Hacker News new | comments | show | ask | jobs | submit login
Bitcoin P2P Cryptocurrency (bitcoin.org)
31 points by micaelwidell on July 20, 2010 | hide | past | web | favorite | 24 comments

I wrote the software used at https://loom.cc. That is a site which allows anyone to create and issue new types of digital assets. Typically the issuer will write a contract pledging to redeem the digital asset for a specific quantity of physical assets or services. Owners of the digital asset may spend it freely on the server, similar to how they spend cash in the physical world.

One thing I like about Loom is that an asset type has a single issuer. This means that an issuer can store some physical assets in a vault, create a digital asset type redeemable for those physical assets, and issue the digital asset type in a strictly limited quantity.

Then there's no question what a digital asset type is good for, because even if no exchangers or merchants accept the asset type, at least the issuer is contractually obligated to deliver the assets in storage or the promised services.

I wish Mr. Nakamoto (the author of Bitcoin) could devise a way for a digital currency to have a single issuer, but still trade in the wild like Bitcoin does now without a central server. However, that may be a logical contradiction and thus fanciful thinking.

So the best I've been able to come up with is Loom, which does indeed depend on a central server. But I would like to see many Loom servers with trading networks between them. That might be a way to realize the benefits of central servers while avoiding much of their risk.

  (invite 42215c198e22c724d7cfd7887bda2a57)
P.S. Various source code references here:


I heard of cryptographic protocols that can achieve what you ask for here.

(I just have to dig up where I read about it.)

I've read up a bit on blinded signatures, Brands, etc. I have two problems there.

First, I would need a reference standard implementation of blinded signatures. I know if I tried to cobble something together myself, some crypto-guru would laugh and point out that my prime factors weren't super-prime in a Zeta field of modulus three or some such thing.

Second, basic blinding still does require a central server. I believe the Brands protocol allows blinded tokens to circulate without contact with the server at every stage, and anyone who attempts a double-spend can be identified cryptographically. But it's complicated and ultimately relies on the technique of going after the bad guy with a baseball bat.

So if I went with blinded tokens on a central server, I'd be right back at the central server problem. Blinding provides un-traceability at the cryptographic protocol layer. With Loom, I figured that anyone that concerned with un-traceability could just use a VPN or Tor.

What about a peer-to-peer solution? Every participant runs a brand server; to "spend" a token, you contact any random server and tell it that you're doing so. That notice then gets spread to every other server; a server who has received the notice won't allow the same token to be spent again, and a server that isn't "caught up" to the mesh won't be allowed to be authoritative (be a source for spend announcements.) It would basically be like Bittorrent—except the pieces are created after the torrent is, inserted into the "file" (keyspace) one at a time, and the hash mutates with every spend.

Thanks for the write up!

The problem with all cyber-currencies is that they can be used for money laundering, so the feds will shut them down. I know, you're saying, "it uses crypto so you can't track it and it's decentralized so you can't shut it down." This is true, however, if you want to spend your bitcoins you need to convert them into some recognizable currency, which means you need a bank to do so, which can and will be shut down by the feds.

See the case of E-Gold for a similar comparison. E-Gold was doing something very similar: letting people transfer money anonymously and untraceably, but backing it with real gold in a vault so that it had some legitimate worth. The feds shut them down.

Crypto currency sounds great, but unfortunately it always breaks down where the rubber meets the road, or where the crypto currency gets converted into real currency. These places are easy to shut down by any government.

The simple solution is for digital assets themselves to become more "real." For example in Loom a merchant can issue a digital asset redeemable for his own products and services, and that digital asset can trade freely like cash. It's "real" because you can reliably obtain real things with it. These asset types are not as liquid as the US dollar yet, but within certain trading networks they can be quite useful.

Regarding money "laundering," that used to be defined as concealing the proceeds of crime. Now privacy itself has been defined as laundering, even when no fundamental crime is involved. That is to say, privacy itself is criminalized by statute. It's sick, and decent people need to reject that way of thinking. Stick to the principles of common law and voluntary exchange.

Just keep the gold in a vault in some foreign country, and keep the entity out of the US.

Look at TPB--a lot of money has to change hands on their site (advertisers, etc.) and in spite of pretty much every country trying to shut them down they seem to be doing OK.

So are you suggesting that a fundamental property of any workable currency system is the ability for the government to track and control where every unit of currency goes and how it is used?

No, I'm just stating a reality of the banking and financial systems. If you want to receive wire transfers, you need to be a federally licensed financial institution, and therefore subject to regulation. Those regulations say you must report all activity that meets certain patterns (ie, certain dollar amounts, suspicious transactions, etc). So, by default all money transfers are monitored by the government. If you want to turn bits into currency (ie wire transfer) you need to pass through a federally regulated entity to do so.

"Third parties can’t prevent or control your transactions." But they can devalue the currency by minting money and keeping it. Also the currently is worthless by definition as no one is willing to pay money for it.

Both of these are common problems among all new currencies, and the most common way to defeat both is to have the currency issuer back their currency with something of known worth (gold, a fiat currency, etc). If conversion to/from the backing currency is common, then most transactions become bound by the problems of both currencies, for example paypal is effectively a currency that is more or less worth USD * ##%, because of the currency switching costs.

I can't wait to see a crypto-based-currency jump these hurdles, but I can't yet imagine how they'll successfully do it (and perhaps some already have that I don't know about?).

Minting it and keeping it increases the value of others' money. It causes deflation, because there's a strictly-finite amount of possible "coins" (single-digit percentages of which will likely remain in a couple years. Difficulty in finding them increases exponentially).

This currency suffers from the same major problem that all limited supply commodity-based currencies have (assuming someone doesn't figure out a way to counterfeit it) - deflation. Whether your fixed money supply is based upon gold or hard cryptographic problems, a fixed money supply encourages people to hoard money rather than invest it, because their money will be worth more later. This causes the amount of money in circulation to fall, which causes even more deflation, etc. (Google for "deflationary spiral").

Basically, you have 3 choices for currency. You can have debt-money (most modern economies). This has the advantage that money is effectively created by the market based upon the mutual agreement of a lender and a borrower, which means that money is created and destroyed by the invisible hand. This is a good thing. It is problematic, however, in that you get problems if large sections of the economy ever start paying off their debts through very large productivity gains because that destroys the money supply. Also, it tends to support a "banker class", who does nothing but loan money and gets paid for very little work (capital allocation isn't THAT hard compared to how much you make doing it).

You can have commodity money, which is great because you don't get runaway inflation. But because of deflationary spirals, you can get runaway deflation. Also, people tend to hoard whatever commodities you are using, which are typically useful for industrial or other uses.

You can have fiat money, but that only works if you have an incorruptible central bank. Otherwise you end up like Nigeria.

Personally, I think we should use the Joule as a basic unit of currency. Although energy supplies can fluctuate, they tend to grow and shrink with the economy, which prevents either inflation or deflation. Different banks could offer different baskets of energy types (wind farm or solar farm output futures, barrels of oil, coal, etc.), and you don't end up with a banker class living off of everyone else, but you don't end up with hyperinflation or deflation. 500 MJ today would tend to buy a similar amount of things 10 years from now as today (maybe a little more because of efficiency gains, but not a lot more).

When paper money was redeemable for gold, yes there was mild deflation each year, and that condition lasted for decades on end. But people still bought things. The nice thing was, savings had its own reward: you could count on your money buying slightly more next year than the year before. But people still invested money when they could achieve better returns than deflation. Interest rates could be lower too.

A nice steady mild deflation is nothing to worry about. That kind of deflation was mostly caused by productivity gains, which benefited everyone. With inflation, the beneficial effects of productivity gains are stolen, and given to the privileged early recipients of the inferior irredeemable money coming out of the spigot.

>To prevent A from transferring the already used coin to another user C, a public (but anonymous) list of all the previous transactions is collectively maintained by the network of Bitcoin nodes, and before each transaction the coin’s unusedness will be checked.

Sounds like that'll cost a lot of CPU/bandwidth... * continues reading * I'm curious how the whole thing is organized...

edit: technical paper link[1] is on the FAQ page.

[1]: http://www.bitcoin.org/sites/default/files/bitcoin.pdf


edit2: from the technical paper:

  The steps to run the network are as follows:
    1) New transactions are broadcast to all nodes.
    2) Each node collects new transactions into a block.  
    3) Each node works on finding a difficult proof-of-work for its block.
    4) When a node finds a proof-of-work, it broadcasts the block to all nodes.
    5) Nodes accept the block only if all transactions in it are valid and not already spent.
    6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.
So, existing data is always re-"proved", continuously, to out-pace any would-be attacker (the longest chain is "correct"). A "proof-of-work" involves repeated hashing of the previous hash + a nonce until X number of 0s prefix the resulting hash. The theory goes that as long as more people are working within the rules, they'll out-pace anyone trying to break the rules, by sheer combined-computing-might.

I'm curious though: what happens when transactions get large compared to cpus-which-can-prove-transactions? Wouldn't that cause the average rate of growth of the histories to decline, making it easier to attack individual lines?

I don't see how this can scale. But please correct me if I'm wrong... I like the idea of a distributed currency, and I'd love one to work.

Now that I think about it a bit more, and have lost the ability to edit, I think it may happen when it's a relatively low ratio, or maybe even even, as all histories must be continually re-proved to stave off attackers. It seems there has to come a point where it becomes trivial to devote more attacking CPUs to a single history than histories/CPUs devotes.

I remember reading the book "The Sovereign Individual" which was written in the 90's. The authors argue that as the internet becomes more abundant, cybercurrencies will become popular and over time make it very hard for governments to collect taxes. This would in turn change the world in a lot of different ways.

Since I read the book, I have been waiting for someone to create something like this. It will be exciting to see if this will work and if "cyber currencies" will become more widely used.

The cyber currencies which try to look like traditional currencies will be shut down by the government while they have the power to as stated in other comments. However, I see couch-surfing in a way, as a very lose cyber-currency. It has its limitations: there is only one kind of product in the market which uses the currency, and the amount of the currency you have isn't exactly quantifiable. Still, you can use it to trade services at no cost (or very little) and flies under the radar since there is no exchange of quantifiable value taking place. Reputation becomes a new lose currency. Also see LETS systems which are actively, legally in place around the world.

A long time ago, in a land far away, I wanted to develop a p2p betting network without a vig. This would have made that chore a million times easier. Very cool stuff. What other applications might this be useful for?

Farmville. Seriously though something like an open source Flattr without the 10% rake would be nice (micropayments)

Personally, I've always liked the look of eCache: https://ffij33ewbnoeqnup.onion.meshmx.com/

Plus points for the top pun as well.

However, I think if we're ever going to escape the problems mentioned in other comments here, what we really need is a huge PayPal-style system to take off, integrate with common systems etc. Can you imagine the potential if eBay supported this? Shame it won't happen, as that's the kick it needs in my opinion :)

For anyone considering this, it's already been exploited by people running it across 1000s of vms/processors causing massive rate fluctuations.

One to skip imho.

Thats not exploitation. That makes the network stronger. The currency isn't based in CPU power. The inflation method's reward is.

[[citation needed]]

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact