marekknowak (OP)
Newbie
Offline
Activity: 9
Merit: 0
|
|
December 03, 2010, 09:16:56 PM |
|
finally: How can one re-appropriate bitcoins that was fraudulently acquired? Say, someone sells for millions of $ worth of bitcoins through fake ebay auctions, and get convicted by a judge of that action. How can the victims be compensated if the thief simply refused to give his private key (or has destroyed it)? With real money, his bank account is simply frozen/ confiscated.
Doesn't the fact that bitcoins can't be re-appropriated by force make it fundamentally unsuitable to be used as real property in general, and money in particular?
Thanks for your time!
Shredding cash is about as easy as deleting a wallet file. I guess this is why no one uses it anymore. Well, two things: In the current monetary system, shredded cash can be simply re-printed from the treasury at virtually no cost. In a less crazy monetary system, paper money would be only claims on tangible commodity (gold or silver, for example), so you can't destroy it short of dropping it at the bottom of the ocean - even there, we get stuff back from there from time to time Point being bitcoin is unique in the way it can't be re-appropriated. This is a fundamental problem with crime and fraud. Then, doesn't having to use an escrow service basically introduce a transaction cost that is several order of magnitude more expensive than what we have currently with the existing financial system?
|
|
|
|
marekknowak (OP)
Newbie
Offline
Activity: 9
Merit: 0
|
|
December 03, 2010, 09:18:47 PM |
|
Couldn't the same kind of technique used by hackers for DoS could be used in the bitcoin network to 'take over' the official bitcoin network (become the majority), so when a new client connects, it sees the massive rogue bitcoin network as the valid one, and rejects the legitimate bitcoin network as the one being inconsistent? Only if the attacker can come up with more CPU power than the real network... More CPU power at any point of time, right? that doesn't seem like a difficult thing to accomplish with a bot farm, no?
|
|
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1080
|
|
December 03, 2010, 09:22:16 PM |
|
Cash can be re-appropriated if stolen. A bank account can be confiscated. A bitcoin hoard can't be. That's a big difference.
You can do many things with guns, indeed. Maybe at some point governments will torture citizens to obtain passphrases. Anyway cash can not always be re-appropriated, because it can just have been spent. There are many irrersible ways of spending money. So again bitcoins are not much different from cash for that matter, really.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13373
|
|
December 03, 2010, 09:23:53 PM |
|
The fact that it relies on peer to peer network seems to make it very vulnerable to any interruption of service. Say, some countries are disconnected from the grid for some time (due to an underground cable cut as in happen in the past, or other reason), would the two diverging bitcoin networks become essentially irreconcilable (new bitcoins series issued independently, etc...), so that the supply is effectively split, and it becomes two different incompatible bitcoins? When someone in a longer chain becomes aware of a shorter chain, they take all valid transactions in that shorter chain and add them to the list of transactions waiting to get into a block. The number of confirmations for short-chain transactions goes back to 0, but the chains otherwise merge just fine. Generation transactions in the shorter chain must be removed, which is why such transactions can't be spent for 100 blocks after generation. Some transactions might be accidentally lost if a network split lasts longer than that. More CPU power at any point of time, right? that doesn't seem like a difficult thing to accomplish with a bot farm, no? It's not worthwhile. Controlling the network only allows you to reverse your own transactions. You'd make more money by generating.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
December 03, 2010, 09:26:02 PM |
|
I prefer to not let human judge say if it is right to appropriate money from thief. It is introducing a level of uncertainty.
This stem from what I called The Principle of Least Violence.(Totally invented on the spot...may or may not coincide with actual principle)
Even if it is libertarian theory, proper, to confiscate possessions to be returned to their rightful owners.......one must use least violence amount possible to exact punishment and overcome incentive to steal from others.
The goal is to discourage thievery, not necessary to get your property back.
Because if you use more violence than necessary:
1. You will involve some kind of court system, which may or may not rule that your property is valid for taking. 2. You are creating complication in the common law system. This make the law less predictable. 3. You may create more cost than benefit, leading to a downward spiral of societal and rule of law.
The bitcoin system encourage people to be more careful with their money and create amicable relationships, thereby eliminating the need for the court. Only when extraordinary circumstance required, that a naturalistic court system will be established. Even so, the court should endeavorer as much as possible eliminating the need for their service.
|
|
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1080
|
|
December 03, 2010, 09:27:48 PM |
|
Then, doesn't having to use an escrow service basically introduce a transaction cost that is several order of magnitude more expensive than what we have currently with the existing financial system?
There is no magic in the existing financial system. If you can get your money back, it means THERE IS an escrow service included. You've just not been consulted about it. But it does exist and its price is part of the transaction cost. Bitcoin system just makes the two processes (money transfer and compensation) more clearly separated.
|
|
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1080
|
|
December 03, 2010, 09:40:14 PM |
|
Because if you use more violence than necessary:
1. You will involve some kind of court system, which may or may not rule that your property is valid for taking. 2. You are creating complication in the common law system. This make the law less predictable. 3. You may create more cost than benefit, leading to a downward spiral of societal and rule of law.
Agreed. The good thing with commercial exchange is that it allows people to interact without killing each other. Commercial exchange should never involve any use of violence. If you got screwed in a commercial transaction, it's not the end of the word. Don't ask society to raise hell just to repair your mistake.
|
|
|
|
MacRohard
|
|
December 04, 2010, 02:12:53 PM |
|
I'm a rothbardian libertarian myself, so you don't have to convinced me of the problems of having a government judge deciding who should own some property.
But even without considering the world we live in today (which is already a stretch), in a free society there would still be judges that adjudicate disputes, and thieves that need to be expropriated to compensate their victims.
How is this possible in a system where no one can take away the money illegitimately acquired by a thief or fraudster? This is a major problem that I see with bitcoin being suitable as money.
Realistically, this problem could cause bitcoin to be made illegal in all major countries, the same way e-gold went. No legally abiding business could accept it in a transaction, and even though no one could completely eradicate it due to its peer to peer nature, it would be relegated to some black market usage, and loose significant market value, along with any credibility of becoming a real currency.
Basically, this is a fundamental problem with bitcoin not being compatible with a civil law justice system?
Bitcoin is not worse than cash, for that matter. The concept of money doesn't provide any security nor insurance for your transactions. Cash can be re-appropriated if stolen. A bank account can be confiscated. A bitcoin hoard can't be. That's a big difference. Bitcoin can be re-appropriated in the same way as cash can be. The police can raid the thief, seize their computer, take control of the bitcoin wallet and force a refund of the money. In practice stolen cash is rarely re-appropriated and I doubt bitcoin cash would be either, but there is no difference in the methods that would have to be used.
|
|
|
|
RHorning
|
|
December 04, 2010, 04:21:09 PM |
|
Thanks for your reply.
I'm trying to play devil's advocate here, because I think bitcoin is a great idea, and worth considering:
1) Even if a client was redirected to fake other clients, then he would probably retrieve a ridiculously short block chain. This would look much suscpicious. I'm sort of curious about this particular issue about chain lengths. Would the current network accept a longer chain that was produced with less processing effort? In other words, if I happened to create a block chain with say 120,000 blocks with perhaps a couple of buddies or a small server farm (tweaking things a bit to get there), would this new longer chain be accepted as the "official" chain? I can think of a few ways for that to happen right now, even with the current checkpoints "hardcoded" into the software. I can't think of anything that would squeeze past those checkpoints easily, but from the last checkpoint on there certainly could be some mischief along this line. The one saving grace I can see here is with the block difficulty. If from block 74000 on you let the block difficulty gradually decrease (it would take some serious hacking to pull this one off) on the "fake chain" it would become progressively easier to make more and more blocks until you then had a longer chain. On the "official" chain, the difficulty would remain high or has happened recently that the difficulty has even increased. As a result, is it really the chain with the more CPU effort rather than necessarily even block length that ought to be recognized? I'm just curious if that is implemented as a check or not in the current network client? A sum of the difficulty level of the chain might suffice here as that additional sort of check, which would defeat a hacker group bent on churning out a whole bunch of corrupt blocks. Difficulty level is something that would be hard to spoof as it would be directly related to the "proof of work" hash on each block. I'm digging through the verification code, but I haven't been to that part in the official client yet.
|
|
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1080
|
|
December 04, 2010, 05:16:02 PM |
|
As a result, is it really the chain with the more CPU effort rather than necessarily even block length that ought to be recognized? I'm just curious if that is implemented as a check or not in the current network client? A sum of the difficulty level of the chain might suffice here as that additional sort of check, which would defeat a hacker group bent on churning out a whole bunch of corrupt blocks. Difficulty level is something that would be hard to spoof as it would be directly related to the "proof of work" hash on each block.
Well, isn't difficulty easy to guess with the hash of the block itself ?? I mean, difficulty is related to the threshold the hash must be inferior to in order to be accepted. Therefore, the smaller the hash, the bigger is the difficulty (although it's rather a majoration or something).
|
|
|
|
RHorning
|
|
December 04, 2010, 05:42:44 PM |
|
As a result, is it really the chain with the more CPU effort rather than necessarily even block length that ought to be recognized? I'm just curious if that is implemented as a check or not in the current network client? A sum of the difficulty level of the chain might suffice here as that additional sort of check, which would defeat a hacker group bent on churning out a whole bunch of corrupt blocks. Difficulty level is something that would be hard to spoof as it would be directly related to the "proof of work" hash on each block.
Well, isn't difficulty easy to guess with the hash of the block itself ?? I mean, difficulty is related to the threshold the hash must be inferior to in order to be accepted. Therefore, the smaller the hash, the bigger is the difficulty (although it's rather a majoration or something). I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty. The trick would be to somehow do a "sneak attack" with your now much longer chain and to get the miners creating new blocks to accept that new longer chain as the "official" chain and hopefully capture more than 50% of the network CPU effort from that point on. In theory, you might even "tweak" the difficulty in some way so that most of the blocks in this "new" chain are low difficulty but you ramped that difficulty back up again to match the current network difficulty... making a check of the last block of each chain seeming to be almost equally valid. This could only be done with a fairly large number of blocks (more than about 5000 blocks or so). It isn't something you could pull off with just a dozen blocks. Then again, 5000 blocks represent a whole bunch of mined bitcoins and would invalidate a huge number of transactions too, particularly transactions based upon those blocks as the generated source. 5k blocks may not be enough for this kind of attack. Timestamps would also have to be "faked" in such a situation and some considerable effort to really understand the protocol, but I am suggesting this could be an attack on the network if the difficulty for each block isn't being used as a criteria for inclusion into what the client thinks is the "official" version. For any given block, yes the hash and the difficulty is very easy to derive. But over the course of thousands of blocks it isn't nearly so easy to get. Then again, with this kind of attack you would know full well when it hit as I'm sure you would hear collective screaming going on all across the fruited plain as people see their transactions disappear like the morning dew and have Mt Gox collapse with this "hacked" weak chain. It would be incredibly disruptive if such an attack hit. This is in fact one of the reasons for putting in the checkpoints, in part to stop this kind of attack and similar kinds of attacks. Since block difficulty is already built into the protocol and is being sent with each block, it would be something easily checked and trivial to compute if a major chain split happened in terms of deciding which chain was the "real thing". I just don't know if that is happening right now is all. Scanning the chain for "funny timestamps" might also be a way to combat this kind of attack.
|
|
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1080
|
|
December 04, 2010, 05:50:56 PM Last edit: December 04, 2010, 06:19:21 PM by grondilu |
|
I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty. The trick would be to somehow do a "sneak attack" with your now much longer chain and to get the miners creating new blocks to accept that new longer chain as the "official" chain and hopefully capture more than 50% of the network CPU effort from that point on. In theory, you might even "tweak" the difficulty in some way so that most of the blocks in this "new" chain are low difficulty but you ramped that difficulty back up again to match the current network difficulty... making a check of the last block of each chain seeming to be almost equally valid. This could only be done with a fairly large number of blocks (more than about 5000 blocks or so). It isn't something you could pull off with just a dozen blocks. Then again, 5000 blocks represent a whole bunch of mined bitcoins and would invalidate a huge number of transactions too, particularly transactions based upon those blocks as the generated source. 5k blocks may not be enough for this kind of attack.
...
I don't know. I don't even know how the software deals with "concurrent" block chains. How can it know which one will be the longest one before it downloads them ? Does it download both ? Here is my guess though : the program downloads whatever blocks are available on the network, without any particular order. In the same time, it attempts to find out the linear sequence. Thus, blocks who doesn't fit, or fit a short sequence, are simply ignored. That's how I'd do it. Also, I doubt the program takes only the chain length into account. Otherwise it would be too easy. It has to be rather the sum of difficulties, or something like that.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13373
|
|
December 04, 2010, 07:03:58 PM |
|
I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty.
"Length" is calculated as combined total difficulty. You can see this in debug.log: SetBestChain: new best=000000000008a779f5a8 height=92528 work=136473134420632176
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
RHorning
|
|
December 04, 2010, 08:00:37 PM |
|
I'm talking two large chains where perhaps the "larger" chain has blocks with inferior hashes with significantly lower difficulty.
"Length" is calculated as combined total difficulty. You can see this in debug.log: SetBestChain: new best=000000000008a779f5a8 height=92528 work=136473134420632176This is exactly what I was looking for. Thanks! This is also where it isn't just the chain length isn't the important or critical feature but rather the blocks representing more work which is by far and away more important. Merely having more blocks or a "longer chain" isn't the critical factor here but rather showing that all of the CPUs involved in developing the chain have produced more proof of work. "Funny" timestamps can also be a clue something wrong is going on, but that isn't nearly as important. I'm glad to see that Satoshi is a step ahead of me on this
|
|
|
|
|