Major Meltdown

[llama]

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

[1714153735]

1714153735

[1714153735]

1714153735

[1714153735]

1714153735

[1714153735]

1714153735

[dwdollar]

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

That is an interesting idea.  But, how would the wealth be transfered to a new system and what would be the exchange rate?  Perhaps this could be combined with an insurance plan that had a predetermined and guaranteed payout written in the policy?

[llama]

But, how would the wealth be transfered to a new system and what would be the exchange rate?

Wealth would not have to be transferred per say.  Rather, a new, cryptographically sound system would be adopted, and previous owners would be given new currency in proportion to their old balance of BC.  The exchange rate would be determined solely by the market's usage of the new currency. 

Imagine a verified public registry that voluntarily ties BC addresses to email addresses (by signing your email address with your private key for the BC address).  If BC failed, the new system would take a certain historical block from BC at a fraudless time.  Then, supposing again that 21 million units of new currency were being generated, and that 80% of the old BC currency had been registered, then each time a node generates a block for the new currency they would get to keep 20% of some number of new currency while every registered address would receive some tiny share of the other 80% in proportion to their registered BC at their registered email address.  When all new currency generation is done, the owners of the 80% of registered BC money will have 80% of the new money, while the lost 20% is reissued.

I would bet that if BC had seen widespread adoption, and if many people had registered their addresses, then the new currency would be readily accepted because so many people would be getting it for free and in their "fair" amount.

Perhaps this could be combined with an insurance plan that had a predetermined and guaranteed payout written in the policy?

That's another interesting idea.  Basically, some individual could choose to setup their own insurance company for BC where people pay a certain percentage of their protected BC amount.  This company would then keep a registry similar to that above, but only for its clients (It's necessary to verify that clients have the BC amount they claim). Instead of issuing new currency in case of catastrophic failure, they could simply issue USD's.  Again, the biggest challenge would be setting clear terms for when payout would occur and which block would be treated as the truth.  Perhaps they could pay out from the last block issued before a mathematical proof of the system's unsoundness was offered?

[Max Stirner]

It is strange that is has taken such a long time to create a digital fiat currency. And who
says that Bitcoin is the one and only digital currency that will exist in the future?
Right now, if there is a flaw in the bitcoin algorithm the people dealing with it will lose their trust
in the currency and the bitcoins will lose their value. If there are several digital currencies in the future
you will just sell your bitcoins and buy more secure (or more useful)  digital coins instead. I think that there will be a tendency to swap from one digital money system to another, once people see an advantage of a new system. Like an evolutionary process.
I find it funny that some people still cling to the idea that there has to be some kind of "agency" that regulates the economy.  I mean when you don't want your old money anymore you just .. eh .. sell it?
You are not forced by anyone to use bitcoins, right? And nobody can stop you from using another digital
currency.  So the best way to keep your wealth is to invest in different assets - as always in life.

[llama]

Max,

Your comments make total sense, as long as there is time to switch over to the new currency when a threat looms.  This is pretty reasonable.  For example, people might start to find some small flaws with SHA-256, and so people would have time to buy into the new currency before the whole system unravels.

However, supposing somebody found a major flaw while BC was in widespread usage, that person could commit a lot of fraud without people even realizing immediately.  In this case, it might be valuable to have some kind of registry, because people might want to buy into a new currency that does include some distribution in proportion to formerly registered wealth (game theoretically, only the wealthier registered 50% would prefer this currency, but that's the topic of another discussion).

Now, it seems like a pretty good solution would be for everyone to hold a diversity of digital currencies, which are backed by a diversity of cryptographic methods.  However, this solution has many costs of its own, since the marketplace would need to support many currencies.  Among other things, it would be absolutely necessary to have many competing, cheap exchanges.

[Anonymous]

Max,

Your comments make total sense, as long as there is time to switch over to the new currency when a threat looms.  This is pretty reasonable.  For example, people might start to find some small flaws with SHA-256, and so people would have time to buy into the new currency before the whole system unravels.

However, supposing somebody found a major flaw while BC was in widespread usage, that person could commit a lot of fraud without people even realizing immediately.  In this case, it might be valuable to have some kind of registry, because people might want to buy into a new currency that does include some distribution in proportion to formerly registered wealth (game theoretically, only the wealthier registered 50% would prefer this currency, but that's the topic of another discussion).

Now, it seems like a pretty good solution would be for everyone to hold a diversity of digital currencies, which are backed by a diversity of cryptographic methods.  However, this solution has many costs of its own, since the marketplace would need to support many currencies.  Among other things, it would be absolutely necessary to have many competing, cheap exchanges.

Any monetary system with a central registering authority is headed for failure imo.

[llama]

No not a centralized registry.  There's no "agency" controlling it.  It's just something that users would agree to, just like every other rule of BC.  Deentralized and public, just like BC does transactions.

[Max Stirner]

Amal,  I admit: I got you wrong!
I am just afraid that digital currencies will not stay legal for long because the government has not control over it. (The day they make it illegal, you should open a bottle of champagne, because that's the sign that bitcoin is a success.)
So at that point, they will also shut down your registry. And all the people who gave their address to that agency will get into trouble.

If there is a major flaw discovered in Bitcoin and there is no sufficient time to swap to a different system, I assume there is nothing you can do about a loss of your wealth.

Still, let's suppose YOU have discovered a way to produce an unlimited amount of coins. Your goal would be to profit from that secret AS LONG AS POSSIBLE. So even people that have the power to cheat wouldn't want a collapse of the digital fiat currency. And before the collapse of the old currency they would change their fake money for a better currency. But I am afraid that also goes for the so called "real" money. But.. somebody who has the brains to fool the algorithm of the digital currency at least gets a reward for his genius. In our paper fiat money system in the contrary, people who have access to the "printing press" of the government / central bank get rewarded for being just plain assholes.

[satoshi]

Here's an answer to a similar question about how to recover from a major meltdown.
https://www.bitcoin.org/smf/index.php?topic=191.msg1585#msg1585

If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.

If the hash breakdown came gradually, we could transition to a new hash in an orderly way.  The software would be programmed to start using a new hash after a certain block number.  Everyone would have to upgrade by that time.  The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.

[llama]

Satoshi,

That would indeed be a solution if SHA was broken (certainly the more likely meltdown), because we could still recognize valid money owners by their signature (their private key would still be secure).

However, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless.

[Gavin Andresen]

If you're worried about elliptic curve cryptography being broken, then don't store any significant wealth in Bitcoin.   Just like if you're worried about your (real, physical) wallet being stolen don't hold more cash than you need to get through a couple of days of purchases.

By the way: I think an economical method for separating gold atoms from seawater will be found before elliptic curve cryptography is broken (and I think both are unlikely in the next 25 years).

[satoshi]

However, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless.

True, if it happened suddenly.  If it happens gradually, we can still transition to something stronger.  When you run the upgraded software for the first time, it would re-sign all your money with the new stronger signature algorithm.  (by creating a transaction sending the money to yourself with the stronger sig)

[laszlo]

Pretty much all of the encryption software in use on the internet takes advantage of a trapdoor function - you can multiply 2 numbers together but you can't easily determine what the 2 factors were if all you have is the resulting product.  As it is today the only way most of us know to do it is to try every number.  If someone were to figure out a better way that took less time, it would make it easy for a regular guy like me to use that method in some software to decrypt HTTPS traffic and such.

Hashing is slightly different but the idea is the same - it is not possible to work the hash in reverse to determine what the possible inputs were, you just have to try every plausible input and compare your hash.

None of these things are perfect but bitcoin is only taking advantage of existing methods that are in use by a lot of other software which has been accepted for a long time.  If a basic flaw is found, bitcoin is probably the least of anyone's worries

[Anonymous]

No not a centralized registry.  There's no "agency" controlling it.  It's just something that users would agree to, just like every other rule of BC.  Deentralized and public, just like BC does transactions.

I understand.

[eugene2k]

you will just sell your bitcoins and buy more secure (or more useful)  digital coins instead.

Who will you sell the currency to if everyone wants to sell and no one wants to buy?

P.S. Hope the bitcoin protocol does allow upgrades to mitigate major flaws in the system

[vineyard]

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

I think the idea of a flaw serious enough to compromise the cryptographic soundness of the system would put an end to the system. The premise of Bitcoin (or any crypto-currency) is that the cryptography is not crackable. By the time it is crackable, we had better have found another decentralized currency system and transferred the wealth out of Bitcoin and into the new system.

The idea of a voluntary registry is interesting, but it is kind of like kicking the can down the road. If you can crack the Bitcoin system, who is to say you can't break the voluntary registry too?

[Stevets]

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

I think the idea of a flaw serious enough to compromise the cryptographic soundness of the system would put an end to the system. The premise of Bitcoin (or any crypto-currency) is that the cryptography is not crackable. By the time it is crackable, we had better have found another decentralized currency system and transferred the wealth out of Bitcoin and into the new system.

The idea of a voluntary registry is interesting, but it is kind of like kicking the can down the road. If you can crack the Bitcoin system, who is to say you can't break the voluntary registry too?

Wow that's an old thread! Interesting discussion though and I'm sad that I missed out on all of this when it was new. If someone figures out how to crack the cryptography used in Bitcoin, not the implementation but the actual algorithms, then Bitcoin will be dead along with everything else. We will have to figure out how they did things not so long ago when there wasn't an Internet.