Bitcoin Forum

Hello,

Yesterday I posted a message about how bitcoin has a flaw.  I was told to research it because it has been discussed many times before and that it has been dealt with.  However, I've have tried to research but can't find anything on it.  Could someone please direct me to discussions about this.  Here is a copy of what I posted in the newbie section:

-------------------------------------------------------------
Hello,
I'm a new member here, although I've been following bitcoin and this forum for a while.  Something has been bothering me for quite some time and I've finally joined to ask you guys about it.   Specifically: it fascinates me that people don't seem to discuss what appears to me to be a most obvious fatal flaw in bitcoin.

ie: The transaction fee model will not support the cost of block creation.  Bitcoin will lose hashing power in the future when block reward coin generation drops off faster than the increase in bitcoin price.

The transaction fee model will not work because you can potentially exchange bitcoins outside the system which doesn't generate any fees for the miners.  For example, you can do this at the moment by physically  printing out the public and private keys to a wallet and physically passing these around in a tamper proof way instead of transferring the coins by way of a transaction within the system-- this is how Casascius coin works.   At the moment these off-chain transfers cannot be done electronically and require that you trust the person that creates the item that is exchanged.  However, soon transferring coins outside the system will be very easy to do since we are currently entering a new era of secure computing where everyday desktop computers and phones will allow you to exchange these key pairs in a secure, non-exploitable way.  This technology is the same that the media companies are demanding that all computers must have to prevent illegal copying of content.  Once someone creates the software to exchange coins this way it will become the most popular way to exchange coins since it is  totally free and instant-- at this point, hardly any coins will be exchanged on the network and hence no transactions fees will be collected by the miners and hence no-one will mine anymore and ultimately bitcoin FAILS.
 
There are various solutions to this problem, but most require hard forks:  listed below are just some
1) Infinite coin supply-- don't 1/2 the block reward every 4 years- instead at some point (say 12 years in the future stop the block halvings).   Note: If you have a constant reward eventually the coin supply will more or less balance out the rate of coin loss so you won't actually end up with an inifinite number of coins.
2) Satoshi Dice and similar services which use the block chain, requiring people to make transactions in the chain (eg: introduce namecoin domain name service, voting services, registration services, proof-that-something-has-happened services)
3) Demurrage where the miners get a fixed amount of the total supply every year, like freicoin.
4) Other schemes similar to demurrage where the miners get rewarded directly from people's wallets without them having to make transactions--eg: long term non-active wallets trigger an expiry date that allows miners to collect its contents. 

Please explain to be why this is not considered the major problem with bitcoin and why it is not discussed on this forum.

(PS:   I personally like the idea of expiry-dates for non-active wallets since it froces people to make a transaction before the expiry or they lose the money (or maybe just a percentage of it)- so the miners can make money by transaction fees and reclaiming dead coin. Am thinking of creating a new coin system based on it-- does one like this already exist though?)
-----------------------------------------------------------------

https://gist.github.com/gavinandresen/2961409

You are asking why people aren't discussing what you claim to be a "flaw" in the Bitcoin system.
The answer is simple that what you point out is not a flaw in the system. Rather it is a risk.


Your argument boils down to: people might not be using the Bitcoin network at some point in the future.
And indeed, you're right. There is the possibility that people will not use Bitcoin to a larger extent or switch over to some other system. There is the danger that ordinary people (just everyone beyond us geeks) will not "get" the innovative stance of bitcoin and just prefer to use fiat money, credit cards and gift vouchers or some similar payment instrument. And in this case -- indeed -- the Bitcoin system would fail to succeed and might even collapse entirely. Everyone should be aware of that possibility.

But you are not presenting an argument here. You state that "transaction fee model will not work because..." but you fail to proof why it will not work. You just point out "it might". Everyone will agree with that "it might fail", but there is no need to discuss that.


Having said that -- every discussion about how the Bitcoin system works and might be improved or might not work as intended -- every such discussion makes the basic assumption that the Bitcoin system as such will continue to be used. If we indeed make that assumption, then there are still some possibilities within the system so that there might not be enough incentive for the transaction fees to rise. If you just look through the threads started in the last weeks right here in the main discussion board, you'll find a shitload of threads discussing the issue with the block sizes. These discussions revolve around exactly that topic: are the parameters of the system set correct, so that it continues to generate enough revenue to keep the miners happy, once the finite block reward has dropped significantly. And, just from reading this threads, you'll learn a lot of interesting possibilities, you'll learn, that the answer is not conclusive right now, and that we're basically all just guessing. In that respect, Bitcoin is a huge economical experiment.

Just had a skim read of the link.  This is does not really cover the point I'm asking about.  What I'm talking about is the fact the when bitcoin is exchanged off-the-block-chain (eg: casascius coin) there are NO transaction fees at all.  Once off-chain transactions become avaialbe electronically by using the DRM (digital rights management) hardware found in modern computers then it will become the most popular way to exchange coins since it is totally free and instant thus there will be hardly any transaction fee availalbe for miners

I should give a link to the acutal discussion I've had already that details the problem:

https://bitcointalk.org/index.php?topic=147933.0

Addressing only the part I highlighted...

While it's true that off-network or out-of-band transactions could be executed without fees, that does not mean that they are without cost.  Bitcoin transactions are, currently, free under certain conditions; and it's going to remain difficult to compete with that for some time.  That said, even if Bitcoin is so successful that on-network transactions are no longer free in practice; off-network transactions cannot ever be costless, you just might not understand the cost.

For starters, it cost's real resources just to manufacture casascious coins.  Thus they will only be used in cases that their costs are perceived to be lower than their advantages.  Cacasicus coins are as anonymous as paper cash (advantage cash) but still require either an in person transaction or a physical shipping method (advantage bitcoin).  Other off-network methods will have different advantages and disadvantages, but will all have to deal with problems that bitcoin has already solved.  Certainly, there will be cases wherein off-network transactions do make sense.  That's a far cry from the assumption that off-network transactions will always make sense.  For example, your (theoretical) DRM model might have a real use, but it already sufferes from it's own flaw.  Namely that users would have to 1) have a computer capable of 'trusted computing' and 2) an owner that actuallly believes that it is true.  

Furthermore, you'd have to be transacting with a vendor who has similar faith in your computer's trusted computing model.  It's still a central authority model, except you're then putting your faith in Microsoft's ability to deliver on their promises compared to the security model of the blockchain.  While, certainly, there will be a market for this kind of thing; it would likely be limited to small transaction values that a vendor would likely be willing to accept with zero confirmations anyway.  And the first time a computer virus breaks that trusted computing model, whether or not it's bitcoin related, and your theory falls apart.

There is also the issue of vaporware, since the 'trusted computing' thing has been floating around the net as the next big thing for a decade now, and there is no example of it in the wild.  At least not an example anyone would be willing to trust with actual currency.

hey, it's the guy from last night who blocked me...

Well, I'm still waiting for *any* links to threads from *anyone* who read my thread which discusses this issue.  (Just as a reminder, you blocked me because you said that there is a massive amount of discussion on this topic already and that I should do some research before posting.  Well,  I've have been looking for an hour now and so far my post is the only one which directly deals with the problem of off-chain transactions costing miners--  perhaps you can give me just a mere 5 or so threads which I could read.  If you give me them then I'll go off and be quiet and good in my own little corner and not bother you anymore --- I promise :)   )

<sigh>

No.  That would be me doing your research for you.  I'm normally not inclined towards hand holding.  The search function really does work.  Start by trying to think about it from an economics perspective.  What are the economic drivers for people to seek out off-network transactions, for example?  The short answer is that, in order for people to worry about avoiding the high costs of on-network transactions, the on-network transactions must be more expensive than the costs associated with the development of an off-network transaction method.  As already noted, cash isn't costless.  So what is the real costs of those off-network transactions?  You assume them to be free or near free, but that is provablely not the case. 

And yet, free transactions exist, and we can reasonablely asume they will always exist so long as the blocksize is not near the maximum.  So if the blocksize is near the maximum, then the fee required to get included into a block would be forced (by the free market) to rise.  If the transactions are maxed out, and the fees are rising, under what conditions would an off-netowrk method of avoiding those fees actually lead to the collapse of that market price in on-netowrk transactions?

You Sir, are he who are challenging the status quo; and thus are the one with the burden of evidence, not I.  So please explain how a rising market price in transaction costs, followed by the developmetn of a cheaper off-network method, fails to reach a price equilibrium in the average costs of transaction fees before crashing to zero?  If the price for on-network transactions is non-zero, how does the resources supplied by miners (who desire those transaction fees) also not reach an equilibrium?

Ok, challenge accepted: Let's do the math (I'll even make it personal and use your own levels of acceptible security....)

Firstly I need to know at what level do you consider the system secure enough for transactions: so please reply with your minimium average cost to an attacker for a successful attack for the values of $1000, $100,000 and $10,000,000US.
 (eg: for me personally I would feel comfortable knowing that it would cost for a small transaction <$1000US atleast 2x that to mount a successful double spend attack (ie: if the attacker spent twice as much as they stole they it's good enough for me), if for a moderate individual sum say <$100,000 I'd like feel comfortable that it cost atleast 5x and for a large sum <$10,000,000 say 20x

(please note: just edited 1x to 2x for under 1000US)

Every time you make a physical bitcoin, you must load the associated address.  Every time you cash in physical bitcoins, you must transfer from the coin to your wallet.  Both of these actions incur transaction fees.  It's not conceivable that physical bitcoins will ever represent the bulk of bitcoin commerce for a very simple reason: making change is nearly impossible, and for change to not matter, one would have to carry ridiculous amounts of physical bitcoins with them at all times.  Physical bitcoins are good for simple medium-value face-to-face transactions (eg. "I owe you a coffee, here's a bit-dime") and for advertising.  All large transactions and all online transactions (see bitmit) will still incur transaction fees.

Ok, I've waited for a response for 30 mins and nothing yet from you so I assume your not here any more at the moment.  I have something else to do right now, will check again in 3~5 hours if you have responded and will continue from there...

Yes, physical coins have problems but that not what I really talking about.  I'm referrring to an electronic version of casascius coin that uses DRM.  

See this thread below (read through it and you'll understand what I'm talking about.  I had to start this new thread to continue talking about it because I one of the moderators closed the old one)

https://bitcointalk.org/index.php?topic=147933.0

As long as the main block chain has capacity for extra trade volume it will attract fees.

Check out how fees are increasing exponentially:

https://blockchain.info/charts/transaction-fees-usd?showDataPoints=false&timespan=&show_header=true&daysAverageString=7&scale=0&address=

Transactions done off-blockchain will fund the 3rd party services which will complement bitcoin (such as instant confirms), but this will still leave mining profitable.

It is even growing in btc terms: http://blockchain.info/charts/transaction-fees

So begins the wave of newbs who don't understand economics? There'll be a lot more coming, may as well practice before the flood.

All that is required, IMHO, is that the cost of a double spend attack to likely be higher than the potential ill-gotten gains.  So if you go and buy a car for $50K in BTC, it should be more expensive an attack than that.  However, you are already overlooking a feature of Bitcoin, the more 'confirmation' blocks that one waits for after the first one that accepts your transaction before you walk away, the more "expensive" (in several ways) that such a double spend attack becomes.  Also, it becomes more expensive at an exponential rate.  Thus, anyone who is selling you that car, considering the sums involved, is going to want to wait for 6 confirmations or so before letting you drive away.  At the current hashrate of about 400 PetaFLOPS equivalent, it would take at least 20 of these to overcome just one block confirmation...

http://en.wikipedia.org/wiki/Titan_(supercomputer)

Therefore, the current level of security is several orders of magnitude beyond what is necessary to disincentivize a frausdster from even attempting a double spend attack.  We crossed that point around 2010.

The security that is being paid for is to protect teh entire system from an institutional attack on the blockchain itself, and there is (likely) not a single nation-state with the spare resources to attempt it for even a few hours.  So I'm going to assume that the current profitablility for miners is more than sufficient to secure the blockchain.

Thus the question then becomes, how do we make sure that the curernt level of profitablity continues after the block subsidy is reduced?  First off, that may not realy matter for decades, as teh growth in value has thus far outweighed the reduction in block subsidy.  What was the exchange value when the subisdy dropped from 50 BTC to 25?  I know that it was under $15, and I'm fairly sure that it was under $10.  So at the current price of $34, we are already well over double the profitablity for miners overall.  As long as the real spending value of a BTC continues to double within a four year period, the concern is moot.

But, of course, eventually it wont.  Such growth is not sustainable, so at some point the value must stablize.  How, then, can we be certain that transaction fees will be enough for miners to continue to secure the network?

In short, we can't really know this, but the economics of the system imply that we can expect that an equilibrium of fees will be reached in one fashion or another.  So long as the overall Bitcoin economy is large & mature enough by that time, a tiny fraction of the GDP would be required to incentivize miners into the foreseeable future.  Far less, in fact, than what is taken from you via inflaiton of fiat currencies; which are at least 2% of their entire monetary base every year.  The big key is that Bitcoin is much more economicly efficient than fiat currencies are.

I'm willing to humor you and consider a working, available, universal DRM trusted computing model with remote attestation.
now please consider it doesn't make much sense to use bitcoin any longer

I assume you would want to use bitcoin in that case because you like the fact that it was issued in a decentralized way (and maybe you also like the limited supply?)
now you would use fixed denominations I'll quote you here (from the other thread)
"Also, you only need of regular totals of off-chain wallets to make any amount you wish to exchanged: eg- you can have .... 0.001, 0.002,  0.005 0.1, 0.2 0.5, 1, 2, 5, 10, 20, 50, 100BTC,.... totals in the wallets and you exchange the  key-pairs of the required numbers of wallets to make up the any amount you wish (ie: similar to how regular denomination coins/notes work in real like currency)"
and everybody uses
Why would you keep the burden of maintaining the blockchain at all,  at this point? you could just distribute the one file stating how much every address represents and trade them at face value
at this point bitcoin ceases to exist

in this scenario however bitcoin didn't fail because of a fundamental flaw it simply got out competed by another system, that used bitcoin to solve the problem of how to initially distribute your currency

so please explain what the fundamental bitcoin flaw is?
I just don't get it

In case some people aren't realizing the simple practice of handing off keys is not a safe way to preform bitcoin transactions. The 'sender' can reuse that money any time, a primary way would be to send it to themselves at a new address by making an actual bitcoin transaction.

Exactly what I wanted to point out, too: How can you be sure, that the previous owner of the coin didn't have a look at the private key?

no, the OP is talking about a trusted computer model (where you can both prove that data wasn't tampered with, there is only one copy and nobody looked at a certain part(the private key in this case) oh and also be somehow pseudonymous )
I'm not saying this model is feasible or not, or how much it would cost or even if it even would be reliable. That's not the point to discuss. The OP thinks that it's a flaw of bitcoins that they can be traded in such a manner

This has been discussed before. I remember talking about use of TC hardware for improving confidence in unconfirmed transactions years ago, and indeed, this is one of the reasons we want to change the default mining algorithm to allow parents to pay for no-fee children.

If people are building long chains of transactions off the chain by relying on secure chips that's absolutely fine and is not a "flaw" in anything, indeed, it's something I'd encourage. When the chains are eventually resolved by broadcasting them online whoever is doing so can attach a fee to the end and that will encourage confirmation of all dependent transactions recursively.

I guess I don't understand how this is meant to cause problems for Bitcoin. The fees that are being placed onto the network are supposed to be high enough to incentivize sufficient mining to keep the double spend rate acceptably low. If people use secure hardware then the double spend rate is made lower via other means and less mining is needed.

Hello i'm back.  Sorry that I didn't return earlier when I said I would.
Ok, so I was going to give you actual figures based on the current cost of mining and fees, however, when I read this post of yours above I've realised that you have already cottoned on to what I'm saying and are beginning to take it seriously and think about it.  So I don't need to try to explain it anymore to you.  :)

Wow, someone who gets what I'm saying (and a junior member like me too :)   )

Just as slight clarification, I not against being able to trade coins in this manner.  Infact, I think it is the way-to-go since it is extremely efficient and instant.  However, the fact that they can be traded like this means that the protocol as-it-is will need to be forked/modified to survive.  To address this issue, what I personally would like to see is that the miners can collect dead-coin (ie: coins that haven't been moved for a long time)-- let's say something like the coins can sit untouched in a wallet for 2 years but after that at the end of the every six months the miners can take 5% of the original amount until either the owner transacts the coins on chain or they are completely reclaimed by the miners.

I think you've completely missed the point.  There are no chains of coin transaction history that get resolved and there are no fees that get accumulated.  The bitcoin protocol as-is doesn't demand any such thing.

The way to understand how DRM coin exchange works is to picture an electronic version of casascius coin. But instead trusting casascius to load the key-pair in the coin and to not keep a copy of the private key,it relies on the services offered by the TC chips inside the computer.  (ie: you trust the TC chip not a person)
Just like casascius coins, there is NO fee involved when they change hands from person to person.  And they can change hands an arbitrary number of times.  There is no record of who has had the coin.  Indeed, they NEVER need go back on-chain at all to still be useful.  Most importantly, this scheme is perfectly compatible with the bitcoin protocol:  ie, nothing in bitcoin as-is can stop someone from creating this software.

I get what you are saying, however I don't get why you keep insisting on bitcoin in that case.
see my other post

I think you're the one who missed the point actually. I understand how TC hardware works. Heck I have a copy of the book "The Intel Safer Computing Initiative" on my bookshelf. My response remains - regardless of how you implement it or what the chips do, this does not seem to be a flaw in Bitcoin itself. Indeed it'd be a nice extension of it. If people are passing around value outside the chain, all that means is that less money needs to be spent on mining, because less value is being secured that way. How is that a problem?

So it is possible to trade bitcoin off the blockchain in a similar way that cash is traded outside of banks.   Guess that is gonna KILL the US dollar banking industry because banks can not profit off of every transaction.

This is not a flaw, it is a feature.  It gives bitcoin a mode of transfer OFFLINE as well as ONLINE making bitcoin that much more flexible. 

Could off blockchain transactions kill bitcoin?  No.  They need to be done in person and MOST bitcoin transactions need to be done online.  If you want to visit SatoshiDice in person and play (if they allowed that) FINE, but that will not cut into the blockchain version of that business.  The blockchain will have plenty of customers.

Grasping at the flaw-straw is what this thread is.

Up to now OP hasn't done his homework.

He claimed that off-chain transactions based on some conventional kind of trust will necessarily drive people to abandon using the Bitcoin network proper.

This is a claim. The proof for this claim is lacking. In fact, any serious argument is lacking
Besides, going just for plausibility: was there ever any trust based secure method of value exchange available free of charge?

---

What's the lection we can draw from this?
The innovative nature of Bitcoin is hard to understand. There is more about it than just "mining digital gold".
Once Bitcoin is perceived more as a competitor by existing and upcoming payment networks, we'll see a lot of campaigns using bzzzwords like "trusted computing". Since you can't win with arguments against buzzwords, in the end I think the actual economic and practical properties of those competing system will be what counts.

You already do trust your hardware!!!  (ie: You trust that your CPU has no backdoors or flaws that people/organizations can exploit to gain access to your machine)

I understood your argument better than you think, and right from the start.  It's one that I thought of myself, three years ago.  I was wrong then and you are wrong now.  At least that I can claim that I actually researched the topic before posting; for over two weeks.  The solution that you are reaching for, but don't know it, is called demurrage; (storage fees for very deep transactions, basicly) and it's a core element to freicoin.  It's also unnecessary.  And even if it wasn't, any successful method of implimenting demurrage that freicoin could come up with would just be taken into Bitcoin proper, should freicoin (or any other alternate cryptocoin) grow legs and offer a real challenge to Bitcoin's superior market position.  The only way that does not happen, is if the new cryptocurrency were to develop an obvious advantage for which Bitcoin could not replicate.  This is not impossible, but is rather unlikley in my view.

No, I trust my hardware, but only to a point.  I don't trust your hardware at all.  Trusted computing used for the exchange of bitcoins would require that the vendor trust the sender's machine, and probably more than he should rationally trust his own.

I'm perfectly aware of freicoin and know what demurrage is.  Infact, I mention both in my original post.  (by-the-way I belive freicon takes a fixed percentage of the total money supply every year whereas I perfer a system that takes money form inactive wallets- similar but different)

I which means that your bitcoins are not being actively traded.  Ie, you are just storing them as an investment.  Anyone who actually *uses* bitcoins and trades them on-chain must trust their machine.

So let me get this straight,  you' just admitted that, until now, you've been trashing me without actually understanding what it is that I've been talking about?

---------

Look, just forget the DRM stuff for a minute.  Ask yourself these questions:

In the future when transactions fees are the main source of income (as opposed to block reward) for miners, when someone exchanges bitcoin off-line (however they do it, using casascius coin, bitbills, printcoin bills, or DRM coin) does the miner benefit from it?

The answer is NO.  (except in very rare cases where the transaction is very large in KB size and the fee very small)

So does the miner the lose-out if a transaction that would have been transacted on-chain is moved off-chain?

The answer is YES. Because they lose a potential fee.

Now here's the important one: So if the majority of transactions move off-chain what happens to the miners and consequently what happens to the network hash rate (ie: what happens to the famed bitcoin security)?  

I won't answer this one, instead I'll let you think about this.


Why DRM/TC coin is so dangerous, as opposed to other current off-chain mechanisms, is because potentially it involves no fee, is instant, quite secure and can be done locally or over the internet.  This makes it a very attractive alternative to on-chain transactions for someone who wishes to trade with bitcoin.

Hmm, you do know how banks make most of their money don't you?? 

(here's a hint: I've deliberately highlighted a word in that question)
(incase you still don't get it:  it's NOT by transaction fees)

The merchant bank I used to work for made their money in many ways, but primarily though through spreads, commissions, interest and capital gain on prop positions. Retail transaction fees are not essential.

Because it will not happen.  The possibility of off block chain transactions is a FEATURE not a problem.  While most transactions are on the blockchain, you can (with less security) trade off the blockchain as well.  You may gain speed, low transaction costs or novelty but you give up SECURITY.  Because you give up something, the blockchain will still be the choice for most transactions.

Using the blockchain avoids needing to rely on trusting ANYONE.  In person transactions rely on trusting SOMEONE.  That someone may be the person you are trading with (by using open private keys), the maker of a system like Casascius coins or some horrible DRM system that you talk about.  You will have to trust someone.  With the blockchain all you have to do is trust in MATH.  I trust math.  Do you?

 

I agree with this ^^

It will be more useful in many circumstances to have transactions on the block chain for an official record.  Paying your mortgage?  Buying plane tickets?  Paying taxes?  Your going to want a receipt for that.

I just bought some plane tickets a fee weeks ago and guess what: I didn't use bitcoin but I HAVE got a receipt for it.  Receipts have been around for thousands of years. You don't need bitcoin to legally prove that you've paid for something.

I do trust in math.  Indeed it is the SAME type of math (crypto) that makes DRM secure that bitcoin uses.

http://en.wikipedia.org/wiki/Trusted_computing
http://en.wikipedia.org/wiki/Uefi (especially the secure boot section)
http://en.wikipedia.org/wiki/Trusted_platform_module
http://en.wikipedia.org/wiki/Digital_rights_management

I can tell you that bigger company's are going to want to have the transactions verified in the block chain.  All big companies will err on the side of caution and will not even question the transactions fees.  I can tell you that even if the fees were 2% it would be cheaper then what visa and mc charge.  However I will say that not every transaction should be included in the block chain, and eventually as the system grows, it will be preferable if not all the transactions are included as the amount of data would probably crush the system as it is today.  However, you seem to be arguing that eventually, everyone will realize they can trade coins outside of the blockchain and therefore everyone will do that to save from paying fees and the block chain will dwindle to nothing making it irrelevant, "the fatal flaw".  

I can say that this will never happen.  The devs are already arguing how difficult it is going to be to keep the block size down to a manageable level due to how many transactions are going in.  The block chain will always be needed in the same way that root dns servers will always be needed.  Yea you can cache the dns records (trade coins out side of the block chain) and offload that but try and get me to believe that you would no longer need the root servers because everyone was going to tell each other what the ip's are in a dns query (100% trade coins outside of blockchain) to avoid paying some tiny fee is just not easy to believe.  

This is the funniest thread on this forum but I wonder if it's a set up? :)

If you read the OP posts in a soft Texan accent, you would swear the you were in the room with Sheldon, from big bang theory! ;)
 ;D
The big hole in the argument is that if you use the currency in a way it's not meant to be used, it's not going to perform as well as it should.
 The point about using the block chain is that it confirms to everyone that your transaction is good.
Using drm doesn't.

^^yes I'm starting to think the same


Would you just please answer the question? you are either right or wrong with what would happen
Do you realize you are the one starting a thread on bitcointalk proclaiming a fundamental flaw in bitcoin?
to me fundamental flaw means either somethings broken or can't work

now you made me feel like a troll

Ok, so you want a model of how to transfer the private key of a DRM coin.  Well, before we start let's clarify what a DRM coin would be in this hypothetical model so we can agree on what we're talking about:
Basically it is the public/private key pair of a wallet address that is stored cryptographically on just one computer at a time.  The public key is still publicly available knowledge and can be viewed arbitrarily (eg: someone may access the public address in order to look it up on the block chain to check its balance).  However the private key can only be accessed once, once it has been retrieved the coin itself is destroyed so it cannot be transferred again.  The coin should also store the balance that was transferred to the address when it was created  (Note: someone may add more money into it after creation because the public address is known.   It would be a strange thing to do though.  So the balance is technically the minimum amount that it contains-- if someone adds extra money the coin itself doesn't know about this.  Only the initally creation balance is known by the coin.)

Now for the model: (Note: this is just a simple hypothetical model- in reality it would be more detailed than this).  The model has three different parts, 1)coin creation, 2) coin transfer and 3)reveal private key.  

Let's use the following example to explain how it the first two parts work:
Sender Sally has atleast 50 BTC on-chain in her wallet.  Receiver Ross is coming to collect the 50BTC she owes him, but Ross will only accept DRM coin because he doesn't want to wait around 20min-90min for 3 confirmations to prove that he has received the coin.  So sally has to 1) create a coin holding 50 BTC before Ross comes and 2) transfer it to Ross when he arrives.

1) Coin creation:
a)Firstly, Sally secure boots her computer.  This procedure puts the hardware into a precisely defined state and prohibits all non-signed pre-OS binaries to run (eg: the OS boot loader will only be run if it's signature matches that stored on chip).  This prevents low-level pre-OS attacks such as rootkits..   see: http://en.wikipedia.org/wiki/Uefi#Secure_boot
b)Once the OS is up and running then Sally runs the program and selects the "make-DRM-coin" option.  This software checks before it does anything that it is running on a securely-booted machine in a secure state.  
c)Once the software knows that it is safe, it creates a the private/public key pair address and makes a standard on-chain transaciton to load the address with 50BTC.  The software doesn't reveal the private key to Sally.
d)Once the transaction has been confirmed (the number of confirmations can be arbitrarily decided by the user.) the software puts this key pair plus a record of the amount into sealed storage.  see: http://en.wikipedia.org/wiki/Trusted_Computing#Sealed_storage
The coin has now been successfully created

2) Coin Exchange:
a)Both Sally and Ross secure boot their computers.
b)They both run the software and Sally chooses the "transfer-DRM-coin" option.  Like the before the first thing the program does is establish that it is running in a safe, secure environment.
c)The software establishes a secure connection between the two computers.  Let's just say it is SSL over a direct computer-computer WiFi connection for this case.
d)Once the connection is established, the two computers both remote attest to the other that it is running an untampered version of the "make-DRM-coin" software on a secure computer.  see: http://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation  and http://en.wikipedia.org/wiki/Direct_anonymous_attestation
3)Sally's computer retrieves the coin from secure storage and tranfers it to Ross's machine.  Sally's machine deletes its copy.  On receipt Ross's machine places it into sealed storage.   (This transfer would actually be a little tricky because of the need for confirmation of the transfer before Sally has her coin deleted.  Computer protocols for this sort of thing already exist.)
Voila! The coin has been transferred.

For the last part:  Let's assume the Ross for some reason or other wants to transfer some amount of the coin on-chain within the Bitcoin network:
3)Reveal Private Key:
a)Ross secure boots his computer
b)He runs the program and chooses the "reveal-private-key" option.  Similarly to the other options, the software only continues only if it being run securely.
c)The software retrieves the coin form sealed storage,  informs ross of the private key and destroys the coin.  He can now perform standard on-chain transactions.


There you go.  A simple protocol of a secure private key exchange.


Please note though:  In real life you wouldn't make a new DRM coin each time for a specific transaction.  Rather you would make a lot of them preemptively at commonly used demoninations (eg: if you had 1000BTC make 9x100BTC coin, 9x10BTCcoin, 9x1BTC, 9x0.1BTC, 10x0.001BTC) and would exchange the required number of each demonination to make up the amount required.  eg: to transfer 156BTC transfer 1x100BTC, 5x10BTC, 6x1BTC.

Also note: the software can reveal the public key and amount of the coin at any time-- this can be used to increase the confidence of the person receiving the coin that the DRM hardware/software protection mechanisms haven't been defeated since they can check that the address still has atleast the amount stated before accepting it.  It can also be used to check the number of confirmations of the coin.

Why on earth would a "big company" use visa or mc for transferring large amounts?  I personally just recently did a $30,000 international money transfer, 1/3 of the way around the world, for just $22.  That's 0.073%, which is not much at all (and it would have been a smaller percentage had I transferred more-- the $22 is a fixed price).  Bitcoin is going to have a very hard time competing with that once fees become the major source of income for miners.


Well, atleast it appears that you seem to grasp the point I'm making :)

Since Sally has her PC 100% under her control, she does the following as example:
Sally freezes her RAM after creating the private key + putting it into sealed storage. She then reads out its contents, cross checking with the known public key to extract the private key. As she transfers the key to Ross, if he doesn't immediately publish a transaction with the coin, he's screwed.

Another alternative:
Sally (passively) measures the power consumption of her CPU while it is calculating/processing the private key.

Probably more realistic:
Sally finds a TPM chip from a country that is not too concerned with trusted computing that allows some "debug" functions - meaning she can still act as if she is really "legit" but in fact she isn't. Just look at HDCP how this stuff worked out.

Interesting, except almost every DRM system has been broken. All that is needed is a way to double spend the DRMcoin and if this happens enough people will lose trust in DRMcoin.

Also people will have to use DRMcoin with the knowledge that using DRMcoin drains the Bitcoin network of transaction fees and thus weakening the Bitcoin network, possibly making their DRMcoin worthless (as its still a Bitcoin).

I can't see DRMcoin being as secure as Bitcoin, someone will figure out a way to take advantage and when enough people are left with DRMcoin that is worthless as the Bitcoin inside it has already been spent people will hopefully return to using the blockchain.

Not such a simple thing to do.  Also, you can write the software so the keys almost never go into ram but are only in the CPU caches or the registers.


This one is just plain silly.  So tell me, how do you plan to reconstruct the key from the power consumption?


Now you might be thinking a bit rationally here.  However, countries don't make TPM chips-- companies do and there are only just a few of them.  If ever they deliberately allowed exploits then they would be sued out of existence (and with the way the law is rapidly tightening up on copyright infringement and computer security they would soon be doing this illegally-- if it isn't so already)

Mmmm, nice theory.

Regardless of the fact that the whole thing is highly speculative and even if it ever could be made to work ..... with all the users dropping into a coordinated super-secure special boot handshake dance several times, how is this faster/more convenient than regular btc blockchain transfer?

I think there maybe a fundamental flaw in this thread ... but I can't see that it has that much to do with bitcoin.

Your argument is basically saying that some vapour-ware method for off-chain transactions is going to become the predominant mode for bitcoin transactions and quickly pose a systemic problem since it will be the only thing users will want to do with bitcoin .... ?? There's so many layers of BS shaky speculations in here it's difficult to see how the thread made it to 4 pages.

It's more convient because it is extremely quick, a matter of mere seconds.  Also, it costs NOTHING.  And if done over a remote network connection it is anonymous.


Actually, the argument is more than that.  It is the fact that bitcoin allows off-chain transactions at all that is the flaw.  There are many, many ways potentially that bitcoin can be traded off-chain (we already have some today: such as casascius coin, printcoin bills) with others being suggested/proposed.  Each time a coin that would have been traded on-chain is moved off chain it results in less revenue for miners.  Less revenue for miners means less mining which results in weaker security.  

What I'm saying about DRM is that it is potentially a very,very successful off-chain system-- so much so that it by itself may bring down bitcoin network hash rate to render bitcoin useless.  

TPM chips are real, not vapourware.  Indeed, the computer you are reading this on probably has one.  Windows 8 insists that it is booted securely.  The basic security mechanisms for DRM coin are falling into place.  It is only a matter of time before someone actually writes this software.

Stopped reading here: Why would Sally be interested in secure booting her computer, if she later wants to scam Ross?

The rest of your scheme (okay, I admit, I read it after all) describes a way, which ensures that no 3rd party can tamper with the transaction, but that's not the problem here. The problem is, that Ross has to trust Sally.


Besides, I really hope that computers won't be hermetically sealed from their users in the future, only for someone else to be sure, that my hardware behaves nicely. The security features still can be implemented in peripheral devices (unless you want to use Windows, of course  :D).

False analogies are false.

And you did NOT AT ALL answer the issue of TRUST.

Bitcoin is open and known.  You only need to trust math as I said before.

With your DRM scheme you need to trust:

1) the DRM maker
2) the DRM scheme itself
3) trusted computing and code signing
4) Microsoft

Each one of these is a point of failure. And while you need only ONE to be broken to render your DRMcoin to be broken and useless, EVERY one of them has been broken before. 

Go ahead, trust DRM.

http://en.wikipedia.org/wiki/Power_analysis - and it's far from silly, at my university you learn how to do that in the second year of a CS bachelor. It's even possible to extract keys from your bank smartcard that way, though new generations got a bit better. CPUs in PCs are however most likely NOT built to migitate these attacks and it will take quite some time until they are.

Your idea only works if you can 100% trust hardware a potential attacker has in his/her hands. Seals can be broken, chips soldered off, power consumption measured and debug lines reattached - still it needs to keep secrets from somebody who specifically tries to get to them. Sorry, but that's not an assumption I'd call a flaw of Bitcoin.

I agree that DRMcoins are potentially possible - but the transaction of these is NOT as secure as a transaction on the block chain, which means if you want the highest possible security, you still will pay miner fees. If you only transfer 5 cents for a bubble gum to a vending machine, it might be possible to use DRMcoins as well - but the machine operator will probably swipe all these DRMcoins every month or so to make sure they are really his.

I think the answer is that, its a feature, not a flaw. 

can coins be traded out side of the block chain?  -  Yes

Is this a fatal flaw or a feature?  -  I'm going to go with feature.

Will this feature kill the blockchain as we know it?  - No, its still more convenient to get exact change by running transactions through the block chain.  You can also not always just do local trades with people you trust, so why would you resort to some DRM solution to do what is already more convenient to do with the built in functionality? Especially when the fees are not cost prohibitive. 

Will this feature allow some significant portion of the transactions to be off the block chain? -  Yes, but if your on the receiving end of the transaction, you are going to want to run it through the blockchain to make sure this isn't counterfeit somehow unless you already trust the person your transaction is running through or you have some other reason for not wanting a record of the transaction.  To most merchants, that's worth the small transaction fee that you pay. 

If your a merchant, and worried that not accepting offline transactions would hurt your business, why not just offer to pay the fees that would be incurred.  Or if your so inclined to accept offline transactions, its no different then if the money were never spent from the eyes of the miners. 

And who says that mining has to be a for profit venture only.  Wikipedia runs quite successfully with out charging fees for its services.  They do it for the simple fact that it needs to be done. 

Another example that comes to mind. 

Suppose
1) I have a cell phone plan that allows free calling to a number
2) that number routes to an asterisk PBX with a DISA dial through that will give me another dialtone on the other end from which to make calls
3) So I can call this unlimited number, and from there, make free calls.

So why don't I just exclusively use that method to make all my calls on my cell phone?

a) its inconvenient.  My address book in my phone is not set up to accomidate that
b) the cost of just using the cell phone isn't really that expensive... I would save about $20 / month to do it the other way

Basically, I don't mind paying a little bit extra to get the increased convenience. 

As long as there are people out there like me, the blockchain will always be used. 

How could I forget?! This thread is the perfect opportunity to fine-tune our template!....


 ;D

cruel, but funny!  :)

I seriously doubt it.  You can sit back and wait for the collapse, though.  You'd have plenty of company that is already fat with crow.

Which part did you seriously doubt?  Was it the fact that I did a transfer IMT for just $22.  Cause if it is then here is the bank I used: http://www.commbank.com.au/personal/international/transfer-money.html  (I'm Australian- the $22 is $AUD but that is about eqaul to $US these days)

Also, I do BPay with this bank (BPay is a way for paying bills in Australia).  I pay my rent fortnightly $600 and it cost me NOTHING but does cost the real-eastate about $0.50 I believe.  That works out out 0.083%.  

Lastly, I regularly do an interbank transfer (to another Australian bank) into my wife's and my joint savings-  that costs, wait for it-- prepare yourself, this my shock you----, drum roll please---  $0, yep that's right absolutely NOTHING.  How can bitcoin compete with that once transfer fees become the main miners revenue?

/thread

Well, if you read and understood it then you would know that she *has* to boot securely if she wants to transact with Ross.  Ross's computer demands that Sally's computer proves that it has booted securely (this is known as remote attestation)


No, that's incorrect. Ross doesn't trust Sally.  He trusts Sally's computer and that the computer's TC chip hasn't been compromised.

Try transferring some of that money of yours to Wikileaks... No? Didn't think so.  :D

At the current rate of bitcoin adoption it would have taken a lot longer if I used bitcoin (and cost a lot more).  With bitcoin I would have to transfer the money to an exchange which itself is incurs an IMT (there are no bitcoin exchanges in Australia) and buy the bitcoin (which costs about 1%) then transfer that to another exchange in the destination country over the bitcoin network the sell the bitcoin on that exchange (again more fees) then transfer the money from the exchange to the destination account (possibly more fees).

Ok, before you protest- yes I realise that if the *whole world* was using bitcoin and then the recipient would have been happy with receiving BTC and I wouldn't have had to bought and sold it on the exchanges.  However, right at this moment that is not the case--- indeed I doubt the person I sent it to has ever heard of bitcoin-- so at this point in time Bitcoin does nothing for me in this case.

Was just looking at the other threads in the Bitcoin Discussion board.  And what do I see:
https://bitcointalk.org/index.php?topic=147742.0
It looks like another off-chain service.  And it sells itself with the fact that it is quick and cheap. 

Hopefully you people will begin to realise that off-chain transactions are going to be very popular and it is a real threat to bitcoin.  Maybe bitcoin will fail even before DRM coin arrives.


So remember people, everytime you transfer money off-chain your not paying fees to the poor miners.  So do the right thing and make a voluntary donation to a miner today! 

(the above is sarcasm if you don't realise)

Yup. Email is a failed technology because people can pass notes to each other. I get it that you have a pet theory, but when confronted with well thought out, evidence based arguments, the grown up thing to do is to acknowledge defeat.

Again, where is your argument, dude?


Why are off-chain transactions necessarily bound to be very propular?? Why is that popularity necessarily and inevitably bound to be a thread to Bitcoin?

Several people in this thread tried now since 4 pages to point out the fallacies in your "reasoning" in various way, all from polite to sarcastic. It is not sufficient to spit around various observations and opinions, rather it would be your job to line them up into a chain of conclusions, in order to form an argument.


Up to now you have given us very little to take you seriously.
Your point boils down to criticising Bitcoin for being open and extensible, and able to be connected with other economic structures (like off-chain transactions). You say this is a "flaw" in Bitcoin. And, following your line of thought, to repair this flaw, Bitcoin should be locked down and gated, otherwise it could not withstand the competition of TC, DRM and similar gated systems.

There have been a few off-chain services before.  They have not taken away many transactions from the chain.  In reality, it seems like many of them go under.  They fail to get business because on chain transactions are properly priced. 

And this goes back to the same issue you have FAILED TO ANSWER in multiple replies.

TRUST

To use a service like them you need to TRUST them to handle your money for you.  Or you can use the blockchain and just trust in MATH.

I've actually made the argument a few times.  It's just basic human preference.  Off-chain transactions are cheaper than on-chain ones.  They are faster.  Some mechanisms do not leave public trails of previous ownership.
Since they have these advantages over on-chain ones and the fact that these  are commonly wanted properties of a transaction people will choose off-chain in preference to on-chain.  

The only negative that anyone has so far given of off-chain is that it is less secure than on-chain.  However, in the case of DRM coin the truth of the matter is that for majority of day-to-day transactions it is good enough-- this is demonstrated by actual real-life practice today: ie, Consumers do use smart cards to buy stuff and very, very rarely complain about the want of security involved.  Smard cards are secured by the same type of technology has DRM (infact you could use smart cards to implement DRM coin).  In my home city I use a smart card every time I use the local transport system-- and so do 100's of 1000's of people everyday.  This demonstates that for small transactions (say less than $250) smartcard is good enough.  For larger transactions you can use more traditional banking systems (eg: similar to how gold is bought or sold-- the gold stays where it is in a vault but a record of what is bought or sold is recorded by the various banks involved.)  Not many people complain about the security of regulated banks: it is very,very rare for someone to be personally out of pocket due to a breach of bank security. When was the last time you heard of some having their money stolen from/by a bank and not being set-right again by the bank or the Government?  If banks that trade gold/cash etc, can handle their security so well why do you think they wouldn't be able to do the same with bitcoin?  Bank transfers of large amounts of bitcoin in this way would be very cheap, the bitcoin network simply couldn't compete with it!





Not quite.  My point is that bitcoin as-is with the transaction fees model will not be able to maintain network security due to the fact that you can do off-chain transactions.  My personal perferred solution to this problem is to change the bitcoin protocol so that miners make money by both transaction fees and by reclaiming old-untouched coin.  I actually like the idea that you can do off-chain transactions and believe it is the best way forward since it reduces block size.  I definitely do not want it locked down and gated.  If you read the OP you would know this.  (In the OP I also give other possible solutions to the problem).

The only real flaw in bitcoin is the number of idiots and scammers that are involved with it.

It has already happened. But nevertheless, I think it is a valid thing to look for in the future.

Off chain transactions are only valuable because you can do on chain transactions. If on chain transactions start being less secure then off chain transactions will drop in popularity and the problem self regulates.

This is the same as the fact that checking accounts don't threaten the central bank's monopoly on printing fiat paper. Checking accounts are only valuable if the fiat paper is valuable.

Off chain transactions can be thought of as scaling Bitcoin to the masses. It should be cheap and it should occur by the thousands for every on chain transaction. On chain transactions can be thought of as similar to banks balancing their books against other banks by transferring cash (or the equivalent, transferring between accounts at the central bank.)

The difference, of course, is that the common man is not allowed to have an account at the central bank but anyone can have an on chain Bitcoin balance. In the future we can choose to pay the extra fee that will be required for an on chain transaction for a large transfer or one we want to handle with very high trust. It's ok for on chain transactions to be expensive as long as for common transactions off chain is available and cheap.

The key point is that off chain volume can never get so large that on chain volume disappears. That just won't make sense. The only reason to trust off chain transactions is the user's knowledge that on chain balances are the ultimate balance sheet and that off chain providers have to balance their books against each other using on chain transactions - and they will be willing to pay a good fee to do that.

This observation about human behaviour would indicate otherwise: http://en.wikipedia.org/wiki/Tragedy_of_the_commons

I think you ought to explain your "fundamental flaw" theory to Satoshi Dice as apparently they have completely missed it. ;D

Absolutely not. "Commons" have an implied limit on usability. Hit that limit and the "commons" degrades. There is no "limit" on the number of off chain (or on chain) transactions. In fact the more it's used the more valuable the system is.

Your argument is not an argument about abuse of "commons". Your argument is that there are a fixed number of transactions and they will all be funneled into off line transactions leaving none on line to pay the miners. That is an absurd argument because as I stated, the only reason  off line has ANY traffic is that the providers balance their book with on line transactions and they will pay whatever it takes to make those secure. (If security fails they loose.) Hence, fees will be high and miners will be healthy.
 

I see your "Absolutely not" and raise you.
Absolotely, Absolutyely not.  The origin of this term actually refered to the commons (communal shared grazing land) to produce an *infinite* amount of resource (the resource being grass in this case) IF it was managed right.  Yes, the land itself was finite, but that's not what the  saying is referring to-- it refers to the production that the land provides which would be ongoing forever if the land was not over-grazed by self interested parties.

If you read the OP you would know that I've already thought of this.  I explicitly state that it may be a solution to the problem.  However at this stage this the question remains-- can Satoshi Dice grow large enough so that the fees paid keep the hash-rate at a respectable level?

Personally,  I sincerely doubt that by *itself* Satoshi Dice can.  Since as soon as the need for transaction fees kick-in in a big way, less people will be less inclined to gamble since they will be losing too much money.  At the moment most the gamblers are paying very,very small fees.  I could be wrong about this though, time will tell.

With all the fuss about raising the max. blocksize limit to help SD increase their # of tx's even more (and their own statements about just how much more in tx fees they pay over the norm) I think there is simply *zero* evidence to support your theory (and what may happen in >100 years of very little point even discussing today).

And "as soon as the need for tx fees kicks in" (other than to prevent excess spam type tx's which of course is why fees already are needed and were right from the start) will be most likely be decades from now - so hardly something to create alarmist threads about IMO.

Soon (soon when compared to your 100years) transaction fees are about to kick-in due to the block-size constraint (even though they not needed yet to secure the network)-- so we'll soon see what happens to the amount that is bet on Satoshi.  

Besides that, you seem think that currently Sastoshi Dice are currently paying plenty of fees.  Where do you get this from?  The TOTAL of all fees (not just Sastohi) for the last 24hrs (according to http://blockchain.info/stats) was 51BTC which gives an average of 0.012BTC/block that at the current exchage rate is about $0.5/block.  Do you really think that that is enough to secure the network?

Wow, the miners are only making less than $2,000 a day from TX fees. I'll be honest, that is a bit too low isn't it? How many miners are there? Over 10,000? So that is maybe $5 a day average per miner if my guess is right. Its not above electricity cost is it? or just barely.

You do make an interesting point beeblebrox.

I did make a couple of points a few pages back but you didn't reply, I would be interested what you thought of that?

Cheers.

And as you pointed out yourself - fees are not needed to secure the network (and that will continue to be the case for a *very* long time) - personally if SD up and disappeared I would not be the slightest bit concerned and I don't really see the max. blocksize change actually likely to even occur (as so many have simply stated they would rather have a hard fork occur than to accept that).

It's worse than that,  you're math is a bit wrong:  $2,000/10,000 = $0.20  
(assuming 10,000 miners of course. I don't think there are that many personally-- but I know nothing about the numbers involved its just a gut feeling-- the pool operators could give you  better info on this)

wow now you are saying we could have such a system soon? say 10 years

if http://blockchain.info/charts/cost-per-transaction is accurate
a cost of $2.50 is way better than the price banks are asking you to do for an international wire (I know you can't transact billions of dollars worth with bitcoin yet, but consider small transactions)
think of bitcoin as a way to go between different currencies

In Europe you have bitcoin-central, I can buy bitcoins at market price at a 0.5% fee (SEPA transfers are free if you already have a bank account in in the SEPA zone)
and sent them to Argentina and get pesos for them at the blue market rate, goes to show people in Argentina trust the blockchain (last I checked official price was 6 pesos for a dollar, blue price 9 pesos)

not only do I get to circumvent the heavy restrictions, it's also cheaper

do you really think people in Argentina will have safe computers in the next 10 years?

Argentina is just an example, do you really think we will have safe computing in the whole world available for the foreseeable future?

OMG, I see now, you really do propose a world, in which every computer is manufactured by apple or microsoft or some other huge company, and includes a chip, which makes sure you don't have any control about your computer. This basically means, that Sally and Ross will have to trust the huge company in this case, which essentially boils down to the central banking we have now. Only difference: You don't only have to trust the central entitiy with your money, but also with your information and everything else your computer has access to. Thanks, I think I'll stay with central banks, then.  :P

Even if you use a dedicated computer for DRM Coins, Sally and Ross still will have to trust the manufacturer of the dedicated computer / DRM to not steal their coins. This doesn't even need to be an obvious attack, but could also be executed by Sally, who works for the manufacturer of the dedicated computer / DRM and thus knows the secret keys.

Every DRM Scheme somewhere has its root keys, whose owner you have to trust. There are no root-keys for the blockchain.

Hey Boy, are you so dull or do you want to troll?

WHERE IS YOUR ARGUMENT


You state all the time: Off-chain transactions are cheaper. WHERE IS YOUR PROOF? That is what you have to show and to proof. Just claiming that something is magically cheap or even "totally free" doesn't count as argument.

Secondly, you state all the time, that this will have necessarily the consequence of people neccessarily abusing the blockchain, i.e. taking value from the blockchain, without paying enough for securing it.

ALSO THIS HAS TO BE PROOVEN, not just claimed

Please realise that your brilliant finiding as a crucial omission or gap in the argumentation chain here. And please don't be so self-complacent in your whole conduct. A lot of people have taken your confused argument serious and tried to find some good points in it.

To spell it out in single points for you. beeblebrox you have the duty to treat the following points, to support your claimed "fault" in Bitcoin:

• first, provide a proof that a service interlinked with Bitcoin is actually taking away value from the bitcoin service, not just co-existing and competing with it
• second, provide a proof that the existence of an off-chain service necessarily has the consequence to cause the above, and will do so to a significant amount
• third, provide a proof that a locked-in, gated system based on TPM and DRM, but interlinked with Bitcoin
  
  • 3.a) can even be constructed;  the security, the actual operation and the economical side this anything but obvious or trivial. You have to show this.
  • 3.b) in this form which can be implemented, is actually cheaper than the service provided by Bitcoin
  You need to look at the total cost of usage here.
  

If you fail to prove any of these, all of your ingenious finding just collapses.

Just the fact that there is another method of exchanging money aside of Bitcoin does NOT imply that people are abusing the service of Bitcoin without paying for it. It just means that there is a competitor, nothing more.

Take for example the Mt.Gox redeemable vouchers.
Is ist a flaw in bitcoin that people can exchange value by using Mt.Gox vouchers? Does it take value away from the Bitcoin network, without paying back? And special bonus question: who pays for Mt.Gox redeemable vouchers? Are they free?

plus beeblebrox thinks it is outright obvious, that you can "just write some software" for such a system, and on top of that, providing such a software would be "totally free"


And its not only the root keys, it is every step in between where the bitcoin private key is possibly at stake. Every single point of attack at every intermediary exchage step would allow an attacker to redeem the value on the real block chain.

Here is the proof:
step 1) buy a casascius coin
step 2) give it to somebody

proof is not an ARGUMENT

Ah you mean buy a coin which A) costs more than the equivalent BTC value and B) is not internet enabled?

How is this different from just buying a gold coin for your BTC? As a matter of fact you could trade it back for BTC in the future, allowing a form of off-chain transactions.

This thread has a certain circular feel to it.

youcan try some alternative chains that fit your sense of security, if that is the right way you belive will succeed, you can gain much by jumping to the right alternative chain now.

Prepare your oscilloscopes in that case! ;)
MintChip 2.0 all the way!

If DRMcoin would be so trusted, there would be no need for Bitcoin in the first place by the way, as one could transfer fiat or other amounts (gold) securely that way. No need for elaborate mining schemes or an expensive global ledger...

To have an overview on how "secure" DRM systems with smartcards are, just look at the fees of existing payment processors (Mastercard, Visa...) - the current implementation of DRMcoins.

I don't know if it has been mentioned yet, but if off-blockchain tx become so popular that they endanger the security, then all businesses who are involved in off-chain tx will basically be forced to invest into increased security themselves, perhaps by paying miners directly or by making nonsense-tx with high fees to attract miners.

Otherwise, their whole business would fail if the core Bitcoin system itself fails. They would basically have to decide between no more profits (due to breakdown of the Bitcoin system because of a lack of sufficient fees) or reduced profits (by ensuring the security of the network with their own investments). I am sure that all involved in such business would chose less profit over no profit anytime.

I think it could turn out to be a self-regulating system, basically. Or maybe not, for me Bitcoin is foremost a very interesting experiment, and I am sure we will have learned a lot even if it fails.

Generally, schemes where people have to voluntarily contribute to maintain a public good don't work very well in practice.
The solution you've proposed would most likely fail since each individual concludes that they themselves needn't contribute (ie: voluntarily pay FEES) because the rest of the users will and the loss of their small contribution won't be noticed.  The most common real life solution to prevent these kinds of tragedies is to police/enforce the contribution and make it non-voluntary -- hence why it is illegal not to pay your tax contribution or why there are parking fines for exceeding free car parking time limits.  

This is why I personally believe that if bitcoin was better-thought-out at the start it, would have been preferable to have implemented a dead-coin sweep since it forces people to make regular fee-paying transactions or suffer a penalty.

I should also point out that once people see other people not contribute they themselves feel that they don't need to either cause they ask themselves "why should I pay when this other guy doesn't".  This quickly escalates and downward spirals until no-one's paying.

man, I am thankful everyday for Gavin.

Just had a skim read of this.  It does nothing to address the issue I've raised, it deals with another major problem with transaction fees.

I have read and understood.  So far the only two arguments that you people have used to defend bitcoin with is
1) that people will voluntarily make personal sacrifices to secure the network if transaction fees dropped significantly-- which I disagree with because of my own experience gained by observing human behaviour over 40+ years.
2) that people will make transactions on chain instead of off-chain becuase they will only accept the level of trust which bitcoin on-chain offers and no-other.  This is debunked by the fact that most people here trust the exchanges-- which have a shocking track record, are run by people little more than amateures, are not regulated nor audited according to the any real standard and exist predominately in foreign countries.  If trust was such an issue, how do the exchanges manage to exist at all?