Hacker News new | comments | show | ask | jobs | submit login

My own thoughts about Bitcoin aside, this article is utterly misinformed:

"Satoshi Nakamoto was so talented that he even solved the problem of double spending of digital currency in his system."

That was solved by David Chaum over a decade before Bitcoin.

"You will be anonymous in the system"

That was shown to be untrue long ago. Bitcoin does not exist in a vacuum and Bitcoin users can be tracked and associated with other information.

"Security experts and digital freedom enthusiasts praise Bitcoin"

I am working on a PhD with a focus on cryptography and secure multiparty computation, and I have nothing but bad things to say about Bitcoin. It has numerous technical shortcomings that other digital cash systems do not have.




>>"Satoshi Nakamoto was so talented that he even solved the problem of double spending of digital currency in his system."

>That was solved by David Chaum over a decade before Bitcoin.

To be exact, David Chaum figured out a system that prevents double spending yet doesn't have traceable transactions.[1] But it still required a central authority that keeps the ledger and which can block your account.

The innovation of Bitcoin is to prevent double spending without having any centralization at all.

[1] http://www.hit.bme.hu/~buttyan/courses/BMEVIHIM219/2009/Chau...


Chaum developed multiple systems, and was working towards a cryptographic system that could replace paper money. The earliest systems required everyone to have an account; later systems developed by Chaum and other researchers supported offline transactions and allowed units of currency to be transferred between multiple parties without involving the bank. What all these systems had in common is that the bank issued the currency units, and for systems that supported offline transactions, potentially renewed those units. Some systems that support offline transactions allow the bank to "blacklist" people who try to double spend the currency; in theory, a corrupt bank might try to blacklist someone who was behaving honestly, but the users of the system could demand the proof of double spending before they accept such a blacklist.

Bitcoin's innovation was allowing currency to be issued without a central authority and still preserving the security against double spending. That comes at a high cost: you lose secure offline transactions or you incur a scalability problem (for Bitcoin, it is the former: no offline transactions). Chaum proved that this is the case for any digital cash system, regardless of central authorities (and in fact, central authorities are a handy way to deal with the issue: you choose the scalability hit and then allow the central authority to exchange used currency units for fresh ones):

https://dl.acm.org/citation.cfm?id=1754992


> Chaum developed multiple systems, and was working towards a cryptographic system that could replace paper money.

Sounds cool, where can I download the source code and test this system?


https://en.wikipedia.org/wiki/DigiCash

It was not exactly something you could compile and run yourself. On the other hand, if you have time, you can go ahead and implement any of the systems Chaum proposed (you'll probably want to scroll down to the 80s and 90s):

http://www.informatik.uni-trier.de/~ley/pers/hd/c/Chaum:Davi...

Really though, Chaum's digital cash ideas involved building infrastructure around existing currency to protect privacy and prevent certain kinds of fraud (e.g. double spending, identity theft). Chaum was not trying to bring down the world's economic system with digital cash, he was just trying to give people a more secure way to pay for things electronically. The failure of his system in the real world was likely linked to the strong pushback by the US government against the use of good cryptography by "commoners."


On other words, talk is cheap, show me the code. It doesn't make much sense to compare a system which doesn't even have an implementation to a system, which is pretty widely used. And pretty easy to use even for the average Joe.


> It has numerous technical shortcomings that other digital cash systems do not have.

Would you care to elaborate or point to posts/articles which explain those shortcomings?


The biggest issue, in my view, is that you cannot have both scalability and secure offline transactions in a system like Bitcoin -- specifically, in any system that lacks currency issuing authorities. Chaum showed this long before there was a Bitcoin (sorry if this is not an article you can easily find for free):

https://dl.acm.org/citation.cfm?id=1754992

In layman's terms, the result is this: every time you make a secure digital cash transfer, the amount of information needed in future transfers of the money increases. The increase is, in the best case, linear in the number of offline transactions. Traditionally, that is solved by having a "bank" that issues the initial information, and which will re-issue currency to reset its size.

In the case of Bitcoin, there is no such authority, meaning that either you'll hit this scalability problem or you cannot have secure offline payments. In Bitcoin's case, solutions have been given for the scalability problem; it is safe to conclude that offline payments are impossible.

Lacking offline transactions is a big deal in practice. It means that we cannot meet anywhere "off the grid" and expect to be able to transfer money. It means that gas pumps need reliable Internet connections. It means that hot dog stands need Internet service. In other words, it means that Bitcoin cannot replace paper money -- whereas Chaumiam-style systems could, or at least have a stronger case for being able to.

There is also reason to doubt Bitcoin's security model. See, for example, this work on analyzing the publicly available information in Bitcoin to de-anonymize its users:

http://arxiv.org/abs/1107.4524

Really, if I were to be as conservative about security as possible, I would say that the only security Bitcoin provides is protection against double-spending in online transactions; I would not rely on anonymity, and I would not even think about offline payments. Considering how much work was done in the early 90s on digital cash systems that not only protect against double spending, but which also allow secure offline transactions and which ensure the anonymity of users, I don't think it is unfair to say that Bitcoin has technical weaknesses compared to other systems.


> Lacking offline transactions is a big deal in practice.

If lack of offline transactions is bitcoins biggest flaw, I am going to invest all my money to bitcoin. Come on, even if bitcoin gains 1% market share in e-commerce or in a niche such as online gambling, it would be a very big deal. Nobody cares if it can't be used for offline transactions if it can be used to circumvent the gambling regulations.

> I don't think it is unfair to say that Bitcoin has technical weaknesses compared to other systems.

Are these other systems used anywhere? Like a gambling startup that made over $400 000 in profit last month.

http://www.reddit.com/r/Bitcoin/comments/17oba6/satoshidice_...


"Nobody cares if it can't be used for offline transactions if it can be used to circumvent the gambling regulations."

In other words, the future of Bitcoin is in the black market. Which means that the police are just going to look for people who are engaged in Bitcoin transactions, and particularly those engaging in large volume transactions, and they will just happen to be patrolling in that person's neighborhood.

"Are these other systems used anywhere?"

The timing was bad; David Chaum tried to create a company that facilitated digital cash in the 90s, but faced so much trouble and so much resistance by the US government (which at the time was actively thwarting cryptography deployment on the Internet) that his company ultimately went bankrupt. There is nothing stopping a digital cash revival if you want to start it up again -- smartphones could add something interesting to that mix, like phone-to-phone payments (and unlike Bitcoin, you could do this in a way that does not require either phone to have Internet service -- so people could transfer money in New York City's subways, for example).


Offline transactions are possible in the near future with a semi trusted third party:https://bitcointalk.org/index.php?topic=91732.0

All the deanonymizing work done heretofore is wrong because of multi-sig transactions


"Offline transactions are possible in the near future with a semi trusted third party"

I may be mis-reading that, but it looks like that is not an offline transaction, but a transaction facilitated by a payment processor. They seem to be trying to solve the problem of quickly verifying a payment.

Offline payments should allow this:

1. Alice receives money from some online payment.

2. Alice sends money to Bob via an offline payment.

3. Bob sends money to Catherine via an offline payment.

4. Catherine spends her money online.

In that scenario, Bob should not be required to ever do anything online. In other words, it should be possible for parties to only ever deal in offline transactions, without ever going online, as it is possible for people to only ever deal in paper cash.


> I am working on a PhD with a focus on cryptography and secure > multiparty computation, and I have nothing but bad things to say > about Bitcoin.

So where are you saying them? Where's your blog post?


I am working on a PhD with a focus on cryptography and secure multiparty computation, and I have nothing but bad things to say about Bitcoin. It has numerous technical shortcomings that other digital cash systems do not have.

Very 'Internet Tough Guy'. I'm extremely impressed by your insights.

Do you have any links to support your assertions?


>It has numerous technical shortcomings that other digital cash systems do not have.

Care to tell us what it is, or it doesn't exist.

Also, you don't sound someone who is doing his PhD, you sound more like someone from some government agency upset about a parallel currency system that has the potential to stop its users from being unknowingly abused of their personal information.

In my opinion, If Bitcoins are implemented on a massive scale, then there is a heavy chance that the rich will no longer become richer and the poor will no longer become poorer. If and only if implemented properly, on a massive scale. Right now, we can only hope.


A fixed supply currency in a growing economy, i.e. one where the quantity of "stuff" is increasing, is inherently deflationary - the ratio of "stuff", or capital, to money goes up since the denominator is fixed. This accrues capital to those who hold money without them having to do anything.

William Jennings Bryant's "Cross of Gold" speech pilloried the gold standard precisely because it preserves the wealth structure through time. Fiat money, on the other hand, promotes the churn of money and thus tends to de-stabilise the hierarchy of wealth over time.

Switching to a fixed supply currency, e.g. gold or Bitcoin, means those who hold wealth would become wealthier by virtue of holding wealth.


"Bitcoins are implemented on a massive scale, then there is a heavy chance that the rich will no longer become richer and the poor will no longer become poorer"

This is how we know you are not being realistic. Bitcoin is not pixie dust.

Let's put it this way: rich people could just buy all the Bitcoin currency units out there with their other assets, and then you would see them become even wealthier just by holding on to those units as deflationary trends kick in, and that is assuming that we lived in a universe where currencies without any legal structure around them can really become big. Do you really think people are going to forget about US Dollars or Euros or Pounds Sterling overnight? People still need to pay taxes, they still have to use courts to settle disputes, and so forth -- and poor people are going to be in much greater need of the currencies used for those things than rich people, and will be much more willing to exchange Bitcoins for those currencies.


What would you suggest as a suitable alternative to Bitcoin?


If he has "nothing but bad things to say about bitcoin" - he's not the right person to ask for any answers related to digital currency and it's alternatives.


I would suggest a revival of DigiCash, Chaum's original attempt at deploying a digital cash infrastructure in the 90s. Digital cash is not some anarchist fantasy, it is a way to secure electronic payments and to enable electronic payments to replace physical cash (in ways that are currently impossible). A digital cash system that uses a central currency issuing party can still solve the problems that digital cash is supposed to solve: privacy-preserving payments, protections against fraud, secure offline payments, etc. Bitcoin does not even solve that last one: there are no secure offline payments with Bitcoin, nor can there be, and we knew there could not be such payments before Bitcoin was deployed:

https://dl.acm.org/citation.cfm?id=1754992

In a sense, Bitcoin has ruined digital cash, by stealing the attention of people who might have been early adopters of a DigiCash revival. Now everyone thinks the digital cash is Bitcoin, and so any other system would be forced to either compete with Bitcoin or to reassure everyone that digital cash is possible after Bitcoin's potential (i.e. near certain) failure.


It's a bit pompous isn't it?

"But what he created was definitely the fantasy of every tech guy in the world."

No, not really. Some of us have other dreams than creating a crypto-currency with a fixed supply, or a crypto currency at all.

Also hasn't the reward halved? This article still says 50 BTC per block.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: