
Are Bitcoins The Future? - patrickod
http://blog.priceonomics.com/post/47135650437/are-bitcoins-the-future
======
tokenadult
This article covers a lot of interesting ground, and isn't the usual same, old
same-old article about Bitcoin. I especially liked the reminders of earlier
examples of online currencies.

The conclusion is tentative, and reasonable. Along the way, the author brings
up many interesting facts about Bitcoin, about its supporters, and about its
critics.

I think it is especially reasonable to assume that Bitcoin exists with the
tacit consent of the United States National Security Agency, even if the NSA
didn't invent Bitcoin.

AFTER EDIT: Addition of my FAQ-in-progress about Bitcoin for Hacker New. A
while ago I wrote that perhaps the greatest contribution the Bitcoin
experiment will make to humankind is to teach you and me and our neighbors
more about the realities of economics. And later I added that the Bitcoin
experiment will also contribute to greater understanding of attack surfaces
and online crime. Many of the ideas about how to mine Bitcoins, store
Bitcoins, and trade with Bitcoins as a medium of exchange illustrate both the
strengths and weaknesses of any other medium of exchange in a world full of
human beings. Seeing the discussion of Bitcoins here on Hacker News reminds me
of early online discussions in the 1990s of online payment systems such as
PayPal, and the arguments beforehand that PayPal wouldn't have to invest a lot
of time and effort (as it eventually did) building defenses against theft and
fraud. If a weakness in a system is attached to a lot of money, the way to bet
is to bet that someone will go looking for that weakness, even if you haven't
thought of it.

This prompts a question for all the security-knowledgeable persons who
participate here on Hacker News, a question once asked of the inventor of
Pretty Good Privacy (PGP). How expensive do you think it would be for the
United States National Security Agency (or a comparable organization from
another national government) to crack a Bitcoin store, given that we know that
some Bitcoin caches have already been cracked? And if the organization storing
Bitcoin data held personal bank account data too, how attractive a target
might it be to thieves?

~~~
GuiA
>I think it is especially reasonable to assume that Bitcoin exists with the
tacit consent of the United States National Security Agency, even if the NSA
didn't invent Bitcoin.

How so? If the NSA really hated bitcoin, what would they do? Even if it were
made illegal in the US, the United States are not the world, and it would be
extremely hard to enforce.

~~~
hnolable
NSA, China, Russia, most governments really, and possibly a lot of banks,
could do a 51% attack and shut down transaction processing... or do double
spends, but shutting down all transaction processing seems more damaging. This
won't ever change, unless Bitcoin really causes governments to lose most of
their power and money.

Edit: gavin has a plan
([http://gavintech.blogspot.com/2012/05/neutralizing-51-attack...](http://gavintech.blogspot.com/2012/05/neutralizing-51-attack.html))
but my guess is if they did the work to start an attack in the first place
they'd have planned for gavin's plan and acquired enough older coins to foil
it. It'd be nice if more thought went into other ways to thwart a possible
attack but I'm not sure there really are any. Most people seem to discount and
completely avoid the issue.

~~~
bitcartel
Folk might want to print out Bitcoin wallets or store devices in a Faraday
cage... in the unlikely event Kim Jong-Un pulls a wild card! :-)

[http://www.washingtontimes.com/news/2012/dec/19/north-
korea-...](http://www.washingtontimes.com/news/2012/dec/19/north-korea-emp-
attack-could-destroy-us-now/?page=all)

~~~
nightpool
They'd be useless without a hard-copy block chain to back them up.

~~~
eric_bullington
Forgive me if this is a joke that I'm not getting, but they wouldn't be
useless at all:

1) Bitcoin is a p2p distributed network with nodes all over the world. Even if
a nuclear attack took out the entire US, the network would continue to work as
long as segments of the Internet did (and recall that the Internet was
originally designed to protect US data networks from nuclear attack).

2) It's quite simple to spend Bitcoins as long as you have access to a Bitcoin
node (see above) and a copy of the 32-byte private key string corresponding to
the public Bitcoin address the coins were sent to. This short string of
characters can be written on paper, etched into stone, whatever.

~~~
JoachimSchipper
The receiver can't be sure that the Bitcoin hasn't been double-spent without
waiting on changes in the block chain to propogate; that's not easy in the
middle of a nuclear wasteland.

~~~
nightpool
Right, or even be sure that its a legal bitcoin at all, and not just a
forgery.

------
confluence
Bitcoins are not the future. But they're a great start.

Bitcoins have two major problems stopping mainstream adoption; excessive
volatility that isn't managed and the fact that is a deflationary monetary
system, with the latter being a much bigger issue.

Fundamentally a currency needs to move around fungible value. That's it. If it
doesn't do that - it's useless.

Bitcoin incentivises hoarding - the opposite of value transmission - and
that's the main reason it'll remain as nothing more than a mere speculative
currency, like modern day tulips, and why it won't ever become an actual
alternative to actual cash.

Now - this isn't a knock against crypto-currencies - which are awesome - it's
merely a knock at the fact that monetary supply in the bitcoin system isn't
adaptive. Bitcoin needs a central decentralized bank that will help to
stabilise the system and inflate (punish hoarders) as the economy grows in
fits and starts.

I'm sure that one day in the not too distant future, another crypto-currency
will come about that takes all the advantages provided by bitcoin, and
combines them with stability/incentives of a nation-backed currency such as
the US dollar. When that happens, we can finally end the monopoly held by
large financial institutions that so clearly have literally no idea what they
are actually doing (see Deutsche bank just recently).

Bitcoins are just the beginning of a whole new financial world, free from
restriction, fees and abuse (hopefully :).

But they most certainly are not the end.

~~~
temphn
This is fundamentally the difference between the left and right economic
worldviews. The left prizes inflation, spending, and centralized nation
states. The right supports deflation, saving ("hoarding"), and powerful
individuals or voluntary groups. And now we are finally going to have an
empirical test where the left can't wave a gun at the right to force them into
inflation.

~~~
mtrimpe
Excessive hoarding is obviously dangerous to a currency though.

Imagine a fixed supply of 1.000.000 coins and suppose 99 people managed to nab
10.000 coins initially and are just sitting on them.

The bitcoin economy will then run as though the remaining 10.000 coins is the
entire economy, _but_ 99 people will have spending power equal to the value of
the _entire_ economy.

~~~
temphn
First, Moore's law is technological hyperdeflation. Your dollar buys more
computer power in 18 months than it does today. Yet people still buy
computers. And computers are the one bright spot in this otherwise Fed-bubble-
governed economy.

Second, a deflationary currency is inherently viral. The more people in it,
the more valuable it is.

Third, 99 median powers are better than one government having power over the
whole world currency. Power over the economy is linked to the capacity to
delay gratification, rather than the ability to maintain a monopoly on
counterfeiting dollars through violence against alternate currency providers
(see Executive Order 6102, Bernard von Nothaus, e-gold, et alia).

In your scenario, spending by those guys would drive down the value of the
currency. But they couldn't do so to an infinite extent; at best one guy could
devalue it by 50%. USG by contrast has devalued the dollar 96% since 1913.
Moreover, their purchasing power will rapidly decline as they sell more and
more off. Finally, the blockchain will show the global distribution of
holdings, making "monetary policy" of this kind more predictable than the
opacity of the Fed.

People have gotten into this mindset that inflation and infinite debt are
good. But I'll go with something backed by computer science over macroeconomic
pseudoscience anyday. At best, consider this a controlled experiment, Satoshi
vs. Bernanke. I know what side my mine is on.

~~~
XorNot
Computers are in no way deflationary.

They're manufactured. Better ones are made. There are so many computers in the
world now compared to demand that their value has simply inflated away, making
them accessible to everyone.

If the computer market were deflationary, then computers would really only be
affordable by the 5 richest men in the world.

You seem to under the mistaken assumption that money itself is an investment.
It's not. Investments produce value - which hoarding money does not. Neither
does hoarding computers for that matter. The moment you buy a computer it
decreases in value, so unless you use it productively it really is just
inflated away - much faster then your money is.

~~~
temphn
Let's focus on a single parallel:

True or false: under Moore's law, your dollar can buy K transistors today and
2K transistors in 18 months (ignoring inflation for now). Nevertheless, people
do buy and sell computers in immense volume.

True or false: under hyperdeflation, your bitcoin can buy K dollars today and
(at least) 2K dollars in 18 months. Nevertheless, people are trading Bitcoin
in large and exponentially increasing volume (see blockchain.info/charts).

Now, I agree that the mechanisms behind the deflation in each case are
different. Technological improvements are behind Moore's law while Bitcoin's
ramp is due to the controlled currency supply. But what I'm getting at is that
we've already faced a situation in which people could "hoard" dollars
indefinitely to buy an increasingly valuable asset, namely computer power. The
empirical result: they don't hoard indefinitely despite this exponential rise.
In fact, they buy by the billion.

~~~
XorNot
Computers do not increase in value with time. The relative value of your money
with respect to the computer market increases. But your money is subject to
inflation, and interest, and other markets - computer purchases can be valued
against the interest accrued in not buying a computer vs the expected returns
of doing so. Which, if you don't have a computer, might be forgoing a massive
amount of return profit (starting a startup, running a home office, being
entertained).

Deflationary _currency_ is a very different matter entirely. Because the
currency gains value relative to _every other thing you could spend it on_.
Money you might spend on a computer, does not.

These situations are not analogous in the slightest.

If you want to treat computers as a currency (money-like object), then the
reality is that computers are a currency experiencing hyper-inflation. They
don't hold any value at all, to the point that people consume them as
commodities instead.

------
anologwintermut
Its a nice write up, but it gets many points wrong.

1) Bitcoin is not anonymous. Its pseudonymous since all transactions take
place in public between pseudonyms (ECDSA keys). This is a big difference, one
that hasn't been examined too well, and what has been written on it is not
encouraging[0].

2) Bitcoin is not the first currency to prevent double spending without a
third party. That minimally goes back to 2006 and a paper "Compact E-cash"[0]
where double spending a coin reveled the user's identity and allowed for
prosecution.

The problem Bitcoin actually does solve is you don't have to trust the bank to
not devalue your currency.

3) Bitcoin does not solve the Byzantine generals problem. Bitcoin is assumed
to be correct if 51% of the computation power is honest. If everyone is equal,
this means that bitcoin only requires that the majority of the generals are
honest. The Bzyantine generals problem has no solution if even 1/3 of the
generals are malicious[2]: this is a rather famous result.

How is this possible? Bitcoin isn't dealing with a fixed n Bzyantine generals,
its dealing with a peer to peer system where anyone can join and you need to
prevent sock puppet accounts. It's a completely different problem.

[0]F. Reid and M. Harrigan, “An analysis of anonymity in the Bitcoin system,”
in Privacy, security, risk and trust (PASSAT), 2011 IEEE Third Internatiojn
Conference on Social Computing (SOCIALCOM). IEEE, 2011, pp. 1318–1326.

[1]<http://cs.brown.edu/~anna/papers/chl05-full.pdf>

[2][http://research.microsoft.com/enus/um/people/lamport/pubs/by...](http://research.microsoft.com/enus/um/people/lamport/pubs/byz.pdf)

~~~
jaimebuelta
I think the pseudonymous problem you are stating is a huge problem for wide
adoption. If you are able to associate a key with a person, you know all the
transactions done by some one (of course, with that wallet) You can take extra
measures to have multiple wallets, etc, but it can be difficult to truly
understand the risks and it could need an extra effort that, simply, is not
going to be assumed by lots of people.

I'm pretty sure that wallets associated with service and product providers
will be easy to figure out, so you can learn A LOT of sensible information
about someone... I guess that the risk will be low, but the consequences could
be huge.

~~~
zanny
Currently, using any accepted online transaction policy forcibly immediately
associates a real identity with it every time. Bitcoin makes acting
anonymously possible, it just requires work. Those that want the anonymity can
put in the work to be anonymous, whereas everyone else gets the ease of use of
associating keys with people.

~~~
anologwintermut
By accepted online transaction systems I assume you mean visa, paypal, dwolla,
etc.

In that case two points 1) If you are willing to accepted centralized systems
, than my second citation gets you complete anonymity.

2) At least with those systems, your information isn't public to everyone.

------
overgard
I really like the idea of cryptographic currency, but bitcoin strikes me as a
somewhat ill fated v1 of the idea.

Whatever replaces it will needs some sort of more sophisticated measure for
keeping the value of a coin from fluctuating wildly; because with the way the
currency is wildly deflating right now, I'd be super hesitant to "spend" a
bitcoin for fear that it might be worth twice what it is now, while on the
other hand, I'm also terribly afraid of buying a bitcoin, because what if they
drop back down to earth? Currency only really seems spendable if its value is
at least somewhat predictable.

~~~
betterunix
Bitcoin is not even "v1," it is just an attempt by cryptoanarchists to create
a currency without any central authority. Chaum, Okamoto, and many other
researchers published a large volume of work on digital cash, creating systems
that supported various notions of secure and anonymous electronic payments.
Unlike Bitcoin, the security of many of these designs can be proved by
reductions to hard problems, much like the security of public-key
cryptosystems like ElGamal. In the typical "hack it out and pay no attention
to previous work" style of the Bitcoin community, none of that research was
cited or even hinted at in the original Bitcoin paper. The fact that the
article presents this as a choice between something like Bitcoin and something
like Paypal is telling.

The reason Chaum's digital cash startup failed is complicated, but it boils
down to this: digital cash is poorly understood, banks have few compelling
reasons to deploy it (their existing fraud mitigation measures keep them well
within the realm of profitability), and the US government continues to work
against the deployment of good cryptography.

~~~
nullc
Chaum's system was centralized. A chaum token bank may be blinded but is still
a great big single central point of failure and control— they can still
inflate the currency— they can still selectively deny access. The
centralization created a huge operating risk and would make any such effort
untrustworthy just from the perspective of political exposure.

The whole point of Bitcoin
([http://p2pfoundation.ning.com/forum/topics/bitcoin-open-
sour...](http://p2pfoundation.ning.com/forum/topics/bitcoin-open-source) was
to build a zero trust decentralized system.

Chaum's system provides some properties "perfectly" but they aren't the
properties such a system needed to have in order to exist, much less be
successful.

~~~
betterunix
"A chaum token bank may be blinded but is still a great big single central
point of failure and control...they can still selectively deny access."

That is not really true when there is an offline transaction protocol; the
bank can only deny access initially (e.g. the bank can refuse to let you open
an account), but once you are in the system you can spend money or be paid
without the bank's permission. It is also possible to create threshold systems
where there is no single bank, so that there is no single point of failure.

"Chaum's system provides some properties "perfectly" but they aren't the
properties such a system needed to have in order to exist, much less be
successful."

I think protection against double spending is a pretty fundamental property
for a digital cash system to be successful. People would not use Bitcoin if
they did not believe that it protects them from double spending. My only real
point in all of this is that Bitcoin does not provide that protection
according to the standard used by cryptographers; in practice, nobody has
pulled off a double spending attack yet, but everyone knows how to do it and
it is not impractical by any stretch of the imagination.

------
aianus
_"If we sum up the amounts accumulated at the 609,270 addresses which only
receive and never send any BTC’s [bitcoins], we see that they contain
7,019,100 BTC’s, which are almost 78% of all existing BTC’s. This suggests
that 78% of bitcoins are being hoarded, waiting for prices to rise."_

While I'm sure many bitcoins are being hoarded, the proof presented means
nothing since by default all change is sent to a fresh address. So if I had a
100 bitcoins and bought an iten worth one bitcoin I would now own a new
address with 99 bitcoins and no outgoing transactions giving the impression
that I had never spent any of my bitcoins.

See: <https://en.bitcoin.it/wiki/Change>

~~~
trhtrsh
From the paper: ('ff' letters missing due to PDF copy/paste weirdness)

=============== Due to the way bitcoins can be repeatedly moved to fresh
addresses, some of which can be very recent, we can not claim that all these
bitcoins are out of circulation. However, 76.5% of these 78% (i.e., 59.7% of
all the coins in the system) are \old coins", de ned as bitcoins received at
some address more than three months before the cut o date (May 13th 2012),
which were not followed by any outgoing transac- tions from that address after
they were received.

To be even more cautious with our estima- tion of dormant bitcoins, we decided
to ignore all the transactions which took place prior to July 18th 2010, when
Mt.Gox started its exchange and price quot- ing services. The sum of the
balances of all the addresses which have not been active since that date is
1,657,480 bitcoins. Clearly, by considering all these bit- coins as \lost"
rather than \hoarded" we are underestimating the number of bitcoins which are
kept dormant in \saving accounts".

By ignoring these very old bitcoins and repeating the same calculation, we
found that 73% of all the remaining BTC's were accumulated at addresses which
only receive and never send bitcoins, and that 70% of these 73% (i.e., 51%)
are dormant bitcoins in the sense that they were received more than three
months before our cuto date but after it became easy to exchange them. If
instead of summing the transaction values we sum the nal balances of all the
addresses that were active after July 18th 2010 but became inactive in the
last three months, we get that 55% of all coins in the system are dormant in
this sense.

This is strong evidence that the majority of bitcoins are not circulating in
the system, and since it is based on the address rather than the entity graph,
this conclusion is not a ected by possible inaccuracies in the way we
associate addresses with users. Note that the total number of bitcoins
participating in all the transactions since the establishment of the system
(except for the actual minting operations) is 423,287,950 BTC's

~~~
Nursie
Wow. So it genuinely does look like ~80% of the BTC in existence are just
being sat on.

This is certainly consistent with the attitudes of miners and enthusiasts I've
seen on the bitcoin forums.

~~~
baby
A lot of bitcoins have also been lost forever by their owners.

~~~
Nursie
How many is a lot I wonder? I guess that's even harder to figure out than how
many are idle. If it's approaching a few % of the idle coins it could become
significant to the BTC economy.

------
GigabyteCoin
I would have titled this much differently. More along the lines of: "A
Comprehensive Guide to Bitcoin".

I just found it humorous that they titled the article "Are Bitcoins the
future?" and then failed the ask or answer that question anywhere in mini
novel they wrote following that title.

------
betterunix
No, Bitcoin is not the future. Most people need to deal with their nation's
currency to pay taxes and settle debts, most businesses need a currency that
is at least reasonably stable, and that is not getting into the extremely
questionable security of the Bitcoin system itself.

~~~
MichaelApproved
The difficulty in settling debts directly does not prevent Bitcoin from being
the future.

The Bitcoin as a currency is not a new concept. Right now, Bitcoin is almost
exactly like gold. You don't pay your taxes with gold but it could be
exchanged for your nation's currency to settle debts.

Some people exchange gold directly for goods and services but very few things
are priced in gold. People price things in their local currency so you must
exchange the gold for national currency to purchase.

Almost everything about gold is the same as Bitcoin and gold is a very trusted
and traditional way to store value.

~~~
lukeschlather
Gold has intrinsic value. Regardless of how our economic system functions,
gold is useful. Bitcoin is useless unless it is intrinsic to our economic
system. Bitcoin is absolutely nothing like gold, excepting that people assign
value to it.

~~~
darkxanthos
I used to think this too. The only difference between bitcoin and gold is gold
has uses aside from being a currency. Gold is however largely only worth what
it is because of its use as a currency.

Interesting collection of information here: <https://en.bitcoin.it/wiki/Myths>

~~~
dragonwriter
> I used to think this too. The only difference between bitcoin and gold is
> gold has uses aside from being a currency.

Well, the other big difference -- and one that drives a lot of the interest in
physically holding gold against the threat of a general economic collapse --
is that physical gold plausibly could retain some value as a currency in the
event of a general economic collapse that disrupts the viability of major
social institutions.

~~~
trhtrsh
why is gold more reliable than BTC?

If the USA collapses, bullets may become the new currency.
<http://en.wikipedia.org/wiki/A_Fistful_of_Paintballs>

~~~
dragonwriter
> why is gold more reliable than BTC?

Because in a collapse in which major institutions fail, the gold you have
physically on hand will still be on hand, verifiable as gold, and available
for exchange, for whatever value it has.

BTC, not so much.

> If the USA collapses, bullets may become the new currency

Sure, bullets may be even better than gold as insurance against a general
collapse, but that doesn't stop gold from being better than BTC in that
regard.

------
stcredzero
_> Bitcoin is the first digital currency to solve the double-spending problem
without needing a trusted third party._

Really? Just a quick search, and I find: (2007)

[http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=4...](http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=4268195)

Is that the paper Bitcoin is based on? According to Wikipedia, Bitcoin was
introduced in 2009.

Also, the price of a 51% attack is not that high:

[http://www.reddit.com/r/Bitcoin/comments/17gqw0/the_price_of...](http://www.reddit.com/r/Bitcoin/comments/17gqw0/the_price_of_a_51_attack/)

I've seen a more recent estimate that it would be $20 million to mount such an
attack. That's chump change for a power like the US, or even another major
industrialized nation. It's about the price of one older fighter jet and a
faction of the price of a current one.

~~~
eof
That paper you link to uses a trusted third party. I highly doubt you could
run a 51% attack for any significant amount of time on $20MM. Consider the
coins being mined everyday are worth ~500,000USD.

That is not to say it is impossible, but there is almost no way anyone in the
world could pull it off for $20MM except the people who already have ASIC
designs.

~~~
stcredzero
_> That paper you link to uses a trusted third party._

Not according to the abstract.

------
artumi-richard
If bit coins are used to avoid tax, as they could easily be, and that
seriously threatens a government's tax take then the government would kill
bitcoin. Even if it meant shutting down the internet. If it only mildy
threatens the government you might find transactions being slowly split into
two, one part in local currency for tax purposes and a second part which is
anonymous and digital.

As far as I can tell bitcoin is a neo-conservative wet dream, if it gained
mass traction anyway.

~~~
zanny
If governments tried to shut down the internet they would have significantly
more enemies than just currency speculators to war with. Also, any first world
economy that cut off the internet today would go back into the dark ages and
would suffer a more severe recession than the great depression.

No government in the first world could realistically try to shut down the
Internet. And if BTC gains transaction, it becomes harder and harder
(eventually prohibitively so) for a gov't to disrupt the block chain or launch
an attack on it.

~~~
artumi-richard
If the government has the potential of _no_ revenue they would turn off the
internet. Because they would believe, as I do, that government is good, as
they do things like Schools, Roads, Defense (and in the UK HealthCare),
policing, welfare, etc etc, and they collectively are more important than the
internet.

If all currency is traded anonymously. There will be no tax take.

------
mynameishere
Every time I see an article about bitcoin I do a ctrl-f on the comments for
the word "laundering" and come up empty. At some point, the men in black are
going to make an example of someone.

As soon as bitcoin transactions tend to be over 10K, the FBI and Secret
Service and IRS are going to be all over it. Do what you want with your
banknotes. Just be warned: The dealer on the corner taking dollar bills is
_much, much, much_ safer to deal with than any digital currency.

------
chris_mahan
Bitcoins are valuable only because people are hoarding it. It's a classic case
of bubble. In the end, they're just bits, and that doesn't have much value.

~~~
foxylad
Your (traditional currency) bank balance is "just bits". The only reason that
a number stored on a bank's computer has value is that we have all agreed to
trust the bank not to mess with that number. They are allowed to add and
subtract from it in very limited circumstances, usually only when they modify
another bank balance by the same amount (unless it's a bank in Cyprus!).

Bitcoin replaces that trust in banks with fancy cryptography. Assuming the
cryptography is up to snuff, there is no reason why people won't come to
accept it's value in time, just as we now accept that the "bits" that
represent our bank balance denote value.

~~~
nhaehnle
Thought experiment: I set up my own "bank", which is really just a little
website that maintains accounts and a transaction ledger. I somehow manage to
convince a large fraction of the population that I will follow certain rules
and not mess with those numbers. Assuming that I do manage this, do you think
those numbers on my website would become valuable?

If yes, why? If no, why do you believe that trust is the reason that fiat
currency is valuable?

Consider the following alternative explanation: Fiat currency is valuable
because there is demand for it. The prime source of demand for fiat currency
is for taxes. The secondary source is from all sorts of contracts (in
particular, mortgage and other debt service) that require lots of people to
obtain it. Trust comes in only as a tertiary source, at best.

------
emin_gun_sirer
>Bitcoin is the first digital currency to solve the double-spending problem
without needing a trusted third party.

This is false. Karma was a p2p currency that did this in 2004, 5 years before
Bitcoin: <http://www.cs.cornell.edu/People/egs/papers/karma.pdf>

------
veb
This article makes me ponder about the origins of Bitcoin.

This page claims that it could be a group of people who made it, which seems a
bit more likely: <https://en.bitcoin.it/wiki/Satoshi_Nakamoto>

Does anyone else have any interesting insights into the origin of Bitcoin?

~~~
betterunix
Judging by the original paper, the subsequent writings, and the kinds of
things prominent members of the Bitcoin community say, it is likely that
whoever created Bitcoin was an amateur. There are few references made to the
work done by Chaum or Okamoto. The security proof in the Bitcoin paper
considers only one specific attack strategy. ECDSA and SHA256 are referenced
but little is said about whether or not they compose securely with the Bitcoin
protocol, or even if the Bitcoin protocol itself is secure.

It is not that I mean to insult amateurs -- amateurs can theoretically make
secure cryptosystems (though Bitcoin is not secure under the security notions
used by cryptographers), but it is usually pretty clear when a system was
designed by someone who is not well-versed in cryptography. It is unfortunate,
however, that Bitcoin's developers cannot be bothered to search Google:

[https://www.google.com/search?q=digital+cash+site%3Aeprint.i...](https://www.google.com/search?q=digital+cash+site%3Aeprint.iacr.org)

~~~
josephagoss
If you don't mind, how is Bitcoin not secure under the security notions used
by cryptographers?

This is interesting because if it wasn't secure I wonder why hundreds of
millions of dollars have not been stolen yet? You could probably steal 100
million from some top addresses, move to MtGox and sell for a very decent rate
before what you did became apparent (of course once what did became apparent
Bitcoin would collapse forever)

Or if the addresses are secure and its something else that is not secure what
is it? I am on the bitcointalk forum a lot and I have not read anything about
the crypto being not secure.

Maybe I misunderstand what you mean by security?

~~~
deepblueocean
I look at it this way: there are two kinds of rules in the Bitcoin system:
crypto rules and social rules.

Some are self-executing, by which I mean that they can be enforced "by
construction" - if you create an object that doesn't follow the rule, other
people will know. Said another way, breaking the rule would also require
breaking some crypto.

Some rules, though, are social. For example, why does everyone try to extend
the longest branch in the block chain? Sure, the protocol _says_ it's the
rule, but why should that mean anything? People don't follow rules because
they want to. They follow rules because it's in their enlightened self
interest to do so. If you could make money by choosing a different rule,
somebody would do that instead. So it must be that these rules get followed
because it's in the interest of Bitcoin players to follow them. The natural
follow-up question is whether these social/economic rules are stable. That is,
why not some other solution? Why not only extend blocks whose (nonce % 0x0d)
== 0?

Cryptographers use a very particular notion of security in which they like the
security of their schemes to "reduce" to a well-understood assumption. That
is, we prefer it you can prove something like "if you can break my system,
then you can also solve problem X" where problem X is well-known and widely
thought to be very hard. Then either I am forced to believe that your system
is secure or that you have found an efficient way to solve problem X. And
since solving problem X is unlikely, I should consider your system secure.

As I said, some parts of Bitcoin _do_ reduce in this way to known
cryptographic primitives (which in turn reduce to problems we believe are
hard). But not all the parts.

~~~
josephagoss
Thanks, this is exactly what I wanted to know. You make a good point about the
social rules. The biggest hole in the entire system is the network is still
dictated entirely by these rules and the main client is the vessel in which
all these rules are set.

But its not set in stone and the lead developers do have a huge amount of
control.

Also many disagreements in the forum about the max block size and blocking
Satoshi Dice do worry me.

~~~
Frozenlock
The max block size, and consequently the transaction fees, are the most urgent
problems to solve IMO.

There's still time, but it really is something you don't want to mess up.
<https://bitcointalk.org/index.php?topic=157141.0>

------
forgottenpaswrd
"Bitcoin is unknown territory. It draws praise from Silicon Valley fixture
Paul Graham and simultaneous dismissal from Nobel Prize winning economist Paul
Krugman. "

No, No, nO!! There is no Nobel Price in economics, period.

There is a "Nobel MEMORIAL price" made by a central bank to propagate their
propaganda as scientific, huge difference.

------
porter
This is a great write up.

------
aminok
No one knows the future. They could be, and that's a pretty amazing prospect.

------
morphar
I would have to say: "nopes...", on this one ;)

