Witness is standard term in cryptography, Bitcoin people did not invent it. For instance a signature can be a witness to the fact that you hold a particular private key.
>I am also confused about the security properties of the Lightning Network. What happens when one of the hubs gets popped? Can someone steal all of the unsettled transactions? Suddenly this proposed scaling element starts taking on the security properties of Bitcoin exchanges, which are notorious for being popped.
If "a hub gets popped" the attacker should be not be able to steal the unsettled transactions. If we were trusting the hubs, like say how we trust coinbase, the LN would be much much easier to design.
No, the whole point of LN transactions is that you do not need to trust intermediary nodes, or 'hubs', as he calls them. Every transactor has a copy of a valid Bitcoin transaction that will settle payments owed to them and these debts are collaterized by lock-timed money on the blockchain. It is theoretically totally secure.
It's hard to imagine a more clearcut example of exactly the sort of bad engineering practices that will doom any project.
Ethereum on the other hand has serious issues, but they seem fixable. If Vitalik is willing to seriously rethink the design of Solidity and make greater efforts towards formally verifiable contracts, and then they get proof of stake working, I think there's some chance it could actually achieve some of the hopes of cryptocurrency enthusiasts. Unfortunately i'm not sure how willing they are to modify the language to make it more verifiable.
Not to mention, 2MB was a compromise from 8MB which was a compromise from 20MB.
Where's the compromise from the other side?
If I’ve gotten anything wrong here, it’s because the Lightning Network is ridiculously complex: the paper is some 57 pages written in blockchainiac gobbledygook terminology. I’m the sort of person who reads academic papers for fun, and can attest that this is not a paper I remotely purport to understand or enjoyed reading. I think there are very few people on Planet Earth who have read this paper and understand it.
If you're one of these Very Few People and you're reading this, a question: do Lightning's channels only reduce on-chain transaction volume in the case of recurring payments (eg subscriptions)? What is the anticipated savings if the Lightning Network is rolled out -- how much of current transaction volume could be handled in channels?
Thus you need to make more than two transactions in a sequence before moving them off-chain can offer any benefit, either at the micro scale (in the parties' cost of transacting) or at the macro scale (to Bitcoin's aggregate transaction throughput, both on- and off-chain). In theory a sequence of transactions done over the Lightning Network can involve multiple recipients and be routed among many parties, however, so a sequence of off-chain transactions need not be a sequence of recurring payments in the usual sense.
Whether a Lightning Network offers any cost or scaling advantage, and how big those advantages might be, will depend in practice on (a) whether good methods can be found to route off-chain transactions between hubs and end-users of the network, and on (b) the statistics of the real-world patterns of transactions that people end up using the network for.
Personally, I think that unless Lightning Networks give rise to major new classes of transactions (e.g., micropayments), then we are unlikely to see any significant scaling win from them any time soon. There is a classic chicken-and-egg problem of gaining a critical mass of users, which will take time to overcome, and people today typically use Bitcoin fairly infrequently, which makes the two-transaction overhead to get in and out of the payment channel significant relative to the likely size of off-chain transaction sequences.
The question is what alternatives exist, and which will gain traction, in the case that on-chain capacity remains severely artificially constrained and on-chain fees continue to rise. Maybe people will switch rapidly to Lightning Networks, or maybe they will switch to altcoins, or maybe they will just stop using cryptocurrencies altogether (or never start). We'll see.
Payment channels and consequently the Lightning Network (LN), assuming a sufficiently connection routing network (the people you want to pay are connected to the LN), reduce the volume of any amount of transactions. LN has the best cost advantage for use cases when the transaction volume is high (paying for wifi by the minute) but will also reduce on-blockchain transaction for anything.
If you're seeking a lucid explanation of what the LN is: Imagine a group of people with buckets of coins, to establish a financial-transaction connection with a person in the group you pay a small fee, after connecting to that person, you can pass some coins into that person's bucket who can then pass those coins onto another person's bucket (ad nauseam) all without requiring (but with option if you wanted) to settle the amounts to the blockchain. The LN paper goes into how this is done in a cryptographically enforceable method via the Bitcoin blockchain.
>What is the anticipated savings if the Lightning Network is rolled out
There are two things to assess the value of the LN. The transactional cost savings but also (and more importantly) the new use cases available to having transaction occur on a roughly 1-2 second timeframe (versus the 10-60 minute window currently). All off-chain databases would have the technological capability to have cryptographically enforced 'instant' payments. Right now, off-chain centralized actors (Coinbase, Bitfinex) just update entries to a database but don't have any blockchain-enforce DB updates. With LN, they could.
>how much of current transaction volume could be handled in channels?
Could: The majority of it.
Would: Depends on LN participant's appetite to dedicate funds to a payment channel (LN coin bucket). It's a trade off of avoided block-transaction fees vs time-value of money of dedicated funds.
If channels were not networked together, then they'd only be good for recurring payments.
But there's a trick that lets you network them, so A can have recurring payments to B, and B can have recurring payments to C, D, and E, and now A can pay all the others via his one channel to B. And it's done in a way that prevents B from being able to run away with money intended for C,D,E.
Genuine question? What makes it easier? Thanks!
Also, having a convenient scripting language instead of dealing directly with opcodes, like you have to do on Bitcoin.
And writing and testing the opcodes took less than a day; that's not the hard part! (Though getting the convenient opcodes into bitcoin was definitely non-trivial!)
As a P2P system LN doesn't really work for decentralized payments other than micropayments, for reasons others have pointed out here.
If you allow some well-capitalized hubs to form, that help solve the routing problems, then LN can easily achieve significant scaling for most kinds of payments (think digital hawala). The issue is that this is likely to require hubs that create and hold lightning channels with lots and lots of users, creating the potential for the distorting effects of centralization.
The greater issue is one we've seen now with Ethereum: if a Layer 1 app (the DAO, or LN) running on a Layer 0 blockchain comes to dominate the blockchain's usage, then there exists the potential that failure of Layer 1 can traumatize Layer 0.
Coming from a Bitcoin background, I found the Lightning paper quite a refreshing read compared to pure academia papers. The ideas behind are very clever, several implementations are under way and implementors are building interoperability standards along the way (https://github.com/lightning-core/lightning).
Since all programs terminate, reasoning about arbitrary properties about said programs becomes decidable.
We need to think of better tools & practices to secure contracts. It's still all new, there will be issues, there will be improvements. The end goal is worth it IMO. My main Interest in Ethereum (and Maidsafe) like most developers in the community is not so much money but the dream of having a truly decentralised web one day. Impossible? maybe, but I'm willing to try.
Can someone explain to me how Ethereum fulfils the "dream of having a truly decentralised web"? From my understanding, it just sounds like Bitcoin with programmable contracts tacked on.
How would I run, say, a reddit-like site using Ethereum?
It doesn't. It's hyped up bullshit.
Every Ethereum node runs the exact same code (single threaded too) with heavy computing and storage restraints. There's no sharding or load balancing. Can you run the entire reddit website on a single 90s computer? The answer is no.
Don't get me wrong, Ethereum is an interesting experiment and blockchains are useful for a number of things, but the notion of "lets put everything on the blockchain" is a shitty, terribly inefficient solution looking for a problem.
It's true of any platform, but Etherium is at a far higher risk of getting hacked because the language is Turing complete. There could conceivably be a smart contract blockchain with a simplified language that was still capable of most of Etherium's good sides with the safety net of static verification tools.
Ethereum, the VM/system is Turing complete, but Ethereum of course is not a language itself. [Correction: EVM code, that is Ethereum VM assembly, is indeed a language. Thus, Ethereum is technically both a VM and a language ("EVM assembly code") - which makes the assertion that "Ethereum is a language" correct after all.]
As far as I understand it, all current Ethereum languages (e.g. Solidity) are also Turing complete, though it should be possible to create a language for Ethereum to produce only algorithms constrained with some level of decidability. This is why Ethereum is likely not doomed yet as some have claimed recently. However, and especially due to The DAO fiasco, it's now a matter of building static verification tools as you suggest, or decidable languages for it, and new cryptosystems may show up before it can get to its first killer app.
Full disclosure: No horses in this race at the moment.
As an aside, I think that everyone posting anything about Bitcoin or Ethereum should be posting a disclosure in each discussion (even an abridged one of some sort, just a couple of characters).
I can easily imagine a system built on a non-Turing complete logical query language that defines data and rules for presentation. You could get pretty far with that. You can't create _any_ application, but calling Turing completeness “essential … for decentralized applications” is incorrect. It's essential for a _subset_ of applications that require Turing completeness.
I've been saying ETH is broken for a while. Its computational ability means contracts _cannot_ be formally verified. This is why I didn't buy into the DAO, and sure enough there's a bug in the DAO (ironically recursion related).
This is why in general software verification doesn't try to come up with languages where all programs are verifiable, but aims to verify specific programs, sometimes regardless of the computational strength. Some programs in Turing complete languages can be verified (but certainly not all), just as some programs in FSM-strength languages can be verified (but certainly not all).
While it is certainly possible that a much bigger subset of, say, FSM programs can be verified than a subset of programs in TC languages, placing the bar at "Turing complete" is somewhat of a red herring.
Indeed, the LANGSEC link in the post seems to understand that, noting that even verifying PDAs is undecidable, but it fails to note that even decidable verification tasks (for FSMs) are very often intractable, which -- for all practical purposes -- is just as bad as being undecidable.
As Vitalik put it:
"An important point about this project is that we see ethereum as being a platform first. If you approach it from the perspective of ether being a coin, with all the smart contract stuff being just bells and whistles on top to make the coin more valuable, you are going to have a hard time understanding this community; it's really all about the applications first and foremost, and ether is there simply as a token to facilitate payment of transaction fees and incentivize mining."
It does goes both ways as well, if you can contact your provider to get your stolen domains back, then your local dictator can also take them away from you because of something you said.
Thankfully, I don't (yet) live in a dystopian society where I can trust machines more than my neighbor (or leader).
Ether is there simply for our pre-mine profits :)
If there is a way to do something like Ethereum or Maidsafe WITHOUT the freaking money I would LOVE to hear about it. It would be nice if we could work on this type of technology without all the toxicity of get-rich-fast trolls and the silly tribalism.
Bitcoin started with a bunch of people running some hobbyist cryptographer's buggy cpp to generate worthless tokens. You don't need millions of dollars to build free software.
> The Internet was done so well that most people think of it as a natural resource like the Pacific Ocean, rather than something that was man-made. When was the last time a technology with a scale like that was so error-free? The Web, in comparison, is a joke. The Web was done by amateurs. -- Alan Kay.
Ethereum is of the web kind. It's amateurish.
-as an investment, bitcoin is fundamentally a ponzi scheme. someone may argue that it is a challenge only if you are too late in the game, but for me, that is a reason I am not touching it as an investment.
-as a money (store of value and measure of value), there is a fundamental issue that there exists no mechanism whatsoever that would stabilize it's value (against neither a typical consumption basket, nor USD or any other currency)
-as a currency (means to make transactions). You might argue that it is only about implementation that the network can handle a couple of transactions a second. But a widely used currency should handle _lot_ more than that. Assuming one billion transactions a day means roughly one transaction per person per ten days globally. Every single byte you need to store a transaction implies a gigabyte of data per day into the however implemented network. I would call that a challenge beyond just implementation.
I don't believe you know what a ponzi scheme is if you think this because it's not remotely true. From google:
a form of fraud in which belief in the success of a nonexistent
enterprise is fostered by the payment of quick
returns to the first investors from money invested by later
> s a money (store of value and measure of value), there is a fundamental issue that there exists no mechanism whatsoever that would stabilize it's value (against neither a typical consumption basket, nor USD or any other currency)
Absolutely true, but by design, they don't want a stable value, they want a fixed amount of currency and want value to fluctuate via supply and demand. Bitcoin is inherently anti-keynesian by design. This is why it'll never be more than a commodity.
Now, you can argue that this is true for all commodities. But all other commodities have some other utility backing the value of the commodity. Bitcoin has practically none, as discussed in my other points of the challenges of bitcoin as money.
And even that bitcoin as fixed amount of currency theory is a bit questionable. There is no reason why a fractional reserve bitcoin bank could not pop up and create bitcoin-as-payment-money out of thin air, as the current financial sector does with fiat money. (This would obviously allow a mechanism to regulate the total bitcoin money supply, but then bitcoin would lose it's whole raison d'etre. Catch-22.)
Think of bitcoins as tokens or as tulip bulbs - it can be used for something - but the prices is not the main idea. If you buy them for the price rise you are creating your own "ponzi scheme"
> bitcoin as fixed amount of currency theory is a bit questionable.
The total amount ot bitcoins is not questionable.
> There is no reason why a fractional reserve bitcoin bank could not pop up and create bitcoin-as-payment-money out of thin air
If a bank lend out x times the value of the bitcoin deposited, they will not be able to pay them out as bitcoins.
If you dont have access to your bitcoins as bitcoins, but only as a bank statement about how much they owe you, you effectivly traded your bitcoins to an IOU.
I do not see what that "something" is, which makes it a ponzi in my eyes. (An open, honest ponzi, but a ponzi nevertheless)
> If a bank lend out x times the value of the bitcoin you deposited, they will not be able to pay them out as bitcoins.
But of course, if x < 1 (as is in fractional reserve banking), the bank can pay out bitcoins.
> If you dont have access to your bitcoins as bitcoins, but only as a bank statement about how much they owe you, you effectivly traded your bitcoins to an IOU.
Exactly. And if that IOU is from a credible enough institution, there is no reason why I would differentiate taking a payment in that IOU or bitcoin. In which case that IOU is bitcoin-denominated currency and the amount of bitcoin-denominated currency in circulation is no more constant.
Well, actually there may be at least two reasons to differentiate. First, the IOU may pay interest unlike bitcoin. Second, the practicalities in transacting bitcoins or IOU's may differ, which in all probability dictate that I prefer the IOU...)
Note that by this standard definition, Bitcoin is not a Ponzi scheme. You may doubt whether Bitcoin is a wise investment, but calling it a Ponzi is bound to cause confusion.
"a fraudulent investment operation where the operator, an individual or organization, pays returns to its investors from new capital paid to the operators by new investors, rather than from profit earned through legitimate sources."
Now, with the obvious note that bitcoin is not fraudulent, you must agree that "bitcoin (as an investment) pays returns to its investors from new capital paid to the network by new investors, rather than from profit earned through any other source"
And any claim that bitcoin offers sustainable positive returns is precisely as mathematically unsustainable than any ponzi scheme. That holds as long as there is new money flowing in. Not longer. That is very similar to a ponzi.
(And of course, any commodity bubble has this same property.)
Overall, I think there are so many similarities between the investment logic between bitcoin and a ponzi, that the comparison is justifiable.
Which makes it not a ponzi, really that's all there is too it; fraud is a necessary pre-condition to call something a ponzi. No fraud, no ponzi.
If you remove the fraud element as you are attempting to do, then virtually every investment counts as a ponzi, all insurance counts as a ponzi, because paying investors with money from newcomers is a thing common to a lot more than just ponzi schemes. The world is Ponzi SCHEME, the scheme means fraudulent, scam, etc. If something isn't fraudulent it is not a ponzi no matter how many other traits it shares with ponzi schemes. The comparison is thus not justifiable.
That is not what makes a ponzi scheme a ponzi scheme, that is one element of a ponzi scheme but it's no different than any investment in a company that takes off. This is insufficient to call something a ponzi scheme. There MUST BE FRAUD, or it's not a ponzi scheme.
> Bitcoin has practically none, as discussed in my other points of the challenges of bitcoin as money.
Absolutely wrong, bitcoin has utility, trust-less exchanges of value, that's a valuable service to provide and the reason bitcoin maintains value.
There are so many ponzi schemes in Bitcoin many of them actually advertise that they are ponzi schemes.
I think you misinterpreted what I'm saying. Of course people run schemes using bitcoin just as they run schemes using USD; when I said "no fraud in bitcoin", I mean in bitcoin itself, the blockchain, the protocol, the currency. Bitcoin is a currency, and like any currency, fraudsters can and will use it, that doesn't make bitcoin fraudulent.
There's money in it. So it will happen.
Sending card details for small transactions is both insecure and too much mental overhead. Broadcasting single a transaction from a virtual bit of pocket change is not.
Once every browser has a wallet and people keep a few satoshis in there the web will go through another revolution.
Bitcoin also acts a store of value in a world where people want to save for the future in a form that can't be taken and devalued easily.
Whether people want smart contracts without the common sense back up of humans and courts I'm not so sure. Ethereum is interesting and will have some use cases but it's not a certainty that the risks will be overcome.
* democratic access. I don't need to ask Visa, PayPal, or any other payment processor to accept payments online. There are plenty of businesses underserved today. Some of these are in "gray" areas, others aren't.
* disintermediation of middle-men. There are tons of rent-seekers in finance (eg, banks protected by a regulatory moat). An open system that competes with them will lower prices for everyone.
With bitcoin you can transfer money internationally for cents and in seconds.
Bitcoin is utterly useless in this regard. Converting bitcoin to usable currency is very impractical in most locales and nearly impossible in others (no, meeting up with strangers to exchange bitcoins for cash at a 20% markup does not count).
No middlemen taking a cut at every step is one advantage of Bitcoin, and very fast international transfers is another.
I think of Bitcoin as an awesome idea for a replacement of the current corrupt system, not something that integrates well with it. It is not perfect but it's certainly better than the current system. Might be unrealistically idealistic but I hope a cryptocurrency succeeds. Anyway, it is still possible for people to transfer Bitcoin between themselves with no middlemen.
The vast majority of people on this planet use "paper dinosaur money" because that is what the overwhelming majority of merchants accept. There's also the fact that most people will have to convert their local currency into bitcoin before sending it because they aren't bitcoin enthusiasts who have arbitrary sums of bitcoin at their disposal. Most of the time acquiring bitcoin requires a bank account and can take days to acquire because of KYC and bank account verification (and that assumes you're comfortable uploading your photo id and other documents to bitcoin services).
> I think of Bitcoin as an awesome idea for a replacement of the current corrupt system
The cryptocurrency ecosystem is infamous for its association with fraud, abuse and incompetence. Whenever a bitcoin company goes offline for more than a few hours it's actually a serious concern that the operators might have absconded with the funds leaving users utterly powerless to recover their money or bring the operators to justice. Bitcoin operators have lost or stolen MILLIONS of dollars worth of money from bitcoin users... yet the current system is the corrupt one. My "dinosaur money bank" has never lost or disappeared with my money. Literally never.
> it is still possible for people to transfer Bitcoin between themselves with no middlemen
Which is useless if your overseas family wants to pay for goods and services like groceries, rent, medical care and other basic needs. You can say whatever you like about the ease of moving bitcoins internationally but it's a fact that almost everywhere in the world bitcoins are not accepted in exchange for goods and services and most people are not technically sophisticated enough to safely convert their bitcoins into local currency.
Another way to send money is to get a bitcoin debit card, give it to a family member and load it every time you want to send money.
Uninformed opinions should be kept to oneself, lest one ends up looking like they're talking out of their ass.
Let's do a little thought experiment. Suppose that I, living in the USA, want to send money to my aunt living in the Caribbean. Let's also say that she has never used bitcoin (like most people) and that I don't have an account on a bitcoin exchange (like most people). How do I get her $1000 within 24 hours using bitcoin?
10 minutes is more efficient than 3-5 days.
Plans are in progress to roll out similar systems all across the Single European Payments Area.