Is Bitcoin that really decentralized, as you believe?

[kiba]

no, because Throughput will just say that someone will hack the person in possession of the key and compromise it.

You win the 1BTC Kiba Giggle Award. 

[Red]

While I think the signed binary bit is a non-solution to the problem, that attack vector is really quite likely. Especially while people are competing to run specialty builds that hash fast than everyone else.

A real solution would be to factor the key generation and private key storage into a separate process. The bitcoin client would communicate with the signing process through a well defined interface that took the data to be signed as input and returned a signature as output. It would never expose the actual public key to the bitcoin client.

This is equivalent to what some USB encryption dongles do. http://goldkey.com/

The signing process would have to prompt the user to review the generated transaction, and unlock the wallet prior to signing it.

A user review of the actual generated transaction is necessary to prevent the other obvious fraud vector. Covertly replacing the bitcoin address on a user's intended transaction with an alternate, prior to signing.

[Anonymous]

While I think the signed binary bit is a non-solution to the problem, that attack vector is really quite likely. Especially while people are competing to run specialty builds that hash fast than everyone else.

A real solution would be to factor the key generation and private key storage into a separate process. The bitcoin client would communicate with the signing process through a well defined interface that took the data to be signed as input and returned a signature as output. It would never expose the actual public key to the bitcoin client.

This is equivalent to what some USB encryption dongles do. http://goldkey.com/

The signing process would have to prompt the user to review the generated transaction, and unlock the wallet prior to signing it.

A user review of the actual generated transaction is necessary to prevent the other obvious fraud vector. Covertly replacing the bitcoin address on a user's intended transaction with an alternate, prior to signing.

What if you had as many wallets as you had bitcoins so that there is only 1 bitcoin in each ?At the moment there is 1 wallet file that would be relatively easy to find on someone's system.Having only 1 unencrypted file that holds your wealth is a vulnerability.Having 1000 files each needing a different pgp key to open would be a nice security feature.

[jgarzik]

What if you had as many wallets as you had bitcoins so that there is only 1 bitcoin in each ?At the moment there is 1 wallet file that would be relatively easy to find on someone's system.Having only 1 unencrypted file that holds your wealth is a vulnerability.Having 1000 files each needing a different pgp key to open would be a nice security feature.

Sounds like a maintenance and management headache.  Nobody will want to remember 1000 different passwords, or manage 1000 different keys all over the place, so that just moves the problem from one location (wallet) to another (key management and automation).

[throughput]

I'll repeat.

1. There is two separate entities, both sharing the same name NOW, which is not required at all:
    a) Bitcoin payment system as idea, mathematic model, protocol standard, rules
    b) Bitcoin software project, the implementation of the idea, the model, the protocols, etc, the binaries.

2. Payment system have it's own set of (possible) weaknesses and vulnerabilities,
    only some of them are caused by the software implementation, that is NOW available
    for public download from sourceforge. Diversity of implementations helps
    in isolating the software vulnerabilities in smaller subset of nodes, which does not
    necessarily form a majority.

3. The Bitcoin payment system heavily depends on the majority of the nodes to be "fair"
    and play by the rules. This is by design, not an implementation specifics. Somehow we just
    hope, that majority will just be fair. There is not any protection from nor detection of the otherwise case.
   
4. To control the payment system an adversary only need to control the majority of the nodes,
    whatever reason he want to control the payment system for, we do not limit his motives for
    the purposes of our analysis and never try to define them, dear Red. He may aswell just
    wish to hit a competing payment system, never try to steal your coins. The less users
    accept bitcoins, the less they are worth, do you understand the idea? Reputation is everything.
    However nothing restricts him in his deeds.
    Question to all: What exact threats to the payment system arise in the event of an adversary
    temporarily controlled the majority of nodes for a long enough amount of time? Perhaps going
    undetected. I count that threats as real world threats, not only imaginary, so request
    them be documented, at least here.

5. In the situation, where there are several equally popular implementations and no
   implementation run on the majority and at every moment every user may decide to
   switch to another implementation, then the payment system becomes less affected by
   the vulnerabilities of a single implementation and the vulnerabilities of implementation's
   software management process.

6. Even when there is only single implementation, diversifying the binary distribution, as with
   GNU/Linux, makes it much harder to subvert only one binary
   and write on the forum something like:

News: *** ALERT ***  Please upgrade to 0.9.10 ASAP for an important bugfix!  Do not accept Bitcoin transactions as payment until you upgrade!

to force the majority to upgrade to subverted binary and become controlled.

7. Signing binaries, publishing signatures, diversifying the binary distribution channels
   makes it harder to subvert just one single binary for subverting the whole network.
   Just adding a Bittorrent channel improves on that, but does not solves the problem
   completely.

As usual, system security is as strong, as it's weakest link's.
And I found, that the current process of distributing the binaries for Bitcoin payment system makes that payment
system too risky to convert real quantities of real money into bitcoins.
There is only one "official" site distributing binary. That makes the entire Bitcoin
payment system as secure as desktop of the user who have write-access to sourceforge.
I hope he trusts his desktop and network. But why should I? Even if I distrust his computer
and compile by myself, that does not protect the majority, which I believe, just downloads
the binary.

What is your opinion?
Would you object against my perceived value of the risk or against the vulnerability as a matter of principle?

Meantime, haven't I found too much central points from which Bitcoin can be controlled for it to become enough centralized? 
I always thought, that one central point is already enough for that... But, well, okay, that is your forum, your rules.

[kiba]

3. The Bitcoin payment system heavily depends on the majority of the nodes to be "fair"
    and play by the rules. This is by design, not an implementation specifics. Somehow we just
    hope, that majority will just be fair. There is not any protection from nor detection of the otherwise case.
   

How else it is going to work, throughput?

[throughput]

3. The Bitcoin payment system heavily depends on the majority of the nodes to be "fair"
    and play by the rules. This is by design, not an implementation specifics. Somehow we just
    hope, that majority will just be fair. There is not any protection from nor detection of the otherwise case.
   

How else it is going to work, throughput?

I don't understand your question.

Are you asking me to propose a better design solution?
No, I'm definitely not going to propose a better design, I'm just discussing the current,
if I have promised to do that somewhere, I take my words back!

I meant that the Bitcoin payment system depends on the majority, but nothing is proposed
to even monitor, whether the majority is playing be the rules or not.
If the majority is the inherent key concept of the system and Bitcon depend on that so hard,
then, shouldn't that concept be protected better? Well, just diversifying the distribution of binaries
will improve that a lot, I think.

[kiba]

As usual, system security is as strong, as it's weakest link's.
And I found, that the current process of distributing the binaries for Bitcoin payment system makes that payment
system too risky to convert real quantities of real money into bitcoins.
There is only one "official" site distributing binary. That makes the entire Bitcoin
payment system as secure as desktop of the user who have write-access to sourceforge.
I hope he trusts his desktop and network. But why should I? Even if I distrust his computer
and compile by myself, that does not protect the majority, which I believe, just downloads
the binary.

This is an economic nonsense. It what people believed that make money "real money". The fact is, people are exchanging USD for bitcoins, and then use that to purchase various services and and goods.

However, it is an economic nonsense that we would like potential adversaries to believe in.

[throughput]

This is an economic nonsense. It what people believed that make money "real money". The fact is, people are exchanging USD for bitcoins, and then use that to purchase various services and and goods.

However, it is an economic nonsense that we would like potential adversaries to believe in.

I got your point.

If you have built that system for yourself only, that is OK to ignore something, that you don't believe in,
until it strikes you, which may not happen at all, since you may be protected by your low significance from
being targeted by any adversary via such exotic method.

But then you will not get wide adoption, if that same thing is perceived as quite real by the others.

If you are not for adoption, that may be OK. Do others agree with you?
You may aswell ignore others too, what's the heck.

I have presupposed, that Bitcoin is going to be widely accepted as a international payment method,
sorry, if that was not the intents of the developers.

If Bitcoin manages somehow to get used widespread, which is not at the moment, then there will be enough
possibility of any adversary.

If you mean, that by that time Bitcoin will be managed properly and will invent some means of protecting the majority
from being overtaken by, then I object to that. It will not become widespread, since it ignores obvious security
problems. It will just not get enough trust to be used as money by a people.
It will only be used by crypto exremists, like me and you. And will not get adopted in the wild.

[kiba]

If Bitcoin manages somehow to get used widespread, which is not at the moment, then there will be enough
possibility of any adversary.

The bitcoin network strengthen with an addition of a node. Thus, the bitcoin is quite secure from the perspective of controlling the majority of nodes problem.

If you mean, that by that time Bitcoin will be managed properly and will invent some means of protecting the majority
from being overtaken by, then I object to that. It will not become widespread, since it ignores obvious security
problems. It will just not get enough trust to be used as money by a people.
It will only be used by crypto exremists, like me and you. And will not get adopted in the wild.

Security is not everything, throughput. It is also a tradeoff. You can have the most secure system in the world but what's the point of using it if it is massively inconvenient? Sure, we should try to increase security and fix vulnerability, but then we have to weigh against opportunity cost of such security.

[jgarzik]

As usual, system security is as strong, as it's weakest link's.
And I found, that the current process of distributing the binaries for Bitcoin payment system makes that payment
system too risky to convert real quantities of real money into bitcoins.
There is only one "official" site distributing binary. That makes the entire Bitcoin
payment system as secure as desktop of the user who have write-access to sourceforge.
I hope he trusts his desktop and network. But why should I? Even if I distrust his computer
and compile by myself, that does not protect the majority, which I believe, just downloads
the binary.

This is very true.  It is a major weakness that Satoshi does not PGP-sign the hash signatures posted on the front page of http://www.bitcoin.org/.

[throughput]

Security is not everything, throughput. It is also a tradeoff. You can have the most secure system in the world but what's the point of using it if it is massively inconvenient? Sure, we should try to increase security and fix vulnerability, but then we have to weigh against opportunity cost of such security.

I don't believe, you meant, that distributing the compiled binaries via diverse channels, like GNU/Linux do now, makes Bitcoin
payment system massively inconvenient.
I don't believe you mean that... If you feel to argument further, you may continue in PM.

Thus, the bitcoin is quite secure from the perspective of controlling the majority of nodes problem.

That is only true, if the majority don't download and run binary executable from a single site.
Single site (like any other) may be aswell just get eventually hacked, after all.
I propose the possibility of adversary controlling the nodes by controlling their code.
If new node run subverted binary, then what? You can't believe that can ever happen?
Then I believe it is real. I have had similar experience in my past, so I believe, that is REAL.
I have a hosting of a half of a thousand of sites, and there is always one to three sites in
a hacked state showing SEOs garbage, and logs shows accesses from foreign IP addresses,
but always with valid passwords.
Stolen accesses to the hostings are being sold in the black market, they are demanded by black SEOs.
Sourceforge account looks like a possible target to be stolen and sold, doesn't it?
Who knows, maybe it is being actively sold right now, but nobody wishes to by it...
Guessing that may drive you crazy.

Signing the binaries and publishing the signatures of all versions helps to identify and prove the problem
after it happens. No signatures, as NOW, makes subverting possible to go completely undetected
and unprovable later.
Nobody will ever notice the trouble is happening and start coordinating their efforts.
That makes risk for me as a user higher.
Everybody else is free to ignore that aswell.

[Quantumplation]

You guys are still arguing with this buffoon?

He's arguing that the system should be secure even if the majority of people are compromised.  There's no way to control that.  If over half the people in the entire US economy conspired to specifically thwart the others, they would succeed.  If over half the computers coordinated to falsify the internet, they would most likely succeed.  But, if you control over half the internet, what's the point of subverting it?

This very fact is what MAKES it decentralized:  The majority controls the system, not some subset/minority of the population.  Not even to mention the fact that 51% would probably be insufficient to overpower the system convincingly, as it's still dependent on luck.

[throughput]

You guys are still arguing with this buffoon?

He's arguing that the system should be secure even if the majority of people are compromised.

Everyone is free to read my posts and discover, that I'm arguing, that the majority of people should be better
protected from being compromised. And that the authors of the Bitcoin should get concerned by
that security risk.

  There's no way to control that.  If over half the people in the entire US economy conspired to specifically thwart the others, they would succeed.  If over half the computers coordinated to falsify the internet, they would most likely succeed.  But, if you control over half the internet, what's the point of subverting it?

This very fact is what MAKES it decentralized:  The majority controls the system, not some subset/minority of the population.  Not even to mention the fact that 51% would probably be insufficient to overpower the system convincingly, as it's still dependent on luck.

I'll not cite him here ...

[imnichol]

Everyone is free to read my posts and discover, that I'm arguing, that the majority of people should be better
protected from being compromised. And that the authors of the Bitcoin should get concerned by
that security risk.

But how exactly should they be better protected?

[throughput]

Everyone is free to read my posts and discover, that I'm arguing, that the majority of people should be better
protected from being compromised. And that the authors of the Bitcoin should get concerned by
that security risk.

But how exactly should they be better protected?

By giving them a chance to download binaries, compiled and distributed by several trusted parties, like with GNU/Linux, instead of just single trusted party via single channel, like NOW.
And by distributing tamperproof checksums of the binaries in a public places, like news sites and forums.
Right now there is only one download location for the lazy and unwary - sourceforge,
but that is not required by design.

[imnichol]

By giving them a chance to download binaries, compiled and distributed by several trusted parties, like with GNU/Linux, instead of just single trusted party via single channel, like NOW.
And by distributing tamperproof checksums of the binaries in a public places, like news sites and forums.
Right now there is only one download location for the lazy and unwary - sourceforge,
but that is not required by design.

Actually there are several people on the forums who are working on doing exactly what you just advocated, I'd advise finding them and contributing.

[FreeMoney]

Everyone is free to read my posts and discover, that I'm arguing, that the majority of people should be better
protected from being compromised. And that the authors of the Bitcoin should get concerned by
that security risk.
 

No you aren't. Unless I misunderstand you want a minority of honest users to be able to stop a majority of thieving botneters. The system as it is right now protects the majority, you are advocating ending that.

[lfm]

Not everyone automatically updates to new versions right away when they are released. New versions have to work with old versions or not work really at all.

Still rules are not embedded in stone. they are embedded in code which is really pretty easy to change. Just making changes that work right is slightly harder. If someone comes up with a change that people think is good they will use it. If it is a disruptive change the of course disruption is possible till one version wins and the other version gives up. If conflicting versions continue then forks could happen, then we have bitcoin and bitcoin-v2 or some such with floating exchange rate between the two.

None of this frightens those who understand it.

[throughput]

Everyone is free to read my posts and discover, that I'm arguing, that the majority of people should be better
protected from being compromised. And that the authors of the Bitcoin should get concerned by
that security risk.
 

No you aren't. Unless I misunderstand you want a minority of honest users to be able to stop a majority of thieving botneters. The system as it is right now protects the majority, you are advocating ending that.

How's that?
Can you elaborate on that?
Whatever your intentions are, nobody is forced to accept my point of view here.
Nobody is either forced to know or understand it. So, ofcourse, you don't have to understand me.

The system as it is right now FORCES the majority, NOT you, to download precompiled executables from sourceforge.net download page.
I can imagine that as a kind of protection for them, but only if all the links in the chain from the source code store through the build node to the download page are as protected, as international banks payment systems are.
The protection you talk about is in effect only in the case when the files, that are downloaded in binary form are not
hiddenly patched by a third parties for whatever reasons.

I want, that a majority of honest nodes will never become thieving botneters behind their backs, without ever knowing that.
Some here just said, that is impossible to stop, I say NO, that is not true, you just need to diversify software delivery channels for the end users.
That risk exists even for GNU/Linux distributions, but it is small, since it is thoroughly mitigated, and compared to Bitcoin, Linux does not depend on the majority of nodes to be honest to survive.
So, everybody is free to take the best practices of Open Source software management, everybody is free to ignore them either.

You may also argue, that I'm pursuing my own evil interests here, I'm just waiting when you say that.
I won't be surprised, promise.