as elegant as diff but works as well) but will not fight in newbie section for the bounty. have thought colleagues at previous job how to use this. I even saw a manual how to do it. One must love public administration.

Why don't they include a bitcoin address in the update? For R&D purposes ; ) read donations

I looked through the whole thread, seems nobody posted a link to previous versions of the paper.
Can you please PM me a URL where I can grab a copy?
edit: the later version replaced the original 1.0 and I have nothing to compare.

meni posted a link earlier in this thread and here's a link to a page that lets you download any version of the paper (posted this earlier): http://eprint.iacr.org/cgi-bin/versions.pl?entry=2012/584

I was looking precisely for this ^^ thanks. I'm on it (diff)

I paid a visit to WIS today to meet the group of 8 people involved in Citi-funded research (which includes Adi, Dorit, my M.Sc advisor, and some other people I've known from my time there, which AFAIK was before this project started). Adi explained that this funding was given for doing banking-related research, and that each member of the group dedicates a small portion of his time to such research. He wished to emphasize again that other than this broad directive, the researchers are free to choose their agenda, and that no input was received from the Citi Foundation regarding the choice of topic, let alone the conclusions of the research.

Through most of the meeting I answered general questions about Bitcoin; we also spent some time brainstorming ideas for improving the paper. I will soon put up for discussion here some of the issues that were raised.

awesome!

bitcoin -> Bitcoin - cause initial difficulty when comparing versions, sea of red : )

@Meni I had it 'outsourced' this time after I failed few weeks ago. This is a summary I translated into English from the report I received. I did not specify that it should be in English nor that I want to have it formatted in any special way. You're interested in what, seeing paragraphs next to each other from v1.0 and 1.1 so you can see the changes for yourself? Now that I know what changed this could be easy.

@Meni even with pre-processed texts there are problems, like layout issues. p.ex. when the same text shifts by one word so every line looks different. adding new line breaks to list of tolerated exceptions would do the trick but not with my tool.
etc.

@Meni even with pre-processed texts there are problems, like layout issues. p.ex. when the same text shifts by one word so every line looks different. adding new line breaks to list of tolerated exceptions would do the trick but not with my tool.
etc.

I imagine that new paragraphs would have two line breaks. So what about replacing double line breaks with a temporary character, removing all line breaks, and replacing the temporary character with a line break? Then every paragraph would be in a single line.

Would it help to obtain the original TeX?