Getting the foundations of bitcoin looked at by Bruce Schneier

[mcdett]

I believe that we all have a staked interest to understand better the mathematical foundations in which bitcoin is operating on.

I propose the following:

1 - We write an open letter to Bruce Schneier [1] asking him to spend sometime reviewing and writing about bitcoin (I can write this, and will publish it in this thread before sending)
2 - In return for Bruce's services we will give him bitcoins
3 - That Gavin Andresen (@gavinandresen) establish a bitcoin address for donations to serve this purpose [2]
4 - That if we can't get Mr. Schneier to respond in a positive fashion within 30 days that all coins will be delivered back to the donor

I pledge 100 bitcoins to this effort.

Thoughts please.


[1] author of (http://www.schneier.com/book-applied.html) such a great book.  I wrote a Java class for public key encryption back in 1998 using this book

[2] I'd do it myself, but since I lurk mostly, I don't have an established 'credit' with the community here

[mcdett]

ROUGH FIRST DRAFT

Bruce Schneier,

We of the bitcoin community respectfully ask you to review the cryptography techniques deployed in the bitcoin software.  We are requesting a review of the foundational concepts deployed more than a line-by-line audit of the software (if you know of a good person to help us with that it please pass it along).

We will provide you with (total amount in pledges)/2 bitcoins for agreement to this effort, and (total amount in pledges)/2 bitcoins upon its completion.  We will accept agreement via email to gavinandreses(get gavin's email), and completion once you post to your blog the findings.


Thanks for your consideration.



bitcoin community

[ribuck]

The letter probably needs to include links to Satoshi's paper and to the source code repository.

[mcdett]

The letter probably needs to include links to Satoshi's paper and to the source code repository.

Yes... since this is an open letter please feel free to put some url's in this thread that you find interesting.


Thanks for the feedback!

[jgarzik]

A link to satoshi's paper is an absolute requirement:  http://www.bitcoin.org/bitcoin.pdf

[ribuck]

feel free to put some url's in this thread that you find interesting

The design of the Bitcoin system is described by this paper by Satoshi Nakamoto:

Bitcoin: A Peer-to-Peer Electronic Cash System
http://www.bitcoin.org/sites/default/files/bitcoin.pdf

The source code is here:

Bitcoin source code repository
http://bitcoin.svn.sourceforge.net/viewvc/bitcoin/

[mcdett]

ROUGH SECOND DRAFT

Bruce Schneier,

We of the bitcoin community respectfully ask you to review the cryptography techniques deployed in the bitcoin software.  We are requesting a review of the foundational concepts deployed more than a line-by-line audit of the software (if you know of a good person to help us with that it please pass it along).

We will provide you with (total amount in pledges)/2 bitcoins for agreement to this effort, and (total amount in pledges)/2 bitcoins upon its completion.  We will accept agreement via email to gavinandreses(get gavin's email), and completion once you post to your blog the findings.

To understand better what this is please visit http://bitcoin.org and start with this paper --> http://www.bitcoin.org/bitcoin.pdf

Thanks for your consideration.



bitcoin community

[mcdett]

The value bitcoin gets from this is also greater public legitimacy (which would increase the value of bitcoins I hold).

[ronaldmaustin]

The value bitcoin gets from this is also greater public legitimacy (which would increase the value of bitcoins I hold).

This is a very good idea, as the layman always has questions as to security.  I will watch the thread and consider donating.  I met Bruce once at some hacking convention in Vegas years ago.  Damn nice guy.

[Nefario]

Have you asked Gavin if he'd do this? If yes then I'm down for 250BTC

[mcdett]

I'll send Gavin an note about it now.

[MoonShadow]

I sent Bruce just such an email a couple of months ago.  He never responded.

For all we know, Satoshi could be Bruce's alter ego, but if he actually reads his emails, he is aware of Bitcoin.

[mcdett]

I sent Bruce just such an email a couple of months ago.  He never responded.

For all we know, Satoshi could be Bruce's alter ego, but if he actually reads his emails, he is aware of Bitcoin.

An open letter is more powerful.  Word will get to him that this offer stands.  I would think bitcoin would appeal to him on may levels.  He seems to convey libertarian traits in his writings, and his knowledge of cryptography would fit naturally as well.

EDIT:  Also... what do we have to loose if people get their bitcoins back if he doesn't respond?

[Gavin Andresen]

Frankly, I'm not sure how I feel about this.

I absolutely positively want more scrutiny of both bitcoin's source code and the underlying cryptographic concepts.

However, I don't think offering a token amount of money (even in the form of bitcoins) is appropriate.

A real, professional security review of bitcoin would take a lot of time and a lot of money.  I understand that's not what is being asked, but asking Mr. Schneier to write about bitcoin is really an irrational "Appeal to Authority" -- I think he'd say that any cryptography-related technology is never proven secure, but only gains trust by having multiple people and groups of people look at it, imagine potential attacks, try to attack it, etc.

Or, in other words, if he writes an article about bitcoin now I think the summary would be "interesting new technology, doesn't appear to be a scam, worth keeping an eye on."   I think he'll write that article soon without any prompting from "the bitcoin community," just given the level of buzz bitcoin is generating the last month or two.  I don't think a few hundred bitcoins will motivate him to write the article any sooner.

[Nefario]

oh well, withdraw my pledge then.

[mcdett]

Very fair.  My pledge is withdrawn.


Everyone take care.

[mcdett]

I resubmit my pledge of 100 BTC.

I absolutely positively want more scrutiny of both bitcoin's source code and the underlying cryptographic concepts.

However, I don't think offering a token amount of money (even in the form of bitcoins) is appropriate.

A real, professional security review of bitcoin would take a lot of time and a lot of money.  I understand that's not what is being asked, but asking Mr. Schneier to write about bitcoin is really an irrational "Appeal to Authority" -- I think he'd say that any cryptography-related technology is never proven secure, but only gains trust by having multiple people and groups of people look at it, imagine potential attacks, try to attack it, etc.

Or, in other words, if he writes an article about bitcoin now I think the summary would be "interesting new technology, doesn't appear to be a scam, worth keeping an eye on."   I think he'll write that article soon without any prompting from "the bitcoin community," just given the level of buzz bitcoin is generating the last month or two.  I don't think a few hundred bitcoins will motivate him to write the article any sooner.

The value this has to me is furthering the scientific (applied mathematics) foundation of this concept.  Strengthening that will go along way in increasing the value of the bitcoins I posses (this is largely a selfish matter, but one I believe we have in common).

I understand the cost in USD to do an solid security assessment of the code base (I do this for a living), but my approach to appealing to Mr. Schneier is rooted in that he has to write interesting content all of the time to stay relevant. I believe this is right up his alley.

By offering bitcoins we give Mr. Schneier something to play with during the course of his his analysis, and it has the added benefit of the community taking part in a transaction of value.

Having allies in places Mr. Schneier frequents can only increase the value my bitcoins have.

[Nefario]

Well giving him some btc to play with to try out the system is quite a bit different than paying him in btc to audit it. It does make sense in terms of making it easy for him to get btc, not having to go through the exchanges etc. But this doesn't require a lot. Your 100btc should be plenty for him to get started with.

[mcdett]

Well giving him some btc to play with to try out the system is quite a bit different than paying him in btc to audit it. It does make sense in terms of making it easy for him to get btc, not having to go through the exchanges etc. But this doesn't require a lot. Your 100btc should be plenty for him to get started with.

I will run with my pledge alone if need be.  Is there anyone else wiling to sweeten the pot?

[gigitrix]

He's a busy guy. You aren't going to get him until he's bored of Skein anyway...

[fergalish]

Why just Bruce Schneier?  Couldn't you offer a bounty to whoever can get a review of bitcoin published in a respectable cryptography journal?  Of course, you'd have to put the bounty in a trustworthy escrow, 'cos otherwise the reviewer might bias his or her conclusions.

[TiagoTiago]

Paying for a security audit could be seen as trying to buy a positive review...

[Stefan Thomas]

Paying for a security audit could be seen as trying to buy a positive review...

That's ridiculous. You have to pay for the audit whatever the outcome is. There is no incentive on part of the auditor to fudge the result. On the contrary, his professional reputation is on the line.

[casascius]

I looked at the drafts so far - it's missing something important - an appropriate introduction.

Dear Mr. Schneier,

We're writing as a community of enthusiasts and creators of an open source cryptographic currency project called Bitcoin.  Bitcoin is a decentralized peer-to-peer money system that relies on cryptography instead of central banks to enforce the integrity of transactions.  Bitcoin was started in 200x by Satoshi Nakamoto, is billed as "the world's first cryptocurrency" and is starting to garner significant interest as of late 2010.

The reason why we're writing is, first and foremost, we wanted to see if you had heard of it, and if not, we'd like to invite you to become familiar with it.  Second, we're eager to hear any opinion you might have to share about it, whether that's for better or for worse.

We understand your time is valuable.  We hope that after a brief look you'll find Bitcoin to be truly novel and peculiar and worthy of your interest.  Several of us who are familiar with you and your work have expressed a willingness to collect a small but significant offering if you're interested - naturally, payable in Bitcoins.

I've included a brief synopsis of Bitcoin, as well as a summary of Nakamoto's Bitcoin Whitepaper for your convenience.  Our website is bitcoin.org, and we are available to answer any questions you may have.

Sincerely, ...

[chaord]

Looks good...just fixed a couple grammar issues and added a little flare.  I'll also add 5 BTC to this bounty, payable when/if Schneier would like to redeem the offering.

Dear Mr. Schneier,

We're writing as a community of enthusiasts and creators of an open source cryptographic currency project called Bitcoin.  Bitcoin is a decentralized peer-to-peer money system that relies on cryptography instead of central banks to enforce the integrity of transactions.  Started in 2009 by Satoshi Nakamoto, Bitcoin is being billed as "the world's first cryptocurrency," and has recently started to garner significant interest.  Though officially still in beta, Bitcoin already has nodes, participants, and exchangers located around the world.

The reason why we are writing is, first and foremost, we wanted to see if you have heard of it.  If you have not, we'd like to invite you to become familiar with it.  Second, we are eager to hear any opinion or critique you might have to share about it.

We understand your time is valuable.  We hope that after a brief look you will find Bitcoin to be truly novel, peculiar, and worthy of your interest.  Several of us who are familiar with you and your work have expressed a willingness to collect a small but significant offering if you're interested - naturally, payable in Bitcoins.

I have included a brief synopsis of Bitcoin, as well as a summary of Nakamoto's Bitcoin Whitepaper for your convenience.  Our website is bitcoin.org, and we are available to answer any questions you may have.

Sincerely, ...

[casascius]

to enforce the integrity of transactions

+ and the transparency of the total amount in circulation.

[TiagoTiago]

Paying for a security audit could be seen as trying to buy a positive review...

That's ridiculous. You have to pay for the audit whatever the outcome is. There is no incentive on part of the auditor to fudge the result. On the contrary, his professional reputation is on the line.

An external observer might consider a paid review biased if the reviewer says things that benefit who is paying, specially if they don't understand the details of what is involved.

[QuantumMechanic]

Maybe "the world's first cryptocurrency" should be changed to "the world's first p2p cryptocurrency" so as not to disregard the work of Chaum, et. al.

[ChupacabraHunter]

This is a very interesting thread, did it die, or can it be revived now that Bitcoins are getting even sweeter to own?

just wondering...

[MoonShadow]

I never heard back from him, give it a try if you want.