Bitcoin Forum
January 20, 2020, 05:41:10 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: What mechanism restricts the supply of bitcoins?  (Read 6610 times)
marekknowak
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 03, 2010, 04:51:16 PM
 #1

Hello,

I'm new to this forum, so I apologize if this has been answered before, but I couldn't find the answer yet.

I'm very curious as of what restricts the supply of bitcoins?  basically, what mechanism prevents some computer to create new bitcoins, and pass them as valid to other bitcoin clients?

It is because the bitcoins have to be cryptographically signed with a special private key? 

Thanks,
1579498870
Hero Member
*
Offline Offline

Posts: 1579498870

View Profile Personal Message (Offline)

Ignore
1579498870
Reply with quote  #2

1579498870
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579498870
Hero Member
*
Offline Offline

Posts: 1579498870

View Profile Personal Message (Offline)

Ignore
1579498870
Reply with quote  #2

1579498870
Report to moderator
1579498870
Hero Member
*
Offline Offline

Posts: 1579498870

View Profile Personal Message (Offline)

Ignore
1579498870
Reply with quote  #2

1579498870
Report to moderator
1579498870
Hero Member
*
Offline Offline

Posts: 1579498870

View Profile Personal Message (Offline)

Ignore
1579498870
Reply with quote  #2

1579498870
Report to moderator
tyler
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
December 03, 2010, 05:12:01 PM
 #2

There is a proof of work algorithm that creates the coins. the hash of this algorithm is difficult to produce, but easy to verify
RHorning
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
December 03, 2010, 05:57:37 PM
 #3

It is also important to note that new coins are being introduced into the overall network at a slow and very measured pace.  The "goal" is to permit only one new "block" that contains new bitcoins to be created only every 10 minutes by anybody anywhere in the entire world using the Bitcoins network.  Each block contains 50 bitcoins, and the only way you can get one of those blocks is to compete for obtaining that block through a "proof of work" effort that has everybody searching for a "hash".

The difficulty of that effort varies, and if the number of blocks arriving over the course of a few days doesn't meet this goal of one every 10 minutes, the difficulty creating these blocks increases or decreases depending on how many people are active in trying to create these blocks.  If you were the only person on the network creating these blocks with a typical home computer, the difficulty level would be about 1, which would have given you the ability to get a block every ten minutes.  Right now the difficulty level is something like at about 8000, and has shown a very steady rise for as long as I've been involved with Bitcoins.  I expect the difficulty level to be even higher than 10,000 shortly.  What this means really is that you have about a 1 in 10,000 or worse odds of getting the next block in the next 10 minutes (it varies depending on the computer hardware and options you are using, but that gets the idea across).  It is for this reason that on average even if you have a pretty good computer system you shouldn't expect to get more than about one of these bitcoin blocks about every few months even if you are actively trying, and for people with slow CPUs like a laptop may take a year or longer to generate one of these blocks for yourself, and that is with the current difficulty.

Think of trying to get blocks as something akin to a lottery ticket, where Bitcoin users are entering literally thousands of tickets each second, and some are even entering millions of tickets each second to see if they will "win" the next block.  Only one person, on average, will get the next block over the next 10 minutes and thus win 50 BTC, or about the equivalent of about $12 at current exchange rates for that effort if it was traded for dollars.

Running bitcoins simply to make money is in the long run not going to be very cost effective if your goal is to earn them by "mining" the coins.  It still helps, but the main point is to use the software for trading the coins for other considerations like buying stuff with them or selling things for bitcoins.
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 1027


Chief Scientist


View Profile WWW
December 03, 2010, 06:25:00 PM
 #4

I'm very curious as of what restricts the supply of bitcoins?  basically, what mechanism prevents some computer to create new bitcoins, and pass them as valid to other bitcoin clients?

Bitcoin contains this magical little piece of code:
Code:
int64 GetBlockValue(int nHeight, int64 nFees)
{
    int64 nSubsidy = 50 * COIN;

    // Subsidy is cut in half every 4 years                                                                                                                                      
    nSubsidy >>= (nHeight / 210000);

    return nSubsidy + nFees;
}

If you try to create more than GetBlockValue coins (50, right now) when you get lucky and generate a block, all the other clients will reject it.

There are a bunch of other checks to prevent cheating (make sure you actually did the work to find a valid hash for the block, make sure all the transactions in the block are valid, etc), but that simple little piece of code is what restricts the supply.

How often do you get the chance to work on a potentially world-changing project?
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1002


1davout


View Profile WWW
December 03, 2010, 06:40:48 PM
 #5

Long answer short : consensus.

Because it's part of the widely agreed upon rules.
You can create coins after the limit is reached, however, no-one on the network will recognize the blocks creating them.

However, in theory, if the majority of the users agree on the fact that bitcoins should keep being created without a limit it wouldn't be a problem (except for the part where you convince lots of people to accept a diminution of their assets value Cheesy )


Bitcoin the current mainstream implementation of the bitcoin protocol contains this magical little piece of code:

I know it's going to sound pretty anal, but I think it's really important to clearly distinguish an implementation from the protocol it is implementing.

Just to complete the answer, I could build a client that doesn't implement that check, but, after the generation is over, none of the blocks I'd generate would be recognized by the network, and the reason to that is simply consensus Smiley

theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7420


View Profile
December 03, 2010, 06:45:19 PM
 #6

However, in theory, if the majority of the users agree on the fact that bitcoins should keep being created without a limit it wouldn't be a problem (except for the part where you convince lots of people to accept a diminution of their assets value Cheesy )

It's important to note that a majority can't force the minority to accept new rules. If most of the network wants to eliminate the 21 million limit, they will split into a separate network and the original Bitcoin network will still continue to operate under the old rules (probably devalued, but still working).

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1002


1davout


View Profile WWW
December 03, 2010, 07:00:39 PM
 #7

However, in theory, if the majority of the users agree on the fact that bitcoins should keep being created without a limit it wouldn't be a problem (except for the part where you convince lots of people to accept a diminution of their assets value Cheesy )

It's important to note that a majority can't force the minority to accept new rules. If most of the network wants to eliminate the 21 million limit, they will split into a separate network and the original Bitcoin network will still continue to operate under the old rules (probably devalued, but still working).

Yes, thanks for pointing that out!

Cryptoman
Hero Member
*****
Offline Offline

Activity: 726
Merit: 500



View Profile
December 03, 2010, 07:00:56 PM
 #8

What if someone wrote a virus that distributed a rogue Bitcoin client to thousands of PCs?  Would this not undermine the legitimate consensus?  Only the person who wrote the virus would know of its existence initially.  Wouldn't he/she be able to skim off some Bitcoins?  Is there any type of hash signature verification on the official client releases?

"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1002


1davout


View Profile WWW
December 03, 2010, 07:04:36 PM
 #9

What if someone wrote a virus that distributed a rogue Bitcoin client to thousands of PCs?  Would this not undermine the legitimate consensus?  Only the person who wrote the virus would know of its existence initially.  Wouldn't he/she be able to skim off some Bitcoins?  Is there any type of hash signature verification on the official client releases?

You don't even need to distribute a rogue client. A plain virus will do...

Head towards the wallets, fetch the private keys, once you have the private keys you can spend the money.

Rule of thumb : your wallet.dat is named like that for a reason Cheesy

And yes, the checksums, actually the SHA1 hashes are on the bitcoin.org frontpage (is it me or does the bitcoin community have a bias towards hashing everything XD)

jgarzik
Legendary
*
Offline Offline

Activity: 1582
Merit: 1006


View Profile
December 03, 2010, 07:10:09 PM
Last edit: December 03, 2010, 07:45:35 PM by jgarzik
 #10

And yes, the checksums, actually the SHA1 hashes are on the bitcoin.org frontpage (is it me or does the bitcoin community have a bias towards hashing everything XD)

As a side note, those SHA1 hashes on bitcoin.org are almost useless.

There is no PGP signature, no chain of trust, so a hacker could easily replace the binaries and hashes.

Has anyone verified that the hashes remained unmodified after bitcoin.org downtime, for example?  There's no ongoing record of the binaries' hashes, in the forums or elsewhere, so who knows.  I'll continue to build my own client from source code, after reviewing the diffs, thankyouverymuch Smiley

Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7420


View Profile
December 03, 2010, 07:25:06 PM
 #11

There is no PGP signature, no chain of trust, so a hacker could easily replace the binaries and hashes.

Satoshi has published a public key for a long time -- I don't know why he doesn't sign the hashes...

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
marekknowak
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 03, 2010, 08:34:46 PM
 #12

Thanks for your reply.

I'm trying to play devil's advocate here, because I think bitcoin is a great idea, and worth considering:

1) Being peer to peer based, doesn't the network becomes very vulnerable to impersonation attacks?  when clients start up, then have to log to 'trackers' to get the list of other clients, but one only need to replace/hack the tracker(s), and successfully redirecting all new clients to a fake list of clients where all kinds of new transactions took place, since the last time they were logged in, and cause massive amount of damage?

2) Couldn't the same kind of technique used by hackers for DoS could be used in the bitcoin network to 'take over' the official bitcoin network (become the majority), so when a new client connects, it sees the massive rogue bitcoin network as the valid one, and rejects the legitimate bitcoin network as the one being inconsistent?

3)  If / when corruption, massive attacks , etc... happens (this is a computer network we're talking about here, so we'd be delusional that it would always keep its integrity), how could the network be reset to a previous 'valid' state before the attack?


5) The fact that it relies on peer to peer network seems to make it very vulnerable to any interruption of service.  Say, some countries are disconnected from the grid for some time (due to an underground cable cut as in happen in the past, or other reason), would the two diverging bitcoin networks become essentially irreconcilable (new bitcoins series issued independently, etc...), so that the supply is effectively split, and it becomes two different incompatible bitcoins?

finally: How can one re-appropriate bitcoins that was fraudulently acquired?  Say, someone sells for millions of $ worth of bitcoins through fake ebay auctions, and get convicted by a judge of that action.  How can the victims be compensated if the thief simply refused to give his private key (or has destroyed it)?  With real money, his bank account is simply frozen/ confiscated. 

Doesn't the fact that bitcoins can't be re-appropriated by force make it fundamentally unsuitable to be used as real property in general, and money in particular?

Thanks for your time!
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1007


View Profile
December 03, 2010, 08:45:46 PM
 #13


finally: How can one re-appropriate bitcoins that was fraudulently acquired?  Say, someone sells for millions of $ worth of bitcoins through fake ebay auctions, and get convicted by a judge of that action.  How can the victims be compensated if the thief simply refused to give his private key (or has destroyed it)?  With real money, his bank account is simply frozen/ confiscated. 

Let me ask you a question:

Do you really really really really want a judge deciding all of this?

grondilu
Legendary
*
Offline Offline

Activity: 1134
Merit: 1005


View Profile
December 03, 2010, 08:52:36 PM
 #14

Thanks for your reply.

I'm trying to play devil's advocate here, because I think bitcoin is a great idea, and worth considering:

1) Even if a client was redirected to fake other clients, then he would probably retrieve a ridiculously short block chain.  This would look much suscpicious.

2) DoS attacks are indeed an issue.  It is partially resolved with transaction fees mechanism.  And remember this could in no way result in acquiring other's bitcoins.  I think it might allow double spending, at worst.

3) All transaction history is in the block chain.

5) Hum...  About this I confess I don't know.  I guess it would result in the irreversible fork of bitcoin into two separate cryptocurrencies.

For your final point, remember that bitcoin transaction are irrevocable.  There is no way you can force someone to give you your money back.  And, no, this doesn't make it unsuitable for commerce.  Some compensation/escrow services can be used for that.

marekknowak
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 03, 2010, 08:57:42 PM
 #15


finally: How can one re-appropriate bitcoins that was fraudulently acquired?  Say, someone sells for millions of $ worth of bitcoins through fake ebay auctions, and get convicted by a judge of that action.  How can the victims be compensated if the thief simply refused to give his private key (or has destroyed it)?  With real money, his bank account is simply frozen/ confiscated. 

Let me ask you a question:

Do you really really really really want a judge deciding all of this?

I'm a rothbardian libertarian myself, so you don't have to convinced me of the problems of having a government judge deciding who should own some property.

But even without considering the world we live in today (which is already a stretch), in a free society there would still be judges that adjudicate disputes, and thieves that need to be expropriated to compensate their victims.

How is this possible in a system where no one can take away the money illegitimately acquired by a thief or fraudster?  This is a major problem that I see with bitcoin being suitable as money.

Realistically, this problem could cause bitcoin to be made illegal in all major countries, the same way e-gold went.  No legally abiding business could accept it in a transaction, and even though no one could completely eradicate it due to its peer to peer nature, it would be relegated to some black market usage, and loose significant market value, along with any credibility of becoming a real currency.

Basically, this is a fundamental problem with bitcoin not being compatible with a civil law justice system?
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1007


View Profile
December 03, 2010, 09:03:34 PM
 #16

How is this possible in a system where no one can take away the money illegitimately acquired by a thief or fraudster?  This is a major problem that I see with bitcoin being suitable as money.

I have blacklisted a forum member for spreading or attempting to spread libel against bitcoin speculators. Others had joined me into the cause.

Group ostracism and blacklisting people is the primary system of enforcement by bitcoiners. Other than that, we expect that some people will take advantage of our trust and adjust accordingly.

Thus, some of the rule of thumbs are:

1. For reversible transaction such as paypal, used trust members.

2. Never believe a deal until you demand proof/evidence.

3. Use escrow service.

grondilu
Legendary
*
Offline Offline

Activity: 1134
Merit: 1005


View Profile
December 03, 2010, 09:05:58 PM
 #17

I'm a rothbardian libertarian myself, so you don't have to convinced me of the problems of having a government judge deciding who should own some property.

But even without considering the world we live in today (which is already a stretch), in a free society there would still be judges that adjudicate disputes, and thieves that need to be expropriated to compensate their victims.

How is this possible in a system where no one can take away the money illegitimately acquired by a thief or fraudster?  This is a major problem that I see with bitcoin being suitable as money.

Realistically, this problem could cause bitcoin to be made illegal in all major countries, the same way e-gold went.  No legally abiding business could accept it in a transaction, and even though no one could completely eradicate it due to its peer to peer nature, it would be relegated to some black market usage, and loose significant market value, along with any credibility of becoming a real currency.

Basically, this is a fundamental problem with bitcoin not being compatible with a civil law justice system?

Bitcoin is not worse than cash, for that matter.  The concept of money doesn't provide any security nor insurance for your transactions.

Yes, some governments might dislike bitcoins.  But the whole point of the design of bitcoin is to make them incapable of doing anything against that.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1011


Strength in numbers


View Profile WWW
December 03, 2010, 09:11:37 PM
 #18



finally: How can one re-appropriate bitcoins that was fraudulently acquired?  Say, someone sells for millions of $ worth of bitcoins through fake ebay auctions, and get convicted by a judge of that action.  How can the victims be compensated if the thief simply refused to give his private key (or has destroyed it)?  With real money, his bank account is simply frozen/ confiscated. 

Doesn't the fact that bitcoins can't be re-appropriated by force make it fundamentally unsuitable to be used as real property in general, and money in particular?

Thanks for your time!

Shredding cash is about as easy as deleting a wallet file. I guess this is why no one uses it anymore.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
marekknowak
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 03, 2010, 09:11:52 PM
 #19

I'm a rothbardian libertarian myself, so you don't have to convinced me of the problems of having a government judge deciding who should own some property.

But even without considering the world we live in today (which is already a stretch), in a free society there would still be judges that adjudicate disputes, and thieves that need to be expropriated to compensate their victims.

How is this possible in a system where no one can take away the money illegitimately acquired by a thief or fraudster?  This is a major problem that I see with bitcoin being suitable as money.

Realistically, this problem could cause bitcoin to be made illegal in all major countries, the same way e-gold went.  No legally abiding business could accept it in a transaction, and even though no one could completely eradicate it due to its peer to peer nature, it would be relegated to some black market usage, and loose significant market value, along with any credibility of becoming a real currency.

Basically, this is a fundamental problem with bitcoin not being compatible with a civil law justice system?

Bitcoin is not worse than cash, for that matter.  The concept of money doesn't provide any security nor insurance for your transactions.

Cash can be re-appropriated if stolen.  A bank account can be confiscated.  A bitcoin hoard can't be.  That's a big difference.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7420


View Profile
December 03, 2010, 09:12:37 PM
 #20

1) Being peer to peer based, doesn't the network becomes very vulnerable to impersonation attacks?  when clients start up, then have to log to 'trackers' to get the list of other clients, but one only need to replace/hack the tracker(s), and successfully redirecting all new clients to a fake list of clients where all kinds of new transactions took place, since the last time they were logged in, and cause massive amount of damage?

This is the most feasible attack against the network, in my opinion. It's not trivial, though: all of your peers need to be evil, and Bitcoin requires that your first eight peers be on different /16 networks.

Quote
Couldn't the same kind of technique used by hackers for DoS could be used in the bitcoin network to 'take over' the official bitcoin network (become the majority), so when a new client connects, it sees the massive rogue bitcoin network as the valid one, and rejects the legitimate bitcoin network as the one being inconsistent?

Only if the attacker can come up with more CPU power than the real network...

Quote
If / when corruption, massive attacks , etc... happens (this is a computer network we're talking about here, so we'd be delusional that it would always keep its integrity), how could the network be reset to a previous 'valid' state before the attack?

The block checkpoint would be moved up, causing you to reject all chains except the real one.

Quote
finally: How can one re-appropriate bitcoins that was fraudulently acquired?  Say, someone sells for millions of $ worth of bitcoins through fake ebay auctions, and get convicted by a judge of that action.  How can the victims be compensated if the thief simply refused to give his private key (or has destroyed it)?  With real money, his bank account is simply frozen/ confiscated. 

You can't. Allowing governments/criminals to steal money from people is not the goal of Bitcoin.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
marekknowak
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 03, 2010, 09:16:56 PM
 #21



finally: How can one re-appropriate bitcoins that was fraudulently acquired?  Say, someone sells for millions of $ worth of bitcoins through fake ebay auctions, and get convicted by a judge of that action.  How can the victims be compensated if the thief simply refused to give his private key (or has destroyed it)?  With real money, his bank account is simply frozen/ confiscated. 

Doesn't the fact that bitcoins can't be re-appropriated by force make it fundamentally unsuitable to be used as real property in general, and money in particular?

Thanks for your time!

Shredding cash is about as easy as deleting a wallet file. I guess this is why no one uses it anymore.

Well, two things:

In the current monetary system, shredded cash can be simply re-printed from the treasury at virtually no cost.

In a less crazy monetary system, paper money would be only claims on tangible commodity (gold or silver, for example), so you can't destroy it short of dropping it at the bottom of the ocean - even there, we get stuff back from there from time to time Wink

Point being bitcoin is unique in the way it can't be re-appropriated.  This is a fundamental problem with crime and fraud.  

Then, doesn't having to use an escrow service basically introduce a transaction cost that is several order of magnitude more expensive than what we have currently with the existing financial system?

marekknowak
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 03, 2010, 09:18:47 PM
 #22

Quote
Couldn't the same kind of technique used by hackers for DoS could be used in the bitcoin network to 'take over' the official bitcoin network (become the majority), so when a new client connects, it sees the massive rogue bitcoin network as the valid one, and rejects the legitimate bitcoin network as the one being inconsistent?

Only if the attacker can come up with more CPU power than the real network...

More CPU power at any point of time, right? that doesn't seem like a difficult thing to accomplish with a bot farm, no?
grondilu
Legendary
*
Offline Offline

Activity: 1134
Merit: 1005


View Profile
December 03, 2010, 09:22:16 PM
 #23

Cash can be re-appropriated if stolen.  A bank account can be confiscated.  A bitcoin hoard can't be.  That's a big difference.

You can do many things with guns, indeed.  Maybe at some point governments will torture citizens to obtain passphrases.

Anyway cash can not always be re-appropriated, because it can just have been spent.  There are many irrersible ways of spending money.

So again bitcoins are not much different from cash for that matter, really.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7420


View Profile
December 03, 2010, 09:23:53 PM
 #24

Quote from: marekknowak
The fact that it relies on peer to peer network seems to make it very vulnerable to any interruption of service.  Say, some countries are disconnected from the grid for some time (due to an underground cable cut as in happen in the past, or other reason), would the two diverging bitcoin networks become essentially irreconcilable (new bitcoins series issued independently, etc...), so that the supply is effectively split, and it becomes two different incompatible bitcoins?

When someone in a longer chain becomes aware of a shorter chain, they take all valid transactions in that shorter chain and add them to the list of transactions waiting to get into a block. The number of confirmations for short-chain transactions goes back to 0, but the chains otherwise merge just fine.

Generation transactions in the shorter chain must be removed, which is why such transactions can't be spent for 100 blocks after generation. Some transactions might be accidentally lost if a network split lasts longer than that.

Quote
More CPU power at any point of time, right? that doesn't seem like a difficult thing to accomplish with a bot farm, no?

It's not worthwhile. Controlling the network only allows you to reverse your own transactions. You'd make more money by generating.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1007


View Profile
December 03, 2010, 09:26:02 PM
 #25

I prefer to not let human judge say if it is right to appropriate money from thief. It is introducing a level of uncertainty.

This stem from what I called The Principle of Least Violence.(Totally invented on the spot...may or may not coincide with actual principle)


Even if it is libertarian theory, proper, to confiscate possessions to be returned to their rightful owners.......one must use least violence amount possible to exact punishment and overcome incentive to steal from others.

The goal is to discourage thievery, not necessary to get your property back.

Because if you use more violence than necessary:

1. You will involve some kind of court system, which may or may not rule that your property is valid for taking.
2. You are creating complication in the common law system. This make the law less predictable.
3. You may create more cost than benefit, leading to a downward spiral of societal and rule of law.

The bitcoin system encourage people to be more careful with their money and create amicable relationships, thereby eliminating the need for the court. Only when extraordinary circumstance required, that a naturalistic court system will be established. Even so, the court should endeavorer as much as possible eliminating the need for their service.

grondilu
Legendary
*
Offline Offline

Activity: 1134
Merit: 1005


View Profile
December 03, 2010, 09:27:48 PM
 #26

Then, doesn't having to use an escrow service basically introduce a transaction cost that is several order of magnitude more expensive than what we have currently with the existing financial system?


There is no magic in the existing financial system.  If you can get your money back, it means THERE IS an escrow service included.  You've just not been consulted about it.  But it does exist and its price is part of the transaction cost.

Bitcoin system just makes the two processes (money transfer and compensation) more clearly separated.
grondilu
Legendary
*
Offline Offline

Activity: 1134
Merit: 1005


View Profile
December 03, 2010, 09:40:14 PM
 #27

Because if you use more violence than necessary:

1. You will involve some kind of court system, which may or may not rule that your property is valid for taking.
2. You are creating complication in the common law system. This make the law less predictable.
3. You may create more cost than benefit, leading to a downward spiral of societal and rule of law.

Agreed.  The good thing with commercial exchange is that it allows people to interact without killing each other.  Commercial exchange should never involve any use of violence.

If you got screwed in a commercial transaction, it's not the end of the word.  Don't ask society to raise hell just to repair your mistake.
MacRohard
Full Member
***
Offline Offline

Activity: 214
Merit: 100



View Profile
December 04, 2010, 02:12:53 PM
 #28

I'm a rothbardian libertarian myself, so you don't have to convinced me of the problems of having a government judge deciding who should own some property.

But even without considering the world we live in today (which is already a stretch), in a free society there would still be judges that adjudicate disputes, and thieves that need to be expropriated to compensate their victims.

How is this possible in a system where no one can take away the money illegitimately acquired by a thief or fraudster?  This is a major problem that I see with bitcoin being suitable as money.

Realistically, this problem could cause bitcoin to be made illegal in all major countries, the same way e-gold went.  No legally abiding business could accept it in a transaction, and even though no one could completely eradicate it due to its peer to peer nature, it would be relegated to some black market usage, and loose significant market value, along with any credibility of becoming a real currency.

Basically, this is a fundamental problem with bitcoin not being compatible with a civil law justice system?

Bitcoin is not worse than cash, for that matter.  The concept of money doesn't provide any security nor insurance for your transactions.

Cash can be re-appropriated if stolen.  A bank account can be confiscated.  A bitcoin hoard can't be.  That's a big difference.

Bitcoin can be re-appropriated in the same way as cash can be. The police can raid the thief, seize their computer, take control of the bitcoin wallet and force a refund of the money. In practice stolen cash is rarely re-appropriated and I doubt bitcoin cash would be either, but there is no difference in the methods that would have to be used.

RHorning
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
December 04, 2010, 04:21:09 PM
 #29

Thanks for your reply.

I'm trying to play devil's advocate here, because I think bitcoin is a great idea, and worth considering:

1) Even if a client was redirected to fake other clients, then he would probably retrieve a ridiculously short block chain.  This would look much suscpicious.


I'm sort of curious about this particular issue about chain lengths.  Would the current network accept a longer chain that was produced with less processing effort?  In other words, if I happened to create a block chain with say 120,000 blocks with perhaps a couple of buddies or a small server farm (tweaking things a bit to get there), would this new longer chain be accepted as the "official" chain?

I can think of a few ways for that to happen right now, even with the current checkpoints "hardcoded" into the software.  I can't think of anything that would squeeze past those checkpoints easily, but from the last checkpoint on there certainly could be some mischief along this line.

The one saving grace I can see here is with the block difficulty.  If from block 74000 on you let the block difficulty gradually decrease (it would take some serious hacking to pull this one off) on the "fake chain" it would become progressively easier to make more and more blocks until you then had a longer chain.

On the "official" chain, the difficulty would remain high or has happened recently that the difficulty has even increased.  As a result, is it really the chain with the more CPU effort rather than necessarily even block length that ought to be recognized?  I'm just curious if that is implemented as a check or not in the current network client?  A sum of the difficulty level of the chain might suffice here as that additional sort of check, which would defeat a hacker group bent on churning out a whole bunch of corrupt blocks.  Difficulty level is something that would be hard to spoof as it would be directly related to the "proof of work" hash on each block.

I'm digging through the verification code, but I haven't been to that part in the official client yet.
grondilu
Legendary
*
Offline Offline

Activity: 1134
Merit: 1005


View Profile
December 04, 2010, 05:16:02 PM
 #30

As a result, is it really the chain with the more CPU effort rather than necessarily even block length that ought to be recognized?  I'm just curious if that is implemented as a check or not in the current network client?  A sum of the difficulty level of the chain might suffice here as that additional sort of check, which would defeat a hacker group bent on churning out a whole bunch of corrupt blocks.  Difficulty level is something that would be hard to spoof as it would be directly related to the "proof of work" hash on each block.

Well, isn't difficulty easy to guess with the hash of the block itself ??  I mean, difficulty is related to the threshold the hash must be inferior to in order to be accepted.  Therefore, the smaller the hash, the bigger is the difficulty (although it's rather a majoration or something).
RHorning
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
December 04, 2010, 05:42:44 PM
 #31

As a result, is it really the chain with the more CPU effort rather than necessarily even block length that ought to be recognized?  I'm just curious if that is implemented as a check or not in the current network client?  A sum of the difficulty level of the chain might suffice here as that additional sort of check, which would defeat a hacker group bent on churning out a whole bunch of corrupt blocks.  Difficulty level is something that would be hard to spoof as it would be directly related to the "proof of work" hash on each block.

Well, isn't difficulty easy to guess with the hash of the block itself ??  I mean, difficulty is related to the threshold the hash must be inferior to in order to be accepted.  Therefore, the smaller the hash, the bigger is the difficulty (although it's rather a majoration or something).


I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty.  The trick would be to somehow do a "sneak attack" with your now much longer chain and to get the miners creating new blocks to accept that new longer chain as the "official" chain and hopefully capture more than 50% of the network CPU effort from that point on.  In theory, you might even "tweak" the difficulty in some way so that most of the blocks in this "new" chain are low difficulty but you ramped that difficulty back up again to match the current network difficulty... making a check of the last block of each chain seeming to be almost equally valid.  This could only be done with a fairly large number of blocks (more than about 5000 blocks or so).  It isn't something you could pull off with just a dozen blocks.  Then again, 5000 blocks represent a whole bunch of mined bitcoins and would invalidate a huge number of transactions too, particularly transactions based upon those blocks as the generated source.  5k blocks may not be enough for this kind of attack.

Timestamps would also have to be "faked" in such a situation and some considerable effort to really understand the protocol, but I am suggesting this could be an attack on the network if the difficulty for each block isn't being used as a criteria for inclusion into what the client thinks is the "official" version.  For any given block, yes the hash and the difficulty is very easy to derive.  But over the course of thousands of blocks it isn't nearly so easy to get.

Then again, with this kind of attack you would know full well when it hit as I'm sure you would hear collective screaming going on all across the fruited plain as people see their transactions disappear like the morning dew and have Mt Gox collapse with this "hacked" weak chain.  It would be incredibly disruptive if such an attack hit.  This is in fact one of the reasons for putting in the checkpoints, in part to stop this kind of attack and similar kinds of attacks.

Since block difficulty is already built into the protocol and is being sent with each block, it would be something easily checked and trivial to compute if a major chain split happened in terms of deciding which chain was the "real thing".  I just don't know if that is happening right now is all.  Scanning the chain for "funny timestamps" might also be a way to combat this kind of attack.
grondilu
Legendary
*
Offline Offline

Activity: 1134
Merit: 1005


View Profile
December 04, 2010, 05:50:56 PM
Last edit: December 04, 2010, 06:19:21 PM by grondilu
 #32

I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty.  The trick would be to somehow do a "sneak attack" with your now much longer chain and to get the miners creating new blocks to accept that new longer chain as the "official" chain and hopefully capture more than 50% of the network CPU effort from that point on.  In theory, you might even "tweak" the difficulty in some way so that most of the blocks in this "new" chain are low difficulty but you ramped that difficulty back up again to match the current network difficulty... making a check of the last block of each chain seeming to be almost equally valid.  This could only be done with a fairly large number of blocks (more than about 5000 blocks or so).  It isn't something you could pull off with just a dozen blocks.  Then again, 5000 blocks represent a whole bunch of mined bitcoins and would invalidate a huge number of transactions too, particularly transactions based upon those blocks as the generated source.  5k blocks may not be enough for this kind of attack.

...

I don't know.

I don't even know how the software deals with "concurrent" block chains.  How can it know which one will be the longest one before it downloads them ?  Does it download both ?

Here is my guess though :  the program downloads whatever blocks are available on the network, without any particular order.   In the same time, it attempts to find out the linear sequence.  Thus, blocks who doesn't fit, or fit a short sequence, are simply ignored.   That's how I'd do it.

Also, I doubt the program takes only the chain length into account.  Otherwise it would be too easy.  It has to be rather the sum of difficulties, or something like that.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7420


View Profile
December 04, 2010, 07:03:58 PM
 #33

I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty.

"Length" is calculated as combined total difficulty. You can see this in debug.log:
SetBestChain: new best=000000000008a779f5a8  height=92528  work=136473134420632176

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
RHorning
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
December 04, 2010, 08:00:37 PM
 #34

I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty.

"Length" is calculated as combined total difficulty. You can see this in debug.log:
SetBestChain: new best=000000000008a779f5a8  height=92528  work=136473134420632176

This is exactly what I was looking for.  Thanks!  This is also where it isn't just the chain length isn't the important or critical feature but rather the blocks representing more work which is by far and away more important.  Merely having more blocks or a "longer chain" isn't the critical factor here but rather showing that all of the CPUs involved in developing the chain have produced more proof of work.

"Funny" timestamps can also be a clue something wrong is going on, but that isn't nearly as important.

I'm glad to see that Satoshi is a step ahead of me on this Smiley
Pages: 1 2 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!