Assets being seized (If you use Bitcoin correctly, the government can not freeze your funds)
Untraceability (If you run Bitcoin on Tor, people can send you payment with out ever learning your IP address)
Unlinkability (If you use mixes or blind digital signatures with bitcoin, you can completely hide the fact that a bitcoin you have came from a certain other persons account, with a mathematically ensured minimum crowd size, which means you may have gotten your bitcoin from one of X people, where X can be a very large number).
Points
*Bitcoin is a P2P system for financial transfer. It consists of multiple parts, a network and a client.
* The Bitcoin network is completely decentralized, similar to modern P2P file sharing programs. This is in contrast to centralized E-currency such as Pecunix and Liberty Reserve. Pecunix and Liberty Reserve are run by corporations, the infrastructure is provided by the corporation, the servers are located in a single country and owned by a single corporation and the technology is closed source. Bitcoin is a network consisting of everyone who runs a client, it has servers across the world and has CPU power currently rivaling some of the worlds most powerful super computers. There are a few open source clients, much in the same way as you can use the Torrent protocol with various clients.
* Unlike Liberty Reserve and Pecunix, bitcoins are not backed by gold or dollars or euros or anything. There is no corporation promising to exchange bitcoins for cash.
* Bitcoins have value for several reasons. The first reason they have value is because they are scarce, currently there are about ten million bitcoins in the economy and there will only ever be a total of 21 million. The second reason bitcoins have value is because they have various sought after characteristics, or are easy to use with other systems which can provide these characteristics. Some of these characteristics include untraceability, unlinkability, unseizeability, essentially impossible to shut down the network due to its massive and distributed nature, Bitcoins are also highly resistant to double spending which can be seen as a sort of counterfeiting. Bitcoins are immune to inflation and deflation prone and they can be sent through the internet with no intermediate company required to handle the transaction (peer to peer distribution). Bitcoins are also cryptographically secure against a variety of technical attacks.
* Bitcoins are mined, resulting in a fair initial distribution scheme. This can be seen as similar to mining for gold; a limited amount of the value exists in the world, and people can spend resources in an attempt to gather the value. With gold the value is a precious metal with some intrinsic value (jewellery, electronics, scarcity), with bitcoin the value is a more abstract item which also has intrinsic value (untraceability, unlinkability, unseizeability, etc).
Mining for Bitcoins is done by using CPU cycles to try and find partial hash collisions for a problem determined by the network + transaction history. The total processing power of all clients protects the entire network from double spends, and also gives the participating clients a chance of finding new Bitcoins for themselves. The probability a client has of finding new Bitcoins is directly related to how many CPU cycles they use protecting the network from double spends.
Quote
Technical explanation, feel free to skip
Here is how a partial hash collision works:
A hash, as you probably know, looks something like this:
b45cffe084dd3d20d928bee85e7b0f21
that is the md5 hash of the word string.
here is the md5 hash of the word string2:
91c0c59c8f6fc9aa2dc99a89f2fd0ab5
notice the first characters do not match. According to one type of collision metric this would not be a partial collision. notice that the 9th character in both is an 8. According to some collision metrics this would count for 8 bits of collision (every character is one byte so 8 bits). Bitcoin uses the first metric for collisions, meaning that the characters must match in sequential order from the start for it to be a collision.
Bitcoin gets harder to mine over time. The number of sequential partial hash collisions required to get new Bitcoins goes up as more and more bitcoins are mined.
An attacker with more than 50% of the CPU power of the entire Bitcoin network is capable of doing an attack called double spend. This means that they can send the same coins to Alice as they do to Bob. This can be seen as counterfeiting. However, an attacker with greater than 50% of the CPU power is incapable of arbitrarily stealing bitcoins from you. An attacker with a Quantum computer can steal bitcoins from anyone though. Attackers falling into the first category (50%+ CPU power) are rare, the Bitcoin network has more CPU power than most super computers and it is gaining more CPU power rapidly. I have heard from a good source that nobody in the world currently has a quantum computer, including the NSA, so this is more of a theoretical attack.
The initial distribution of bitcoins is good for two reasons. First it demonstrates that some random person did not invent a P2P currency and give himself a ton of it and say hey this has value! Someone made a P2P currency with intrinsic value in its very nature, mathematically demonstrated its scarcity and 'mining mechanism', and allowed anyone to attempt to mine it while simultaneously providing a service to the entire network by protecting from double spends. Bitcoins entire mining process is backed by math, and everyone has a fair chance at mining bitcoins. As with gold, it will get harder to find new Bitcoins as time progresses. There was an initial gold rush with Bitcoins and the first people to start mining did indeed get significantly large sums of money after the currency started to become more mainstream and the supply and demand changed (much higher demand for Bitcoins intrinsic properties coupled with the provably scarce supply of bitcoins resulted in the going price for a single bitcoin rising from a penny when the network started to nearly $2 each today).
Bitcoins can be divided to 8 decimal places, so the limitation of 21 million bitcoins is not going to make it so it can not be used widespread. If bitcoins are worth 10 dollars some day, then .1 bitcoins will be worth 1 dollar. If bitcoins are lost they can never be replaced, and bitcoin is mathematically proven to be scarce, so bitcoin is inherently deflationary.
Ownership Mechanism
To create hashes, the bitcoin clients use a pseudorandom number generator to generate random strings and then take their hash values. These values are compared to a network agreed upon hash (based off the entire transaction history, with a modification to add +X bitcoins for the client) looking for partial collisions of N-bits (N increasing as more bitcoins are found). When a partial hash collision that meets the criteria is discovered, a client signs the randomness with an asymmetric public key and submits it to the network. The first client to submit the correct signed randomness gets its self added addition of bitcoins respected by the entire network, thus the owner of that private signature key gains the new bitcoins.
Quote
Technical Stuff
People can link computers together into clusters to mine for bitcoins as teams, this means that every computer on the cluster looks for partial hash collisions and then when they are found the resulting number of bitcoins is split up among the clients participating in the cluster. Of course, a single computer can also mine by itself..participating in the cluster. Of course, a single computer can also mine by itself.
People can link computers together into clusters to mine for bitcoins as teams, this means that every computer on the cluster looks for partial hash collisions and then when they are found the resulting number of bitcoins is split up among the clients participating in the cluster. Of course, a single computer can also mine by itself..participating in the cluster. Of course, a single computer can also mine by itself.
Transfer Mechanism
Bitcoins can be securely transferred from client to client over the Bitcoin network. This is done merely by the owner of a certain amount of bitcoins using the private encryption key associated with the bitcoins signing a statement transfering the bitcoins to another private key, and then submitting this statement to the network. The network now transfers the value from the first to the second person, to prevent the first person from doing double spends. The transaction is added to the entire history, and influences the randomness clients need to find partial hash collisions for.
Bitcoins can be sent to IP addresses, but in general they are sent to Bitcoin addresses. Bitcoin clients can hide their locations using anonymizers such as Tor, I2P and VPN services. Due to the nature of bitcoin, there is no inherent unlinkability. The entire network is capable of seeing that Alice (IP/Bitcoin Address/Private Key) transferred bitcoins to Bob (IP/Bitcoin Address/Private Key). However, Bitcoin can be run through mixes to provide cryptographically ensured within a set size unlinkability.
Quote
Technical Unlinkability
Alice sends some Bitcoins to Bob. The entire Bitcoin network knows this transfer took place, and must to protect from double spends. This is linkability. This can be countered with mixing and blind digital certificates. There are already several people offering this service for Bitcoin.
Let's say Alice wants to send Carol some Bitcoins with out anyone else being able to link them together. To do this, Alice creates a few Bitcoin addresses (all are free to make and easy to make with open source software). She loads some money to each of the accounts through a Bitcoin exchanger. Now, Alice sends the Bitcoins to Bob for blind digital certificates. For every 1 bitcoin Alice sends to Bob, Bob sends her one blind digital certificate. A blind digital certificate algorithm allows Bob to give Alice a certificate that anyone can prove Bob signed, with out Bob being able to know what the signature on the certificate looks like when he signs it. Now Alice can send Carol the blind digital certificates. Carol then sends the blind certificates to Bob, who can verify they are his certificates and that he owes the holder of them 1 bitcoin each. Carol can generate some number number of Bitcoin addresses and have Bob transfer X% of the owed bitcoins to each account.
Now someone watching the network can see Alices various accounts (which can't themselves be linked together if Tor is used) sent Bitcoins to Bob. So did thousands of other people. They can also see Carols accounts (which also can't themselves be linked together if Tor is used) got bitcoins from Bob. So did thousands of other people. Now, an attacker is not capable of determining which of the thousands of people Alice put coins into Bob for, or which of the thousands of people who took coins out of Bob got them from. This is cryptographically assured unlinkability. The reason that various account addresses are used is to avoid correlation attacks (Alices single account put $1,000 into Bob, and Carols single account got $1,000 out of Bob. Nobody else put in or got out $1,000, so Alice and Carol can be assumed as linked based off of this correlation). Using multiple accounts like this is called structuring.
Alice sends some Bitcoins to Bob. The entire Bitcoin network knows this transfer took place, and must to protect from double spends. This is linkability. This can be countered with mixing and blind digital certificates. There are already several people offering this service for Bitcoin.
Let's say Alice wants to send Carol some Bitcoins with out anyone else being able to link them together. To do this, Alice creates a few Bitcoin addresses (all are free to make and easy to make with open source software). She loads some money to each of the accounts through a Bitcoin exchanger. Now, Alice sends the Bitcoins to Bob for blind digital certificates. For every 1 bitcoin Alice sends to Bob, Bob sends her one blind digital certificate. A blind digital certificate algorithm allows Bob to give Alice a certificate that anyone can prove Bob signed, with out Bob being able to know what the signature on the certificate looks like when he signs it. Now Alice can send Carol the blind digital certificates. Carol then sends the blind certificates to Bob, who can verify they are his certificates and that he owes the holder of them 1 bitcoin each. Carol can generate some number number of Bitcoin addresses and have Bob transfer X% of the owed bitcoins to each account.
Now someone watching the network can see Alices various accounts (which can't themselves be linked together if Tor is used) sent Bitcoins to Bob. So did thousands of other people. They can also see Carols accounts (which also can't themselves be linked together if Tor is used) got bitcoins from Bob. So did thousands of other people. Now, an attacker is not capable of determining which of the thousands of people Alice put coins into Bob for, or which of the thousands of people who took coins out of Bob got them from. This is cryptographically assured unlinkability. The reason that various account addresses are used is to avoid correlation attacks (Alices single account put $1,000 into Bob, and Carols single account got $1,000 out of Bob. Nobody else put in or got out $1,000, so Alice and Carol can be assumed as linked based off of this correlation). Using multiple accounts like this is called structuring.
Why Do I Need Unlinkability ??
With out using mixes + blind digital signatures with bitcoin, you are weak to several financial network intelligence attacks (Although no more than every single other payment method people are currently using...PARTICULARLY RELOADABLE DEBIT CARDS WHICH ARE DANGEROUS TO USE AND FININT WET DREAM FOR MAPPING OUT DRUG NETWORKS). Even though the location of Bitcoin clients can be hidden with tools such as Tor or I2P, the bitcoin transfer topology is publicly available and must be to protect from double spends. This means that ANYONE can tell account XYZ send money to account ABC, even if nobody can tie the account numbers to actual people or computers thanks to Tor. This means an attacker with a few bitcoin nodes or who runs a few businesses that take bitcoin / exchangers can do attacks like this:
Alice ---> Buys Bitcoins from exchanger A
Alice ---> Sends Bitcoins to Vendor A for drugs
if vendor A and the exchanger as the same person, Alice is busted.
Note: Using multiple bitcoin addresses you own can act as a proxy, but this should not be used for strong unlinkability. Alice 1 <-> Alice 2 <-> Carol <-> Carol 2 will not provide strong unlinkability between Alice and Carol you should use a mix!
My Thoughts
I think we should all start using Bitcoins.
There are some things to worry about with Bitcoin other than financial intelligence attacks and inherent economic challenges. One issue to worry about is hackers finding exploits for the actual Bitcoin client. It is theoretically possible for a programming error in Bitcoin to allow an attacker to take over the entire network and permanently shut it down. Bitcoin has been highly audited by some of the best programmers/security people in the world and they think it is secure but it is always possible for some unseen flaw. It is also possible to steal bitcoins from people / shut down the network if the attacker can break some of the cryptographic functions being used. This is not likely to ever happen though, unless there is some major break through in number theory. Individual computers on the bitcoin network need to worry about other hacks than bitcoin application specific hacks. For example, if an attacker can hack you through firefox they could do an EOP attack to gain control of your bitcoins as well (assuming you use smart permissions in the first place to require an EOP attack and don't run all your processes as the same user).
Right now Bitcoin is being highly backed by Libertarian and Anarchist groups as a tool of subversion against the state. Many are calling it a non-violent revolution.
If you arn't making plans to switch to Bitcoin, or at least to incorporate Bitcoin for providing *real* (math) security, versus *fake* (jurisdictional / policy) security in your financial transactions, I think you are putting yourself at TREMENDOUS risk for no reason.