Fundamental bitcoin flaw - revisited

[beeblebrox]

I do trust in math.  Indeed it is the SAME type of math (crypto) that makes DRM secure that bitcoin uses.

Bitcoin is unable to be counterfeited because of the public ledger, AKA the block chain.

How does DRM prevent counterfeiting?

http://en.wikipedia.org/wiki/Trusted_computing
http://en.wikipedia.org/wiki/Uefi (especially the secure boot section)
http://en.wikipedia.org/wiki/Trusted_platform_module
http://en.wikipedia.org/wiki/Digital_rights_management

[jhansen858]

I can tell you that bigger company's are going to want to have the transactions verified in the block chain.  All big companies will err on the side of caution and will not even question the transactions fees.  I can tell you that even if the fees were 2% it would be cheaper then what visa and mc charge.  However I will say that not every transaction should be included in the block chain, and eventually as the system grows, it will be preferable if not all the transactions are included as the amount of data would probably crush the system as it is today.  However, you seem to be arguing that eventually, everyone will realize they can trade coins outside of the blockchain and therefore everyone will do that to save from paying fees and the block chain will dwindle to nothing making it irrelevant, "the fatal flaw".  

I can say that this will never happen.  The devs are already arguing how difficult it is going to be to keep the block size down to a manageable level due to how many transactions are going in.  The block chain will always be needed in the same way that root dns servers will always be needed.  Yea you can cache the dns records (trade coins out side of the block chain) and offload that but try and get me to believe that you would no longer need the root servers because everyone was going to tell each other what the ip's are in a dns query (100% trade coins outside of blockchain) to avoid paying some tiny fee is just not easy to believe.  

[nwbitcoin]

This is the funniest thread on this forum but I wonder if it's a set up?

If you read the OP posts in a soft Texan accent, you would swear the you were in the room with Sheldon, from big bang theory!
 
The big hole in the argument is that if you use the currency in a way it's not meant to be used, it's not going to perform as well as it should.
 The point about using the block chain is that it confirms to everyone that your transaction is good.
Using drm doesn't.

[ancore]

^^yes I'm starting to think the same

Now here's the important one: So if the majority of transactions move off-chain what happens to the miners and consequently what happens to the network hash (ie: what happens to the famed bitcoin security)?  

I won't answer this one, instead I'll let you think about this.

Would you just please answer the question? you are either right or wrong with what would happen
Do you realize you are the one starting a thread on bitcointalk proclaiming a fundamental flaw in bitcoin?
to me fundamental flaw means either somethings broken or can't work

now you made me feel like a troll

[beeblebrox]

I do trust in math.  Indeed it is the SAME type of math (crypto) that makes DRM secure that bitcoin uses.

Bitcoin is unable to be counterfeited because of the public ledger, AKA the block chain.

How does DRM prevent counterfeiting?

http://en.wikipedia.org/wiki/Trusted_computing
http://en.wikipedia.org/wiki/Uefi (especially the secure boot section)
http://en.wikipedia.org/wiki/Trusted_platform_module
http://en.wikipedia.org/wiki/Digital_rights_management

Sorry, those links don't explain anything. Explain to me how you would transfer a private key to me using DRM in a way that completely ensures that you no longer have access to that same private key.

Ok, so you want a model of how to transfer the private key of a DRM coin.  Well, before we start let's clarify what a DRM coin would be in this hypothetical model so we can agree on what we're talking about:
Basically it is the public/private key pair of a wallet address that is stored cryptographically on just one computer at a time.  The public key is still publicly available knowledge and can be viewed arbitrarily (eg: someone may access the public address in order to look it up on the block chain to check its balance).  However the private key can only be accessed once, once it has been retrieved the coin itself is destroyed so it cannot be transferred again.  The coin should also store the balance that was transferred to the address when it was created  (Note: someone may add more money into it after creation because the public address is known.   It would be a strange thing to do though.  So the balance is technically the minimum amount that it contains-- if someone adds extra money the coin itself doesn't know about this.  Only the initally creation balance is known by the coin.)

Now for the model: (Note: this is just a simple hypothetical model- in reality it would be more detailed than this).  The model has three different parts, 1)coin creation, 2) coin transfer and 3)reveal private key.  

Let's use the following example to explain how it the first two parts work:
Sender Sally has atleast 50 BTC on-chain in her wallet.  Receiver Ross is coming to collect the 50BTC she owes him, but Ross will only accept DRM coin because he doesn't want to wait around 20min-90min for 3 confirmations to prove that he has received the coin.  So sally has to 1) create a coin holding 50 BTC before Ross comes and 2) transfer it to Ross when he arrives.

1) Coin creation:
a)Firstly, Sally secure boots her computer.  This procedure puts the hardware into a precisely defined state and prohibits all non-signed pre-OS binaries to run (eg: the OS boot loader will only be run if it's signature matches that stored on chip).  This prevents low-level pre-OS attacks such as rootkits..   see: http://en.wikipedia.org/wiki/Uefi#Secure_boot
b)Once the OS is up and running then Sally runs the program and selects the "make-DRM-coin" option.  This software checks before it does anything that it is running on a securely-booted machine in a secure state.  
c)Once the software knows that it is safe, it creates a the private/public key pair address and makes a standard on-chain transaciton to load the address with 50BTC.  The software doesn't reveal the private key to Sally.
d)Once the transaction has been confirmed (the number of confirmations can be arbitrarily decided by the user.) the software puts this key pair plus a record of the amount into sealed storage.  see: http://en.wikipedia.org/wiki/Trusted_Computing#Sealed_storage
The coin has now been successfully created

2) Coin Exchange:
a)Both Sally and Ross secure boot their computers.
b)They both run the software and Sally chooses the "transfer-DRM-coin" option.  Like the before the first thing the program does is establish that it is running in a safe, secure environment.
c)The software establishes a secure connection between the two computers.  Let's just say it is SSL over a direct computer-computer WiFi connection for this case.
d)Once the connection is established, the two computers both remote attest to the other that it is running an untampered version of the "make-DRM-coin" software on a secure computer.  see: http://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation  and http://en.wikipedia.org/wiki/Direct_anonymous_attestation
3)Sally's computer retrieves the coin from secure storage and tranfers it to Ross's machine.  Sally's machine deletes its copy.  On receipt Ross's machine places it into sealed storage.   (This transfer would actually be a little tricky because of the need for confirmation of the transfer before Sally has her coin deleted.  Computer protocols for this sort of thing already exist.)
Voila! The coin has been transferred.

For the last part:  Let's assume the Ross for some reason or other wants to transfer some amount of the coin on-chain within the Bitcoin network:
3)Reveal Private Key:
a)Ross secure boots his computer
b)He runs the program and chooses the "reveal-private-key" option.  Similarly to the other options, the software only continues only if it being run securely.
c)The software retrieves the coin form sealed storage,  informs ross of the private key and destroys the coin.  He can now perform standard on-chain transactions.


There you go.  A simple protocol of a secure private key exchange.


Please note though:  In real life you wouldn't make a new DRM coin each time for a specific transaction.  Rather you would make a lot of them preemptively at commonly used demoninations (eg: if you had 1000BTC make 9x100BTC coin, 9x10BTCcoin, 9x1BTC, 9x0.1BTC, 10x0.001BTC) and would exchange the required number of each demonination to make up the amount required.  eg: to transfer 156BTC transfer 1x100BTC, 5x10BTC, 6x1BTC.

Also note: the software can reveal the public key and amount of the coin at any time-- this can be used to increase the confidence of the person receiving the coin that the DRM hardware/software protection mechanisms haven't been defeated since they can check that the address still has atleast the amount stated before accepting it.  It can also be used to check the number of confirmations of the coin.

[beeblebrox]

I can tell you that bigger company's are going to want to have the transactions verified in the block chain.  All big companies will err on the side of caution and will not even question the transactions fees.  I can tell you that even if the fees were 2% it would be cheaper then what visa and mc charge.  

Why on earth would a "big company" use visa or mc for transferring large amounts?  I personally just recently did a $30,000 international money transfer, 1/3 of the way around the world, for just $22.  That's 0.073%, which is not much at all (and it would have been a smaller percentage had I transferred more-- the $22 is a fixed price).  Bitcoin is going to have a very hard time competing with that once fees become the major source of income for miners.

.... However, you seem to be arguing that eventually, everyone will realize they can trade coins outside of the blockchain and therefore everyone will do that to save from paying fees and the block chain will dwindle to nothing making it irrelevant, "the fatal flaw".  ....

Well, atleast it appears that you seem to grasp the point I'm making

[Sukrim]

Since Sally has her PC 100% under her control, she does the following as example:
Sally freezes her RAM after creating the private key + putting it into sealed storage. She then reads out its contents, cross checking with the known public key to extract the private key. As she transfers the key to Ross, if he doesn't immediately publish a transaction with the coin, he's screwed.

Another alternative:
Sally (passively) measures the power consumption of her CPU while it is calculating/processing the private key.

Probably more realistic:
Sally finds a TPM chip from a country that is not too concerned with trusted computing that allows some "debug" functions - meaning she can still act as if she is really "legit" but in fact she isn't. Just look at HDCP how this stuff worked out.

[drawingthesun]

Interesting, except almost every DRM system has been broken. All that is needed is a way to double spend the DRMcoin and if this happens enough people will lose trust in DRMcoin.

Also people will have to use DRMcoin with the knowledge that using DRMcoin drains the Bitcoin network of transaction fees and thus weakening the Bitcoin network, possibly making their DRMcoin worthless (as its still a Bitcoin).

I can't see DRMcoin being as secure as Bitcoin, someone will figure out a way to take advantage and when enough people are left with DRMcoin that is worthless as the Bitcoin inside it has already been spent people will hopefully return to using the blockchain.

[beeblebrox]

Since Sally has her PC 100% under her control, she does the following as example:
Sally freezes her RAM after creating the private key + putting it into sealed storage. She then reads out its contents, cross checking with the known public key to extract the private key. As she transfers the key to Ross, if he doesn't immediately publish a transaction with the coin, he's screwed.

Not such a simple thing to do.  Also, you can write the software so the keys almost never go into ram but are only in the CPU caches or the registers.

Another alternative:
Sally (passively) measures the power consumption of her CPU while it is calculating/processing the private key.

This one is just plain silly.  So tell me, how do you plan to reconstruct the key from the power consumption?

Probably more realistic:
Sally finds a TPM chip from a country that is not too concerned with trusted computing that allows some "debug" functions - meaning she can still act as if she is really "legit" but in fact she isn't. Just look at HDCP how this stuff worked out.

Now you might be thinking a bit rationally here.  However, countries don't make TPM chips-- companies do and there are only just a few of them.  If ever they deliberately allowed exploits then they would be sued out of existence (and with the way the law is rapidly tightening up on copyright infringement and computer security they would soon be doing this illegally-- if it isn't so already)

[marcus_of_augustus]

There you go.  A simple protocol of a secure private key exchange.

Mmmm, nice theory.

Regardless of the fact that the whole thing is highly speculative and even if it ever could be made to work ..... with all the users dropping into a coordinated super-secure special boot handshake dance several times, how is this faster/more convenient than regular btc blockchain transfer?

I think there maybe a fundamental flaw in this thread ... but I can't see that it has that much to do with bitcoin.

Your argument is basically saying that some vapour-ware method for off-chain transactions is going to become the predominant mode for bitcoin transactions and quickly pose a systemic problem since it will be the only thing users will want to do with bitcoin .... ?? There's so many layers of BS shaky speculations in here it's difficult to see how the thread made it to 4 pages.

[beeblebrox]

There you go.  A simple protocol of a secure private key exchange.

Mmmm, nice theory.

Regardless of the fact that the whole thing is highly speculative and even if it ever could be made to work ..... with all the users dropping into a coordinated super-secure special boot handshake dance several times, how is this faster/more convenient than regular btc blockchain transfer?

It's more convient because it is extremely quick, a matter of mere seconds.  Also, it costs NOTHING.  And if done over a remote network connection it is anonymous.

I think there maybe a fundamental flaw in this thread ... but I can't see that it has that much to do with bitcoin.

Your argument is basically saying that some vapour-ware method for off-chain transactions is going to become the predominant mode for bitcoin transactions and quickly pose a systemic problem since it will be the only thing users will want to do with bitcoin .... ?? There's so many layers of BS shaky speculations in here it's difficult to see how the thread made it to 4 pages.

Actually, the argument is more than that.  It is the fact that bitcoin allows off-chain transactions at all that is the flaw.  There are many, many ways potentially that bitcoin can be traded off-chain (we already have some today: such as casascius coin, printcoin bills) with others being suggested/proposed.  Each time a coin that would have been traded on-chain is moved off chain it results in less revenue for miners.  Less revenue for miners means less mining which results in weaker security.  

What I'm saying about DRM is that it is potentially a very,very successful off-chain system-- so much so that it by itself may bring down bitcoin network hash rate to render bitcoin useless.  

TPM chips are real, not vapourware.  Indeed, the computer you are reading this on probably has one.  Windows 8 insists that it is booted securely.  The basic security mechanisms for DRM coin are falling into place.  It is only a matter of time before someone actually writes this software.

[flipperfish]

1) Coin creation:
a)Firstly, Sally secure boots her computer.

Stopped reading here: Why would Sally be interested in secure booting her computer, if she later wants to scam Ross?

The rest of your scheme (okay, I admit, I read it after all) describes a way, which ensures that no 3rd party can tamper with the transaction, but that's not the problem here. The problem is, that Ross has to trust Sally.


Besides, I really hope that computers won't be hermetically sealed from their users in the future, only for someone else to be sure, that my hardware behaves nicely. The security features still can be implemented in peripheral devices (unless you want to use Windows, of course  ).

[Littleshop]

Please explain to be why this is not considered the major problem with bitcoin and why it is not discussed on this forum.

Because it will not happen.  The possibility of off block chain transactions is a FEATURE not a problem.  While most transactions are on the blockchain, you can (with less security) trade off the blockchain as well.  You may gain speed, low transaction costs or novelty but you give up SECURITY.  Because you give up something, the blockchain will still be the choice for most transactions.

Using the blockchain avoids needing to rely on trusting ANYONE.  In person transactions rely on trusting SOMEONE.  That someone may be the person you are trading with (by using open private keys), the maker of a system like Casascius coins or some horrible DRM system that you talk about.  You will have to trust someone.  With the blockchain all you have to do is trust in MATH.  I trust math.  Do you?

 

I do trust in math.  Indeed it is the SAME type of math (crypto) that makes DRM secure that bitcoin uses.

False analogies are false.

And you did NOT AT ALL answer the issue of TRUST.

Bitcoin is open and known.  You only need to trust math as I said before.

With your DRM scheme you need to trust:

1) the DRM maker
2) the DRM scheme itself
3) trusted computing and code signing
4) Microsoft

Each one of these is a point of failure. And while you need only ONE to be broken to render your DRMcoin to be broken and useless, EVERY one of them has been broken before. 

Go ahead, trust DRM.

[Sukrim]

Another alternative:
Sally (passively) measures the power consumption of her CPU while it is calculating/processing the private key.

This one is just plain silly.  So tell me, how do you plan to reconstruct the key from the power consumption?

http://en.wikipedia.org/wiki/Power_analysis - and it's far from silly, at my university you learn how to do that in the second year of a CS bachelor. It's even possible to extract keys from your bank smartcard that way, though new generations got a bit better. CPUs in PCs are however most likely NOT built to migitate these attacks and it will take quite some time until they are.

Your idea only works if you can 100% trust hardware a potential attacker has in his/her hands. Seals can be broken, chips soldered off, power consumption measured and debug lines reattached - still it needs to keep secrets from somebody who specifically tries to get to them. Sorry, but that's not an assumption I'd call a flaw of Bitcoin.

I agree that DRMcoins are potentially possible - but the transaction of these is NOT as secure as a transaction on the block chain, which means if you want the highest possible security, you still will pay miner fees. If you only transfer 5 cents for a bubble gum to a vending machine, it might be possible to use DRMcoins as well - but the machine operator will probably swipe all these DRMcoins every month or so to make sure they are really his.

[jhansen858]

I think the answer is that, its a feature, not a flaw. 

can coins be traded out side of the block chain?  -  Yes

Is this a fatal flaw or a feature?  -  I'm going to go with feature.

Will this feature kill the blockchain as we know it?  - No, its still more convenient to get exact change by running transactions through the block chain.  You can also not always just do local trades with people you trust, so why would you resort to some DRM solution to do what is already more convenient to do with the built in functionality? Especially when the fees are not cost prohibitive. 

Will this feature allow some significant portion of the transactions to be off the block chain? -  Yes, but if your on the receiving end of the transaction, you are going to want to run it through the blockchain to make sure this isn't counterfeit somehow unless you already trust the person your transaction is running through or you have some other reason for not wanting a record of the transaction.  To most merchants, that's worth the small transaction fee that you pay. 

If your a merchant, and worried that not accepting offline transactions would hurt your business, why not just offer to pay the fees that would be incurred.  Or if your so inclined to accept offline transactions, its no different then if the money were never spent from the eyes of the miners. 

And who says that mining has to be a for profit venture only.  Wikipedia runs quite successfully with out charging fees for its services.  They do it for the simple fact that it needs to be done. 

Another example that comes to mind. 

Suppose
1) I have a cell phone plan that allows free calling to a number
2) that number routes to an asterisk PBX with a DISA dial through that will give me another dialtone on the other end from which to make calls
3) So I can call this unlimited number, and from there, make free calls.

So why don't I just exclusively use that method to make all my calls on my cell phone?

a) its inconvenient.  My address book in my phone is not set up to accomidate that
b) the cost of just using the cell phone isn't really that expensive... I would save about $20 / month to do it the other way

Basically, I don't mind paying a little bit extra to get the increased convenience. 

As long as there are people out there like me, the blockchain will always be used. 

[blablahblah]

How could I forget?! This thread is the perfect opportunity to fine-tune our template!....

Your post/thread attempts to criticise BITCOIN on

( ) economic (v ) technical ( ) philosophical ( ) emotional

grounds. Your criticism has no merit. To help you learn from your mistake/s, additional details regarding the nature of your error are presented below:

( ) Your argument uses certain terms incorrectly.
( ) Your arguments/conclusions are incorrect due to bad input data.
(x ) Your arguments/conclusions are flawed due to bad processing.
   Your logical fallacy is:
   ( ) Black or white (you're either with us or you're with the terrorists)
   ( ) Special pleading
   ( ) Loaded Question
   (x ) Burden of Proof
   ( ) Ambiguity
   ( ) The Gambler's Fallacy
   ( ) Bandwagon
   ( ) Appeal to Authority
   ( ) Composition/Division
   ( ) No True Scotsman/Appeal to Purity
   ( ) Genetic
   ( ) Begging the Question
   ( ) Appeal to Nature
   ( ) Anecdotal
   ( ) The Texas Sharpshooter (cherrypick data)
   ( ) Middleground
   ( ) Strawman
   ( ) False Cause
   ( ) Appeal to Emotion
   ( ) The Fallacy Fallacy
   (x ) Slippery Slope
   ( ) Ad Hominem
   ( ) Tu Quoque
   ( ) Personal Incredulity
   (thanks to: yourlogicalfallacyis.com)
( ) Your argument fails to take into account one or more input variables.
( ) Your argument uses
   ( ) Metaphysical
   ( ) Spiritual
   ( ) Theistic
   ( ) Emotional
   rambling that is UNFALSIFIABLE.

Specifically, your criticism indicates that your understanding has flaws in one or more of the following areas:
(x ) supply and demand
(x ) competition, monopolies
(x ) money, currency, cash, fiat, commodities, history of money
( ) theories of value
( ) inflation, deflation, CPI, money supply
( ) ponzi schemes, pyramid schemes,
( ) bubbles, early adoption, FX plays
( ) open source software
(x ) structures: centralised, decentralised, headless
( ) cryptography
( ) data storage
( ) networking
( ) computer languages
( ) chaos, dynamic equilibria
( ) crowd psychology
(x ) Game Theory
( ) laws
( ) people


To successfully criticise BITCOIN in future, we suggest acquiring more knowledge of the subject matter in question. We wish you BEST OF LUCK in your re-education.

 

[solex]

cruel, but funny! 

[MoonShadow]

Why on earth would a "big company" use visa or mc for transferring large amounts?  I personally just recently did a $30,000 international money transfer, 1/3 of the way around the world, for just $22.  That's 0.073%, which is not much at all (and it would have been a smaller percentage had I transferred more-- the $22 is a fixed price).  Bitcoin is going to have a very hard time competing with that once fees become the major source of income for miners.

I seriously doubt it.  You can sit back and wait for the collapse, though.  You'd have plenty of company that is already fat with crow.

[beeblebrox]

Why on earth would a "big company" use visa or mc for transferring large amounts?  I personally just recently did a $30,000 international money transfer, 1/3 of the way around the world, for just $22.  That's 0.073%, which is not much at all (and it would have been a smaller percentage had I transferred more-- the $22 is a fixed price).  Bitcoin is going to have a very hard time competing with that once fees become the major source of income for miners.

I seriously doubt it.  You can sit back and wait for the collapse, though.  You'd have plenty of company that is already fat with crow.

Which part did you seriously doubt?  Was it the fact that I did a transfer IMT for just $22.  Cause if it is then here is the bank I used: http://www.commbank.com.au/personal/international/transfer-money.html  (I'm Australian- the $22 is $AUD but that is about eqaul to $US these days)

Also, I do BPay with this bank (BPay is a way for paying bills in Australia).  I pay my rent fortnightly $600 and it cost me NOTHING but does cost the real-eastate about $0.50 I believe.  That works out out 0.083%.  

Lastly, I regularly do an interbank transfer (to another Australian bank) into my wife's and my joint savings-  that costs, wait for it-- prepare yourself, this my shock you----, drum roll please---  $0, yep that's right absolutely NOTHING.  How can bitcoin compete with that once transfer fees become the main miners revenue?

[SomeWhere]

In case some people aren't realizing the simple practice of handing off keys is not a safe way to preform bitcoin transactions. The 'sender' can reuse that money any time, a primary way would be to send it to themselves at a new address by making an actual bitcoin transaction.

/thread