

Decentralised Currencies Are Probably Impossible - joewalnes
http://www.links.org/?p=1179

======
mrb
The author, Ben Laurie, argues that the way _checkpoints_ are arbitrarily
applied to the Bitcoin block chain relies on trust (of the developers), and
therefore make Bitcoin centralized. He then argues that an efficient currency
could be designed based on this trust.

Firstly, only 7 blocks are checkpointed out of the 134000 in existence (as of
July 2, 2011):

    
    
            if ((nHeight ==  11111 && hash != uint256("0x0000000069e244f73d78e8fd29ba2fd2ed618bd6fa2ee92559f542fdb26e7c1d")) ||
                (nHeight ==  33333 && hash != uint256("0x000000002dd5588a74784eaa7ab0507a18ad16a236e7b1ce69f00d7ddfb5d0a6")) ||
                (nHeight ==  68555 && hash != uint256("0x00000000001e1b4903550a0b96e9a9405c8a95f387162e4944e8d9fbe501cd6a")) ||
                (nHeight ==  70567 && hash != uint256("0x00000000006a49b14bcf27462068f1264c961f11fa2e0eddd2be0791e1d4124a")) ||
                (nHeight ==  74000 && hash != uint256("0x0000000000573993a3c9e41ce34471c079dcf5f52a0e824a81e7f953b8661a20")) ||
                (nHeight == 105000 && hash != uint256("0x00000000000291ce28027faea320c8d2b054b2e0fe44a773f3eefb151d6bdc97")) ||
                (nHeight == 118000 && hash != uint256("0x000000000000774a7f8a7a12dc906ddb9e17e75d684f15e00f8767f9e8f36553")))
                return error("AcceptBlock() : rejected by checkpoint lockin at %d", nHeight);
    

The mechanism by which these checkpoints are added is very slow: every few
months developers add them, and it takes months for most of the users to
deploy these new versions of the software (notwithstanding the fact that many
users never upgrade). Obviously a delay of multiple months to validate
transactions and issue coins is not acceptable. I cannot imagine how an
efficient currency could be built on top of this "more efficient" mechanism as
described by Laurie, who avoids this problem by stating "the exact mechanism
by which these snapshots are established is not important".

Secondly, he argues they make Bitcoin dependent on the trust of the
developers. This is not the case. The developers simply record some proof-of-
works recognized by the global Bitcoin network as of thousands of blocks ago.
Trust in these checkpoints is 100% based on trust of the proof-of-work
mechanism. The purpose of these checkpoints is to help prevent attacks where
Bitcoin nodes are isolated from the global peer-to-peer network via active
man-in-the-middle attacks, and are distributed an illegitimate block chain.
This only solves part of the problem (only the blocks up to 118000 are
checkpointed) but it is better than nothing.

------
joeyh
Is the checkpointing mechanism he implies actually present in bitcoin? Not
clear to me if it's a rhetorical device or if the bitcoin developers are
actually updating a last-good-checksum variable in the source from time to
time.

