All numbers are arbitrary they are just used as a common metric.  IIRC Satoshi wrote in a post that he decided on a number in the tens of millions because millions of base units seemed to small and billions seemed to large.  The 21M total supply was the product of the halving curve starting with an "round" initial subsidy (50) in the magnitude which would produce the desired total.  He could have just as easily made Bitcoins the indivisible unit and started with 21 quadrillion of them (with initial block reward being 5 billion).

Simple version is the choice of 21M vs some other different but still equally usable number is mostly arbitrary.  He chosen a number and subsidy system that would be "easy to grasp" for outsiders.  I mean to the masses having 21M BTC seems more plausible then having 21 quadrillion BTC (w/ no subdivisions) or having only 1 BTC divided to 30 decimal places.

BTW there aren't $700T "dollars".  There may be wealth (assets) that are worth $700T dollars but they aren't currency.  Bitcoin is a currency.  Even if Bitcoin replaced all global currencies you should still have a house for example and that house would have a value outside the blockchain.  It isn't necessary for the blockchain to have enough "digits" to record all "off blockchain" assets.  The purpose of the blockchain is to record transfers of currency.  The global (all countries combined) have ~$5T worth of currency.  If we include things like demand deposits (i.e. checking accounts) in banks it is still "only" ~$50T.

Global currency (M0): ~$5 Trillion USD (2012 dollars)
Global money (M1): ~$50 Trillion USD (2012 dollars)

Global currency (M0): ~500 Trillion US cents (2012 dollars)
Global money (M1): ~5,000 Trillion US cents (2012 dollars)

Bitcoin supply:  2 Trillion uBTC
Bitcoin supply:  2,100 Trillion satoshis

We are fine.  Not sure where there seems to be like 10 threads on this in the last week.  Maybe the move from mid $14s to $15 causes people to think about 1 BTC= $500,000?

That is a completely different site for a different purpose run by a different entity.  I don't think that is going to help him.

What calculations are you doing?

First no those numbers don't include other forms of wealth, they are the amount of currency and money globally.  They don't include houses, and stocks, bonds, life insurance policies, priceless art, etc.  Even if Bitcoin replaces all forms of Currency or Money it won't be replacing all forms of wealth.  You aren't going to live inside a Bitcoin, and drive a Bitcoin to work.  You aren't going to eat Bitcoins and give your bride to be an engagement Bitcoin and take time off work to go on a Bitcoin.  Nobody is going to go to museums and look at priceless framed Bitcoins and talk about the Bitcoin that they hate where they Bitcoin the Bitcoin all Bitcoin long.

The global currency supply (M0) is roughly $5T (not the $5 septrillion number you posted).  For Bitcoin to replace all global currency (M0) would put the value of 1 BTC at $238,095.25, in 2012 US dollars.  A satoshi would have have a value of roughly 0.25 US cents.  

I would argue that under such a (implausible) scenario many people would demand bank accounts for their coins so maybe using the global money supply (M1) which includes demand account deposits would be more meaningful and that is roughly $50T. For Bitcoin to replace all global currency (M0) would put the value of 1 BTC at $2,380,952.38, in 2012 US dollars.  A satoshi would have have a value of roughly 2.4 US cents.  

As countries are eliminating coins worth more than that a global single world Bitcoin currency would be more than sufficient.

Examples:
Canada eliminated Canadian cent making smallest coin worth $0.05 USD.
China smallest unit (physical or electronic) is 1/100th of a Yuan which is worth ~$0.06 USD.
Finland has reduced circulation of Euro cent making the smallest coin worth ~$0.07 USD.
Australia smallest coin is the 5 cent piece and there is talk of eliminating it which would make the smallest unit worth ~$0.10 USD

Edited for clarity.

I don't know which is funnier
a) the pathetically bad scam attempt
b) that people are providing real advice and feedback

Kinda like offering tips to the guy offering Three-card Monte on how to get his gaming license.

I see why you are ignored.  You simply don't read.


^ indicates BTC won't be a monpoly.  If something vastly superior comes along it will replace BTC.  If something bring enough utility it will co-exist.  LTC will do neither.

Imagine someone made LTC2, LTC3, LTC4, LTC5, LTC99 do you think they would co-exist with LTC?   Say they just changed the hashing algorithm on each and slightly tweaked some variables.

See LTC2 could be LTC silver and LTC3 could be LTC copper and LTC4 could be LTC tin and LTC99 could be LTC poop.  What would you speculate would happen?

(Note it is a rhetorical question as I won't see the answer.  Your need to find "the greater fool" is both boring and depressing.  It is like watching someone try to run a con for $5 and a pack of smokes).

I never said BTC should have a monopoly.  BTC could be replaced or other currencies could co-exist with it.  LTC will do neither.  It is a sad little copy with a few values changed.  The hashing algorithm of choice is pretty much irrelevant to the end user.    BTC has some limitations and competing currencies could produce VALUE (as in utility) by being good where BTC is bad.  One example is micro transactions.  BTC is poorly suited and if it became significantly larger (say money supply worth $10B) it would be even worse.  A crypto-currency optimized for micro transactions would be incredibly useful and interesting.  Now a truly optimized micro transaction would require some real research and design.  


Well people give it price.  Utility gives it value.   A bag of rotten poop might get pumped up to some insane price but its utility is essentially zero and in the long run price will correct towards that.  BTC has utility and as people see it they are willing to price it higher (pay increasing amounts of USD for some BTC).  LTC has price because it can be used to sucker others out of their wealth (http://en.wikipedia.org/wiki/Greater_fool_theory). I am not the crypto-Police.  Put your wealth anywhere you want, but LTC doesn't have a future.  It will be great toy for speculators and have lots of rises and falls but nobody is going to put any resources into really developing products and services for it.  Hell Bitcoin is mostly undeveloped.  Someone with real money could do some really interesting things.  This "mini me" clone with <1% of the marketshare ... nobody cares.

Well almost nobody does accept it and it has almost no value so just fix my post with an "almost".  Way to get hung up on the word "value".  My point was BTC doesn't need a silver.  Silver existed as a currency due to limitations in using physical gold is commerce.  Bitcoin with divisiblity into 21 quadrillion base units lacks that limitation.   LTC in theory could replace BTC but there is no need for it to co-exist.  That is why virtually no merchants accept it, there are no dual currency clients, nobody talks about converting some BTC into LTC for spending and then merchants converting their LTC into BTC for savings, etc.  The whole "silver to Bitcoin's gold" is a fairytale. 

Something might replace BTC but it would have to be significantly better.  LTC isn't it. 

Dooomed doesn't imply it has failed it implies it WILL (future tense) fail.  Kinda like a plane having both of its engine explode at 30K feet.  It hasn't crashed but it is doomed.

There is no purpose to LTC other than "other people got lotz of Bitcoins.  Not fair I will make a new coin and have lotz of notBitcoins".  I mean PPC is a pretty bad implementation of POS but if you believe POW isn't sustainable that means BTC will eventually fail.  POS is a competing theory for securing the chain.  BTC in theory could implode under the weight on the continual POW imposed on it (I don't believe that but it is theoretically possible) however if that happens LTC will eventually suffer the same fate.  Likewise FRC likely will go nowhere but if you buy into the theory that a central agency of wealth management is a better mechanism to distribute coins than the "mining lottery" well it presents an alternative.

LTC isn't a significant alternative to BTC.
LTC has no value as "silver to Bitcoin's gold". (Bitcoin is the silver to Bitcoin's gold)
If POW model is fatally flawed then LTC dies with BTC.

Investing in LTC as an alternative to BTC is like using gasoline soaked cash that you keep piled up in your house as a hedge so you can rebuild if your house is destroyed in a fire.

The only hedge it provides is for those who don't want to acquire too much wealth.

Wait so someone will have access to a CRC32 tool but not the Bitcoin client.

I mean isn't the most common scenario:


I mean someone would rather
1) Get an address but NOT use the client to validate it
2) Use CRC32 tool. 
3) Calculate the checksum. 
4) Send the checksum back to the sender.  
5) Sender verifies.  Find out the checksum is wrong.  
6) Sender and/or receiver notices error.  
7) Recalculate checksum.  
Resend checksum to sender.  Verifies ok.  
..... then .....
9) enter it into the bitcoin client  which (drumroll) VALIDATES IT BEFORE SENDING USING THE BUILT IN CHECKSUM.

Without a client how are you going to compute the "external checksum"?

Still even if you didn't have access to the client if there is a typo then all but 1 in 2^32 times when you DO go to enter it into the Bitcoin client it will notify you that the address is invalid.

So what was the problem again?


Hell someone make "IsThisBitcoinAddressGood.Com?" with a simple javascript checksum validator so we can cross this non-existent problem off the list.

From the video link above I love the term "competitive currencies".  It is a more tech neutral term than cryptocurrency. It also in a single word implies that Bitcoin (and other competitive currencies) are voluntary associations and they have to COMPETE for users based on their value/utility (as a store of wealth, as a medium of exchange, etc).    The most awesome part is that by definition it points out that fiat currencies are NOT competitive.  They are forced upon citizens by the rule of law.

Wonderful.  I am going to start using the term "competitive currencies".

I assume he is going to do the same thing a website does.  Take the pwd, hash it, compare it to the stored hash.

OR someone can let him know he can sell us the Bitcoins at https://fastcash4bitcoins.com and we will send him some gold or silver which he CAN hold in his hand. The best way to convince a gold bug that Bitcoin has value is to show him that someone will give him gold for it.  "Hmm gold is valuable, this guy will give me Gold for these bits.... might be worth it to research this Bitcoin thing further".

On edit:  Personally donated a few coins.

Also sad to see the confusion and frustration from the QT client.   The bitcoin.org homepage REALLY REALLY REALLY has to stop railroading users into the worst possible choice for new unsavy users ... the reference client.  How much more obvious does it need to become before it is accepted that the reference client is best suited for power users, enthusiasts, developers, and merchants/service providers.   It is hands down the worst possible "0 day" experience for a new uneducated users.   I notice in one post he says "the balance is still zero but it says synching I'll check in 15 minutes".  The realization it may be days (up to a week if he is using a low end older laptop with spotty internet connection) before he can even see his funds is just bad PR.

What you described is "large integer factorization" which is one method used in public private key cryptography but not the method used by Bitcoin.  It is the method used in RSA for example.  Elliptical curve cryptography used by Bitcoin uses a different method called "discrete logarithm problem" as outline by BurtW above.  The major advantage of ECC is that it is more efficient with key sizes.  256 bit ECC has roughly the same strength as 3072 bit RSA.

Still ECC can be somewhat difficult to grasp so large integer factorization is useful as an example of a generic problem which is computationally simple to solve (find the product of two large prime numbers) but for which the reverse requires too much computation to be feasible (given a large non-prime number find its prime factors). It is important to note that both RSA and ECC "work" because no efficient solution for the "reverse" has been found .... yet.  If someone were to discover a computationally efficient method of factoring massive numbers then RSA and other algorithms which rely on the premise that factoring large numbers will remain infeasible* will fail.  Likewise if someone were to discover a computationally efficient method to solve discrete logarithms algorithms then algorithms like ECC would fail.

This is different than finding a cryptographic flaw in a particular algorithm as the ramifications are more profound. Essentially when using an algorithm based on large integer factorization or discrete logarithms we are making an assumption that the "reverse" solution will continue to remain computationally infeasible.  If that assumption ends up being disproven then the very basis for the cipher is false.  Understand that in mathematics we can't definitively prove that a more efficient solution doesn't exist.  We are making a calculated assumption based on both theory and the body of cryptographic research (where for example finding a solution for factoring prime numbers in polynominal time likely would get you the nobel prize) that these problems will remain infeasible.



* Sometimes people will say impossible but that is technically incorrect.  Given enough resources (namely energy & time) these problems are solvable so they definately are not impossible.  Also given the random nature you could in theory brute force a key on the very first attempt.  Infeasible means that while theoretically possible to have any reasonable chance of success in any reasonable amount of time would require a scenario which is highly implausible (i.e. building a dysons sphere around the sun, turning all matter in the solar system into a giant super computer and use the output of the sun to power an attempt to break the key"). 

I know the military can't break the laws of physics and I know you have no idea the scale you are talking about.  We aren't talking about "wow this GPU is 3x as fast as last years" we are talking about energy usage on the scale of sending an intersteller spacecraft to another star system to begin a human colony.  

At the thermodynamic limit (the limit of efficiency in storing information imposed by the laws of the universe) it would require an amount of energy more than 100,000 times greater than the global energy usage of the entire human last year just to count to 2^160.  160 bit can't be brute forced today, tomorrow, next century, and likely not anytime until material sciences become so advanced that they will threaten what you propose we upgrade to as well.


To count to 2^160 (just count 1,2,3 ... 2^160) using a perfect computer would require 6.43x10^32 ergs.  To convert to a unit of power which is better known that is 1.78x10^16 kWh.  A next generation nuclear reactor (1500 MW, 90% capacity factor) can produce 4.257*10^13 kWh annually.  That means even if magical aliens gave us a perfect computer it would require ~420,000 reactor years to produce the energy necessary for it to count from 0 to 2^160.  Remember this is merely counting to the number 2^160.  To perform a brute force attack would require tens of thousands of operations per attempt.  So lets ballpark it to say ~50,000 brand new nuclear reactors constructed and running continually to power nothing but this non-existent alien tech perfect computer for the next 10,000 years .... and it would still only have less than a 10% chance of brute forcing a Bitcoin address.

So yes I know 160 bit keys won't be brute forced in the next 20 years.

This quote applies to 256 bit keys but to a lesser extent it applies to 160bit hashes as well.


http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html

This +1.

To the supports .... D&T rant mode engaged.

1) Bit strength alone is utterly meaningless.  ECC was designed to use a smaller key size yet produce the equivelent security of larger key sizes used by RSA.  256 bit ECC has the equivelent security of 3072 bit RSA.   The whole POINT of ECC was to reduce key sizes without reducing security.  Increasing the size of the hash to larger than the ECC key is a good way to just waste space.  It does absolutely nothing.

2) There aren't even any vetted ECC curves beyond 512 bit because it makes about as much sense as idiot LEET hackers speculating that if 2048 bit RSA is good then 4892374190289378952347589347528945 bit RSA must be even better.

3) 160 bits can't be brute forced.  Period.  To put it into perspective the entire bitcoin network has performed roughly 2^56 hashes and comparisons.  If the Bitcoin network was one trillion times faster (note that is roughly a million times more computing power than the entire planet combined) it would take "only" 80 quadrillion years to have a 50% chance of brute forcing a single 160 bit hash.   Most miners understand difficulty so brute forcing a 160 bit key is like a solving a block with a difficulty of 79,228,162,514,264,300,000,000,000,000

4) Larger key strengths are useful in the event an algorithm is partially compromised HOWEVER it is more important to use well known and vetted algorithms which are less likely to be compromised in the first place.  Moving to Bobs Leet 2048 bit hash is of little utility if it is broken wide open providing about 20 bits of effective security vs no practical attacks on RIPEMD-160 or SHA-256.

5) Public addresses are the product of a double SHA-256 hash AND RIPEMD-160 hash of the public key.  This provides resistance to cryptographic attacks as it would require not just a flaw in one algorithm but a significant exploitable flaw in two completely unrelated and highly vetted hashing algorithms to have any useful applications.

6) Nothing is free.  Larger keys, larger public addresses (hashes), and more decimal precision takes up space.  The idiotic idea of going to a 2048 hash would increase the size of all transactions by a factor of nearly 13.  To put it into perspective if the network currently used that the blockchain would be nearly 40GB and growing by 5GB or so a month.  All those scalability limits (bandwidth for a node, computing power to verify tx, annual storage growth requirements, time to bootstrap a new node) would all be increased by a factor of 13.

Increasing the number of digits is equally stupid.  Bitcoin may never scale to a level where such precision is useful.  Say we increase it to 16 digits.  Why not 48? or 96? or 2000?   Now you likely are thinking 2000 digits, now that is stupid.  9+ is really no different.  Taking time and resources from areas where Bitcoin could use some real improvement to "fix" unbroken problems is just dumb.

Want to improve Bitcoin how about donate 20 BTC to an alt-client developer?  How about make or improve a bitcoin library in your favorite programming language/platform?  Maybe crowdfund the development of a node class library so the logic of a node can be decoupled from the GUI and wallet portions of the reference bitcoin client?  No lets "fix" things which aren't broken, that is where we will unlock some value.

Sure however name a global payment network that allows you to make payments with 0.1 cent precision.  Can you western union $123.001?  ACH? Bank Wire?  Credit Card?  Is there even a need?  I mean 1 cent has a negligible purchasing power (in todays dollars).  Most countries are getting rid of coins with purchasing power around 1 US cent (circa 2012 purchasing power).  The smallest subdivision of the Euro is about 2 US cents in purchasing power, and the smallest subdivision of the Yuan is about 6 US cents in purchasing power.  If 1 satoshi rose to be worth ~$0.05 (in 2012 dollars) that would put the money supply at ~$100 Trillion.  The global money supply (all currencies, all forms) is estimated at ~$80T.    Now all this is academic I don't think Bitcoin will replace all global currencies, but it would be possible and still have $0.05 precision.  Not bad and that is without a fork to add additional units.  It is essentially a non-problem.   Now lets figure out how to grow the economy to $1B before we worry about the second $100T.

I think you are confusing certainty with possibility.

Is it possible the money supply of Bitcoin is someday worth billions, or even trillions?  Sure.  Is it certain?  No.

Nobody knows what the future holds for Bitcoin.  It could die off, it could remain a small marginalized darknet tool, it could be fringe mainstream with millions of users, it could become completely mainstream with billions of users and trillions in market cap.  Nobody knows for sure.  Plenty of people have ideas but nobody knows with absolute certainty.  Your posts seem to indicate because nobody knows the future it isn't possible.