rpietila Altcoin Observer

[itod]

Fungibility is broken in bitcoin, because of the perfect transparency. There is no "if the currency is legal there is nothing wrong with any coin", at least not in the near future. [ ... ] We don't experience these issues with fiat simply because the basic user has no way to know what is the history of a note, and has no reason to fear other might know it and take him as responsible, so the analogy with USD is worthless.

A very good point.  Even cash is not entirely fungible: if you accept money that you *know* comes from illegal activity, you can be considered accessory to that activity.

The government cannot require store cashiers to check some "tainted cash" database before accepting banknotes; that is why tainted cash does not keep its taint for long.  But the government could require such checks for bitcoin, since the cashier has to connect to the internet anyway in order to accept a bitcoin payment.  

This is incorrect, you are forgetting there are no "coins" in Bitcoin, just inputs and outputs. The government can have a list of blacklisted inputs, but you can always move your coins through a mixer and get new inputs for your transactions, just the same as cashiers do in your example, and their blacklist would not hold for long just the same as banknote blacklist gets meaningless outside of the banknotes first move.

The fact that you need to do so is a clear demonstration of a weak fungibility. Mixers cost money. As soon as getting clean coins is more expensive than non-clean ones, the question is answered.

You do not need to do so, you have an option to do so if you want, that's the big difference, and that makes any idea of "government blacklisted inputs" meaningless. You can alternatively move your BTC through some other legal service with the same effect.

[JorgeStolfi]

But the government could require such checks for bitcoin, since the cashier has to connect to the internet anyway in order to accept a bitcoin payment.  

They can't actually do that, since either they are unsuccessful (much likely) or nobody would bother use this coin anymore, since its purpose would have been defeated (so they weren't able to control it, only to destroy it).

The stated purpose of bitcoin was to provide a method of internet payment that was fast cheap easy safe etc.. Some people thought that it was also a safe way to hide illegal payments from governments, and loved it for that perceived quality.  Those people (and presumably most readers of this thread) are now realizing that it never was.

A tainted-bitcoins database would only kill that use of bitcoin for good.  Cashiers would surely comply and check that database if it was automatic, and/or if they could be penalized for failure to do so (if only by having their own coins listed, and hence made worthless). 

[JorgeStolfi]

This is incorrect, you are forgetting there are no "coins" in Bitcoin, just inputs and outputs. The government can have a list of blacklisted inputs, but you can always move your coins through a mixer and get new inputs for your transactions, just the same as cashiers do in your example, and their blacklist would not hold for long just the same as banknote blacklist gets meaningless outside of the banknotes first move.

Bitcoin mixers are just a money laundering service; if they are not traps set up by the police, they will be illegal in that scenario (governments set up official database of tainted coins).  Sending your coins to a bitcoin laundering service will flag you as a suspect, and  any tainted input in a transaction will make all outputs tainted too. 

With the current blockchain traffic volume, it would be easy to keep such a database updated in real time, and the extra time+cost of checking it would be small compared to the time+cost required  the bitcoin transaction itself.

[nioc]

Fungibility is an essential property of any currency. If it is not fungible, it is not a currency. Following your logic, plumbers should not repair drug dealers pipes, waiters should not serve them at the restaurant, etc, because their US$ is not the same as any other US$. The issue is if you accepted currency for legal goods or services, if it is legal then there is nothing wrong with the money you've received.

My logic is not at issue.  At issue is the logic applied by courts of law.  I don't agree with it, I merely try to anticipate its consequences. 

The U.S. government does not consider bitcoin to be a currency.  It considers bitcoin to be property, a commodity.

I believe this is the view of the IRS.  The FINCEN guidance which came prior to the IRS ruling says it's a currency.  Which one is the US government?

[iCEBREAKER]

In the event of a dollar collapse type black swan, Bitcoin would either have to scale to petabyte levels and/or be relieved of less important transactions by XCN.

I see another possibility which is simply many separate blockchains, along with highly liquid and safe trading between them (probably decentralized). If bitcoin can't scale up and there is huge demand for crypto then what will happen is that some number of alts (and maybe that number is very high) will also gain in value and liquidity.

i.e. scale horizontally.

EDIT: regarding XCN, the people who actually understand the technology better than you and me have weighed in and said that it adds little if anything on top of bitcoin-type chains with SPV.

"Scale horizontally" means adding more nodes.  I guess you are talking about a future where individual blockchains constitute nodes in a greater cryptomoney gestalt?  We may already be there, but that's another topic.  What's your pick for interoperability between chains?  Ripple, Stellar, Counterparty, NXT, MaidSafe, or Other?

As for SPV, I disagree with these experts you mention.  It's simple: would you rather use a 3rd party or the minichain being mined on your phone?

I prefer to trust (entropy generated by) minichains verified/mined by my own and millions of other peoples' phones/laptops/personal banking devices. 

But I also know billions will prefer to use 3rd party Bit/Goo/QQ/FacebookCoin SPVs, so there is that, too.  ('ZomG I get a gas+grocery discount plus cashback for using AmazonCoin's simple app that doesn't drain my battery like those complicated minichain clients do?  Sign me up!')

If XCN truly "adds little if anything" to SPV, BitFreak wouldn't have gone through the trouble and expense of creating, launching, and nurturing it, nor gathered so much support along the way.

Have you read the XCN whitepaper?  The proof chain, account tree, and master hash are arranged in a simple but extremely clever relationship.  As with a superb stainless steel/no-oak Chardonnay, one is reminded of the elegant yet brutally effective technology behind BTC and XMR.

How can anybody read this

http://cryptonite.info/wiki/index.php?title=Mini-blockchain_scheme

The mini-blockchain scheme is a variant of the Bitcoin protocol which aims to eliminate the need for storing a full blockchain and overcome the "blockchain bloat" problem. The mini-blockchain is essentially like any other Bitcoin-based blockchain except that old blocks can be pruned from the chain. The block headers are kept as a PoW record but all old transactions can be discarded.

Address balances are managed separately in a hash tree structure called the account tree which is essentially a self-contained balance sheet designed to keep track of all non-empty addresses. New blocks act upon the entries in the account tree to perform transactions and the master hash of the account tree is embedded into the block headers to ensure consistency and agreement between nodes.

Since a proof-of-work is required for each new block, the account tree is updated in relatively periodic intervals of time. Since the master hash of the account tree is embedded into the block headers, the mini-blockchain helps to protect the account tree from malicious changes. However if we're discarding old blocks the mini-blockchain is not secure unless we keep the block headers.

So to secure the whole system from attackers, we use a chain of interlocking proof-of-work solutions termed the proof chain. The proof chain is simply a chain of block headers which encapsulate all the energy expended by the network on a given chain. The chain of block headers feeds into the mini-blockchain and acts to secure it and the account tree against attackers, even without old transactions.

The mini-blockchain, the account tree, and the proof chain, form the 3 core components of the overall scheme and work together to create a highly secure and robust P2P transaction system very much like the Bitcoin system but with a much better level of scalability, bandwidth, and speed. By optimizing each core component to perform a certain function of the blockchain we achieve unparalleled compression with a high level of security.

...and not be impressed by its brilliant optimization of Bitcoin?  This makes SPV and POS obsolete!   

XCN, in its own unique way, is an instantiation of another highly desired and much sought after 'Holy Grail' function, just like BTC and XMR.

IE: mini blockchains are the holy grail of pruning.  And they are the perfect complement to XMR, which is headed in the opposite direction.

[coinsolidation]

The block headers are kept as a PoW record but all old transactions can be discarded.

I need my old transactions archived and verifiable, what do I do?

[smooth]

"Scale horizontally" means adding more nodes.  I guess you are talking about a future where individual blockchains constitute nodes in a greater cryptomoney gestalt?

Yes that is exactly what I mean.

If XCN truly "adds little if anything" to SPV, BitFreak wouldn't have gone through the trouble and expense of creating, launching, and nurturing it, nor gathered so much support along the way.

He claims it does, but I'm neutral to somewhat leaning toward listening to those with greater expertise.

Yes I have read the white paper.

In any case at close to $100 million fully mined I think it is overvalued relative to its current state of (im)maturity. I expect a pricing realignment.

[smooth]

The block headers are kept as a PoW record but all old transactions can be discarded.

I need my old transactions archived and verifiable, what do I do?

The argument is that some will always archive the whole chain. But that is what you also get with SPV. You can verify the chain yourself (at least to some level of confidence) but without the full chain, and there are still some full nodes "somewhere" with the full chain (perhaps only in large data centers).

[aminorex]

The argument is that some will always archive the whole chain. But that is what you also get with SPV. You can verify the chain yourself (at least to some level of confidence) but without the full chain, and there are still some full nodes "somewhere" with the full chain (perhaps only in large data centers).

SPV adds an increment of trust which MBC avoids.  MBC does not obsolete SPV because of bandwidth considerations, but it does resolve a lot of scalability risk overhang.

[smooth]

The argument is that some will always archive the whole chain. But that is what you also get with SPV. You can verify the chain yourself (at least to some level of confidence) but without the full chain, and there are still some full nodes "somewhere" with the full chain (perhaps only in large data centers).

SPV adds an increment of trust which MBC avoids.

The experts seem not to think so, or at least are unconvinced. I'm interested in your (or others') independent analysis that disagrees, not claims from the developers own wiki and white paper.

(nullc = gmaxwell)

The ideas there aren't new ones— much more comprehensive things, with better and clearly stated security assumptions, have been proposed elsewhere... but short of some massive improvements in ZKP technology an system that super-linearly reduces the amount of data transferred to a node must reduce the security model.
If you find reduced security acceptable— bitcoin has SPV already, which has near optimal performance.
Things which are in between may well be interesting, but they need to be able to clearly express what their security model and tradeoffs are (e.g. if it's no better than or even worse than SPV, why bother?) and thats a place where this proposal was lacking considerably a few months ago.

(emphasis added)

http://www.reddit.com/r/Bitcoin/comments/2bp3vk/the_miniblockchain_scheme/cj86zhj

[coinsolidation]

The argument is that some will always archive the whole chain. But that is what you also get with SPV. You can verify the chain yourself (at least to some level of confidence) but without the full chain, and there are still some full nodes "somewhere" with the full chain (perhaps only in large data centers).

SPV adds an increment of trust which MBC avoids.

The experts seem not to think so, or at least are unconvinced. I'm interested in your (or others') independent analysis that disagrees, not claims from the developers own wiki and white paper.

(nullc = gmaxwell)

The ideas there aren't new ones— much more comprehensive things, with better and clearly stated security assumptions, have been proposed elsewhere... but short of some massive improvements in ZKP technology an system that super-linearly reduces the amount of data transferred to a node must reduce the security model.
If you find reduced security acceptable— bitcoin has SPV already, which has near optimal performance.
Things which are in between may well be interesting, but they need to be able to clearly express what their security model and tradeoffs are (e.g. if it's no better than or even worse than SPV, why bother?) and thats a place where this proposal was lacking considerably a few months ago.

(emphasis added)

http://www.reddit.com/r/Bitcoin/comments/2bp3vk/the_miniblockchain_scheme/cj86zhj

The developer working on this showed in in #bitcoin-wizards at one point to ask bitcoin people to write some code for their altcoin to take: http://download.wpsoftware.net/bitcoin/wizards/2014-06-12.html (search miniblockchain)
They got asked some fairly pointed and critical questions, and it didn't go especially well— this quote pretty much sums it up for me: "i am just getting paid to write the code."

(missing bit added)

Removal of change creates some enormous problems with non-deterministic behavior around reorg conditions... done in the obvious way it also creates things like transaction replay attacks or an inability to safely revise a transaction.
The fixes to close those issues end up making the 'without coins' transactions functionally similar to with-coins. I'd worked up a set of rules which I though were complete and sound a couple years ago, but got stuck on trying to produce a rigorous proof that the they were equally safe... though the exercise made me realize there was a lot more isomorphism between the approaches than I'd thought before.

(other comment added)

[aminorex]

I am mining XCN.  I think the coin is probably temporary, definitely over-priced, but the tech is good.

I am starting to look at VIA because I hear it will be a treechain testbed, and because it intends to serve as a 2.0 platform with PoW.

[iCEBREAKER]

The block headers are kept as a PoW record but all old transactions can be discarded.

I need my old transactions archived and verifiable, what do I do?

Keep using Bitcoin.  Or Monero, if you want privacy.

For everything else, there's Cryptonite.  That's why we're making so many of them.

And no, I don't have a problem with half of the 1.84 billion total being mined over the next 10 years.

The emission rate was revisited twice, and IMO they got it perfect for the intended use as the 'small bills and change' of the internet.

On the island of Libertopia we buy real estate with Bitcoin, lattes with Cryptonite, and party supplies with Monero.   

[smooth]

I am starting to look at VIA because I hear it will be a treechain testbed, and because it intends to serve as a 2.0 platform with PoW.

Once again looking to Reddit indicates a bit of shitcoin-ness behind the hype. Quotes from Peter Todd, allegedly hired by them as his "Chief Scientist," etc.

Frankly I don't know much about Viacoin, so I can't comment yet. They simply asked me to do research on treechains and were willing to pay for it. My contract with them is such that all work will remain free of patents and be opensourced.

...

Same rate I charge any project for work done for the public good that'll be open-sourced, $50/hr.

http://www.reddit.com/r/Bitcoin/comments/2c9700/peter_todd_hired_by_viacoin_to_work_on_tree_chains/cjde4vt

Comparing the tone and content of that with the press release version and I find the gap a bit scary:

http://blog.viacoin.org/2014/07/31/viacoin-hires-peter-todd.html

Technology might be okay, I really have no idea, but trying a bit too hard to sell it for my tastes.

[TooDumbForBitcoin]

On the island of Libertopia we buy real estate with Bitcoin, lattes with Cryptonite, and party supplies with Monero.   Cool

Where do you get your electricity?

[Peter R]

But the government could require such checks for bitcoin, since the cashier has to connect to the internet anyway in order to accept a bitcoin payment.  

They can't actually do that, since either they are unsuccessful (much likely) or nobody would bother use this coin anymore, since its purpose would have been defeated (so they weren't able to control it, only to destroy it).

The stated purpose of bitcoin was to provide a method of internet payment that was fast cheap easy safe etc.. Some people thought that it was also a safe way to hide illegal payments from governments, and loved it for that perceived quality.  Those people (and presumably most readers of this thread) are now realizing that it never was.

A tainted-bitcoins database would only kill that use of bitcoin for good.  Cashiers would surely comply and check that database if it was automatic, and/or if they could be penalized for failure to do so (if only by having their own coins listed, and hence made worthless).  

Due to the mixing property of bitcoin transactions, black coins will slowly mix with white coins and the UTXO set will soon be filled with every shade of grey.  Even the "virgin" coinbase output in each new block would become "tainted" by the transaction fees from any grey coins included in that block.  Any attempt at blacklisting would then require drawing a line in the sand for how "grey" a coin could be before it should be refused.  This line in the sand would likely be different across users, merchants and countries.  

Markets would emerge that discount coins based on the coin's grey level.  For example, if X is the greyness (1 being black and 0 being white), the discount would likely be linear in X:

   effective BTC value = BTC value  * (1 - k*X)

where k is the discount factor.  And as soon as these markets are efficient, then users don't really need to care about how dark their coins are as long as the value the user sees is the value after discounting based on grayscale.  Wallets could even deal with this in an automatic fashion as it would present an arbitrage opportunity.  "Did someone send you bright white coins?  Well, just blacken them down to the threshold and earn some free BTC!"  The end result is effectively fungible money.  

People of course realize this and the blacklist becomes a joke (or more likely, would never happen in any meaningful way in the first place).

[iCEBREAKER]

On the island of Libertopia we buy real estate with Bitcoin, lattes with Cryptonite, and party supplies with Monero.   Cool

Where do you get your electricity?

From the free market of course.  There's the turbine plant next to the LNG terminal.  And the the offshore wind generators.  Plus most buildings have solar panels.  Personally, I use an electrostatic dynamo left to me by my friend John.

[aminorex]

On the island of Libertopia we buy real estate with Bitcoin, lattes with Cryptonite, and party supplies with Monero.   Cool

Where do you get your electricity?

From the free market of course.  There's the turbine plant next to the LNG terminal.  And the the offshore wind generators.  Plus most buildings have solar panels.  Personally, I use an electrostatic dynamo left to me by my friend John.

Mine is hooked up to Ayn Rand spinning in her grave.

[dewdeded]

Analysis of state of the art "botnet mining software" system:

http://malware.dontneedcoffee.com/2014/07/sky-share-evolution-mining-botnet-system.html

Still no CryptoNote-support, only does Scrypt and Quark.


---> All good until now. Yeah, yeah I know there maybe some small, amateur botnets that mine XMR. But the accusations that the professional botnet mining scene is big involved in XMR/CN-mining is still wrong and FUD.

[aminorex]

viacoin will fail

When you have a moment please tell us why. Without a rationale that just seems trollish.

I certainly don't mind if it does fail, but you have to give them credit for pushing the ball forward on tree chains (as well as putting open-ended contract protocols on a more secure, PoW, footing). That alone won't make it investable, but it sure is interesting.

People, don't get so defensive of the very extraordinary distinction of your betrothed that you can't admit some of the other girls have certain charms of their own.