Bitcoin Forum

From what I read, a brute force attack to the blockchain is impossible with normal computers and unlikely with quantum ones.

Quantum computers will eventually become a reallity.

Why don't we start using safer keys and a bigger keyspace for the addresses from now, instead of waiting for troubles?

2^160 is cool, but what about 2^2048?

I dont know it it has sense, but i think that we should start to implement this in the next future as was done with ipv6, dual stack network for 20 years, etc.

I support this. Additionally I propose we add more decimal places (4 zeros or more) simultaneously. Logical reasons:

1. In the future, there may be multiple "mainstream clients", so coordinating between different development teams may be more difficult by few orders of magnitude
1a. If that happens, there will also be multiple code bases and changing all of them to comply with new standards will be very difficult
1b. Because of that, there will be also much much much more testing required, and many many more possible bugs will be produced because of the transition

2. In the future, Bitcoin may be heavily used by many powerful financial institutions and each of them will have its own agenda. They may or may not like the enlargement of decimal places & private/public keys for reasons not yet known currently.
2a. Large institutions (including financial, governments) have large inertia. It will be difficult for them to make transition to any new standards.

3. In the future, Bitcoin will probably be implemented in many embedded devices (such as ATMs, smart wallets, smart credit cards, "smart bitcoin safes") etc. So it will be even more difficult to implement it

4. In the future, it will require much more convincing people to switch to the "new, better Bitcoin with longer keys".

5. Just look what happened with Ipv4 -> Ipv6 transition. The same will happen with Bitcoin. It will be extremely difficult to make any changes once it is widespread.

^ i disagree.

i think in the future, most bitcoin-related transactions will not occur on the actual blockchain and hence won't be restricted to 8 decimals anyway.

the 8 decimals will only restrict the balancing of accounts between large institutions that actually use real tx's.

This is one of possible scenarios.
However nobody can exactly predict the future and it won't hurt to prepare for another probable scenarios instead of just doing nothing ?

However, the UNIX sysadmins of 1970s also never thought that their code will be used to this day and by so many people and
- This is the reason we need to do Ipv4 to Ipv6 transition today.
- For the same reason, the UNIX TIMESTAMP does not support dates beyond 2038 (was it 2038 ? or 2035 ? I don't remember exactly), which already causes problems in software today.
- The same issue with Y2K problem.

The conclusion ? Everybody always thinks that their system will be replaced by something new & better in the future, but it often does not happen, hence the problems we have today.

I think you don't really grasp what 2^160 actually means... let alone 2^2048...

Know why Y2K happened and went without anything happening?

Because the systems were replaced by something new & better before then.

Deal with issues when the need arises. There's way more important stuff to deal with first.

If a computer is designed that can hack Bitcoin, it will be used for more important things than making money. It will be used for predicting the consequences of butterfly wing flappings.

I do.

Yep, exactly.

"Let's fix it when it becomes a problem" is IMHO a very shortsighted & foolish way of thinking.

Especially when fixing it now is extremely simple and fixing it 10 years into the future will be orders of magnitude more difficult because of the reasons i wrote earlier.

Of course, 2^2048 is obviously too much, but why not 2^384 or 2^512 ? I don't see anything wrong with that.

Also because a Bitcoin address is a combination of ECDSA with RIPEMD then provided that you don't re-use addresses (so yes vanitygen addresses are not the best and I am well aware of my own sig) then even if ECDSA (in terms of the particular version being used by Bitcoin) is broken by some future QC machine (which I seriously doubt will exist for a very long time from all that I've read so far about this technology) you will not lose your bitcoins (as *both* ECDSA and RIPEMD would have to be broken for this to occur).

I forgot to add, than we can add just the networking & protocol support for 2^512 & 4-6 more decimal places and wait 2 or 4 years with the actual implementation, so everybody will have enough time to prepare.

This discussion is also about adding more decimal places *before it becomes a problem* rather after it becomes a problem some 30-40 years in the future.

Sure - the point is taken but I do think that the threat of QC is *far* less than the threat of a > 50% attack (just how many FPGA/GPUs are there mining Bitcoin right now and do you not think that a government couldn't just buy 10x that amount of hashing power especially if say they are the only one in the world where ASIC is being manufactured?).

Disclaimer:  This is a general attitude and not based on defeating ECDSA with RIPEMD

It's sad and all too common to see reactive positions on problems or tweaks when it's relatively easier to fix them sooner than later.  Particularly when system adoption is a few thousand vs. possibly millions in the future.


A good example of major change in a widely adopted, but loosely organized system is IPv4/IPv6.  This transition has been dragging out for many years and has resulted in all sorts of intermediate protocols in attempt to overcome the sheer difficulty of wholesale replacement.


But, let's not forget what Satoshi said.  To paraphrase: The nature of Bitcoin is that once it was brought online it's core would remain fundamentally unchanged.  That's a broad assertion and I wonder what the boundaries are of his assertion.

+ 1000

Yeah, I really hate the "Let's wait until it becomes a problem" attitude.


Exactly what I am saying.

--------
Let me sum up the benefits:

- Longer private/public keys = more possible addresses, better protection against money loss due to the identical address generated by 2 people
- Longer private/public keys = better security when a flaw in one of the fundamental algorithms is discovered
- More decimal places = after bitcoin becomes widespread, it will be suitable for transferring/storing smaller amounts of money
- It is 1000 X easier to fix the issues right now instead of later

There might be something to other points, but this is not a real thing.

Yeah, i know that if right now everybody on earth would generate 10 random addresses a second for 10 years, then the probability of hitting the same address by 2 people would be like 1 to 66,205,589,862,420,404,716,771,980,897 but still... using longer addresses would be even safer !! :P

Math is scalable.
HDD space and bandwidth isn't necessarily.

Isn't the Great Chain bloated enough as is already?

This +1.

To the supports .... D&T rant mode engaged.

1) Bit strength alone is utterly meaningless.  ECC was designed to use a smaller key size yet produce the equivelent security of larger key sizes used by RSA.  256 bit ECC has the equivelent security of 3072 bit RSA.   The whole POINT of ECC was to reduce key sizes without reducing security.  Increasing the size of the hash to larger than the ECC key is a good way to just waste space.  It does absolutely nothing.

2) There aren't even any vetted ECC curves beyond 512 bit because it makes about as much sense as idiot LEET hackers speculating that if 2048 bit RSA is good then 4892374190289378952347589347528945 bit RSA must be even better.

3) 160 bits can't be brute forced.  Period.  To put it into perspective the entire bitcoin network has performed roughly 2^56 hashes and comparisons.  If the Bitcoin network was one trillion times faster (note that is roughly a million times more computing power than the entire planet combined) it would take "only" 80 quadrillion years to have a 50% chance of brute forcing a single 160 bit hash.   Most miners understand difficulty so brute forcing a 160 bit key is like a solving a block with a difficulty of 79,228,162,514,264,300,000,000,000,000

4) Larger key strengths are useful in the event an algorithm is partially compromised HOWEVER it is more important to use well known and vetted algorithms which are less likely to be compromised in the first place.  Moving to Bobs Leet 2048 bit hash is of little utility if it is broken wide open providing about 20 bits of effective security vs no practical attacks on RIPEMD-160 or SHA-256.

5) Public addresses are the product of a double SHA-256 hash AND RIPEMD-160 hash of the public key.  This provides resistance to cryptographic attacks as it would require not just a flaw in one algorithm but a significant exploitable flaw in two completely unrelated and highly vetted hashing algorithms to have any useful applications.

6) Nothing is free.  Larger keys, larger public addresses (hashes), and more decimal precision takes up space.  The idiotic idea of going to a 2048 hash would increase the size of all transactions by a factor of nearly 13.  To put it into perspective if the network currently used that the blockchain would be nearly 40GB and growing by 5GB or so a month.  All those scalability limits (bandwidth for a node, computing power to verify tx, annual storage growth requirements, time to bootstrap a new node) would all be increased by a factor of 13.

Increasing the number of digits is equally stupid.  Bitcoin may never scale to a level where such precision is useful.  Say we increase it to 16 digits.  Why not 48? or 96? or 2000?   Now you likely are thinking 2000 digits, now that is stupid.  9+ is really no different.  Taking time and resources from areas where Bitcoin could use some real improvement to "fix" unbroken problems is just dumb.

Want to improve Bitcoin how about donate 20 BTC to an alt-client developer?  How about make or improve a bitcoin library in your favorite programming language/platform?  Maybe crowdfund the development of a node class library so the logic of a node can be decoupled from the GUI and wallet portions of the reference bitcoin client?  No lets "fix" things which aren't broken, that is where we will unlock some value.

Hardware & human lazyness combined with reluctance to change scales even worse.

As i pointed out, it will be at least 1000 times as difficult (& costly) to add decimal places or increase cryptographic keys lengths in the future once Bitcoin becomes widespread.

So why not do it now instead of waiting for it to become another "case" like Ipv4->Ipv6 transition.

Yes, now.
Do you know what hardware and tech the military has? Do you know what we will have in 20 years? I don't. No one knows. This is the point. It's the same as projecting the future costs and sizes of computers before the transistor.

PS, I made you wrote your 8888+1 post. Proud of it!

Successful technology companies do not waste their time solving problems that they THINK they MIGHT have in 20 years.

They don't even spend much time thinking about problems that they might have in four years.

I don't spend any time worrying about the strength of 256-bit ECDSA or 160-bit RIPEMD, and I spend even less time worrying about the strength of those two combined.

I got it, you are talking about Facebook.

It's a problem that will arise sooner or later. It's sure.

Fixing it now is better than fixing it later.

cedividad, you should probably first get a basic grounding in cryptography before demanding illusory changes.

Also, are you Atlas?

Go f*ck yourself now is better than go f*ck yourself later.
There are many other things that we must thing before, don't you think?

Well, I tried.

I should be still alive 50 years from now, i will resume the topic.

Even in 20 years military can build a single computer as powerfull as all the computer of the world now and  put 1 quadrillion of that computer together (if they are the size of a credit card and 1mm of thickness they cover all the Earth surface with a stacked heigt of 9Km) it still took 80 years to crack a 160 bit hash. Not to count the energy involved in the process.

Sounds about right... Really, we can't even count to 2^256 with a theoretical perfectly efficient computer without using more energy than is contained in the sun.  Forget calculating a hash for each value.

In the future kids will be too busy flying cars and eating space cheese to worry about breaking an encryption algorithm.

mmmmm.... space cheese

I know the military can't break the laws of physics and I know you have no idea the scale you are talking about.  We aren't talking about "wow this GPU is 3x as fast as last years" we are talking about energy usage on the scale of sending an intersteller spacecraft to another star system to begin a human colony.  

At the thermodynamic limit (the limit of efficiency in storing information imposed by the laws of the universe) it would require an amount of energy more than 100,000 times greater than the global energy usage of the entire human last year just to count to 2^160.  160 bit can't be brute forced today, tomorrow, next century, and likely not anytime until material sciences become so advanced that they will threaten what you propose we upgrade to as well.


To count to 2^160 (just count 1,2,3 ... 2^160) using a perfect computer would require 6.43x10^32 ergs.  To convert to a unit of power which is better known that is 1.78x10^16 kWh.  A next generation nuclear reactor (1500 MW, 90% capacity factor) can produce 4.257*10^13 kWh annually.  That means even if magical aliens gave us a perfect computer it would require ~420,000 reactor years to produce the energy necessary for it to count from 0 to 2^160.  Remember this is merely counting to the number 2^160.  To perform a brute force attack would require tens of thousands of operations per attempt.  So lets ballpark it to say ~50,000 brand new nuclear reactors constructed and running continually to power nothing but this non-existent alien tech perfect computer for the next 10,000 years .... and it would still only have less than a 10% chance of brute forcing a Bitcoin address.

So yes I know 160 bit keys won't be brute forced in the next 20 years.

This quote applies to 256 bit keys but to a lesser extent it applies to 160bit hashes as well.


http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html

MATH! F*ck yeah! I love that stuff.

Your arguments are valid.

Actually I already realized validness of these arguments before, however I am a hardcore crypto freak and i like if my cryptography is blazingly, incredibly strong. I actually use 4096-bit VPN keys to communicate between some of my servers even though i know very well that 2048 is more than enough.

So, now that we have determined that more cryptography is not necessary, what do you think about adding more decimal places ?
This is not an unrealistic future problem. If in 30-40 years Bitcoin becomes world's #1 currency, then 8 decimal places will not be enough. Why not simply add them now while it is extremely easy instead waiting for problems in the future ?

When Bitcoin becomes widespread, it will be much more difficult to change anything than it was to change from Ipv4 to Ipv6 protocol (because of all the mining hardware).


However, that argument is invalid.
Bitcoin "may never scale" they said. But it also MAY scale - what's then ?

This is a foolish "let's wait for the problem appear, before dealing with it" kind of thinking.


Really ? That's a simple problem.

We can calculate the minimum unit from following algorithm:

There you have it. The humanity will probably never require more units of Bitcoin than that, even if Bitcoin becomes #1 World currency and everybody on the world starts using Bitcoin instead of other currencies.

Currently, total amount of the smallest units of Bitcoin is 2,100,000,000,000,000 which is just over 2 thousands of trillions (USA scale). Is it enough according to the equation above ? I highly doubt so.

I'm quoting this just because, apparently, it can't be repeated enough. Thanks D&T. ;)

By the way, correct me in what I'm wrong. What I know about quantum computers is that they're capable of executing operations which normal computers simply cannot execute. With these different kind of operations, it is possible to execute a particular algorithm that exploits a ""flaw"" in some public-key encryption algorithms like ECDSA or RSA and then crack a private key out of its public pair with considerably less operations than a brute force would request.

I have no idea how fast this algorithm can crack a a key, but I believe we have no reasons to worry right now. Quantum-proof public-key algorithms are not as much tested as ECDSA AFAIK, so it might not be a good idea to start using them right away. Hell, RSA is used all over and people are not worrying with this. We can stay cool for many years yet, I suppose.

Finally, hash functions are not quantum-vulnerable. So as long as you use disposable addresses (i.e., never reuse an address), you're safe even against quantum computers.

It's really unlikely that bitcoin will replace all world currencies in 20-30 years. Actually assuming that we would use 1/1000th of "coins" we can use 2,1 trillions of "coins" with a value of 1$ each.  That's roughly an average of 262 "coins" for every world inhabitant. Assuming that 1/100 of world population  will use bitcoin is 26200$ per person.

Especially if you consider that any single copy of the blockchain would grow by 6 TeraByte PER DAY.

That's will no be a problem: in 20 years an SD cards can reach size of thousands of TB (today there is 2TB usbstick). And you don't have to download all the blockchain to make client works.

i thought the maximum block size was 1mb.

144 blocks per day = maximum 144mb per day.

Of course it is very unlikely, but that is not the point.

The UNIX engineers of 1970's also thought that it is really unlikely that anybody in 2013 will use their code & standards such as 32bit UNIX TIMESTAMPS limited to year 2038 and Ipv4 limited to roughly 4.000.000.000 addresses.

This shows that humanity is not really very good at thinking ahead, especially when speed of changes is rising exponentially.

So let's design ahead while you can, do not wait for the problem to show up (especially that now it is extremely easy to change something, and with time it will be more and more and more difficult, nearing impossible in few decades).

Yes. Yes it is. See the problem?

I guess quite obviously (and for that matter contrary to what the general wisdom figures), Bitcoin is neither designed to be nor intended to be a consumer item.

I also said on the first post that cracking the blochain with this hardware is impossible, however it could be with quantum computers, that exists, they are not only a dream.

It will come a time when 160bits will not be enough. And I know that there are more combinations than atoms in the visible universe, but thank you anyway for this cool math.

Please don't shatter their dreams of a bitbased utopia where everyone can dance in bitbliss on the graves of bankers.  :'(

THAT'S actually a bigger problem: I see that we have blocks of 200-300KB today, with 500-600 transactions. A limit of  less than 2000 transactions every 10 mins can be reached quite quickly if bitcion spreads.

If I'm correct this is a hard limit imposed while "we are still in alpha stage".
There is nothing that locks us from growing the blockchain 1GB per day. As someone pointed out, SSDs are already cheap enought.

Those blocks will have to be hashed. So yes there's a hard limit: miners.

For that matter, nobody seems to have asked the "asic producers" how capable their "products" would be to handle changes in that area (with or without additional clock bluffers).

Precision change would not require hardware changes.  All miners care about is a double round of sha256 of whatevery you hand it.

Please take your logic and math elsewhere. Only hysteria and hyperbole belong here.

Not exactly the point. Things such as stales were serious problems with (some) FPGAs and systems like p2p mining iirc. Unless I misunderstand something, having 1gb blocks would pose significant problems for pretty much all miners, and would not be necessarily trivial to handle on asics designed with 1mb/block assumptions in mind.

Guys, stop worrying about the maximum blocksize. There are lots of ways to do off-chain transactions, here (http://gavintech.blogspot.ca/2012/07/off-chain-transactions.html) is one idea from Gavin, there is also Ripple and OpenTransactions, as well as more limited ways to do micro-transactions; Mike Hearn is apparently working on this (https://en.bitcoin.it/wiki/Contracts#Example_7:_Rapidly-adjusted_.28micro.29payments_to_a_pre-determined_party) concept. I've even got an idea (https://bitcointalk.org/index.php?topic=134827) myself.

On the other hand if we do increase the maximum blocksize we reduce the one incentive miners will always have: transaction fees. This reduces the security of Bitcoin for everyone, and makes it expensive for anyone to participate by mining or running a full node. I know it's kinda arbitrary, but keeping the blocksize at 1MB forever lets Bitcoin act as the "gold standard" of crypto-currencies, and enables a whole ecosystem around Bitcoin. If we do this in the future you'll be able to safely buy a house with Bitcoin, albeit for the equivalent of a few dollars in transaction fees, and also pay for a $1 chocolate bar with Bitcoin, albeit using a off-chain mechanism with a bit less security but a transaction fee of maybe a tenth of a cent.

The math is pretty simple really. Lets suppose we need 25x the current block reward value to keep Bitcoin secure in the future, and the reward is purely paid by fees. 25BTC * $15/BTC * 10 = $9375 USD/block. $9375/1Mib * 500bytes = $4.47 for your "buy a house transaction", yet, that will keep the total block chain size to a level, even with full history, that is at most 55GB/year. Anyone with an interest will be able to download the whole chain, still participate as a full node, and keep Bitcoin secure and inflation free for all of us.

Let me google that for you.... ah, here's a nice chart:
  http://dollardaze.org/blog/?post_id

There is about 5 trillion dollars in currency in the world.

So 2.1 thousand trillion satoshis is PLENTY.

More practically, MPEx's PUSH is doing ~100 BTC worth a day already.

Couldn't make heads or tails of the rest of your argument. Keeping the blocks under 1 mb makes house buying transactions fit in 500 bytes and 55Gb is hardcoded into quantum physics as the "affordable yearly datasize"?

Are you sure this calculations are correct ?
Also, does "other currencies" contain gold & silver bullions + diamonds ?

Even if these calculations are correct then we have roughly 5,000,000,000,000,000 (5 quadrillions in US scale or 5 trillions in normal scale) units of dollars in circulation. If you add 2 more zeros for penny, then we have

=5,000,000,000,000,000,00 units of dollars vs
21,000,000,000,000,000 units of bitcoin

So no, as you can see - it isn't enough. At least 2 zeros (or better 3) are missing from this picture.

What calculations are you doing?

First no those numbers don't include other forms of wealth, they are the amount of currency and money globally.  They don't include houses, and stocks, bonds, life insurance policies, priceless art, etc.  Even if Bitcoin replaces all forms of Currency or Money it won't be replacing all forms of wealth.  You aren't going to live inside a Bitcoin, and drive a Bitcoin to work.  You aren't going to eat Bitcoins and give your bride to be an engagement Bitcoin and take time off work to go on a Bitcoin.  Nobody is going to go to museums and look at priceless framed Bitcoins and talk about the Bitcoin that they hate where they Bitcoin the Bitcoin all Bitcoin long.

The global currency supply (M0) is roughly $5T (not the $5 septrillion number you posted).  For Bitcoin to replace all global currency (M0) would put the value of 1 BTC at $238,095.25, in 2012 US dollars.  A satoshi would have have a value of roughly 0.25 US cents.  

I would argue that under such a (implausible) scenario many people would demand bank accounts for their coins so maybe using the global money supply (M1) which includes demand account deposits would be more meaningful and that is roughly $50T. For Bitcoin to replace all global currency (M0) would put the value of 1 BTC at $2,380,952.38, in 2012 US dollars.  A satoshi would have have a value of roughly 2.4 US cents.  

As countries are eliminating coins worth more than that a global single world Bitcoin currency would be more than sufficient.

Examples:
Canada eliminated Canadian cent making smallest coin worth $0.05 USD.
China smallest unit (physical or electronic) is 1/100th of a Yuan which is worth ~$0.06 USD.
Finland has reduced circulation of Euro cent making the smallest coin worth ~$0.07 USD.
Australia smallest coin is the 5 cent piece and there is talk of eliminating it which would make the smallest unit worth ~$0.10 USD

Edited for clarity.

Implausible you say? It's the more likely scenario I say!

Actually, I can see that one happening.

I'm thinking Churches.

This argument seems to assume that humans will be the only economic actors.
I predict that Artificial Intelligences with Bitcoin wallets will be numerous - potentially outnumbering humans.

I agree with OP. Already had my wallet emptied from a brute-force.

How do you know that?

 :-\

Because I know who did it. Same stalker as the one I had years ago. Finally found me again.

I know what it means. Trying every possible combination.

Sounds a bit paranoid, and a lot like an unlikely assumption.

It is not possible to try every possible combination to "brute-force" a private key.  The fact that you think someone did this doesn't make it true.

I mean I know her personally. She brags about this stuff and the fact that she knew I was empty before I did is still weird.

If you told me she gained unauthorized access to your computer, I'd believe that.
If you told me she hacked into your computer and gained access to your wallet, I'd believe that.
If you told me that she brute-forced the password you set on your wallet (and your password was weak), I'd believe that.
If you told me she figured out the password on your wallet based on the things she knows about you, I'd believe that.
If you told me that you imported a private key that you generated from a passphrase, and that she figured out your passphrase based on the things she knows about you, I'd believe that.

But, regardless of what she has told you, she did not brute-force the necessary private key to spend/steal the bitcoins.

either that, or because your password was 12345 (same as my luggage).

Then why does this Zerohedge post quote PIMCO (no small fry) saying there is 12.5 trillion $ in currency reserves around the world?
Are they not talking about M0?

http://www.zerohedge.com/news/2012-10-01/pimco-gold-simple-facts

M0 generally only includes "Notes and coins (currency) in circulation".

If you are looking for a measurement that includes things like personal bank accounts and various electronic records of money then you are looking at something more like MB (includes Federal Reserve Bank credit) or M1 (includes traveler's checks of non-bank issuers, demand deposits, credit union share draft accounts, and other checkable deposits).

Quote from your linked site:

Oh, ok, thanks!

As Danny pointed out it is M1 vs M0.  M1 is probably a better metric as under the extreme (and for the record highly implausible) scenario of Bitcoin replacing all currencies in the world not everyone is going to want to retain person local possession of their coins.  Banks holding Bitcoin reserves would emerge so if BTC replaced all global currencies we are likely talking about M1 not just M0.  Still not sure where the $12.5T comes from because M1 is closer to $50T.  Maybe they have some other metric they are using which is looser than M0 and tighter than M1.  Who knows.  For this purpose it doesn't really matter. $5T, $12.5T, $50T.  Bitcoin would do just fine.  It will be legal, social, and political challenges not technical issues that prevent this scenario.

Perhaps she meant she hacked your system.  If she gained access to the computer with your wallet she could steal your funds.

In that case maybe you shouldn't use the 21M BTC limit any longer, since the total "bitcoin" supply could be higher due to fiduciary inflation.
I think it's more reasonable to compare the 21M limit with the monetary base, since that's what it represents.

+2^160

FYI, the fed does publish reports... http://www.federalreserve.gov/releases/h6/20121108/

Look over here ----->


There are NOT 5 Quadrillion Dollars, try again.

My 2 cents on this subject is that one of the advantages of Bitcoin today is the seemingly infinitely divisible nature of it. Once we get to the point where a satoshi worth a few pennies, Bitcoin will just start to feel kind of granular. Also, I don't understand how we would be able to buy something worth 10 cents without the transaction fee taking up a significant fraction of the purchase.

In any case, my larger confusion about these discussions is whether we think we are ever going to do a hard fork for any reason ever again. If the answer is yes (maybe in 5-10 years), then we can always address this problem later when and if it is relevant. If the answer is no, err... then I don't know.

And must not be forgotten that if a sathosi will be valued more than 1/2cent  and a change to the protocol where too expensive to implement at some point of the story can be created a new coin (let's call them smallcoin) tied to bitcoin but worthing 1 sathoshi with 8 decimals (just to say a number) to be used for everyday expenses: so we can move bitcoins for big players (in that scenario a bitcon could worth from a little more than 50 milions of $ to as high of 5 quadrilions of $ and still rappresent less than 0,5cents). It's anyway a really unlikely scenario

Isn't RIPEMD broken yet?
"In August 2004, a collision was reported for the original RIPEMD."
http://en.wikipedia.org/wiki/RIPEMD

From your same source:

So, it sounds like the original RIPEMD may have had a weakness, but a replacement was created that hasn't yet been demonstrated to to have a similar weakness.

According your source (http://www.federalreserve.gov/releases/h6/20121108/) :

10122.6 billions (i assume that it's US short-scale billions) = 10126.8 x 1,000,000,000 = 10 126 800 000 000
=====================      10,126,800,000,000 + 00 (pennys)
Quadrillion (US short scale) = 1,000,000,000,000,000
(Current M2 With pennys) == 1,012,680,000,000,000 total currency units

EDIT:
So you are NOT correct.  It is quadrillions.

And also, we were NOT talking about dollars, but ALL MONEY IN EXISTENCE. So first read with understanding and then discuss.

Wait 6 days and then go all big bold typing ballistic, nice. I know how long bad math can survive on this forum now. Thanks for pointing it out, I guess.

I made a mistake when lining up my zeros, sorry about that. The exercise AND the link were both relevant to the conversion, but nobody was linking to ANY FREAKING DATA, they were pulling numbers out of thin air far as I could tell. I suppose I also should have said FRB M1 instead of USA.

If you have links to any more relevant data or opinions it would be great, I'll fix my post and update my comments to reflect the correct math.

EDIT: Wait a minute!

1 Bn (1,000,000,000) times 10,000 is 10,000,000,000,000, or 10 thousand billion , or 10 million million. You would have to have 10 million billion (10,000,000,000,000,000) before you got to a 10 Quadrillion.

Please double-check this, but I think you got an extra set of zeros in yours.

If you want to go up to a global M1 number it is still in the Trillions scale, I doubt the planet has had a money explosion (in USD value) since 2008 to put it too much higher than the $19.2 Tn number from this article: http://dollardaze.org/blog/?post_id=00565

Global M2 is estimated at $45 Tn in the same link. So unless the global economy grew 100X without us noticing it, the $5 Qn is either BS or a far future money supply. (let's not debate on the time scale, it's more than 10 years and less than 10,000 most likely before we see $5Qn.)

You did it again, you did not read with understanding.

Of course i Have 2 extra zeros in mine, because i counted the pennys !

I did all the counting on a calculator (I don't trust my mind completely as minds are tricky things) so you can be sure my calculations are correct.

I do al my riting wif a kee bored so you you cna be sure my süntex si correkt.

Oh, I understood that part just fine, but you don't need enough pennies to cover every bank account on the entire planet, so talking about M2 is a strawman, M1 is much closer and it's almost the same as satoshis, and that's assuming that we would need a penny sized denomination, just like it assumes that nobody would just invent something new/local/different once the supply is too constrained (or maybe even well before then...)

I would appreciate it if you would quit trying to be an asshole, my math was correct.

I am trying to predict maximum achievable necessary number of units of currency that the mankind will ever need in case of Bitcoin becomes #1 currency.

So in an (unlikely of course) case that Bitcoin becomes #1 currency and is still used for microtransactions, then we will need at least 500,000,000,000,000,000 total units (500 of US-scale quadrillions) of currency, and currently we have only 21,000,000,000,000,000 (EDIT: which is 21 US scale quadrillions) of satoshis.

To be on the safe side, we should add at least 2 zeroes extra, which makes 10,000,000,000,000,000,000 = 10 sextillions == 10 thousands quadrillions == 10 millions of trillions (all US-scale)


Oh well sorry, apparently i do that sometimes.
I did not actually realize that this is being an asshole. I will try to adjust assholeness level downwards.

Thanks, there are enough folks on this forum who don't make an effort.

The answer of 500 Qn that you came up with is a bit odd to me, it does not directly reflect the actual number of currency units, nor does it use them as a basis with a defined inflation formula, it's just a big number.

I think my version of the the real answer might sound a bit Zen, but I'll give it a shot anyhow:
We need as many money units as we need, in the sizes we need.

So if someone invents a market that trades individual hydrogen atoms (cut me in) we will need a massive number of very very small units, interstellar trade would tend to need very large units. But it makes no sense to use a single currency for these very diverse uses, and it certainly is not a likely future. I think we will continue to have more currencies as we find more and more ways to capture and quantify value, and given current trends we are going to be able to quantify a lot of value in the future.

Bitcoin may not only substitute cash currency, may also bank deposit, money market fund. that is really really huge.