Bitcoin Forum

Ok, so I've been reading about bitcoin and following discussions on this forum for a few weeks.  While I was initially enthusiastic that bitcoin could replace cash I quickly cooled as the problems with the currency came more into focus.  Sorry to disappoint you all but bitcoin in its current form has some really major hurdles.  The main ones being:  anonymity is the exception not the norm and that it takes too long for transactions be to confirmed.   These two issues have of course been discussed here many times.  There is also two other lesser issues that are important that aren't as often mentioned: each transaction will have a fee involved and it relies on internet connectivity.

These are show stopping problems-- bitcoin in its current form will *not* replace printed currency unless you can overcome them.


Pondering about bitcoin and virtual currency has made wonder how I would implement a virtual currency.  This is what I've come up with:

1) Anyone can download the transaction software and install it on as many machines as they wish-- as long as the computer and its operating system is reliable and trustworthy and that it can prove to other machines that it is trustworthy.  The software allows the user to create any number of accounts on their machines.  An account is basically a secure store of single non-negative number that represents the amount of currency held.  Each account is created with a zero balance.

2) Everyone who participates in the system may bootstrap exactly one account of their choosing with 1000 coins.  This is the only way that new coins are minted.  ie: everybody is given the same initial cash holding as a reward for joining the system- thus this encourages people to trial the currency since it allows them to immediately undertake transactions without any cost to them while at the same time boot-strapping the whole system.  This mechanism is fair to the participants because everybody is treated equally and given the exact same initial starting amount.  This boot-strapping mechanism controls/limits the overall money supply in the economy.

3) Besides the initial bootstrap transactions all further transactions occur between exactly two accounts -- the account receiving money is debited (ie: its balance is increased by the amount of the transaction) the other sending the money is credited (ie: its balance is decreased).  The transaction amount can be a small fraction of a coin, let's say down to one millionth.  A transaction will only proceed if the controlling software of both accounts have mutually successfully acknowledged that the machine and software of the other account is trustworthy and also that the account to be credited has a balance greater or equal than transaction amount. (Note: the two accounts may be on the same machine. eg, someone transferring their own money between their own accounts).  There is no need to record these transactions only the final balance of the two accounts matters, there is no external entity (either central or distributed) that needs to confirm the validity of the transactions.  

4) If a general transaction involves two accounts on different machines the software can use any secure network that connects them to negotiate the details, eg: from local connections like near-field to wide intercontinental TCP/IP connections.

That's it, that's the system in a nutshell!  A very simple, intuitive and efficient system.  Transactions in this system are truly anonymous, the transactions are settled immediately (ie: there is no delay involving p2p network confirmation), the general transactions have no fees/cost involved,the system is robust and has no single point of failure nor a single controlling entity.

On top of this system you can easily build other services such as an escrow services, banks, exchanges, etc.
 
So tell me what you think-- is bitcoin better or worse than this and why is it?



-----------------------------------------------------------------------------------------------------------------------


PS: At this point you may be asking, "Can we actually implement this?  Do the necessary technologies already exist?".  Well today we don't have the necessary infrastructure to deploy it, however it is quite believable that in the very near future (less than a couple of years) the required technology will be available and commonly deployed.  

Let's work through what technology we need for this and what we've currently got:

# Firstly regarding the technology required for installing and running the standard transaction software :  
What we need:
  -We need a base kernel that is trust worthy and widely deployed.
  -We need to be sure that the device boots the kernel securely in a tamper free way.
  -We need the device to assert that it is trustworthy to the software.
  -We need a way to securely distribute the software to the end users and a method to be able to securely install it.
  -We need the interacting instances of the software through the use of hardware/OS provided mechanisms to be able to attest to each other that they are trustworthy.
  -We need a way to securely store the accounts on the device and a way for devices to securely communicate over the network.

What we've got:  
  - We've half got these needs covered: for the case of the base kernel requirement we have the OKL4 kernel which is extremely trustworthy and widely deployed in mobiles (over a *billion* deployments).  As for the secure storage and networking requirements standard encryption techniques and protocols cover these.  Also, it is already common practice to securely distribute software over the internet. Unfortunately, solutions to cover the other requirements are currently quite lacking and the situation needs considerable improvement before we can safely deploy the currency.  However, it is not all that bad because these improvements are already under way--extremely secure booting and software attestation in mobiles are areas that are advancing very rapidly because phone manufacturers have recognised that rock solid digital rights management is a very pressing requirement generally.  Widely deployed solutions are only a matter of a year or two away.  (This currency is really nothing more than managing a digital right-- so the improvements currently in the pipeline for general digital rights management on mobiles lend themselves to the implementation of this currency.)

# Secondly regarding the requirements for the special initial bootstrap transactions:
What we need:
  -We need to be able to prevent the same person from multiple registrations with the system-- they should only be allowed to collect the 1000 coin reward once.
What we've got:
  -We can cover this requirement by implementing a p2p system similar to the way that bitcoin works by creating a network that validates that a given user has not already joined the system.  This would work by assigning each user exactly one unique global ID.  The nodes in this network would race to complete blocks containing new user IDs not already known to the network.  When the user wants to collect the 1000 coin trial incentive they ask the transaction software to give it them, the transaction software ask the p2p network if the userID associated with the user is already registered and if not then register ID.  Once the network has added the userID into the block chain and its been confirmed the transaction software rewards the user with 1000 coin minus a small processing fee that goes to the miner. Obviously if the userID is already registered the transaction software refuses the user's request for the reward.  
  While this p2p system is more than possible to deploy today it leads to the problem of how to associate a unique ID with a real person and how to prohibit that person from obtaining more than one ID.  This is a general problem that has plagued the internet for quite a while with no real leading solution.  We could base our solution to this on existing technology such as openID or a web-of-trust scheme, or we create a novel solution based on p2p and crowd sourcing*, or some combination of these technologies, etc.


* This is an rough outline of my ideas for a crowd sourced solution to problem of assigning a global unique ID to each user:
The system has three types of participants:
1) the client- who is person seeking a globally unique user ID so they can claim the 1000 coin reward,  
2) the ID provider- this is a trusted software service which establishes that the client is who they say they are and assigns the globally unique user ID to them,  
3) verifiers- who are the set of the people that actually decide that the client is who they say they are.  Anyone can on the internet can join-up to be a verifier.  When they join they state what sort of documents they are proficient at identifying.

For each possible nationality of a client there is type of document that is agreed upon across the system as a required document that must be provided as evidence in their claims of identity.  This document must have a unique ID amongst all the documents of that type and a person must only be able to obtain one of them.  eg: for most nationalities this would be a current passport of their country.

The process of assigning the client their ID runs as follows:
1: the client pays a small fee to the ID provider-- this is to pay for the verifiers' time and also for the cost of running the provider.  A competitive market amongst providers will determine this fee.  The client also lodges a bond in escrow with the ID provider which will be destroyed if the verifiers think the person is a fraud else it will be returned.  This bond should be a sizeable part of the reward, say 500 coins.  They could borrow these monies off a friend or may have already earned it by selling stuff.
They then fill out a web-form from the provider stating who they claim to be and what the type of documents will be produced as evidence and what the ID from the required document is.
2: the provider checks amongst its peers that the required document's unique ID has not already be registered with the system.  If it is it informs the client and returns the money else it proceeds.
3: the client uploads to the provider a short video they have created about themselves and shots of supporting documentation.  This video should have enough details to prove to the verifiers that there exists a person with certain credentials- such as name, address, etc., and that person is indeed the person in the video, and that there exists a genuine required document with the same ID as in the clients form and it is for the same person as the other documents.  eg: they first film themselves with photo ID documents of themselves such as drivers licence and any other identifying data they wish such as bills, birth-certificates, facebook, etc. this establishes that there is indeed a person with those credentials who exists and that person is the person in the video. They then do a detailed filming of the specific required document with its unique ID.  They have to film this with enough detail to prove that it describes the same person as the other documents and that the document is not a forgery  (eg: in the case of a passport they film the it overall, film the main page as well as close-ups of the visible anti-tamper features).
4: this video is then distributed to twenty randomly selected verifiers who are familiar with the types of documents provided.  The verifiers watch the video and decide-- a)there is not enough evidence to make a decision b)the evidence is good enough and they've decided that the person is a fraud or c)there's good evidence and the person matches it.  They inform the provider of their decision.
5: the provider collects the decisions- if +80% agree that the person is who they say they it gives them a global unique user ID, registers the required document ID with its peers and returns the bond; if +80% say that they are a fraud then it destroys the bond (it just subtracts the amount from its own account); otherwise it returns the bond.  The provider then pays verifiers.
6: On top of this basic verification process we add another mechanism-- the verifiers each deposits an amount equal to the verification payment prior to each round of verification.  After the decisions are in, those verifiers in the majority agreement receive the deposit of the other verifiers.   e.g.: if 45% voted fraud,  35% insufficient evidence and 20% voted genuine the fraud voters would win the deposits off the others.  This enforces self regulation of the verifiers, after a while certain standards will naturally develop as everyone tries to vote the same way for a given collection of evidence.  Also, the video can be sent out to inexperienced verifiers who can practice their verification skills against the pros-- these learners don't have to lodge coins to practice.  They get to see the final result from the real verifiers to compare how they going, once they're confident enough they may join in the real process.

You may see that there is a slight flaw with this above-- some people have multiple passports and nationalities so they could successfully be issued with multiple userIDs and claim the reward a few times.  Admittedly there is not much you can do about this-- personally I'm happy to ignore it and say "lucky them :) ".  You may have also noticed that you still need to bootstrap this process, ie. how does the very first person join the system-- you could hard-wire into the software that the very first account made is created with a 1000 coin opening balance and then use that to pay for the first bonds and fee of the verification system.

How is this any simpler? With your scheme you need all the verification, mutual trust, trusted machines, user IDs, and so on.

Bitcoin: simply download and start the client, ask a friend to send you some coins (or use the faucet) and you can play

This.  There is no reliable way to uniquely identify an individual.  You will just cap your value at (cost of forged passport)*0.95/1000 and people will make 5% by creating identities to feed your system.  Also, new users don't add value to the economy, new merchants do.

global unique ID ... is this the puke symbol  :o  :P

how much more facist do you want to make the money than it already is ?

You lost me at "as long as the computer and its operating system is reliable and trustworthy"

I'm sorry I stopped reading after this.

Yeah... I barely trust my computer, and I certainly don't trust yours.

I thought I'd give it another chance ..

You lost me at "Everyone who participates in the system may bootstrap exactly one account of their choosing with 1000 coins."

From the users point of view the system I've outlined it is no different from what you describe for bitcoin.  You just download the software onto you phone, start it and your away.  You may also collect a one-off bonus of 1000 coins if you wish by registering with the system.

When I say it is simpler, I mean it is a simpler protocol and also simpler from the computational point of view than bitcoin.  When a transansation occurs in this system it *doens't* require miners on a p2p network over the internet to confirm the transaction.  There is no extra cost, time nor energy spent by anyone except the two computers involved in the transaction.  The transactions happens immediately-- basically one computer gives the other a number, the first computer decreases an account by that amount by and the second increases an account by that amount.  It is an *extremely* simple protocol when compared to bitcoin.


By the way: bitcoin forces you to implicitly assume mutual trust and trustworthy machines,  eg: when someone stores a coin on their computer they assume that their computer is trustworthy enough to securely store it.  When someone transfers some coins to an escrow or anonymising sevice they must trust the other party's computer.  
My system makes these trust obligations explicit and *demands* that the machines involved are trustworthy instead of just assuming that they are.

Bitcoin does indeed require some trust, as every trade does; if you pay someone for something, you still need to receive what you've paid for.

However, bitcoin does *not* require trust that the other party will store his coins securely. If he doesn't, they may be stolen, lost or scammed, but that is his problem.

Maybe I didn't do a very good job of explaining how th global ID works.  Rest assured-- the ID isn't linked to your identity.  It is just a authorization token (basically it would be a long string of numbers- much like a bitcoin address: the numbers would be such that a piece of software can interpret them as being a valid token).  By presenting a valid token to any software client of my system you may ask the client to reward you with 1000 coins to one of your accounts (or someone else's account).  The software then presents *just* the token to the p2p bootstrap transaction network to check if it has already been presented or not.  The network doesn't have *any* means to trace the token to your identity!   The coin reward network stores *only* a record of presented tokens.

Also, the other p2p network which I suggest could be used to generate your userID token in the first place *doesn't* keep much a record of your identity (eg: no name, anddress etc), it only stores the ID of the presented required document (normally something like your passport number).  This number by itself is very hard to trace back to you, hackers would be able to do very little with this number.

It should be noted that there is no record kept of which required document ID was used to grant a given global user ID token,  ie: there is no record of the link at all on the system between the two IDs-- the only person aware of the link is the user.

are you serious?
think about what cash is.
cash is not even a currency, it's just one way of transfering a currency, which can be also done bitcoin-backed.
print some bitcoin-QRcodes on paper-bucks and use that as cash,
if you give those paper-bucks to me, transfer is instant and doesn't need any internet-connection, nor confirmations.

and how do you keep any identity from linking a hundred IDs then and claim 1000 coins 100times?
if it's not linked to my identity, why not just create a few more identities? i am lots!

I agree, I don't at all feel that my machine is trustworthy.  My computer that I'm typing this on is running Kubuntu and let me tell you-- linux security is a heap of sh*t.  I wouldn't leave my money in the hands of it.  

However there are OS kernels that are trustworthy and reliable and I would have no calms at all with them protecting my money or life: kernels such as OKL4 (or its sibling sel4-- which is *completely* trustworthy-- its been formally verified),  or Greenhills Integrity, QNX, etc.  You may never have heard of these kernels-- in the real world you will find these kernels deployed where reliability is paramount-- such as flight control system in jet airlines.   No-one *ever* puts linux in a flight control system.  (I should remark that reliable and trustworthy are two different properties of a kernel-- but they are usually found hand-in-hand side-by-side)

It turns out that many mobile phones (about one *billion*) have one of these kernels inside them- namely OKL4.  Even though it is a full mirco kernel, inside phones it is normally deployed as a hypervisor and another OS runs on top.  For example, *many* (if not most) android phones actually run on top OKL4-- because Android is so insecure and unreliable that the phone operators will not place it in a trusted situation.  The phone manufactures use OKL4 as a hypervisor to prevent Android from doing any of the actual telecommunication stuff.  The fact that such a trustworthy kernel OKL4 is on so many phones leads to many possibilites in the future-- such as a virtual currency.


PS: by the way-  your choice of language reveals that you are probably not well versed in computer security literature.  In the field of computer security a machine that you "trust" is a machine that you are forced to use-- one that you have no option but to use (eg: the computer in an ATM terminal is a trusted machine-- you must use this computer to withdraw your money even if the machine is easily hacked).  A machine that you have confidence in is a "trustworthy" machine.  So you statement "I barely trust my computer" if your writing as a security expert would have been-- My own machine is barely trustworthy,  and I certainly don't think yours is.

If I understand this correctly, my balance is saved somewhere on my computer only. What does prevent me from not increasing this balance?

If I understand this correctly, this will be a form of DRM used to securely store your account balance.

This does sound nice in theory: everyone knows what their balance is and they can't tamper with it as it's secured by the software, the kernel (which is software too), and the hardware.

But this will fail for the simple reason that people -will- find a way to change their account balance: they'll break the encryption, break the trustworthiness to make it look as if they're trusted. If that happens, and it will, how will this system prevent that? Everyone is trusting the clients to not cheat. A broken client will obviously still claim to be trustworthy.

If you think that software is unbreakable, then look up the various DRM scheme used in games: often claimed to be unbreakable too, till someone figures it out. Just like with the PS3: it was supposed to be unbreakable...
And if you get the best programmers that don't write any bugs at all to make the perfect DRM scheme that won't fail at all, you still won't be safe: people will start playing with the hardware in order to break it.

Hope this help explain stuff a bit,
Titeuf.

exactly. Any kind of hardcoded encryption is bound to get reverse engineered at some point.

Would this unique ID be tattooed on your arm at all  ?
 :P

I just love it when people like the OP think they are smarter then the market!  ;D

But guess what! No matter what you, or I or any other individual thinks it's all irrelevant. The only thing that matters is what the marketplace as a collective thinks of Bitcoin. And I guarantee you if the marketplace thinks it's useful and good it's going to be used and it will grow and if not, well I guess it wont.

But your opinion sir, is irrelevant.

Below I've detailed the bootstrap transaction process in greater detail so that you can see that you can't claim the bootstrap reward transaction as often as you want.

Ok, so lets assume that a new user has downloaded the transaction software, installed it and has created some accounts on their phone.  They now want to claim the bootstrap new user reward.  Here is the process in detail:

1) The user asks his instance of the transaction software for a global user ID.
2) The transaction software contacts the authentication system hands the user over to it and requests "If you have never seen this user before please create a new global userID for them"  (The authentication system -whatever it is: it may be like my hypothetical crowd sourceed p2p system or based on openID or web-of-trust or something completely different or a mixture of these- is a completely separate system from the transaction software system.)
3) The authentication system then proceeds to verify the user.  If it has never seen the user before it adds a record of them to its system (under my proposal it records the ID from some from particular document provided as evidence by the user-- such as their passport ID).  It then creates a new unique global ID and returns a global ID to the user.  It creates the global ID in a non-forgable way that proves that it came from authentication system.
4) The user takes their userID and presents it to their transaction software-- this software then contacts the bootstrap p2p system and asks it if has ever seen the ID before.  This system checks if it is a valid token from the authentication sysytem (it does this by examining the token itself) and then checks if it hasn't seen it before.  If it is a new ID it then it records the ID by a p2p block-chain system similar to bitcoin.  Then it informs the transaction software whether it has or hasn't seen the ID before.
5) If the transaction software is told that it is a new ID then it creates 1000 coin in which-ever account the user chooses.

That's basically it.  Note that the authenication system never gives identity details to the transaction software.  The user ID doesn't contain any of the user's identity credentials in an accessible way (although it is possible that the userID creation process may be based on some credential of the user but this is always done by one-way functions: eg, the creation of the userID may involve the cryptographic hash of the user passport ID).

Also note the user ID is just a token that authorises the transaction software to create a bootstrap transaction in an account.  The user could indeed give the ID to any other user and the second user would be then able to use it (provided it hasn't already been used-- it is strictly a use once token).

It sounds like a beauracratic nightmare.

You're free of course to create your own system and if its better people will support it.

so, to use your transaction system, i first have to use some other completely unrelated security system, which makes it even more complicated.

however, what makes you think that your security system can't be cheated?
i can create a bunch of passport IDs without much effort, what makes you stop me?

besides that, weren't you complaining about anonymity being exception not the norm?
so you obviously want anonymity, but now you want everyones passport IDs, or some other proof-of-identity, that kinda doesn't match.

OP, I suggest you lookup toecoin on this forum. It's a really great system to insure nobody can cheat during the bootstrapping process.

Ok, you're still not getting.

Your getting confused the between the general day-to-day transaction system and the authorization system.  These are completely separate systems!  

For general day-to-day transactions it is *completely* anonymous.  The transaction software on your phone doesn't store or exchange *any* of your identity credentials.

However, the bootstrap transaction that new user uses to claim the reward *does* require them to establish their identity.  The bootstrap process calls upon the authorization system for new user verification.  However, the authorization system needn't store many of your credentials.  For example, my crowd sourced method stores *only* a cyrptographic hash of a passport ID which isn't very useful for people to know.  This is the only credential that a hacker could steal if they managed to break into my proposed authorization network  (note that my proposed system could use the same encryption algorithms as the bitcoin network-- ie, it would be no less secure than bitcoin).

Also, please note that a new user doesn't have to claim the 1000 coin reward if they don't want to-- it is completely discretionary!  ie: a new user needn't reveal any identity credentials at all, however they will not receive the bootstrap reward if they chose this route-- but they can still make day to day transactions (ie: they could do work in exchange for coin).

I was the first to recommend 1000 initial coins.  See this link http://bitcointalk.org/index.php?topic=4212.msg63806#msg63806

SATOSHI out!!!

don't worry, i got that completely separate systems part,
but completely separate systems dont make things better, it makes things worse.

and you still havent mentioned how you gonna keep me from creating fake IDs, which is not a problem at all,
it's not that hard to create a few thousand fake IDs to claim the free-newbie-cash, how do you stop that?
or do you just not care?

Sounds like the OP want 1000 bitcoins for free xD

That's what the verification system tries to weed out!

In the real economy, no country has ever stopped people from counterfeiting money-- however the government can design the currency to make it quite hard to convincingly forge bank notes.  Some people still manage to pull it off and get away with it but its quite rare and in the big scheme of things doesn't affect the economy in any major way.  Fraud and counterfeiting is something that we live with-- as long as it remains relatively small scale most people accept this and are not worried by it (eg: I've yet to see *anybody* go on street marches protesting about the amount of counterfeiting in their country)

Similarly with this virtual system we can't stop people from creating fake credentials and trying to pass them off as genuine.  However, we can implement systems that try hard to expose this illegal behaviour and also once exposed to penalised those involved.   Any potential fraudsters would weigh up the pros vs the cons before they decide to commit the crime-- by decreasing this ratio and by increasing the chances of being caught we would make it less appealing to fraudsters and thus reduce the prevalence of fraud.

For example, under my proposed verification system you would need to convince 17 out of 20 people that the documents used as evidence are genuine.  Now if the majority of users aren't happy with the quality of this system we could make this system even stricter-- for example we could require that 48 out of 50 people argee that the documents are genuine.  Or we could link this system to other technologies such as openID or web-of-trust. We could also increase the penalties of fraud by increaseing the bond to be far greater than the reward and also automatically hand over videos of suspect fraud cases to the police.  We could even implement a system that requires you to appear in person at a designated authorization office for in-person verification by approved officers.

The point is that we can increase the qualitity of verification system to the point that most people would be happy with it even though it is not 100% perfect.

I ll stick to using carrots. At least i can eat them.

ah, now you want documents (multiple i guess), not only IDs.
so i have to fax you my passport, my last electricity bills, certificate of birth, maybe send you some blood-samples to check my DNA?
and if those chosen ones arent ok with what i sent, i'll have to come around in person.

so you really want everyone to go through a bureaucratic nightmare, to get those free coins to try the system.
sounds like a plan, good luck with that.

seriously, i hardly doubt anyone would do that,
everyone would just stick to carrots instead.

diogenes, you still haven't told use how you would prevent someone from tampering with his own balance.

Well I never said you need to give blood samples, but yes, I believe people would be prepared to verify themselves because they get a sizeable number the coins in return.

Compare this to bitcoins, where it is quite hard to get coins-- you have to *pay* a bank and currency exchange for the thrill of getting something that you can't do a great deal with.


Actually, let's compare my proposal with bitcoins in general since you've mentioned some issues which you see as potential problems (all of which I actually mentioned in the original post and I have responded to them with reasoned argument).   To refresh things I'll reiterate the four main setbacks that I see with bitcoin in my original post. Now let's see you defend these problems-

1) Anonymity is the exception not the rule- it is actually hard to trade anonymously.  If you do wish to trade anonymous you need to trust the services of third parties and these third parties will also charge you a fee for their service.  (My proposal is completely anonymous for day-to-day transactions)

2) Bitcoin in its current form cannot be used for day-to-day transactions with the same degree of ease as cash. When you purchase with cash the transaction is settled immediately with bitcoin it takes time for the transaction to be acknowledged by the network.  (Under my proposal transactions clear immediately, there is no delay)

3) It is envisioned that in the future *each* transaction will incur a fee.  Cash doesn't have this impediment. (In my proposal all transations are completely free)

4) Bitcoin relies on the internet.  If the internet goes down (such as caused by a telco outage) or you are in a location where there is no internet service available then you're out of luck-- you simply can't trade.  (My proposal isn't tied to the internet- you could trade anywhere if using mobile phones with local network capabilities such as near-field or bluetooth)

(I'm certain that you roll out all the normal arguments that have been used before on this forum-- however, what you're ignoring is that the common man -ie: those who actually use cash every day-- wont tolerate any system that it not as convenient or anonymous as cash.  Small real world merchants especially -ie, those whose deal with a lot of cash sales in physical shops with physical goods won't accept anything that complicates or hinders their operations)

Your balance is stored in encrypted form on your computer-- only the transaction software has the key to decrypt it.

Yeah, sure, but that key is in the software somewhere. Someone will surely be able to reverse engineer it, as they always do.

It might be time to rename your thread title.

that, excuse me repeating myself, is not true,
it CAN be used for day-to-day instant transactions in the same way, cash does.
you can easily print bitcoin-paper-bucks and use those paper-bucks exactly the same way, you use cash today, without any delays or confirmations, without any connection to the bictoin-network or the internet at all,
nothing keeps you from just doing it.

BitBills is the first attemp to do exactly that.

the same thing also proves your transaction-fee- and internet-rely-arguments wrong,
cash doesnt have this impediment, bitcoin-paper-bucks, or BitBills also don't have it.
create them, use them and you got what you asked for.

what YOU are STILL ignoring is, that cash is not a currency,
delays, fees and all that nasty stuff also appears, if you use your common currency to pay online, or send bank-wires, or do whatever else is done the non-cash-way.

well, i guess everyone already knows i'm Noodles and my mail is on my profile anyway,
but i wasnt the one who was asking for anonymity to be the rule, that was you.
i don't care if you know my name (which you actually don't know), or that i'm from germany (which is obviously true).
and i care even less about your passportID, why should i bother trying to hunt your identity down? what's in it for me? :D

You haven't really explained why people will give me anything for these coins created from nothing just for my identity. Free coins are valueless by definition.

This is ignoring all the other problems with your idea including your ludicrous idea that people will somehow not be able to alter their balances which are solely stored on their local systems. If you can transfer with no connection to a global network, then I can just impersonate a client talking to myself saying it is transferring 1 million DumbCoins to me. How do you authenticate that the other end is actually doing what it says it's doing?

What if I have a client installed on a disk and I clone that disk, then transfer my balance to someone, then restore the clone? How does your completely disconnected client know that its balance was transferred in some alternate universe?

And this is just attacks I can think of that don't involve hacking the client or wallet itself in any way.

So, according to your logic you would be prepared to give me all your hard cash holdings becuase the government prints this money from nothing and thus it is worthless.  Well, I'm quite prepared to accept your "valueless" cash.
Also, according to your logic if I randomly give away 100 euro to someone on the street than that money is worthless because free money is valueless-- I don't think the person who receives it would say so, they would be more than likely to gladly accept it.

Hmm, me thinks that your argument doesn't really stack up.   

My currency would have value for the same reason bitcoin does-- it is limited in supply and has other properties that makes it a candidate medium of exchange.

One of these two states are true:

OP is crazy.

All of us are crazy.

Are you trolling? Obviously this logic doesn't hold. Money is worth what people will give you for it. Fiat currency has value when the government prints it because people ALREADY have assigned a value to it. If I can get 1000 DumbCoins just by existing, then what value does a DumbCoin have? Why would anyone give me anything for one?


Being limited in supply is not what makes bitcoin have value. You seem to have a fundamental misunderstanding of how currency works. And your proposed currency has no other properties that make it a good medium of exchange.

Also, you don't even have "limited in supply" going for you. There is no limit of the supply of your money. Even assuming that you somehow protect 100% against fraud and always give exactly 1000 DumbCoins to any one person, new people are created every day. You can make a new person in 9 months. Sometimes you even get "lucky" and make two or more. Every time someone is born, 1000 (potential) new DumbCoins are created.

1000 free coins for new user?
Oh man, haven't you ever hear about deflation? your coin value will decrease as soon as new user joins... I think you must reconsider that issue if you really want to realize it.

Ok, so a was a little sloppy with the exact wording about the supply of the currency.  Perhaps I should have said the supply is controlled/constrained.  I'll assume you were smart enough to get the point of what I meant and so I'll just take your response as a nit-picking quibble (either that or I'll have to assume that you're rather dumb :) )


However, I will directly challenge you on your comment about my "smartcoin" currency having no other properties that make it a good medium of exchange:
Let's compare our two currencies against your own beloved bitcoin wiki's criteria about what makes a good virtual currency (https://en.bitcoin.it/wiki/Ideal_Properties_of_Digital_Commodities)

From the wiki:
1) Decentralized - no single point of failure or issuing authority:  wiki gives bitcoin an A  :  I give smartcoint an A :  my comment- personally I feel bitcoin is a B+ because a teleco failure/internet outage can take down bitcoin in a local region whereas you can trade smartcoin over *any* network connection (such a usb/wifi/bluetooth/near field/local ethernet/etc.. )

2) Scarce - required to be a reasonable store of value : wiki gives bitcoin an A : I'll give smartcoin an A : my comment- bitcoin has a strongly deflationary model in that it has a strict upper limit of the number of coins produced.  Where-as smartcoin ties the number of coins to the number of people using it thus smartcoin naturally grows the money supply in a controlled proportional way.  Overall depending on human population growth patterns, smartcoin would be very close to neutral (possibly slightly deflationary) because of coin attrition due to people dying with password locked devices and the destruction/loss of devices (see http://bitcointalk.org/index.php?topic=6816.0.).  Which model is better is really a political argument.  What can't be argued is that both have quite rigid controls on currency supply, you can't just create extra currency on a whim.  The supply of money is quite predictable and smooth in both currencies.

3) Storage - actual commodity should be cheap and easy to physically store securely : wiki gives bitcoin an A : I'll give smartcoin a B : my comment- smartcoin can encrypt its coins with the exact same technology as bitcoin and it even has the advantage that it is *mandatory* that coins are stored on devices with anti-tamper mechanisms and trustworthy OSes.  However, I should admit that you cannot backup your coins with smartcoin because its not possible to copy them so they are risk of being lost due to forgotten passwords, device failure, device theft/loss.  (It should be noted that when you backup your bitcoins it increases your risk to theft-- although overall the it is a wise and advantageous thing to do.)

4) Irreversible Transactions : transactions should be irreversible : wiki gives bitcoin a B and notes that it is irreversible after an hour which is often not acceptable wait time : I'll give smartcoin an A+ : my comment- personally I feel bitcoin is a C. Within smartcoin general everyday transactions are immediately irreversible, ie. for everyday transactions smartcoin has a perfect score.  (Although it should be noted that the one-off bootstrap transaction would take about the same time as a bitcoin transation).

5) Anonymous : untraceable transactions (if desired) : wiki gives bitcoin a C and notes that it currently requires some trusted third party to obsfucate transactions : I'll give smartcoin an A+ : my comment- personally I feel bitcoin is an E.  It is *very* hard to do anonymous transactions in bitcoin and it will usually cost you money to try whereas for smartcoin *all* transactions are *completely* anonymous (ie. smartcoin has a perfect score here).

6) Unspoofable : should be exceedingly difficult to counterfeit   : wiki gives bitcoin an A : I'll give smartcoin an A : my comment- although they rely on completely different technologies and approaches they are both very good.

7) Gratis Transactions : transactions should be gratis, or nearly so, forever : wiki gives bitcoin a D and notes that bitcoin future tx fees are certain, but could remain low : I'll give smartcoin an A+ : my comment - you may be suprised to learn that I actually rate bitcoin higher than the wiki on this and give it a C+.  Smartcoin has a perfect score here-- all transactions are completely free!

8) Offline Transactions : ideally two participants should be able to safely transact without requiring internet access or trust of one another (like normal cash) : wiki gives bitcoin an F and notes that is not securely possible with Bitcoin- double-spending is always possible without Internet access : I'll give smartcoin an A : my comment- any two machines can transact smartcoin over any network connection, even local ones such as usb/wifi/bluetooth/near field/etc..

9) Speed : ideally transactions would be instantaneous : wiki gives bitcoin a D   and notes that currently bitcoin is fast enough only for shipments; anything faster than an hour on average requires compromising security : I'll give smartcoin an A+ : my comment- smartcoin has a perfect score here because transctions clear immediately.

10) Scalability : usable for every transaction everywhere in the world : wiki gives bitcoin a C   and notes that currently there is a lack of lightweight and offline bitcoin clients (if such a thing is even possible) to replace the need for conventional cash : I'll give smartcoin an A+ : my comment- gee whiz another A+ :) . Why an A+ you may ask, because smartcoin is infinitely scalable ie. a perfect score.


Please Note:
I've skipped the Unique Use-value property because I don't believe this is necessary or useful for a currency.  However, I will admit that the bitcoin concept of block chains is a pretty neat idea-- so neat that I actually use it in smartcoin to store the global user IDs.
I've skipped the verifiable funds property because I can't really see how this is a necessary property.  However, you can implement this ontop of either currency using escrow.  It should be noted escrow can be achieved more securely with smartcoin because you can insist upon the use open-proof programs and it is madatory that it uses trustworthy computers- this elimanates concerns about the trustworthiness of the third party.


So, summing up my evaluation:  
wiki's bitcoin scoring-  A, A, A, B, C, A, D, F, D, C
my bitcoin scoring-  B+, A, A, C, E, A, D, C+, F, D, C
my smartcoin scoring: A, A, B, A+, A+, A, A+, A, A+, A+
Smartcoin beats (somethimes even thrashes) or equals bitcoin on each point except one.  The one and only advantage that bitcoin has over smartcoin is that you can backup your coins.

Hmm, perhaps not!


Initially, when I started this thread, I put out these ideas to see what people think.  I wasn't really all that interested in implementing it-- just interested in the general concept.  I had only just concieved of the idea before I wrote it down on this thread (I more or less made it up while typing the original post).  I actually assumed that there would be some fundamental flaw in it that someone would notice.  Since no-one yet has pointed out any reasonable game stopping flaws or shown me how it is worse than bitcoin the scheme has started really growing on me.  I'm now seriously thinking about hacking up some code and doing a proof of concept (the proof of concept would be without the trustworthy remote attestation part-- the hardware infrastructure isn't available for that yet).  


Indeed, I'm already thinking how to improve it in response to some comments on this thread.  

For example, comments have lead me to believe that the authentication system should be improved. So I've come up with the following novel system:

I believe that it would be better if there were two separate way to authenticate within the authentication system to assist with rapid mass adoption of this scheme:  
method 1-- to get as many people into this currency as quickly as possible it should be *extremely* easy to collect the joining reward via this method, however the total number of people who can join with is strictly limited.  It should take no more than a very short web-form and a couple of clicks by the user and just a couple of minutes.  This authentication process should use resources already freely available on the internet as evidence.  These objectives should be the goal even it means that it is exclusionary (ie: some people can't join by this method) and even if it means that a small percentage of people can double dip and claim the reward multipe times (as long as it is very limited eg: no more than 10 times).  The reward for this method would not be the full method 2 reward, let's say it is 250 coin.  The number of users allowed to join by method 1 should be great enough that an ecosystem of businesses can evolve around the currency-such as exchanges, escrow, lending and importantly method 2 authentication services: I feel that 25 million users would be sufficient.

method 2-- via this method *everyone* should be able to join but it should be *very* hard to join multiple times.  Authentication by this method would be an indepth process and it would require physical evidence to be produced and would most likely require a new user to present themselves in person.  People would be prepared to do this because the system gains so much momentum and interest by users joining via the method 1.  Method 2 authentication can itself be run as a profitable competitive business.  The bootstrap reward at this stage is the full 1000 coin.  People who have already joined by method 1 can rejoin by method 2 and claim its reward in addition to the first one-- this further encourages people to join quickly so they can claim both rewards before method 1 is retired.

So the big question is: "How to create a method 1 authentication process".  

Well here's one idea I've been toying with--- Facebook!.  The client simply fills out a web-form that asks for their facebook entry credentials (which is just two items, their email address and password-- no big burden on the user to supply!).  The system then goes to their facebook page and checks if the first entry on their wall is before March, 2011.  If it is then it retrieves their facebook name plus the entry's date and leaves facebook.  It then checks with a p2p block chain system if the someone with that client name and date already exists-- if not it then adds that user/date to the network and once they're added it authorizes the client to collect the method 1 joining reward. This achieves the requirements of method 1 authentication in that extremely easy and quick and the vast majority of facebook users could only join once (most people have just one facebook account, I would be surprised if anyone has more then ten).  Obviously, people who haven't an existing facebook account can't join by this mechanism but that's just too bad for them; also if two people with the same name joined on the same day- method 1 is first in best dressed.  In fairness, I should remark that this has the potential flaw in that it is at the mercy of Facebook, Facebook might get pissed off with this system using their data (especially considering that facebook has it own virtual currency) and remove all the date data from the accounts.

I can just as equally say:  bitcoin has a central issuing authority in that it is a bunch of computers connected together that make up the bitcoin network.  
The global ID's verifiers are a network of computers similar to the bitcoin network, but instead of racing to process transactions into block chains, they process crypto-hashed credentials of a new user.   (If I was to actually start coding this -- I am very, very tempted to atleast code a proof-of-concept-- I would actually use the bitcoin code.  From what I understand I wouldn't have to change much at all, just the a few fields in the transction record).

So if you give it an F then likewise bitcoin must be an F+  (smartcoin is always slightly ahead because it doesn't have the internet-not-accessible problem as a point of failure)



Well, if this was really a problem I could just limit the total number of coin produced.  I would say 10 trillion is appropriate,  that's 1000 coin for 10 billion people.  Also, it is quite easy to make to it *very* difficult for the verifiers to be able to collude because you can split the process up into different subprocesses and distribute them multiple times out randomly to different verifiers and requiring them to concur before accepting the transaction.  You can also severely restrict collusion by tying part of authorization process to something independent of the verifiers such as existing federated indentity schemes (ie: tie part of it to something that they can't control/change).
Just to put the the problem of collusion in perspective consider this (Note: this assumes a limited smartcoin supply-- which I might as well do):  the total number of bitcoins that will be produced is 21 million and a miner collects 50 for each block, so each block reward is 0.000238% of the total money supply while in smartcoins each instance of collusion would give 1000 coin out of 10 trillion or 0.00000001% of the money supply, ie: each bitcoin block reward is equalivent to the reward of 23800 instances of collusion.

So if a strictly limited money supply is adopted smartcoin once again has an A.



Actually, it is possible for me to create a backup system.  The way you do that is have another system that does the opposite to how the coins are minted.  What the mint is really doing is converting a token (the global userID) into 1000 coin: you can just as easily program a tokenizer (or reverse-mint) that converts the coin back to tokens and deletes the amount from the user account.  These tokens are just long strings of numbers which you can copy your heart's content- you can even print them on paper and physically store them in a vault!.  However, they should be treat just like bitcoins (actually that's more-or-less what they are!) and be very careful not to let anybody have access to them.  



If you think MITM is still a problem in this day and age then I've no idea where you've been for the last 20 years.  MITM attacks were solved a *long* time ago-- maybe you should brush up on your computing knowledge.  (By-the-way: it should be *obvious* that this attack isn't unique to smartcoin, anything that communicates over a network is suspectable.  Now let me think, hmmmmm: wait a minute, doesn't bitcoin run on the internet?)



The general transctions in smartcoin *are* anonymous!

You clearly don't understand what the global user ID is and what it used for.  This could be partly my fault for calling it a user ID.  While it is technically an ID it is *never* used as ID within the transaction system it is only used as and acts as a token within the transction system- this is why transctions *are* anonymous.  Also, it needn't be used as an ID in the authenication system- although it might be (in the system I've in mind it doesn't need to be). Sorry, I should have been more careful in naming it.  
A good analogy of how the it works *exclusively* as a token in the transaction system (even though it is an ID) is comparing it to how a ticket works in a movie theatre: when you buy a ticket using a credit-card at the box-office the staff who serves you checks your name by having you sign it, she then gives you a ticket. However, the movie ticket *doesn't* have your name on it!  Its just a token that the usher on the door can recognize has being genuinely issued from the box-office, authorizing the bearer (who may be you, or someone you gave it to) to enter a particular theatre sitting.  It's the same in smartcoin: the user token doesn't have *any* of accessible credentials of you stored in it and its used just as a token that the transaction system can recognize as being genuinely from the verification system and it authorizes the bearer to collect 1000 coins.  Just to repeat it one more time- It is *never* used as an ID within the transaction system it is *only* used as a token!.
Here's all the requirements all of a smartcoin userID:
0) Transportable (this requirement is the same for movie tickets)- you must be able to move it around/between the systems
1) Recognizble/Can be authenticated (same for movie tickets)
2) Unforgeable (same for movie tickets).  Please note: unforgeable is different from copyable- see copyable below
3) Copyable (opposite to movie tickets!)- this requirement is a consquence of the transportability requirement.  In addition to being digitally copyable, its recommended to make it possible to copy to/from a physical form (eg:allow it to be printed) so the user can make physical backups or use physical transport methods.
4) Global (not necessary for movie tickets : is necessary for airline tickets purchased from airports so you can by connecting flights) - this property is best explained by using the theatre example: a global movie ticket would be one that you could buy from any theatre's box-office allowing you to watch the movie at a theatre of your choice.  To achieve this property in smartcoin may be challenging since I plan that the authorization services should have no central control but rather act in a distributive and independent manner (it may be that this property is not achievable with the architecture and thus there is need for a certain level of organization among the authorization servers-- not too sure, haven't thought that far ahead).
5) The smartcoin token for each person must be unique- but not unique for each token.  ie, they're uniquely deterministically dependent upon the user-- also known as --wait for it------here it comes--- oh no!!!! its an...... ID!!  what-the-#$%#@!$!!!.  (not necessary for movie tickets) - this property has two parts the uniqueness and the deterministic part.  The uniqueness is necessary so that transaction system can compare it against all previously presented tokens to tell if its been presented already.  The deterministic part is necessary so that if the user requests a token multiple times from the authentication system they are always given the same one.  This a property is not achieved perfectly in the current authentication system I've in mind but comes close enough for my liking- the deterministic part fails for some people and they can get a few different tokens from it and thus make multiple new user claims (which is not really all that big a deal: compare this to the fact that there is a bitcoin miner "knightmb" who claims to own over 370000 bitcoins which is about 1.8% of the total supply!  If the smartcoin supply was limited to 10 trillion you would have to cheat the authorization system 180000000 times to get this much of the supply).
(Note: just to round out the comparison to movie tickets, movie tickets usually have the opposite to the ID property in that they're exactly the same for each movie goer.  Even though the overall purpose of the movie ticket and smartcoin userID is that the users are granted authority at most once, the reason its not required for movie tickets is because they're non-copyable and thus the movie entrance system can create a one-entry only system by destroying the ticket on entry)




I'm guessing the biggest concern people would have with smartcoin is that they have to trust *every* single computer that runs the transactional software for the system to maintain its integrity whereas with bitcoin they don't have to trust the computer of the person they're trading with and indeed they don't even have to trust the miners individually cause you need to comprise a substantial portion of the miners collectively to affect the block-chain.  Intuitively it might appear that for this reason bitcoin it is safer than smartcoin.  However, this is quiet flawed thinking.  Why?  Well imagine this: if the miners all had the same OS and software stack then obviously they would all be vunerable to the exact same flaws, ie: if you could hack one you could hack all- thus you would be no better off than smartcoin.  Now, I'm willing to admit that the miners aren't exactly the same but there wouldn't be much variety (I guess that most of them would be running a linux based stack) and many would not be operated by professional system admins- in otherwords you would only need a few exploitable holes to bring down the whole system.
Smartcoin would *only* run of systems that are trustworthy-- systems that have good reason to claim that they're trustworthy because they've been designed and coded within strictly controlled environments to stringent quality standards with inherently safe architectures-- such as OKL4*. OKL4 is deployed on over a *billion* mobiles, I've yet to hear it make headlines because someone has found an exploit -- I've heard about *many* exploits in linux/windows.
 
*OKL4 is nothing like the linux/windows kernels: it is a full mircokernel in that *everything* except the kernel runs in userspace (even the device drivers) and it has an object capability security model.  So its architecture is inherently more secure!  It is also coded to internationally recognized qualtiy control standards as well as being open source.  Also worth mentioning is that the group the made OKL4 are the same who made sel4-- the world's first formally verified kernel.  They are the world's foremost experts at coding kernels.

Well, even if you could convince people that the software is safe, I'm not sure they would be convinced that the organisation behind it is trustable. As you say, with bitcoin you don't have to trust any of the miners personally, just that they will overall do the right thing. With your system there is still a single point of failure. One backdoored system is enough to compromise it.

I take it you've never heard of open source?  ie: you don't have to trust the person who writes the code because you can look at the code yourself.

Personally I'm interested in formal verification methods and with them you can a step up from open source.  You release you code under the open proof paradigm.  Open proof is where you open source your code and you open source the formal verification proof of your code plus the program specification.  In otherwords, buy running the proof over the source code anybody can prove to themselves that the program you've supplied *exactly* conforms to the spec.  eg: The spec for smartcoin would include statements like: the general software transaction processing system cannot create and nor destroy coins (written as a mathematical statement of course not in English!).  Then by running the proof you would be 100% certain that this indeed the case!

If your interested in general verification theory-- read some of the sel4 papers, they're experts at it.  (They prove C code which is *very* hard to do-- it's really impressive).   If you wish to try writing code/proofs instead of just code read up and learn the ATS language, even learning this language just for fun will reward you a lot-- it has many very advanced programming language features such a dependent types which are interesting in their own sakes.

Do you have proof that the centralized server infrastructure is running the code they claim they are using?

Interesting that you say I've never heard of open source  :D

Who prevents from building devices that use the same source, with a few differences?

Even though the canonical source is proven and verified, that doesn't mean that all forks are as well.  Mine might well cause a random number of extra coins to be created for each transaction :)

All hardware and software can be hacked. The company making the "trusted machines" can be hacked. Or they could pretend to put different software on it than they really do. And so on. This really doesn't make it safer.

Everything that puts absolute trust in a certain authority is broken security-wise, IMO. For a recent example, look at all the controversy surrounding HTTPS CA's. The system is broken because browsers expect ALL CA's to be trustworthy. So even though CA's, on average, are trustable and secure, you only need one bad apple (such as Komodo) to make the house of cards crumble.

Smart coin doesn't have any centralized server infrastructure!

General transactions only require the two computers involved in the transaction-- the coin sender and the reciever.
Bootstrap transactions use a distrubuted network (which is actually based on the bitcoin technology-- it is almost exactly the same!).  
If you were to include a backup feature that produces tokens from coin then that also uses the bitcoin technology.

I'm amazed at the simplicity of this idea, and it seems to keep getting simpler and simpler!

all we need is a identity-check system, a trustworthy-check system with remote access to all computers and a transaction system,
as simple as that.

oh and someone in control of all those systems to make sure noones cheating and maybe someone who controls the guy in control.

but it's all totally unrelated to eachother, decentralized and anonymous and doesn't rely on internet-connections, i think it's a perfect system,
why did nobody else come up with that yet?

Look, rather than have 5zillion posts about 5zillion bitcoin variants - i.e. "Better Bitcoin", it's pretty simple. If you want InflationCoin, or CentralizedCoin, or TimedecayCoin, or FlameCoin, or SuperTripleSHA2048Coin then BUILD it. Publish the code. If people think it is a good idea they will come on board.

The fact is that Bitcoin is structurally 90% 'perfect' - different people may want different things from that last 10%, but the fact is most of us accept that and agree to work over time with the small needed enhancements.

These allegedly BetterCoins are just a massive distraction from where the focus should be, nailing down the last 10% of real Bitcoin: fee/spam balance, block size, wallet encryption, other defensive measures (port flexibility, improved bootstrapping/fallback nodes), and thin clients (headers only).

Well I know your taking the piss but I'll just set out what you really need:

1) Hardware/OS that supports secure booting and remote attestation and is trustworthy.
2) A bitcoin like network  (the system actually has three uses for it- you could use three separate or accumulate into one)
3) The physical user verification system (if you wish to add a physical element to the identity checks)
4) A secure software content management service (sourceforge is good enough I'd think)
5) A secure software distribution system

What you don't need is
-remote access to all computers-- that would be a *major* security flaw and a definite no-go.

I don't think there's going to be much interest in your currency by members of this community if it requires them giving up this kind of information/control.

why not just use Bitcoin instead?

it doesnt need secure booting, remote attestationing (is that a word?) and trustworthy hardware or OSes,
it doesnt need any user verification,
it doesnt need a secure software content management service,
it doesnt need a secure software distribution system.

but anyway, i'm sure you're system is much simpler.

authoritarian.

centralized.

non-anonymous.

government IDs.

...........


non-starter.

EDIT:  oh... and more complicated than my poor little pea-sized brain even wants to think about.

Acutally that is *totally* wrong, nothing could be further from the truth!! 

In the secure software industry the word "trust" has a particular meaing: "a trusted system is a system that is relied upon to a specified extent to enforce a specified security policy. As such, a trusted system is one whose failure may break a specified security policy."  (http://en.wikipedia.org/wiki/Trusted_system)

In otherwords, a trusted system is one that you are forced to use, you have no other option (eg: if you use an ATM machine to withdraw money-- the ATM is trusted since you have no other option but to use it to get your money). 

So with bitcoin you *do* trust a lot of things, let's see what:

1) The software authors are trusted

2) The software content management system is trusted

3) The software packaging system- some versions of linux allow random users to package and upload programs to the distro-- this is a security nightmare!

4) The software distribution system- the majority of people download software from places other than the offical project outlet: for example, I personally do this when chose a server in/close to my country when installing linux apps

5) The hardware/OS and stack for the system that it runs on: this is quite litterally 10's of millions of lines of code:  it would take less than 100 lines of malicious code anywhere within those millions for a hacker to be able compromise the system

6) The bitcoin software itself

7) the miners in the network and their harware/OS/software stacks!

8 )  If people leave unencrypted bitcoin keys lying around then they have to trust *every* other program on their system that is running with the same access rights (eg: right now I've got about 160 different processes running and that's what I've got running just to type this while listening to some music-- that amounts to 100's of millions of lines of code anywhere in which a malicious hacker could hide an attack that searches my user directory for unencrypted wallets to steal)


So are you still certain that bitcoin users don't trust anybody?


Indeed, the mentality that you displayed by saying what you did puts you in the *worst* possible position because you are living in denial and blinded by it-- hiding the size of the problem!

With smartcoin, it acknowledges these trust obligations and explicitly requires that they are exposed and dealt with according to the highest known quality practises.



PS: I've done a little bit of quick background research on who you are and if I'm not mistaken you offer bitcoin mining services as a business-- well you should be delighted with smartcoin because it requires just such a network.  Infact if you allow a coin back system it uses three of them otherwise two.  :)

Nope.  Not at all.  Obviously you have no idea.  Maybe you have a comprehension problem?



Well, that explains it then (you said it not I!)

Is all of the software used in your system, and all of the software it depends upon, going to be open sourced like Bitcoin?