I managed to retrieve some of the posts. Can anyone get the rest?
I wonder why he deleted them from the forum. Had the rating system been around somewhat sooner, I would have upvoted him.
ByteCoin
1 Bitcoin / Bitcoin Discussion / Re: Gavin will visit the CIA on: April 27, 2011, 07:17:39 pm
Quote from: gavinandresen on April 27, 2011, 07:00:26 pm
PS: Full disclosure: I'll be paid a one-time fee of $3,000 to cover expenses and pay me for my time. I don't want any "Gavin is on the CIA's payroll" rumors to get started, either...
It would be true. Smiley But of course that doesn't mean it's nefarious.
2 Bitcoin / Bitcoin Discussion / Re: Alternative protocols to Bitcoin on: April 27, 2011, 07:15:26 pm
Quote from: s on April 27, 2011, 04:35:47 pm
The fact of transactions couldn't remain private, and maybe I've overstated the difference between Bitcoin and what I'm describing in that regard. I suppose one difference is just that fragmentary validation of a transaction among a private community is more explicitly supported by my model than Bitcoin, which would treat it essentially as out-of-band swapping of wallet.dat-type information. There are a handful of other differences in what might be exposed, but those are mostly a matter of implementation detail.
Actually, one advantage that's interesting, perhaps, is that you needn't publicize anything about the recipient. Of course, you needn't in Bitcoin either because the address can be generated for a one-time use, but this alternative could accommodate simple static recipients without disclosing to the public that you've paid them. All you'd need to do is give them possession of something they could broadcast at their will, anonymously if desired, to invalidate your copy of the coin.
3 Bitcoin / Bitcoin Discussion / Re: Alternative protocols to Bitcoin on: April 27, 2011, 04:35:47 pm
Quote from: eMansipater on April 27, 2011, 02:16:10 pm
You still need an authority to do the timestamping--it's true that having one trusted authority could replace the blockchain, and thus you could definitely have a state-issued bitcoin version that gained wide adoption and was comparatively cheap to run, provided the trust could be maintained the same way a state has to maintain trust in a physical currency. The advantage of bitcoin is essentially just that no such trust is necessary given any significant degree of adoption.
But I don't see how transactions could remain private without a trusted repository. It's true that a receiver would only have to publish their "proof of already spent" token in the event of seeing another spend of the same coins, but to transfer that right to the next owner they have to hand them the whole transaction history--keep in mind that since coins need to be split and combined this quickly means most users have most of the history. And anyone in the history of a coin can force the publishing of the complete chain just by spending the coins to the general repository. You also need some incentive for people to store this data, so I'm not sure how this would work economically.
Thanks - Excellent thoughts.
I'm not sure that timestamping is actually necessary in the model I'm describing because the verifications themselves provide a sequence. You don't care about the cardinal times, just the ability to verify the sequence.
The fact of transactions couldn't remain private, and maybe I've overstated the difference between Bitcoin and what I'm describing in that regard. I suppose one difference is just that fragmentary validation of a transaction among a private community is more explicitly supported by my model than Bitcoin, which would treat it essentially as out-of-band swapping of wallet.dat-type information. There are a handful of other differences in what might be exposed, but those are mostly a matter of implementation detail.
The incentive-for-storage question is the most serious thing I haven't yet fully thought through. The real general question, I suppose, is whether the fees (in economic terms, the transaction costs or friction) of this model or of Bitcoin's would be lower in the long-run. Or perhaps incentives aren't important in this particular regard; I don't always accept on faith that they are, and even some of the very early Bitcoin discussions suggested that maintaining the integrity of the network would be a useful ("altruistic") motivator.
Thanks again.
4 Bitcoin / Bitcoin Discussion / Alternative protocols to Bitcoin on: April 27, 2011, 01:43:29 pm
I'm impressed with much of Bitcoin, but several features of its design, while the product of sensitive and thoughtful tradeoffs, could perhaps be problematic in the future.
Just as a matter of technical exploration, it's important to recognize that most features of Bitcoin's protocol exist to address the double-spending problem. If it weren't for that problem, the design of Bitcoin could obviously be much simpler. Considering simpler (obviously unworkable) such designs may point the way to a solution that serves some of Bitcoin's functions but addresses some of its problems. If the double-spending problem didn't exist, you'd simply need a way to (1) generate scarce units of the currency and (2) prove that you held those units. To generate (or "mine"), any problem that takes processing resources to find needles in haystacks suffices; the current one is fine, and others with potentially positive externalities (e.g., research benefits) could be considered too. To prove ownership, you'd simply demonstrate that you found the needle in the haystack.
That's all that's at the core of a trivial system that doesn't address double-spending. Bitcoin is, conceptually, one solution to that problem, but it depends on an arguably cumbersome mechanism to agree on a master sequence of authoritative blocks; the peer-to-peer network is harnessed to substitute for trusted third parties specifically by allowing the network to vote, essentially with processing power, on what that master sequence is. But there are significant problems with this mode. One is just its cumbersomeness; this probably can be addressed and its fatal, though in practice it will increase the transaction costs associated with using Bitcoin in the future and thus, at least potentially, undermine some of its goals. Two probably more significant problems are, as is widely recognized, that (1) any system that needs to agree on a canonical sequence of blocks in the manner of Bitcoin's protocol subject to a trivial denial-of-service attack by those with significant processing resources, (2) a record of all transactions is public, which leaks more information about people's private affairs than, perhaps, is necessary for a system that serves Bitcoin's roles.
So, start again with the trivial approach I outlined earlier that doesn't address double spending. The appropriate question to ask of that approach is whether there's a way to graft protections against double-spending onto it without requiring a master block chain defended only with processing power. There ought to be many answers to that question that avoid some of Bitcoin's potential problems. Here's a sketch of one, based on the recognition that you don't need a master block chain, just a probabilistically sound portion of a distributed public-key infrastructure (PKI) with the opportunity to verify revocations. Consider: I find one of (say) 21 million numbers (out of whatever N is necessary to make the task appropriately difficult; "difficulty" need not be static in the system I'm describing, but let's assume it is for simplicity), and then sign this number with a private key and a timestamp, thus proving that I found it first. Before I spend it, all that's necessary to verify that I "own" the number (coin) is to (1) verify my public key and (2) verify that nobody else has a verifiable claim to have found it earlier than I have. Satisfying (1) is trivial and doesn't require any infrastructure; satisfying (2) can work using any distributed-storage mechanism, and it simply requires the ability to broadcast information and some level of reliability in receiving the broadcasts. It doesn't require comprehensive agreement; just as a vendor can accept a dollar bill without being absolutely sure it's counterfeit (and can never know for certain, epistemically speaking), a seller can accept an electronic certificate of ownership after satisfying itself using whatever publicly available information (imagine a collection of Wikileaks-type sites, some in the open, some on Tor, etc., each accumulating whatever information people want to broadcast about these coins). This will sound less reliable than Bitcoin's verficatory mechanisms because I'm emphasizing epistemic uncertainty, but it is not less reliable conceptually, and whether it is less reliable in practice is an open question.
The above sketch is still incomplete for at least one particular reason, which is that it allows merely mining and initial spending, not respending. But that can be addressed securely using a similar mechanism: to "spend" a coin, I simply give the recipient something he can use to prove that I spent it and gave it to him. Double-spending is presented merely by adding a verification that nobody has a verifiable claim to have received the coin I'm presently attempting to spend. The validation is through any (or many simultaneous) distributed storage systems. None has to be perfectly reliable or canonical, but together they can be reliable enough to satisfy any realistic level of epistemic caution on the part of the borrower. And all that's necessary is broadcast: there's nothing to verify in any of these steps other than "has someone else spit into the public domain something that is a superior claim to spend this coin than that of the person who is communicating with me now?"
I'm not saying the system I'm describing is perfect, but note some of its advantages: (1) it is not subject to "overpowering" except in the sense that any online system can be subject to simple spam-like denials (e.g., terabytes of putative revocations), but there are probably ways around that problem; (2) it is as resilient as Wikileaks, which, importantly for the technical purposes I'm describing, is far more resilient than Bitcoin is, at least conceptually speaking; (3) transactions are private and only need to be publicized to the extent the parties wish to do so; indeed, even a miner need not immediately "claim" scarce resources of currency and can choose to take a statistical risk that someone else will mine the same currency and claim it first, depending on the miner's preferences as to finance and privacy.
(My background is in cryptography, security, and economics, not specifically in peer-to-peer networks, so it's possible I've overlooked something relevant to the implementation of a distributed system. But I don't believe there's an irremediable flaw in the system I'm describing, and I think it at least possibly presents some advantages over Bitcoin. In practice, of course, just as with Bitcoin, partially trusted intermediates can arise on a voluntary basis, addressing many of the concerns that I suspect will seem practically most obvious to readers of this forum, though it's important to recognize that the protocol's epistemic concerns are not necessarily significant just because I'm emphasizing their possibility in theory. If it helps, remember that we know nothing empirical for certain; when I speak of doubt I'm speaking of it in literally that sense.)
I would be happy to consider developing a system based on these principles if there's interest and if nobody points out significant flaws that I haven't recognized.
5 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 26, 2011, 06:01:50 pm
Quote from: goatpig on April 26, 2011, 05:09:46 pm
First of all, if an attack is easy to perform, a truly concerned party would present an isolated experiment reproducing it instead of speaking of conjecture. Second, such declarations and the weight they carry gives the right to the contributors of this post to ask about your motives, but somehow you brush those as irrelevant. And lastly, your point isn't realistic. What you are saying is akin to presenting society as fragile because a detractor of said society can walk in the streets shooting people dead for the price of a single gun.
You're just not understanding me, so I don't know what else to say. Your English is far better than my French, so I can't criticize you too pointedly.
Maybe someone else here has understood. If not, no big deal; eventually the market will work it out, more or less. In any case, I'm on to other things and won't be reading followups.
6 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 26, 2011, 04:35:38 pm
Quote from: goatpig on April 26, 2011, 03:47:00 pm
Have you considered the possibility that as an outsider, you are the one that is less informed, than let's say, founding and early members of this project? Have you also considered that your grasp of the technology used in this project is not at the stellar level you're fancying it? I giggled when you mentioned using a DOS attack on a p2p project...
One last comment, just on the chance that there might be some progress here:
Your "giggling" is immature and misinformed, because you're not actually reading what I'm saying and instead assuming that I'm saying incorrect things. Maybe other people often say incorrect things, and backed by Bayesian probability you're jumping to the assumption that I'm one of those people, but I'm not.
If you think Bitcoin is not subject to a denial-of-service attack just because it's a peer-to-peer network, reread Satoshi's paper, which explicitly points out the DOS opportunity. Or believe Gavin, who has said "Bitcoin's p2p network is subject to various kinds of denial of service attacks. There, I said it," and "Bitcoin is still vulnerable to DOS attacks. I'm not sure anybody knows how to prevent DOS attacks on a p2p network that allows untrusted/unverified peers to join." That's the same point as mine, which is that the openness of Bitcoin's network is not just a strength but also a weakness.
I never even claimed that I'm saying anything new, here, about a DOS attack against Bitcoin. What I've said is that the attack is cheaper, in the present situation, than many people seem to think, and that the cost does not necessarily relate -- in the real world, rather than a hypothetical frictionless market -- to the capitalization of the Bitcoin market.
Nobody's actually said that's wrong. But immature people call that a "trolling" comment, and you in particular seem to be incapable of reading what I'm saying rather than just making incorrect assumptions about it. I don't know if it's a bad attitude, a reading-comprehension problem in English (your syntax and style strike me as natively French, for what it's worth), or just immaturity, but it's counterproductive to real people trying to offer real analysis. You don't have to believe me, but my contributions to open-source software go back more than 10 years, and I have designed significant cryptography-based security systems; I'm likely more experienced in these matters than Gavin, though of course not nearly as committed to the project. And nobody here has given me any reason to be. The social community behind a project is quite important to me; I already have more than enough money and recognition, which is why I'm contributing pseudonymously. (I am not, like apparently many here, someone who has been marginalized by the existing economy.)
Note, again, that Gavin is not disagreeing with anything I'm saying here; he's made the technical point himself before, and I'm just adding the economic observation that the (already recognized) attack is relatively inexpensive, both in real-world terms and as a matter of proportionality to the market capitalization of the Bitcoin economy.
7 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 26, 2011, 03:14:10 pm
Quote from: rezin777 on April 26, 2011, 02:37:02 pm
Quote from: s on April 26, 2011, 03:16:13 am
I can't stand the overuse of the word "troll" in these contexts; it's just extraordinarily annoying schoolyard-type bullying. Save the bitterness for people who are actually doing something objectionable, please, and simply ignore an analytical argument if you don't find it interesting or helpful.
If you don't want to be called a troll, don't make such trollish suggestions.
Quote from: s on April 26, 2011, 12:56:41 am
if it's being used to trade only a bit of LSD or child pornography
There is a wealth of intelligent people on this forum finding new and interesting ways to trade and promote bitcoin and this is what you come up with?
You're clearly not interested in paying attention to the substance of what I'm saying, so I'm done here. The tone and pseudointellectual disposition of most of the people on this forum are absurd; it's like speaking to 17-year-old libertarians who think they're geniuses or mentally ill Randists who see themselves as underappreciated innovators. You're just not reading what I'm saying, and you're quoting isolated fragments out of context to confirm some view you have of me that's entirely incorrect and unfounded.
Far more intelligent commentary about the economics and social forces that affect Bitcoin is available at external forums, for anyone interested in speaking to adult-minded people about the topic. For example, see the following thread, which anticipated most of the discussions I've had here (including my own comments) by several months:
http://www.bogleheads.org/forum/viewtopic.php?p=959393.
That's how adults talk about the topic, rather than unimaginative followers who think they're innovators or people who don't know how to read. I was pointing out an analytical approach you could learn from; you chose to ignore it. Bye.
8 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 26, 2011, 03:16:13 am
Quote from: rezin777 on April 26, 2011, 02:06:44 am
I do wish you would stop pontificating about the weaknesses or flaws of the bitcoin network and either attack it directly or promote something superior. Otherwise you come across as nothing more than an educated troll.
Where do your motives lie sir?
I don't understand this sort of personal attack and find it extremely annoying and distracting. I'm offering analysis. My motives aren't relevant, but I've already expressed my view as (1) impressed, (2) practically skeptical, and (3) morally skeptical. I don't have to commit to pay significant money to mount an attack myself in order to point out that it's easier for others to do it than it typically supposed, nor do I have anything superior I'm interested in promoting. I can't stand the overuse of the word "troll" in these contexts; it's just extraordinarily annoying schoolyard-type bullying. Save the bitterness for people who are actually doing something objectionable, please, and simply ignore an analytical argument if you don't find it interesting or helpful. I suppose I should be happy that at least you consider me "educated." Smiley
9 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 26, 2011, 12:56:41 am
Quote from: creighto on April 25, 2011, 11:57:20 pm
This is not so. The function of the Bitcoin network is to be the transaction processing agents (Visa, PayPal, banks) but a central bank does not exist for this function. The central bank exists to manage a fiat currency, and the management of Bitcoin is in the codebase. No attack that fails to change a majority of the running codebase of the p2p network has near zero chance of long term success. All such attacks are either local in scope (double spend, affecting the vendor who is defrauded), limited in time (blockchain fork) or both. If you can't change the codebase, you can't "manage" the currency, and any changes that you make to the protocol are destroyed after you lose your majority cpu power status. Which could happen in very short order, as there is an unknown amount of reserve hashing power that could be convinced to come online in defense of the honest network even at a loss. I am one such person. If a credible attack of the system were underway, and I was aware of it, I'd be more than willing to hash at a loss. I'm sure that I'm not alone.
It's just hard to imagine the reserve hashing power more than, say, doubling the existing "committed" hashing power.
But just to be clear, nothing really depends on my calling this function one of a "central bank"; it's just semantics. I'm trying to frame the importance of the attack. If someone could highjack the Federal Reserve for a year, stepping into their shoes and fulfilling their powers, I'd idiomatically say that they'd acquired the powers of the central bank for the US dollar, even though those powers are not permanent. But again, it's just a debate about terminology and I don't mean to dwell on it.
Quote from: rezin777
The depth of the attack doesn't seem to sink in fully for you. If it's not hard, anyone with a bit of brains should have proceeded to initiate an attack at this point. When bitcoins are trading for 1.55 USD each, someone should be motivated? Perhaps you should read the paper again.
I say this as someone deeply impressed with the design of the protocol and the software, but I think the reason is just that nobody cares to mount such an attack so far. It's only a few thousand people participating, and the Bitcoin economy doesn't really have even $9 million in it (that's just the market capitalization - the clearing price multiplied by the number of Bitcoins); even if it did, that still wouldn't be worth most governments' time. A small-scale protest in San Francisco costs more and involves more people than Bitcoin does at this stage.
And I doubt anyone's yet using Bitcoins for anything that authorities care about, really; if it's being used to trade only a bit of LSD or child pornography, law-enforcement resources likely won't divert toward that use when there's much lower-hanging fruit. This is what I mean by saying that there's a bootstrapping challenge that Bitcoin hasn't faced yet: the challenge is how to resist populist pressure when that populist pressure can directly destroy it, for technical reasons -- not just politically or through external enforcement actions.
Stillfire: Your concerns are thoughtful and important. Regulation does pose direct threats to Bitcoin, particularly if it concerns the conversion of Bitcoins into other currencies rather than merely access to the P2P network. But regulation is slow and difficult against peer-to-peer networks, whereas denying service to them through technical means is actually rather straightforward, at least when they function like Bitcoin. (It's harder with Wikileaks or other services that merely broadcast information. It's very hard to deny service to that using technological means.) If I'm saying anything new at all in this thread, it's that "regulation by DOS attack" is much easier than people seem to be giving it credit for; "P2P" doesn't magically invalidate the ability of regulators, and the degree to which it does needs to be evaluated sensitively on a case-by-case basis.
I believe, as a side note, that some of my math earlier in this thread is off by a decimal place, as I promised it would be. Smiley I should be saying $1,000,000 at today's statistics, not $100,000. But that's still petty change to a regulator, and notably it's far less than the market capitalization of Bitcoin. Again, importantly, the cost of the attack grows only proportionally to the hashing power of the network. Also, that's just the acquisition cost; the hardware could be resold or reused after the attack achieves its purpose.
10 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 25, 2011, 11:50:43 pm
Quote from: stillfire on April 25, 2011, 11:43:37 pm
Obviously if the majority (the 'populist will') switched their clients to do something non-standard they could change the truth of the network. That's what I described in my social attack post. I would not describe that as unrecognised though given that the whole system is founded on the idea of "one CPU, one vote".
Right, I haven't meant to say that it's unrecognized, just that the implications are insufficiently recognized. Maybe I should say it this way: the attack is much easier, in practical economic and technical terms, than people seem to suppose. I don't think I'm offering anything theoretically new, just a pragmatic framing of the problem and a tying of it to the threat some people perceive from governments. A government hostile to Bitcoin doesn't need to stamp out P2P technologies generally; it just needs to deny service to Bitcoin by taking it over.
The fragility hasn't seemed to sink in fully. Surely many understand the conceptual possibility of the attack; I don't mean to suggest otherwise. I'm just pointing out that if it's not that hard for a single relatively wealthy individual, much less an organization, to destroy an economy, the economy is probably more ephemeral than people imagine.
11 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 25, 2011, 11:44:11 pm
Quote from: grondilu on April 25, 2011, 11:38:14 pm
Stop talking about "the central bank of the bitcoin economy". There is simply no such thing, apart in your mind.
There could be a large collusion of attackers, but since they would try to disrupt the bitcoin network, there is no way we can call them "the bitcoin central bank". In a centralised economy, a central bank is supposed to organise and protect the economy, not to destroy it.
The function of the central bank is provided by the network; controlling half the network's hashing power confers the powers of a central bank. The rest is just semantics, I think.
And many people say the function of the Federal Reserve is indeed to destroy the US economy. Smiley
12 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 25, 2011, 11:31:45 pm
Quote from: creighto on April 25, 2011, 11:21:22 pm
Are you refering to the attack vector that requires over 50% of the hashing power of the network, with the intent of overwriting recent blocks? The forced double spending attack?
It isn't limited to that problem. Satoshi noted it clearly in his original paper: "While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network." Nothing stops the attacker from overpowering the network except people committed to Bitcoin, making the central bank for the Bitcoin economy subject to populist will (mediated through, of course, the need to purchase and deploy mining hardware and alternative P2P participant software -- it's not "one person one vote," but it's not far from "one dollar one vote"). I'm suggesting that this is a serious and insufficiently recognized problem for a currency meant to be in some sense an alternative.
Quote
I'm not sure this is a correct way to see things. Spending money to do something is not an other way to say that you buy it.
Well, in my dialect, "for sale" is just an idiom. If my loyalty is "for sale," it doesn't mean you buy it forever. But I don't mean to dwell on the phraseology if it doesn't work in your dialect. I should state it more precisely and more technically anyway: the power of the central bank can be taken over by those willing to pay for it, and the cost of such a takeover is very low and needn't be bound to, for example, the market capitalization of the Bitcoin economy.
13 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 25, 2011, 11:17:09 pm
Quote from: creighto on April 25, 2011, 10:42:06 pm
Quote from: s on April 25, 2011, 10:31:09 pm
Quote from: creighto on April 25, 2011, 09:54:44 pm
Sure it would. The first transaction in every block is the special transaction that gives the miner his 50 bitcoin reward. If every light client were checking that transaction to keep the miners honest, there wouldn't be any way to collude, as the lightweight clients would reject the blocks themselves and keep searching the Bitcoin network for blocks that used the proper reward amount.
But the attack I'm describing isn't just "incorrect rewards for false mining"; the blocks themselves would be valid Bitcoin blocks under the attack we're now discussing, given the attacker's hashing power compared to that of the network.
What am I missing then? An incorrect mining reward invalidates the block. Presently, full clients do check for this, and violators are ignored. The net effect being that it doesn't matter how much power the colluding violators throw at the problem, the honest network simply ignores anything that they come up with. The violators can, presently, either mine honestly or attempt to rewrite the recent blocks of the blockchain, but that's a different attack vector. The claim that I saw basicly says that the collusion problem is because future clients will be dominated by lightweight clients, which presumedly wouldn't pay any attention to the actual blockchain reward; and this would permit a small cabal of well heeled miners to collude into changing the rules and segmenting the other honest miners into a minory blockchian because the majority of clients would blindly accept blocks produced that were invalid due to an overly high block reward, but reject the minority chain being produced by the honest miners that remained because they would have a shorter proof-of-work chain.
Yet, if the lightweight clients even occasionally check the validity of the block reward, or even only a fraction of smartphone clients did this; the attack is undermined.
How am I wrong?
We might just be talking about two different things. The article by Lee discussed at the start of this thread laid out several high-level possibilities without much technical detail, and though they could loosely be important under some future scenarios, they're not my chief concern. What I took us to be discussing now is separate and more specific: the relative ease and cost of an attack on the Bitcoin network by entities that simply bring higher mining/hashing power to the network than those who want to use Bitcoin for any of its potentially useful purposes. It is effectively a denial-of-service attack that any moderately sized entity or government (or even individual) could mount easily at present to crush Bitcoin entirely, and though Satoshi's paper mentions its possibility and it's been known and discussed for several months in some other public forums, it doesn't seem to be in the mainstream knowledge of the official forums.
I take it to be a serious problem and perhaps the most serious technical weakness of the protocol in the real world. The practicality of the attack doesn't seem to have sunk in fully: a single person, or more realistically a small interested entity, with a few days and $100,000 to spare could effectively crush Bitcoin. And even as Bitcoin grows (as measured by "honest" hashing power -- a clearer term for these purposes would be "hashing power committed to Bitcoin's success"), that cost grows only proportionally, not even quadratically, much less exponentially.
Of course, others have spoken since the beginning of a multiplicity of block chains, of the fragmentary survival of Bitcoin in various forms, and so on. That is of course all possible; the attack I'm concerned with is not a threat against the protocol as an idea. But it could very easily crush, essentially at will, what people perceive as the "main" block chain and whatever Bitcoin-denominated wealth is inherent in it. To frame it differently, a debtor who owes more than $100,000 Bitcoins would never have to pay it back; it would be cheaper simply to destroy the network. And, of course, the network needn't be destroyed for the value of Bitcoins vis-a-vis other currencies to plummet; it just needs to be credibly threatened. I'm no expert in securities markets, but I would be very surprised if the current Mt. Gox prices, as thin as the market is overall, have fully priced in this threat. In other words, if I were buying 1000 BTC with USD, I would explicitly be taking a $1500 or $1600 bet that this attack would not be launched -- that $100,000 or so would not be committed in a particular way.
Another way of putting the attack, in more clearly economic terms, is that in Bitcoin, the central bank is for sale -- at whatever cost it takes to provide on the order of half the hashing power of the network. The very openness of the protocol becomes its economic weakness (I know that's something people here don't like to hear) when used as a real-world currency, given external economic forces at work. It's essentially a bootstrapping problem that Bitcoin has not yet had to face, and I'm not clear that it can face it successfully.
14 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 25, 2011, 10:31:09 pm
Quote from: creighto on April 25, 2011, 09:54:44 pm
Sure it would. The first transaction in every block is the special transaction that gives the miner his 50 bitcoin reward. If every light client were checking that transaction to keep the miners honest, there wouldn't be any way to collude, as the lightweight clients would reject the blocks themselves and keep searching the Bitcoin network for blocks that used the proper reward amount.
But the attack I'm describing isn't just "incorrect rewards for false mining"; the blocks themselves would be valid Bitcoin blocks under the attack we're now discussing, given the attacker's hashing power compared to that of the network.
There isn't really a solution to the problem, except to hope that you have more hashing power committed to the "proper" block chain than to one that intentionally undermines the reliability of the currency. At the moment, it would seem to cost about $100,000 to mount the attack; the cost would go up by ten if the hashing power committed to the "proper" block chain rises by the same factor. That's still an exceedingly cheap attack, not just for a government but even for many small corporations.
15 Bitcoin / Bitcoin Discussion / Re: Bitcoin’s Collusion Problem - by Timothy B Lee on: April 25, 2011, 07:54:09 pm
Quote from: [mike] on April 25, 2011, 07:08:45 pm
That is easily solved by having light clients demand to see the first transaction in each new block. It can be linked back to the header with a merkle branch.
The protocol today does not support this, so you have to download full blocks anyway. In future it probably will and then the additional rules can be checked like that.
It's not a big deal, IMHO.
That's a response to one kind of attack, but not to the one we're discussing here.
16 Bitcoin / Mining / Re: Bitcoin mining pointless? on: April 25, 2011, 01:50:46 pm
Quote from: allinvain on April 25, 2011, 08:17:29 am
How do we go about changing the nature of the mining work (hence the nature of the proof of work mechanism) on the fly when it is decided (by whatever mechanism) that the current mining work is no longer useful or is not bearing fruit.
Oh, I think that's the easy part; you just change the main client, as has already happened a few times. People routinely suggest that it won't be difficult to change the protocol if, say, SHA256 were compromised. Essentially, it's some combination of open deliberation and then a decisive change to the main client by its developers, hoping that it will be adopted by users of the network. There's theoretically competition, though little in practice (as is ordinarily true in many markets).
Quote
Also what if changing the mature of the mining work creates an added value? Whom stands to benefit the most from this added value service? Humanity as a whole or a specific group of individuals or corporation or vested interests? Let's take for pharmacological computational work? Who will benefit from any potential discoveries that come as a result of this mining work? Who own the rights (and therefore profits) to any beneficial discoveries that come about as a result of the mining process?
I think those are good questions, but perhaps interestingly, as the "ultimatum game" thread points out, many in this community believe that ANY positive externality would be superior to none, just because it creates wealth. The argument is that if you're no worse off and others are better off by virtue of the change, the change is Pareto optimal and thus wealth-producing. It's a simplistic argument when it comes to real policymaking, for a variety of reasons, but in this context it may capture something important.
Quote
Also am I mistaken but shouldn't the ideal currency have absolutely no tangible benefits whatsoever? After all we don't use water as money do we? Gold is not the ideal currency but it very much closely approximates that ideal. Bitcoin in a sense is the perfected ideal currency. I think that bitcoins should have no "benefit" and no inherent tangible value other than that which its USERS give it.
Only for portfolio theorists or those who care about the correlation in value between the currency and something else. But it usually doesn't much matter. For example, it it turns out that Bitcoin's hashes happen to have an incidental use (knowing the number of 0s in a string that hashes to some values happens to have, say, a scientific application), few would suggest that weakens the utility of Bitcoin.
For what it's worth, though, I think these are all the right questions to be asking.
17 Bitcoin / Mining / Re: Building a Mining Rig - Specs on: April 25, 2011, 07:48:24 am
Quote from: eleuthria on April 25, 2011, 06:05:01 am
The case is a bit overkill, but I like using cases that are designed for maximum airflow to keep the cards running cooler at higher clock speeds, leading to better mHash/watt ratio, both in terms of power consumption from the GPUs, and the amount of heat that will have to be offset by my air conditioner.
On that last point, doesn't the heat have to go somewhere regardless of how quickly it dissipates inside the case? In the steady state, unless I'm missing something, I'd think your air conditioner would have the same amount of work to do given the same amount of heat generated by the cards in total.
Along those lines, there are probably micro-optimizations based on your climate and home construction. For example, putting the computer on a floor rather than a table, or against a wall or window, could change the thermodynamics of the overall system that you pay for. But I don't see how airflow through the system would do that alone, except in unpredictable ways. (Of course, more airflow within the chassis is better for all sorts of other reasons.)
18 Bitcoin / Mining / Re: Bitcoin mining pointless? on: April 25, 2011, 07:42:43 am
Quote from: allinvain on April 25, 2011, 07:25:03 am
Quote from: sjb on April 25, 2011, 05:57:25 am
Quote from: allinvain on April 25, 2011, 05:29:29 am
Hmm, I wonder if or how easy it would be to upgrade the bitcoin network to use SHA3 in the future. Is SHA256 (aka SHA2) that vulnerable to "cracking"?
People say it could be done, but I think more importantly SHA256 will probably last unless there's a fundamentally new sort of compromise. It likely won't fail because of improved hardware over the next 20 years, unless we get a kind of improvement that we'd have no reason to expect.
The only thing that I can think of at this moment that would qualify as an "unexpected improvement" (well sort of unexpected) would be a quantum computer capable of making use of a surprisingly large number of qubits.
Right, that seems likely, although I suppose the "singularity" people might claim there are other paths. On the software side, it would have to be an analytical compromise of SHA256 using a novel mechanism not currently known to the public.
Quote
Now on to the subject of the thread. I personally don't think bitcoin mining is pointless. I like to think of bitcoin mining as sort of what a stock exchange's transaction processing systems do. They process the necessary transactions of the exchange and in return earn a fee for their work. Miners do very much the same thing. Thus the energy expended as a result of this process is not "wasted" or "pointless" because it is used to accomplished a desirable and absolutely necessary task.
If one argues that bitcoin mining is pointless, that is sort of like saying the energy used by cars is wasted or pointless because it doesn't cure world hunger. Kind of silly way of thinking.
To phrase it differently; No use of energy that results in a personally or socially desirable outcome should be considered wasteful.
Perhaps someone can refine my phrase a bit better. But anyways, I was quite surprised when I first saw this thread because I never quite expected that someone would question the usefulness of one of the KEY and ABSOLUTELY necessary components of the bitcoin system.
I think the original poster's title for the thread has just been misleading people and diverting attention away from his point. He wasn't saying Bitcoin mining was "pointless" in that it shouldn't be done or has no value (assuming of course that Bitcoin ought to be participated in and has value itself). He was saying that it's not a logically necessary requirement that the mining activity not have positive spillover effects.
I keep wanting to return to gold as my example. Say you go back in time and, somewhat impolitely, pretend to be an Aztec god and have the opportunity to convince the Aztec people to use either gold or some alternative to gold. Gold and the alternative have, for monetary purposes, similar properties: they're equally rare, equally distributed throughout the earth, take roughly equal resources to mine, and so on. If you were trying to help the Aztecs, wouldn't you want to look at whether the mining process for gold, versus its alternative, happened to lead to positive or negative effects unrelated to the use of the object of the mining as a currency? For example, maybe in the process of mining gold, the Aztecs will discover valuable sources of water or other information about what lies below the earth, whereas mining for the other, they won't. Maybe mining for the other will ultimately poison them, whereas mining for gold won't. Why wouldn't you look at those considerations when choosing the properties of the future currency?
In designing Bitcoin, which is of course an ongoing process even now, the community has that choice. It's not a question of whether mining is "pointless"; it's a question of what to count as "mining" to make it have value beyond, perhaps, its value to the Bitcoin network alone.
19 Bitcoin / Bitcoin Discussion / Re: How do we prevent money laundering and assasinations? on: April 25, 2011, 07:16:05 am
Quote from: LightRider on April 25, 2011, 06:53:23 am
There will be no significant change in criminal or aberrant activity while we perpetuate a monetary system. When people are denied the necessities of life, and can only obtain them by engaging in a dishonest, abusive, wasteful and violent monetary system, then you get dishonest, abusive, wasteful and violent activity.
No offense, but isn't that magical "halo" thinking? It's like how people see a food labeled "antioxidants" or "omega-3s" and think "this couldn't possibly hurt me; it's pure and noble." Studies confirm this sort of bias in people, but fundamentally it's a kind of irrationality.
Creating a new monetary system that allows for particular kinds of criminal activity and money laundering could well, if this community isn't careful, cause harm. It can have good effects and bad effects at the same time, like many innovations.
Money can absolutely be used for crime, too, despite some notes I've seen in these forums to the contrary. Someone said, the other day, something like, "Guns and violence hurt people; money doesn't." What about the money used to bribe policemen to look the other way when there are guns and violence applied against innocents?
That said, exceedingly broad political questions are probably beyond the appropriate scope of this forum, but it's important to recognize that innovations you like can also have negative unintended consequences. Libertarians recognize this well for, for example, well-meaning government legislation; just because it's private action, though, doesn't mean it doesn't have unintended negative consequences.
20 Bitcoin / Bitcoin Discussion / Re: How do we prevent money laundering and assasinations? on: April 25, 2011, 06:03:43 am
Quote from: noagendamarket on April 25, 2011, 05:39:44 am
The first bitcoin exchange to be targeted by a government will cause a shitstorm of massive proportions. Unless they destroy the internet itself what can they really do but standby impotently as bitcoin eats their lunch ?
Or, you know, the whole thing could silently fade away after people realize they can't use Bitcoins to deposit US dollars anywhere. But as we're observing in another thread, it would be pretty trivial for pretty much any government, not to mention a small-cap corporation, to DOS or disintegrate the Bitcoin network. If I saw an assassination market using Bitcoin, I think I'd contribute to that effort myself, though I know saying that won't win me any points here. Smiley
EDIT: Just to be clear, I mean I'd contribute to the DOS effort against such a thing, not to the assassination market!
Show Posts
