Alice and Bob sign a contract, Bob is to ship good X, Alice is to provide money. Bob holds 'Lazy_Alice', and Alice holds 'Dispute'. Bob ships the item and forwards the tracking number to Alice. Alice uses 'Dispute' to get most of her money back. What does Bob do?

I think you're wrong about Alice being the one taking all the risk. The symmetry lies in the fact that neither party is really getting any lower risk by such a deal, unless there's an asymmetry between 'Dispute' and 'Lazy_Alice' which would dump all the risk on one party or the other.

Trying to manage dispute resolution between two mutually untrusting parties without a third party is impossible. In the 2-of-3 case, as long as Alice and Bob are really both honest, they can sign for each other and finish the transaction. In the case that either Alice or Bob are dishonest, they cannot agree without arbitration (the money ends up in limbo). Given that the contract is only used where at least one party assumes the other may be dishonest, a 2-of-3 is absolutely required to resolve things if that does turn out to be the case.

http://en.wikipedia.org/wiki/Rod_of_Asclepius

Sometimes also the similar Caduceus is used, both are Greek. "Pagan" is a christian word for "people we're going to torture and make into second-class citizens of christiandom".

The BTC symbol reminds me of the "beli" symbol used on One Piece.



The "staff" going through it isn't any more meaningful than the rod going through a treble (G) clef symbol.


Only the "double staff" that makes the U in U$ has any particular meaning on a currency that I'm aware of.

coindl


True, but my point is that besides a couple of exchanges, hardly anyone who can call themselves a businessperson has done anything decent with BTC yet. The more BTC gets a reputation as a "drugs gambling and porn" currency, the less the chances of anybody taking it seriously.

Sure, I believe people should have the freedom to decide to do whatever they want to do. However, I certainly wouldn't call drugs, gambling and porn anything close to the best things in life. If I say "let's go start a utopian society" I would hope your response wouldn't immediately be "Yes! Let's fill it with drugs, gambling and porn!".


I think you have the totally wrong idea about economics. There's no such thing as a "complacent status quo" market. For the consumer a market might appear to be offering the same or more stuff for their dollar, for businessmen it means struggling continuously to make sure your business is efficient and competitive and still exists next year. The efficiency of the free market comes directly from being a few inches from sudden death at all times, and from intelligent businessmen figuring out better/cheaper ways to make it happen. As soon as a market settles into a "happy, complacent status quo" sort of phase, it's time to invest your money somewhere else.

The worst problem faced by economies and currencies with small market caps is wild price swings and fluctuations that occur when capital jumps into or out of the currency. Although the effect is much less with a large market cap, BTC is likely to face that sort of fluctuation until it becomes obsolete. Promoting as much slow, dedicated growth as possible, and discouraging rampant speculation can reduce the problem, but as soon as some idiot like Krugman mentions the word "bitcoin" it's right back to violent swings. Unfortunately, if it takes on a "straight up" kind of curve for a prolonged period, interest rates and RoI fall into the negatives, and the economy stops in favor of hoarding the currency. Fortunately, that is only likely to happen if some idiot exchange starts offering real, resellable options contracts rather than the current, less speculative strict forwards.


Silk Road, the largest economic usage of BTC, is about 99% drugs and 1% money laundering. "Gambling" didn't adopt bitcoin, bitcoin adopted gambling. Same with porn.
girls gone bitcoin

Regardless of whether big industries adopt it or not, the currency is what you can (directly) buy with it, and that list isn't terribly long.

Well, more on topic, personally the only thing I would change about the bitcoin 'logo' is to clearly give it only one strike through the B rather than two. The double strike through the USD symbol is an accentuated "U", so that the design makes a "US". Conversely, there are no "U"s in bitcoin.

Lol the great bitcoin economy indeed. The largest industry in BTC is drugs, followed by gambling, followed by porn, then a file trading site and a few people selling trinkets on bitmit. At least some of the banks are decent, not including MtGox.

If you have access to a desktop running bitcoind or other client, it should be trivial to get said client to track tx to/from your card address. Remembering which tx went where is another story, but at least you could have some idea.


Do paypal and dwolla have physical POS methods that don't rely on VISA or mastercard? Maybe I'm missing something. That canadian mint thing sounds like a citizen tracking collar to me. It'll be a disaster of human rights and a disaster of identity theft. I don't think Canada is really the ideal market for bitcoin anyway.

Your friendly torte insurance company. The problem isn't that society needs prisons and government goons to bash down your door and force you to pay for them. The problem is that prisons, as a "rehabilitation program", teach offenders to become career criminals rather than just petty offenders.

People go to prison out of a background of child abuse, and are then subjected to further abuse in prison, reinforcing the lesson that violence and dishonesty are the solution to their problems. Sure, there are problems where externalities aren't easily avoidable, but the solution is never to get a big group of assholes with guns and have them tell everyone what to do and steal money from everyone on an ongoing basis to pay for said activities.

The solution to keeping child molesters away from your children is not to administer TSA agents to molest your children legally at the airport, mall, school and so on.

Does wikipedia require a totalitarian tax collection agency to operate?

The seller, who passes those fees onto the consumer either by higher S&H or by higher prices overall.


I don't see how that solves anything. If Alice wants to buy something from Bob for 10BTC, and Alice doesn't trust Bob to deliver and Bob doesn't trust Alice to pay, how does "the network" decide if Bob has delivered or not to know whether to sent the money to Alice or Bob? If Alice is "lazy", then Bob might have to wait until the contract n-locktime expires to get his money, which might be a long time. Worst case if the tx can't be finished without both parties signing it, then if Alice is lazy Bob might never get his money, and if Bob is crooked then Alice can't get her money back.


If you've figured out some magical way to do escrow without a trusted third party to settle disputes, I'd love to hear it, but it seems technically impossible to me. As I mentioned the best you're likely to do is to lock the money up on the blockchain so your third party doesn't need to be trusted to hold it, just to release it to the deserving party. That's really not much better than what's possible now, although it might streamline things a bit.

Whatever overhead fees are incurred are on the buyer, who is asking for the service. I don't think it's possible to do escrow without a third party, at least not one which would be acceptable to both involved parties. The best you could do would be to store the deposited money to a "virtual address" on the blockchain so that your third party can't just steal the money (unless he's already in collaboration with the seller).

On the other hand, for a proxy-seller like bitmit it might make more sense to escrow the money to a proxy account so that the proxy service can collect their fees as well as guarantee their own buyers against seller abuse. Escrow can't work without at least one trusted third party anyway, which is why amazon is so successful, since customers know they can get their money back most of the time even with an unrated seller.

After re-reading this thread more thoroughly, I came to some other conclusions.


An estimate I made earlier:


Condensing unspent txOuts into per-address balances and forcing full address value for txIns would reduce both network bandwidth incurred per tx and blockchain space by a modest amount. Making pubkeys easily reversible from addresses would eliminate the redundancy of publishing your pubkey along with the signature when spending, which would reduce per-tx bandwidth requirements a bit more.

On second look, 13 weeks total/2-3 weeks per client would probably be the most economical, which is easily less than 50% the size of a fully pruned blockchain with the current standard.


AFAIK the only things dropping tx history prevent you from doing are
A: Using the blockchain as a permanent timestamp server or as a file server, both of which are outside the scope of bitcoin anyway, not to mention would contribute considerably to size.

and

B: Long term data mining of the blockchain, which would only be used by law enforcement (who could still retain as much as they wanted) and identity thieves.

As far as long term goes, I think it's relevant to compare BTC to say, VISA. VISA does, on average, the equivalent of 1.2 million tx per block, or around 360MB per block, or 52GB per day. For this they have one to a few large centralized datacenters, which are in turn served by one to a few large digital clearing houses. Each of these has some absurd internet hookup for handling all of the necessary dataflow, paid for by near-draconian fees which are usually paid by merchants and thus are paid for by, although opaque to, consumers.

BTC, on the other hand, is extremely extremely redundant redundant redundant. Every independent miner and every full client carries the full weight of documenting the transaction history as well as the full network load for outstanding tx. In order for the BTC network to handle the same sort of tx volume as VISA, every miner must then have the full network capacity of VISA as well as the storage capacity to maintain an indefinitely large transaction history.

Ultimately this is unavoidable for any secure payment system, however for BTC there are other considerations that are quite relevant even right now. For example, due to the size of the blockchain, most miners (or at least most of the hashing power) would rather have DeepBit take a big chunk of fees and do all the tx verification and blockchain storage for them, rather than store the whole thing and get no-fees-plus-donations on P2Pool.

The pruned blockchain model doesn't fix this very well, and ultimately the idea pushes tx verification onto centralized mining pools, with clients being forced to request merkle tree data from tx sent to their accounts in order to verify it. That would only add further redundancy and strain the network capacity of the centralized nodes moreso than VISA's servers deal with currently.

More importantly, the only thing resisting the tendency of increased centralization of BTC and direct reliance on cartels is Moore's Law. Quite obviously, BTC user demand has the capacity to grow much faster than Moore's law. Reducing the per-tx network requirements moderately and reducing the per-tx-per-block storage requirements by more than an (computing) order of magnitude would be a big step towards weighting the trend back towards decentralization. Fully (or at least mostly) solving the centralization problem can only be done through the block reward, since tx volume tends to scale with market cap, such that the value of the block reward scales with the BTC economy. IMO fees are incapable of supporting the network due to the level of redundancy present, and will only tend to reduce its use value.

I had that same idea. By itself it wouldn't save blockchain space by much, but condensed into a ledger it could allow you to keep much less blockchain for basically the same security. It would also work well combined with your proof of stake concept, using ledger hashes every, say 138 out of 144 blocks, with every 144th being signed.

How do you get them on there? In order for a card to create tx it would have to have the relevant txIns, in which case it could also know its own balance, and could use a simple interface for "locking in" the settling price for a tx prior to pin input. Again, though, that requires having a computer and a card reader for loading and managing it, or else a bank which can do it for you.

Actually I've considered that alternative from time to time. A very low (long run < 1%/y) inflation rate is basically just as good as zero inflation, with the added benefit of replacing lost coins. The main problem is that there's no guarantee that the block reward will be enough to pay for mining, but similarly there is no guarantee that it won't completely pay for mining and make tx fees basically superfluous. That would require predicting the future market price for BTC, the cost of a future mining rig, the number of rigs required to handle the future tx throughput, which you'd also need to predict, and so on.

The same limitations of multiple, unpredictable variables makes it somewhere between difficult and impossible to make any determinations about efficient mining incentives. The major advantage to being able to predict something like that is that then you could charge a standard fee rate or no fees and basically every tx could still be verified by the next block. Given that "change" can't be spent till at least 1 confirmation (I assume anyway), the time consideration can become a major bottleneck for the use value of BTC.

I was talking more about security from merchant overcharging, and for that matter, since BTC is spent by referring to previous txOuts, you'd have to load all the txOuts onto your card, or trust the merchant to construct a tx with the proper amounts that pays you the proper change. If the merchant is using a USB smart-card reader, they would have even more room for messing with clients since there are no software restrictions on a general computer as opposed to a specialized card payment unit.


Well, I can see that M-Pesa works. Theoretically BTC should work under similar conditions. However, I don't know anything about cloud-based services, and I don't even own a smart phone =\. Where possible, QR codes printed on a receipt are probably the easiest route, requiring only an internet connection to validate, but again that depends on what hardware is available for clients as well as what is typically available for merchants. The only way to find that out is to visit Greece and see what it's like. If smart phones are common and merchants can easily get an internet connected computer, then a flip phone service would only be needed to make it available to the stragglers. If the best anyone can afford is a flip phone, then you're pretty much stuck with centralization, which is a Very Bad Thing in a confiscation-sensitive environment. Also possibly relevant are the fees incurred by said service, although really it shouldn't be more than current banking fees.

Security is another big question, I think. What happens if someone steals your phone? How do you enter a pin or something without your phone recording it? Etc etc.

Hmm.. without saving the unspent txOuts from the classic chain, there's no way to keep them spendable in the future. After a certain point, you could condense all the unspent txOuts from the classic chain into a ledger and save it away, but you'd have to maintain backwards compatibility basically forever to make sure that anyone who possibly still had access to classic coins could still spend them into the new chain. Since some of the coins are definitely lost, there's no way to know when it's "safe" to throw away all the remnants of the old chain.

As long as there was an easy old-to-new wallet converter, conversion would be no problem. After a certain amount of time, maybe 50 years, it would probably be safe to dump the remaining classic tx. The biggest problem I can see is that, compared to simply making a new free-floating currency, programming all of that backwards compatibility would be a lot of extra effort and cost. Also you'd have to hold 2 blockchains at once until at least most of the network converted, which might lead to a few double spends if any merchant were still relying on the old protocol for tx verification after the swap was finalized.

The biggest killer I can see with the BTC network is that the blockchain might tend to grow significantly faster than hardware (Wirth's Law) leading to increased centralization and increased network costs. If that becomes the case, then managing two blockchains at once might be impractical or impossible.

Well, I wouldn't exactly call them "my market". I don't have the resources to launch a huge BTC promotion in Greece (nor do I have greek contacts), although I am curious; how could you use BTC with an old flip phone?

Also, that would depend on what technology is commonly affordable/available in Greece. Since "not EUR/ECB" is the most appealing feature of BTC for Greeks, delivering the currency to them requires putting it in whatever form is most available to them. I don't even have the slightest clue what greeks commonly use or have.

I'm only interested in that point because it would be nice to see the people of a country outsmart their multi-hierarchal dictators for once, not particularly because I want to profit from the venture.


Well if the initial outlay for a USB card reader isn't so bad, and you can get a card with a numpad, then you could just input the price they display to you on your card, enter your pin, then hit send. The card signs a tx with only that exact value so they can't change the price after you begin entering your pin. It could be doable but it seems a bit complicated imo. That and, what's the price difference between a USB card reader + supercard with screen and such vs the cost of the cheapest BTC runnable smartphone?

That might be a way to expand the coinbase, for example making 1 old BTC = 10 new BTC or whatever arbitrary value. By swapping them across chains you could avoid backwards compatibility issues with the old chain, and maintain fungibility indefinitely.

The only problem is what happens to people who have bitcoin stashes they can't access for long periods of time? If you have bitcoins hiding away for, say, ~30 years, and everyone else switches over to the new BTC2 or what have you during that time, won't your coins be left on an old, unused defunct blockchain that nobody even keeps anymore?

I believe ithaca uses a time-currency worth about ~$10 an hour. There's also Berkshares and a few others. All of said currencies come with a socialist hook, however.

My question is, even if you load BTC to your smartcard's address without connecting it to your computer somehow, how does the card know how much is on it? Seems to me it'd be up to memory and luck to make sure you didn't overdraft, which would end up sending an invalid tx anyway. More importantly, how do you set your pin without a central authority doing it for you? I think it's also worth noting that if a card continuously re-uses a single address, then it kinda kills your privacy too.

On the merchant end, assuming physical sales, there's still the problem of integrating a bitcoind backend for register and accounting software, and exchange risk. It seems to me CAO/ICS systems would be less affected, if at all except for the inherent exchange risk involved.

Protecting against double spends = easy
Protecting against exchange risk = not so much
Protecting against arbitrary government confiscation and dealing with accounting conversions = jungle gym

In Greece I think all the disadvantages are moot. Greek business owners currently can't get loans, greek people have no money to spend, and the value of the Eur is evaporating out from under them both in government debt and inflation. Anything that would allow them to easily manage their business or even do business at all would be nothing short of deus ex machina for them, and it's not like they give a damn about complying with government tax regulations or anything. They would like nothing better than for the EUR, the ECB, the IMF, the unelected European Commission, and their own unelected government to hurry up and die so they can get on with their lives.

Obviously you didn't read very far. Ledgers would be validated in the same way as blocks, via hashing power with periodic ledger hashes. They could additionally be verified with proof of stake, and you could reduce the maximum reorg down to 24h of blocks, or possibly even less with additional measures.


If you had read more than one post, you'd know that he got it down to 7% of the total blockchain size, not 10%. 50MB per week suggests a 5GB blockchain by the end of 2012. Either the blockchain is more than doubling in size every year now, which is in excess of moore's law, or you're full of crap on that figure.


You know I put off reading the whitepaper primarily because I assumed it would be a full dissertation. I was disappointed.

However now I understand the way merkle trees work for the most part. Here's a comparison:

-When you prune merkle trees, you still have to keep the block header, all of the merkle tree hashes, and the full tx of any tx that have any unspent txOuts, including all of the txIns, all of the scripts for the txIns, all of the txOuts (including spent txOuts) plus all of the scripts for the txOuts. Verifying tx still requires either a full pruned blockchain or that you trust centralized nodes to provide you with the correct merkle tree entries that you request.

-For the linked ledger system, you throw away all but the unspent txOuts plus the scripts for the unspent txOuts. All block headers older than a certain time can be discarded along with all of the merkle hashes and tx, and each client only needs to keep 4-5 weeks of blockchain and 3 ledgers (1 for an old seeding period, 1 backup, 1 current), of which 2 weeks of blockchain and 2 ledgers can be compressed since they're seldom if ever needed.

-If all unspent txOuts which have the same address are added together and condensed, that would reduce the size of a ledger by ~50% or more. This would also require using the full value of an acct as txIn, but that also reduces the size of txIns on the blockchain as a result.

2000MB * .035 = 70MB Per ledger
70MB * 2 = 140MB of ledgers that can be compressed
33MB (est weekly block size with reduced txIns) * 3 = 99MB uncompressed blockchain (maximum, varies)
66MB compressible blockchain (2wks historical for seeding)

70 + 99 = 169MB uncompressed
140 + 66 = 206MB compressible

I think your 500MB estimate for pruned merkle trees is overly optimistic. I'll believe it when I see it. Assuming you can compress data to 66% of original using zip or similar, with ledgers you'd only keep a maximum of about 305MB, and only 215MB for a lite client.

That's assuming that 6 months of total blockchain are retained over the mining network for seeding so that clients can do a "full verification" on first start, and is still ~1/2 to 1/3 the size of a fully pruned complete blockchain, and ~10% of an unpruned one, even with backups.

I don't really get it. If you don't have a smart card interface to your computer, how do you load any coins onto them? By going to some centralized bank? Certainly the grocery store isn't going to offer deposit services for bitcoin cards. If you do have a card interface for your computer, you could set up your pin securely from there and load whatever coins you wanted from your online or offline wallets.


I don't see how a contact based smart card would be any better than an RF card security wise. Neither has a large enough range to allow someone to steal your money remotely, and in both cases you're trusting that the manufacturer of the card reader has made it so that the merchant can't charge more than they said they would without retyping your pin.

AFAIK (from the few RF smartcard readers I've seen, and McDonald's is about the only place I've seen them) most RF card readers don't even require even so much as a pin input, which would be a disadvantage vs contact cards, but the card itself could require a pin to mitigate that problem. On the other hand, requiring a pin would be a disadvantage for small token purchases, like the original usage of smart cards as subway tickets.

Although the price tag of a smart card is way more affordable than a smart phone, I don't think they're well suited to the technology and usage of BTC.