Gavin is in Massachusetts.

Agreed. It shouldn't be too hard, but the whole transaction building and signing code is in a critical block, so it will take some care to break it out.

Yeah, that last explanation made it all a lot clearer for me. I still have only a partial understanding, and a couple of questions:

1. Mining bitcoins is just a way for the system to get the 21 million bitcoins out into the world. What happens to the bonds and contingent claims when mining rewards go down to 25 and ultimately to 0?

2. I'm still not sure about the ultimate utility of bitcoin bonds vs bets on bitcoin's future value. The drawback of bets is that you have to put up full escrow at the start. But how do bitcoin bonds get around that? Somebody has to guarantee me that if I win the bet I get my full value in bitcoins. You can escrow me a bond worth that value and I'll be guaranteed to get it, but who's guaranteeing that the bond will increase to its face value? If it's built into the bitcoin system, it seems to me that would break the system, because there's no way we can know what a future bitcoin will be worth in current bitcoins, and if we program it in wrong, the system no longer represents reality.

We discussed that here: http://forum.bitcoin.org/index.php?topic=19080.msg263715#msg263715

For Shamir's secret sharing there's ssss. Is there a good implementation of Vandermonde matrices?

Yeah, I agree that all prediction markets should be provided for, but they don't all have to work well with every system. You could have betcoin for bets that work well with it, oracle betting for others, whatever works. And as I said, it's possible that less liquid bets will do fine on betcoin.


My suggestion was to escrow the full value-at-risk into the trade. Of course that means that the contract must define a clear trading range. The way I see it is you're entering into a binding contract with the other side and the system has to guarantee payment. The only way to do that is to escrow the full amount. You want margin? Convince someone that you know what you're doing and get a loan. Or maybe another market will open up for that.


Offsetting bets is an interesting question. Clearly it would be beneficial for the system to be able to reconcile offset bets on the same account. I'm not sure if that's possible though, since the contracts would be different and the system would have no way of knowing if the two contracts really do offset each other at all. Again, if you can convince others, or another market, that you have offset bets maybe they'll front you some cash. Maybe there'd be a bet about how closely two other bets are correlated.


Bitcoin's greatest achievement is preventing double spending in a p2p system. Unless you know of a better way, might as well copy it. Bitcoin addresses timing issues partly by slowing things down. A block every 10 minutes is pretty slow. I think we can slow down prediction markets too. Prediction markets are made for hedging, not for day trading, so you don't necessarily need millisecond trade updates. Ordering identical-value bids and offers that go into a pool can be done randomly to ensure fairness and prevent gaming.

The OP's definition is consistent with the Austrian view:

http://en.wikipedia.org/wiki/Monetary_inflation

That's the interesting thing about this stuff. Illegal and wrong become irrelevant, because there's only a priori enforcement. If you can do it, it's ok.

Yes, a lot of the thinking here concerns massive liquid markets with healthy doses of speculators. I'm not sure it would be a good fit for small local bets. But it might work anyway. There's not a lot of money on the table, so is it worth going to great lengths and using sophisticated techniques to try and game it? If there's a sophisticated cheater, why wouldn't there be a sophisticated speculator going up against him?

You can't trade with yourself without going through the whole market first. If you're much bigger than the market, I suppose you could manipulate it, but who knows, maybe there will be speculators who specialize in making easy pickings on these small local bets by gathering online data about them and going against the cheaters. If you were a speculator with a bunch of capital, and you observed all these local bets going wrong, wouldn't you want to get in on the action?

In general, I'm really more interested in the big markets, because those are the ones that are choked by regulation today.

How is this different than trying to manipulate the MtGox price by trading with yourself? When you make a bid, you're automatically matched with the best offer, not any offer you want. You've now made that bet and you're on the hook for it to someone else. Also, there are transaction fees. This may not have been explained properly in the original post, but making bids and offers firm and matching them correctly is important.


There is no person with the most money. They're going up against the entire market. Even the world's most powerful governments get p0wned by the market when they try that. There's reason to believe that since everyone has an external event to rally around and synchronize to, that's where the market will head, and anybody who tries to game it will get crushed, because they're going against the only thing that signals the market. Whether this will work in practice is an open question, but I think it's too early to dismiss it.

+1

P2P prediction markets is where it's at. This will allow people to coordinate exchange rates as a special case. Actual exchange of fiat for btc can then be done by any two parties using the market price, and using it to hedge if necessary.

I dunno, to me trusting the other side in the bet is like trusting the other side in a bitcoin transaction. Calling him a bookie is like calling a bitcoin recipient a merchant. It's p2p, just two anonymous dudes. I don't like any sort of entity that has to build up trust and reputation, because that makes them a big target for the government. It also makes it much harder to do these bets. You can just go out and trade, you have to find entities you trust.

The original proposal tries to avoid trust issues. What's wrong with it?

This is definitely a topic for lawyers, but you don't really have to transmit anything. Customer wants to pay $100 electric bill. His client generates an unsigned transaction and sends to vault service. Vault service partially signs transaction and sends back to client. Client has secure device complete the signature and client broadcasts fully signed transaction to the network. I guess the only thing the regulators could say here is that the service has the ability to block transactions, so it should be required to do so under AML regulations.

Another thing is there's no need to open this kind of service in the US. There's a much smaller degree of trust required than a regular bank, and it might be a lot harder for the US to strong-arm other countries into regulating this. I definitely wouldn't call it anything with the word "Bank" in it. In some countries it's even illegal to call a company a bank if it's not regulated as a bank.

Just as an example, some definitions in the Michigan Money Transmission Services Act:


Seems not to include bitcoin.


No selling or issuing of any payment instruments is done by the security service. It's possible you could mangle the meaning of "issuing payment instruments", but see below.


"transmission or payment of money" -- according to (b), bitcoin may not be defined as money, and therefore no payment instruments could ensue.

Is this regarding the discussion about saving previous relevant transactions on the secure device? If so, it's a good point

As for the hardware design, I'm starting to think this is the wrong place to get into it. People can hack their own MP3 players and do cool DIY projects, but if we're talking about something that's intended for mainstream use I think you'd need to form a real company to get this moving.

Imagine starting a company that implements Gavin's idea. The company doesn't have ownership over your bitcoins, but helps regular people transact securely on a day-to-day basis. This company would bring in hardware engineers, talk to smart card manufacturers, and negotiate bulk pricing for them. To open an account, you'd ask for a couple of devices or smart cards to be sent to you in the mail. Eventually, you'd be able to buy them at Walmart and 7-eleven. Once you have your devices, you put one away in a safe deposit box and forget about it, and use the other one to do secure payments. The company could make a lot of money on a monthly or annual storage fee. Since the company has to know the bitcoin addresses it's securing, it could just look in the block chain to see how much you've got in them, and take a small cut.

It's cool because it's like opening a bank but without the regulatory bs, and you're not really responsible for everybody's money. Advanced users probably won't need the service at all, and the company can sell them the hardware to secure their coins themselves.

I think the current banking system has it all wrong, combining safeguarding money with speculating in investments. I believe a bitcoin vault should specialize on security and possibly payment services, timelock services, some kind of escrow, stuff like that. You can always invest somewhere else. Why would you want to put your money in an entity that could go broke on bad investments?

I also like Gavin's idea a lot: http://forum.bitcoin.org/index.php?topic=19080.msg267432#msg267432

A vault that does not own your coins. You have two security devices, an every day one, and a master key that you put in a safe deposit box and is only used if the vault service is compromised. In every day use, you use your regular device and send transactions via the vault service. To sign bitcoin transactions you need 2 out of 3 of: every day security device, vault service, emergency security device. This means that the vault service can't spend any of your money, but they can make sure that if anybody gets your every day device, they can only spend a maximum amount per day that you set ahead of time. In order to lose all of your money, you have to lose both your security device and your emergency device.

This service can be made even more secure against loss, by adding in a timed transaction. The vault can set things up so that if you don't refresh your coins, say once a month, they will be sent to the vault service's private account. That way they never hold anybody's money, but if you lose both secure devices, the money will be recovered and they can send you new devices that will control it.

This has some great advantages: (1) You don't have to trust the service, (2) It's easy enough for the average person to actually use safely, (3) It can probably avoid all of the regulatory issues of being lumped in as a financial service or bank, it's just data security.

Heh, kind of like throwing an opposing home run ball back. Interesting.

Yeah, bitcoin is a dangerous idea, too. Any powerful technology is dangerous.


There's no conflict possible, everybody agrees to the terms ahead of time. The network doesn't have to access external data, since payout is based solely on closing prices, which is internal data. It's an unorthodox approach so you might want to reread the original proposal. It should be more resistant to regulation because regulators like a few high profile players, and they like to prevent everybody else from getting in the game. With this, there are no high profile players. Like bitcoin, if you want to shut it down, you have to shut down everybody.

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

I think the problem with that bet is that there isn't any big money. There's not much volume there, and it apparently isn't a very interesting wager for people to get in on. Also, since Intrade will close this at 0, how is that supposed big money going to be right?


Awesome thread, thanks. I'd never had expected that OP_BLOCKNUMBER would work in the sense of "the current block bitcoin is up at time of verification". But it appears that OP_BLOCKNUMBER in the sense of "the block number at the time of block insertion" could still work, with the caveat of the re-org problem.


Yes, but I have a big problem with known centralized entities like this, even if they're not that centralized and they're pseudonymous. Here's why: suppose the market in question is a bet on the heroin crop, used by drug vendors to determine and hedge prices. The oracle or oracles might become the target of a well-funded DEA investigation. They would use block chain analysis, search warrants, CI's and anything else they could think of to uncloak the pseudonymity. In an oracle-less scheme there is no such high value target. You might not think a heroin market is a good idea, but I'm envisioning a global financial market built on this that's immune to regulation. The SEC might go after oracles in stocks, bonds, gold, dollar and pig bellies with the same gusto.

Are there any other dangers other than chain re-org? Couldn't this be mitigated by waiting for a large number of confirmations? Namecoin uses that strategy.

I don't think it would be a good idea to put betcoin in bitcoin anyway. It would be a separate project like namecoin. I'm interested in the precise reasons putting stuff like block numbers, transaction amounts, and results of old blocks in the script is dangerous. Aren't these things as easy to validate as everything else?


Wow, he's added a lot of cool stuff since the last time I checked. This is another great option, and is kind of a generalization of the contract initiator calling the bet. I suppose if you use several independent oracles the outcome should be pretty good. Is there a way for oracles to get paid for their work here? Maybe they could include a public key in the script and only release the private key to you out-of-band if you pay up.