I'm aware, thank you for spreading the word.

ROT-13 is harder to crack than ROT-13(ROT-13).  Has anyone proven the same is not true of SHA256?  I will be very surprised...

Perhaps I haven't adequately explained my proposal.  I do not suggest "rebooting" the chain in the sense of persuading everyone to stop working on it.  Maybe "the market" will persuade people to abandon the 2009 chain, but that could happen for any number of reasons beyond competition from a similar currency.  Frankly, I consider even this unlikely.  I don't think anything can drive the value of Nakamoto/2009 BTC to zero in the next decade, and I am not about to short BTC.

If your best counterargument is "united we stand, divided we fall", aren't you at least a bit guilty of hiding the fundamentals from newcomers and non-technical users?

To ME, the value of BTC is running into a limit related to the cost of starting a competing chain.  Therefore, I am less likely to buy Nakamoto/2009 BTC at going prices.  I simply want to find other people who feel the same way.  If there are no such people, I will shrug it off and invest as reason dictates.  If there are many, well, our misgivings are collectively depressing the value of BTC, so wouldn't you like to offer us an alternative in the hope that the Bitcoin concept succeeds?

Ah, of course.

If I'm not mistaken, most effort has gone into "single" SHA256, and though the composition of SHA256 operations would seem harder to crack, one never knows.

Not that I think the Twitter guy is likely to succeed, but in general I see too little attention placed on the strength of Bitcoin's cryptography and too many explanations that fail to mention its theoretical vulnerability.  Or citations in support of its strength, for that matter.

forever-d,

Thank you for your input.  I will steer away from arguments about what is "fair" and focus on marketability.

Vladimir, I think a lot of these changes are orthogonal to the establishment of a stronger chain.  Though a chain fork might seem like a good opportunity to implement them, I am afraid we'd have to limit changes to what practically everyone can agree on, which may be none of the above.

(Disclaimer: I am Vladimir's customer.)

Exactly!  They have been rewarded handsomely.  For BTC to continue to rise, the market will have to value them more and more.  I think this will hit a wall, or at least hamper Bitcoin's acceptance in a way that would be cured with a currency founded on a stronger block chain.

The market will decide, but only if someone (I'll help!) writes the code and runs their rigs on it.

Is there a snarky response to every such thread?  If you want to reward the speculators, go ahead and tip them.  Feel free to ignore any new chains and enjoy your BTC, whatever the market thinks of them.

I thought he was designing a miner.  Why would he need a pre-image for that?  All he needs is a partial collision with zero.

Suppose in 2008, in the middle of the credit crunch and bailout talk, an anonymous crypto expert had publicly offered to cure several of the world's monetary problems with a new currency much like Bitcoin.

Suppose, however, that he/she/they had made this offer contingent on a promise to pay US$10 million in tax money if the plan were to succeed.  Leaving aside the unlikelihood of TPTB allowing such a measure to come to a vote, would you have voted for the tax?  As for me, perhaps yes, $10 million seems about right, given the time and effort needed, plus a risk premium of a few hundred percent.

Now suppose the offer had been for $100 BILLION (10¹¹) rather than $10 million.  I don't know about you, but I would draw the line well below that figure.

It is hard to bring this up without being shouted down as "jealous" and ungrateful for the courage of the "early adopters".  So let us make a distinction between the early adopters who developed code and infrastructure and promoted Bitcoin in the hope of alleviating the world's ills, and early speculators who simply accumulated BTC in the hope that the block chain started by Satoshi Nakamoto in 2009 would eventually be worth a fortune.  Granted, some individuals may fall into both categories.

When we offer newcomers BTC at today's price (around $8) or suggest that they start mining at current difficulty/price ratios, we implicitly assign a value of $20 million to the first 50,000 blocks, which were solved at very low difficulty (under 0.001% of today's network strength) and have mostly not entered circulation (based on tracking a sample of block generation outputs through theymos' Block Explorer).  Some suspect that the private keys to much of this wealth were destroyed, but we can't know that, and I consider it unlikely.

As the BTC price rises, so does this implied value, until it acquires the character of an "entry tax" payable to the early speculators who hold large sums of (relatively) cheaply acquired BTC.

Does this mean I hate or envy Satoshi or Bitcoin?  No.  I think the world of Satoshi and would not wish to endanger his/her/their life/lives by pumping the value of his/her/their private keys to a ridiculous level.  Do you believe Satoshi's goal was to become filthy rich?  I rather think he wanted to reform a broken system and spare people from its abuses.  If Satoshi and the early speculators make a few tens of million USD out of it, I'll be happy for them.

So, can anything be done?  Yes, as I outlined, with backing from enough miners, one could start a block chain using more or less the same rules as 2009/Nakamoto/BTC but with a much higher initial difficulty and a genesis block based on the then-current BTC block.

Would such an action hurt Bitcoin?  Not at all, if by "Bitcoin" you mean the system Satoshi designed prior to 2009 and helped promote and debug during 2009-2010.  Would it hurt BTC, i.e., the exchange value of today's "bitcoin" (lowercase "b")?  Perhaps yes, if successful.  It would compete against BTC as an alternative currency with similar characteristics but less of an "early speculator tax".  Of course, those early speculators are probably savvy enough to sell some BTC and invest in the new currency if it bids well to outcompete BTC.

Would anyone like to work with me on software changes to facilitate the creation of "child" block chains as I outlined?

Would any miners run such software?  It would continue to build BTC blocks until it detects a signal of support for a child chain, and then it would devote 25% (configurable) of hashing power to the new chain as long as the new chain has at least 5% of BTC's strength.  I believe this kind of chain could coexist with BTC on the same network and even share BTC's blk*.dat files.

In the best-case scenario, the ISO will eventually decide on a currency code through the usual standards process (whatever that is).

It would save a good deal of confusion and programming trouble down the road if we could predict (and possibly influence) today what they will decide.

I doubt very much that UBC or BTC will be the code, because these imply an issuing country whose code is UB (not assigned AFAIK) or BT (Bhutan?).

XBC seems taken: http://en.wikipedia.org/wiki/European_Unit_of_Account

I would suggest using "BC" as the first two letters, even though Bitcoin is not a country.  "BC" appears unused in ISO (though other standards assign it to Botswana).  In some ways, Bitcoin is country-like, especially in the open-source structure with "government" by committers, moderators, domain registrants, and big stakeholders generally.  And Bitcoin may well have use for more currency codes in the future, so I like flexibility in the third character.

So... BTC will likely never become official in the sense of 100 million satoshis.  I don't think we need to make an ISO-compatible code for that unit.  I think BCB (Bitcoin bitcoin) is the best bet for the 100-satoshi unit.  Alternatives that come to mind: BC1 (first standardized Bitcoin), BCU (UBC switched around or "Bitcoin unit"), BC6 (original BTC times 10^-6), BC2 (10^2 satoshis, or second colloquial meaning of "bitcoin"), XB1 (X conforming to the non-country rule, B for Bitcoin, 1 to avoid collision with old EU codes that used a letter here).  (I am not sure ISO would consider including a numeral in the code.)

I don't think we should try to separate the "Bitcoin brand" from the unit expected to be in common use, so like the "old franc and new franc" I expect to call the new thing just a bitcoin, eventually.  Whether it should be or will be a millionth or some other fraction of an old bitcoin is another question.

Consider VIS (singular) because VIRES (plural) looks too much like VIRUS to the casual reader.

Cool logos, I hope some of the artwork is public domain or freely licensed...

The price jumps are bad enough, but while I'm buying them, I have to keep persuading my wife I'm not crazy.  Hence, DBC.

Ran Prieur's blog, April 22, 2011.  http://john-edwin-tobey.org/cgi-bin/ran/2011-04-23T05:13:26/ranprieur.com/index.html

BTC was around $0.80.  I told my wife not to expect much of me for the next week.  A few days later, I had decided to invest in BTC, which were then around $1.30.  I scrambled to find a way to transfer money, and by the time I had my first non-faucet coins, they were $3.20.

Now I refer to BTC as "DBC" for "damn bitcoins" but am still not much use around the house.

Since you are willing to assume (modest) advances in software by the time you want to withdraw savings, I suggest:

1. Get a trustworthy live CD system with VAPORWARE A [1] that creates a Bitcoin key pair and displays its Bitcoin address without having to download the block chain.
1a. Alternatively, the system just needs an "openssl" program that supports "openssl ecparam -name secp256k1 -genkey" and "openssl ec -pubout", and you can do some base-58 math to get the address.
1b. Alternatively, for better security, learn to do cryptography on a pocket calculator, an abacus, by writing numbers in sand, or in your head, and dispense with computers in what follows.  

2. Boot a trustworthy machine from the CD in a secure, non-networked location, and run Vaporware A to generate a key pair in PEM format (or a more compact form such as Sipa's).
2a. For added security, use a system without any writable media.

3. (Optional: requires remembering a pass phrase) encrypt the key pair with "gpg -c" or similar.

4. Copy the key pair and address from your terminal to a piece of paper.  You'd better generate and copy a checksum of the key pair to make sure you get it right later.
4a. Alternatively, if you trust your printer, attach it and print out the key pair.
4b. Alternatively, you could print it as a QR code, if your vaporware supports this.

5. Shut down the live CD machine.

6. Send your BTC to the new address.  Use some vaporware (a trusted block explorer) to make sure it arrives.

7. Go about your business until you want to spend the BTC.

8. Using Block Explorer or a similar tool, find the transaction out-point (transaction hash + output number) of each coin you want to spend.

9. Use VAPORWARE B to create a file containing the parts of the block chain needed to verify those transactions to your address.  (This could be the entire chain or just the block headers, Merkle tree stubs, and the transactions in question as described in Satoshi's paper.)

10. Copy the verification data to media such as a thumb drive.
10a. Alternatively, for a little extra security, prepare for several long nights of typing it in (assuming it is just the headers and Merkle stubs).

11. Boot a trustworthy live CD with VAPORWARE C on your secure, non-networked machine.

12. Using the verification data and out-points as input, run Vaporware C to sign a transaction.  This program will prompt for the key pair you generated in Step 2, as well as an amount and recipient address.
12a. If you worry about anonymity, you will have another secure key pair ready to receive the change.

13. Vaporware C displays a graph of network hash rate (or difficulty) over time.  Make sure it looks about right and there are no big, unfamiliar dips.  Cf. http://bitcoin.sipa.be/speed-ever.png.  This helps Vaporware C trust that the outputs obtained in Step 8 are in the amounts you think they are, so you do not accidentally give some lucky miner a huge transaction fee.
13a. If you don't care about this possibility, you don't need Vaporware B or the verification data from Steps 9-10.
13b. [Edit] I think, actually, the raw transactions and their hashes would suffice.

14. Copy the transaction signature to the thumb drive, paper, or similar.

15. Shut down the secure system.

16. Using VAPORWARE D on a regular, networked system, enter and upload the signed transaction to spend the coins.

17. Wait for the network to confirm the transaction.

18. Relax!

Note, you would want to test these procedures a few dozen times before entrusting your savings to them.

[1] Vaporware A, early alpha version: https://github.com/jtobey/bitcoin/raw/importkey/contrib/genkey.py

Minute, I think you get me wrong.  I don't think the early adopters with lots of BTC aspire to huge wealth and power.  I think he/she/they did it for reasons that I would approve of.  I wouldn't be at all surprised if Satoshi himself would like to see a new chain outcompete BTC.

But I do not know these things with enough certainty for comfort.

Thanks!


I don't like this idea for three reasons.  One, the difficulty of choosing a set of coins that enough people would agree on.  Two, headache in demultiplexing messages about the two chains.  Three, Bitcoin address overlap.  A new chain would have a different network identifier and, hence, addresses beginning in a character other than '1', and could coexist with BTC on the current network.

BitterTea, on this we are in violent agreement.  http://www.urbandictionary.com/define.php?term=violent%20agreement

If you suggest, further, that this forum is inappropriate for seeking interest and discussing how to go about starting it, well, I would like to hear about that from a moderator.  Perhaps a new topic or section, once it becomes more than an idea.

kjj, shackra, minute_of_angle, amincd, Shortline, allinvain, Quantumplation,

I don't feel the need to show each of you the risk that mcdett, syn, and I seem to agree about.  I accept that people have different world views, and diversity is great.  Of course, I do enjoy meeting someone who thinks like me.  If that's not you, no problem!  Maybe we have something else in common, like biking or chocolate!  Maybe not!

In brief: BTC has value, as judged by the market.  Some of its value derives from some people's belief that BTC may one day dominate world trade, largely replacing USD and the rest.  Some of us (apparently a minority--but that's okay!) value BTC less than if those early blocks had been generated at higher difficulty and/or appeared to be in circulation.  In our global, industrial culture, money can be leveraged into power (and often back into more money).  Some of us might want to implement the bitcoin concept with a chain other than BTC and see that chain compete with BTC.  I see no principled objection to this.  You are all free to ignore us if we actually do it.

mcdett, I share your concern.  I don't think most posters here have thought it through, or their world view clouds their perception of the risk.

But I don't take you to mean that the bitcoin concept is flawed.  It seems reasonable that the first block chain (BTC) should acquire a sort of "beta" status, and now that the concept is (somewhat) proven, it is time to prepare the "production" currency with a high starting difficulty, perhaps 5% of the BTC difficulty.

To achieve a high initial hash rate, we could distribute and promote a policy (in the form of mining front-end software) that tries to create a genesis block for a new chain (call it "BC2") and, if it succeeds or receives such a block, keeps devoting X% (configurable, e.g., 25%) of mining power to the BC2 chain as long as the BC2 network hash rate exceeds Y% (e.g., 5%) of BTC's hash rate.  An attempt to start BC2 would occur after BTC block N (to be determined by agreement or by algorithm), and the validity of a BC2 genesis block would depend on its coinbase script containing the BTC Block N hash.

To determine N, one could simply coordinate with miners or, perhaps, establish a convention whereby a certain proportion (e.g., 5%) of a sequence of, say, 2016 consecutive blocks' coinbase output would have to go to addresses ending in the characters "BC2" to signal the start.  We have all seen "vanity" Bitcoin addresses that contain a few letters of someone's name.  This technique could be used to poll the mining community.  This sort of polling could go on indefinitely as support for the idea builds or wanes.

For ease of adoption and coexistence with BTC, BC2 could use the same network connections and protocols as BTC but a different magic number.  Nodes could query each other for BC2 support before block N.  (I don't know exactly how yet, but it seems like an easy problem.)  BC2 supporters could prefer to peer with other BC2 supporters or at least try to be connected to a few at N.

BC2's success wouldn't exactly wipe out BTC early adopters, provided that they pay attention to developments and trade some BTC for BC2 and/or BC2 mining shares early on.  But I think BC2 would be better positioned to take over world finance than BTC.

Would such a development allay your fear?  Do you see anything wrong with the plan I have outlined?

I agree with syn.  The questionable status of the early blocks weighs on the value of BTC in my mind.  If enough people feel the same way (especially in the example scenario of a Satoshi character wielding BTC for evil) then a competing chain could quickly arise and sap BTC's exchange value.  I might be willing to hash on one and/or sell some BTC to buy the new currency even now, because of the aforementioned weight of uncertainty.

By the way, 2009-12-30 was at block 32300, according to BE: http://blockexplorer.com/b/32300

BE shows (as of a few weeks ago when I checked) a lot of early coins not yet redeemed, and many others simply aggregated to 1000, 10000, 50000 BTC coins.  There was once a 400000: http://blockexplorer.com/t/6SRV1apueQ

-John