To those who have seen our growing pains - the full intention of raising money is to address those pain points. We look forward to doing our best to eliminate each of them one by one.
- The network imposes a limit of 7 transactions per second (https://en.bitcoin.it/wiki/Scalability); and the information I've seen suggests that it typically averages much less than that (http://blockchain.info/en/charts/n-transactions).
- There is a finite number of Bitcoins, and they can effectively be lost forever if private keys are lost. This has led to people doing things like leaving tips in BTC which expire (https://www.bctip.org/).
This is disregarding the volatility of the price and the fact that it seems to behave like a speculative commodity rather than a real currency -- what is your vision of "mass adoption" of Bitcoin?
2) Bitcoin money supply is currently INFLATING at fast clip of over 10%/year. Refer to nobel economist Milton Friedman and others to read about a constant-supply currency.
The volatility is because the sum(bids+asks) on the exchanges is small relative to speculator's pockets. This is getting better with time.
> - The network imposes a limit of 7 transactions per second (https://en.bitcoin.it/wiki/Scalability); and the information I've seen suggests that it typically averages much less than that (http://blockchain.info/en/charts/n-transactions).
The transaction volume is currently limited by two things. (1) The number of transactions that can be included within each block by miners. (2) The bandwidth required to keep up with the blockchain.
The block transaction cap is just a hardcoded value in the client. Like many things that change on a monthly basis in the reference client, it can and will be changed when the time is right. There are lots of variables which are being adjusted as Bitcoin grows, such as the recommended minimum fee for small transactions.
As for the bandwidth, there are a few options: First part is to only require clients to maintain a tiny summary of each block, rather than the full ledger. This will reduce the sync bandwidth required by at least two orders of magnitude. This solution only applies to clients, not miners. The second less popular plan is to encourage networks of "green addresses" (kind of like trusted banks that don't need to verify transactions between each other) as well as super-nodes which delegate trust by layers. And finally, there is always methods for pruning the Merkle tree to remove unnecessary history, or introduce periodic genesis blocks which put down the current state in stone without requiring the history before it. These are just off the top of my head, there are likely more initiatives in the works, maybe of which have been planned for from the first day that the Bitcoin whitepaper was published.
> - There is a finite number of Bitcoins, and they can effectively be lost forever if private keys are lost. This has led to people doing things like leaving tips in BTC which expire (https://www.bctip.org/).
Both of these things are true.
Keep in mind, a bitcoin can be divided into units of 0.00000001 (what we call a satoshi). That is to say, the finite number of satoshis is 2,100,000,000,000,000 which should be more than enough for a long long time. (More on that here: https://en.bitcoin.it/wiki/Bitcoin)
As for the question of Bitcoin being lost forever, all this means is that everyone else's Bitcoins rise in value slightly (since you're reducing supply).
No, the block size is a validation rule. Changing it will require a hard-fork. That must happen if bitcoin is to scale. But it's not an easy change.
I recall reading a discussion on the forums about doubling the value of MAX_BLOCK_SIZE in the near-term. I didn't realize that old clients would outright reject larger blocks.
Either way, sounds like everyone is in agreement that this will have to happen inevitably.
In other words, a hard fork. These things should not be done done casually.
Why is these even a value? Why does the protocol limit how many transactions can be performed in a given period of time? This seems like an extreme deficiency to me...
To summarize: It helps reduce some DoS attack vectors and helps encourage the use of transaction fees early on.
What is Bitcoin's excuse for this problem? Surely it cannot be that a goal of Bitcoin is to remove central authorities, if some central team of developers has the power to change this system parameter at will. I suppose the only real excuse is that Satoshi was not even aware of that body of work, which would not be all that shocking given the fact that it is not even cited in the Bitcoin paper.
I'm interested to guess at what kind of chunk of this $5mil goes to corporate-level capital concerns like infosec vs. the regular startup sinkholes. Can you colorize for me what kind of chunk of your operating expenses goes toward security in one form or another?
Advances in cryptography which once were targeted to breaking encrypted messages could be focused on breaking the entire world economy in one fell swoop (provided Bitcoin gets real market traction)
Let me put some round numbers on the cost of various attacks:
Major result in cryptography: $X0 million to $X00 million+ (nation-state adversary)
Subtle bug in the Satoshi client C code: $100,000 (trivially within the reach of organized crime or a single highly motivated attacker)
Bust any Bitcoin-using Ruby on Rails (&tc) application: $20k probably, upper bounded by $100k where you'd produce (as an industrial biproduct) a RCE on any arbitrary Rails site
Compromise the security of a non-trivial number of Bitcoin users via spearphishing / targeted malware / etc: $1,000
If you're a thief who doesn't have access to any computer skills or the above sums of money, have no fear, it is likely that the Bitcoin economy still has multiple options for you to get in on the ground floor of exciting new ways to steal things.
[P.S. I'm routinely pessimistic about Bitcoins for a lot of reasons, but the software security angle keeps coming back to me because it's so easy to explain. If you think I'm overly pessimistic, consider the track record on HN of "people who know what the threat environment banks operate in looks like" versus "Bitcoin advocates" has been in predicting observable future outcomes of e.g. Bitcoin bucket shops in advance.]
Exactly. Low-tech ways of stealing bitcoins is precisely what we are seeing the most in the community right now. Thieves who merely sweet-talk people on the forum and convince them to invest in their "businesses" (ponzi schemes, fake ASIC preorders, etc), then receiving the money, and running away.
Cost for the thief: at most $100 (setting up a website to advertise the fake business).
For example just 2 months ago, a fraudster advertised his company selling Bitcoin ASIC mining hardware (www.labsnovo.com, now taken down) by posting a comment to my blog... This is very sad to see because every freaking time, some people fall for it. You may have 4 out of 5 posts on the forums reporting one of these scheme as a "LIKELY FRAUD" in all caps, yet there are always a few people who ignore these warnings and just try to invest anyway. sigh
If so, why ? And how is it different (at least in the eyes of the law) than stealing a wand from someone in Ultima Online ?
In fact, let me go further - does not a "real" currency issuer have a vested interest in not judging bitcoin theft to be illegal ? If it's illegal, that bestows a certain legitimacy ...
Obviously if you were to steal it ingame that would not be illegal.
It's almost certainly illegal to steal bitcoins.
I guess I'm referring to US law here, but I would expect it to be illegal in any country that has computer crime laws.
And sure it is in the currency issuer's interest to do do that, if think in strict terms of maximising the value of the issued currency. But that doesn't mean the currency issuer will take every action available to do so. The bigger picture is much more complicated than that.
After all X bitcoins does have a monetary value, since people will trade you money for it.
Or, to rephrase the standard pitch for Bitcoin: a bitcoin is as easy to steal as a credit card number, and as untraceable when it disappears as cash. ;)
Edit: I just want to add that I think its really silly that most of the online transactions are still done by a series of numbers that can be easily copied and re-used by whoever gets them. We should have much better solutions by now.
This is not true in the case of at least one major brokerage firm in the United States for account thefts via cyber-attack (I know this through first-hand experience helping the victim file reports with various LE and regulatory agencies), and all brokerage firms if my read of the regulatory requirements is correct. As the regulatory environment stands today in the United States, if your account is broken into via computer hacking and drained, then you have no recourse other than to appeal to the brokerage institution. It is completely up to the institution whether or not to engage restitution, when (in the case I'm familiar with, no word other than "we're still investigating" for the past five months), and in what manner they treat the case and communicate with you.
Elsewhere in this thread, patio11 already pointed out the cost to mount various attacks. After some quiet questions around some Wall Street contacts confirmed other accounts (but not a massive number of accounts) were also drained at the same institution, I'm reasonably convinced that at least one black hat or black hat team has figured out to use this regulatory hole to their advantage, to wit:
Drain only a few accounts, and the institutions externalize the cost of the poor security upon the account holders themselves.
This points out an interesting problem: apart from sheer trust in traditions of financial institutions, how does an account holder prove that they themselves did not drain their own account, when the financial institution's own computer systems and potentially even their logs have been subverted?
If you are a tech journalist that wants to research this story, I'm happy to respond to questions over PM, and direct you to the actual victim.
A chargeback system is a protocol requiring centralized trust. A company will no doubt implement this.
Centralized trust is of course necessary. One could argue that it defeats the point of bitcoin. Yet that's not true, if you think of bitcoin as being a currency (rather than a "secure" currency, or any other label). If it's a currency, then a chargeback protocol is simply a company waiting to happen. And the company would necessarily have to be large, because it has to bear the cost of fraud. Luckily, PayPal has already done a lot of the homework necessary to pull off such an endeavor.
Lastly, it doesn't matter what normal people use. It matters what will become convenient for normal people to use. That's a subtle distinction, because it means as soon as infrastructure is built then people may start using it by default.
Funny, I was under the impression that it was customers of "The financial system" that were footing the bill for fraud.
I submit that that hasn't happened because financial institutions don't in fact pass these costs straight back to consumers.
Do they? It looks to me like the industry has treated the fraud problem (which they created) as an opportunity to sell more services (credit monitoring, fraud protection, etc.) without addressing the security problems with their antiquated technology.
That's because it isn't really a competitive market.
I'd much rather to simply pay insurance to cover for fraud, or avoid paying that if I know that I'm storing my money securely - mostly offline and encrypted with a password that only exists in my head, and small amounts for day-to-day usage somewhere more accessible.
The question isn't whether systems are or aren't secure. Security is a function of the capital invested in making systems secure. The question is who bears the cost of securing systems. The financial system puts much of the burden of that cost onto the financial system itself; it is thus incentivized to mitigate fraud.
"Find any combination of inputs (say, of the executable script that Bitcoin runs by design) which gives you an RCE on one instance of the satoshi client, fan out the attacker-chosen code to the entire network, root (a large percentage of) the network at once." is my usual example of a hypothetical attack. People keep telling me that this can't happen. Your call on whether you find them or me more credible. I have no particular dog in that fight -- no change in the Bitcoin price affects my net worth. (If Bitcoin imploding would cause me to be impoverished, I might buy a pair of the rose-tinted lenses that some folks seem to be wearing.)
Wouldn't it be great if Bitcoin worked? Wouldn't it be great if it didn't take several days to move a few grand from one account to another? Wouldn't it be great if no one could take your money without your permission? Wouldn't it be great if you never had to touch physical currency again? Wouldn't it be great if you didn't have to fill out a piece of paper and sign it to give someone else a significant amount of money? And then they didn't have to scan it into their phone, or shove it in an ATM or wait in line to deposit it? Why do I still have to do that? Wouldn't it be great if it wasn't so expensive to send money with Paypal?
Bitcoin has a sordid history of theft and fraud -- not more sordid than any other currency/commodity I can think of though. There will continue to be thefts and fraud. People will probably pay for better security. Who knows maybe people will end up paying as much for bitcoin security as they do now for the privilege of using visa/mastercard/etc.
Let people play with their Bitcoins -- the results might not be all bad.
Wouldn't it be great if it didn't take several days to move a few grand from one account to another?
Absolutely not! I want the bulk of my life savings kept in an asset that is only liquid on the timescale of days, or even longer. I have seriously contemplated trying to find a broker that has no web presence at all, one that would refuse to execute a trade unless I turn up in person - ideally with three forms of ID and a DNA sample.
I'm not a criminal, I don't live in a failed state and the odds that I'll need to flee the country on 24 hours notice are very low. So I want my retirement money to be hard to move.
If one day I decide otherwise - perhaps taking up high-stakes casino gambling, or day trading - I'll withdraw a bunch of cash and bury it in the backyard or something. This will take considerable time and preparation, making it very hard for me to take up high-stakes gambling on a whim at 3am late one night, but that is not a bug but a feature.
Wouldn't it be great if no one could take your money without your permission?
What defines "my permission"? Is Bitcoin a mindreading technology? If someone steals and/or cracks my computer with my Bitcoins on it, they don't get my Bitcoins? Or, rather, deprive me of my Bitcoins, which is exactly as bad from my perspective?
If Bitcoin were a mindreading technology, even that would only go so far. We don't even need to invoke wacky movie-plot truth-serum scenarios, or torturers armed with five-dollar wrenches, to see the problem: I have, alas, extensive life experience with Alzheimer's patients who slowly but surely stopped being "themselves". There's a large and evil cottage industry built around bilking such people. As someone with no kids and no plans to have any, this is actually an important practical issue in my life: I'm going to grow old (hopefully!), I may well become senile, and the day may come when the safest place for my money is in a trust, where even I can't give permission to spend it without first convincing an independent trustee.
Okay, the problem with this argument is that it is technically valid on any network of any kind. If I invent magic exploit that lets me execute any code I choose, then I can gain control of entire network because I now can execute any code I choose on it. Sure. That much is obvious, but not specific to Bitcoin.
You originally put the price of "Subtle bug in the Satoshi client C code: $100,000" but without giving any meaningful reason behind this number. You know that throwing money at finding bugs doesn't actually find them, right? If the bug does not exist, then it cannot be exploited, no matter how much money is thrown at the problem.
Now, I'm not saying that there is no such bug, because I have no idea whether there is or not. However, when the existence of said bug translates directly into a money-stealing opportunity, in the most literal possible way I can imagine, then there is a rather large incentive amongst those concerned to make sure no such bug exists. I wouldn't be particularly surprised if that particular piece of code wasn't the most ridiculously oversecured thing you can imagine.
Now, obviously flaws can exist elsewhere, and often do. But you're pointing to something that is fundamental to the network and saying "what if it has a flaw", and that seems too obvious to actually be meaningful or insightful to me. Anything can have flaws. The useful question is not "what if there's a flaw?", but "does it have a flaw?".
It depends on what you mean by "forex site". If you mean "a bucket shop, which uses as its source of random numbers currency fluctuations", then a forex site is approximately as risky as a bitcoin exchange, modulo the fact that the forex frontend almost certainly has no lever on it which will actually cause outgoing wires and the bitcoin exchange almost certainly does. That's actually a pretty big modulo, come to think of it. [Edit to add: This is just talking about software security. Bitcoin exchanges have a legal security problem which forex sites don't, because you can use Bitcoin exchanges to move money and you can't conveniently do that with forex sites.] If by "forex site" you mean e.g. a bank's foreign currency trading desk, you're asking me to compare the US Army and the Boy Scouts in terms of potential to conquer arbitrary nations.
what do you mean with major result in cryptography?
SHA-256 has some time complexity associated with it. A major result in cryptography gives some variant of attack against it with radically lower time complexity than we currently think attacking it requires: say, it allows a speedup of 2X, 4X, etc etc. (It is unlikely, but conceivable, that it would go to O(1) all at once.) This is like every other cryptographic algorithm. Producing major cryptographic results is hard. Weaponizing them is harder, still: 2X improvement probably doesn't make any attacks practical which weren't practical before, it just posts a "Warning: this algorithm will die in the foreseeable future, transition off at the earliest convenience" notice to all interested parties.
But, again, Bitcoin advocates love wrapping themselves up in crypto because it makes them feel secure. Crypto is one teeny tiny little bit of their systemic security. It isn't the important bit. That's a very impressive looking deadbolt you have, there, and defeating it would probably be pretty difficult, but the pane of unreinforced glass right next to it looks a little promising and, if you check with your 17-year old architect who is doing this in his spare time, he might be able to confirm that your house only has two walls and no ceiling.
Therefore, compromising the exchange doesn't necessarily mean the end of the world since the "front office" (place where trading happens) is logically separated from the "back office" (place where money changes hands etc). As an aside, this is why France is in the process of regulating the movement of employees between the back office and the front office. If you are familiar with how both systems work then it becomes trivial to start hiding your trading activities and positions. The most damning part about compromising, say, a forex exchange, is that you get to take a peek at everyones trading history and hidden orders. So if you compromise the exchange and see that fund X has an open resting order for 20b EUR/USD @ some price you can then use this information to profit from. Or alternatively based upon the data you abscond with, it then becomes possible to reverse engineer their trading strategies.
This is a bit different than a bitcoin exchange as my understanding is that the clearing and trading occur all at once and there is no separation. E.g. the exchange occurs as soon as the two parties agree. Although this eliminates counterparty risk it poses significant (insurmountable?) problems for the way automated trading currently works today.
Another difference is that the vast majority of forex trading volume happens between institutional investors (usually on behalf of a corporate which is just trying to pay workers in another country) or other hedge funds. This makes security vastly easier since all of these servers are walled off from the public internet and the traffic they exchange never hits the public internet. Additionally it is also reasonable to expect that the system administrators of the end users understand how to operate a computer and keep it relatively secure :). Not always the case, but the assumption.
Edit: Additionally, the clearing is handled by the counterparties themselves and not the exchange. With bitcoin the exchange handles everything and thus is the central point of failure.
Could you elaborate on this? I'm interested to understand why this presents a problem. Isn't it a good thing for both parties?
Edit: I wasn't 100% exact. It gives you more  than easily mining blocks, but still not that much power so that I would call it "Winning".
1) Attacker starts mining a fork offline (ie. doesn't publish blocks)
2) Attacker sends payment to merchant but does not include payment in fork in (1)
3) Attacker waits 6 confirmations then receives goods.
4) Attacker double spends the money in the fork (1).
5) Attacker releases fork when it is longer than the main chain.
If they have greater than 51% they will always be able to do (5) because at some point they'll be longer than the main chain. It doesn't matter how many confirmations the merchant waits for.
Not saying that the bitcoin blockchain or protocol suffers from this, but implementation and protocol flaws are often a far more fruitful source of compromises. If BTC has none of those then colour me impressed because at some point or other most of the big name systems (OpenSSH and OpenSSL spring to mind) have had revisions for various exploit-related reasons. We won't know for some years of course.
In Founders at Work Max Levchin talks at length about how Paypal essentially had to become a fraud detection company disguised as a payment processing company.
Best of luck to Brian & Coinbase in cracking a very tough nut. Would love to see them succeed.
Edit: This also fits Anderson's quasi-thesis around investing in laughable ideas.
(plenty of other issues too!)
Regular money works better for the nearly all situations.
The big difference is that there's nothing stopping anyone from running their own server, or starting up a new/competing service.
Yet, I can also list 100 problems with all sorts of things that we use on a daily basis: cash currency, vehicles, firearms, libraries, etc....
- Cash can be stolen, destroyed, counterfeited. It isn't easy to divide (I need quarters at the laundry machine, but I have a $5 bill). Cash is dirty. Do you know how many people have touched that dollar bill?
- People could drive in the wrong lane, drive drunk, ignore all rules of the law. People might get killed!
- People could do incredibly stupid things with guns. They might misfire or jam. You can miss and hit the wrong target easily.
- People could steal books from libraries. They could burn. They cost money and make no money.
Despite these problems- all of these things more or less work. Yes, Bitcoin has problems. Yet, I don't see any of them as being actually bigger than the potential problems with things we use daily anyway.
While I think the problems inherent to current currencies are well known, I think some of the problems with Bitcoin still remain theoretical, with at least 50% of them being due to misunderstanding of the system or that its very early and we still lack some infrastructure (enough exchanges, etc)
“We need 10 people yesterday,” said Ehrsam, a 24-year-old former Goldman Sachs trader.
"10 People" in this case == security and crypto engineers - like the best the world can get.
If you want to lead the largest exchange for a decentralized, anonymous currency, you better have an NSA quality-type security team that can address the intricate mathematics of the problems they will certainly face. I'd suggest they hire a very senior and experienced economist as well.
$5m of funding? 500K per hire. Sounds about right.
Their first question would be, "What is the formal definition of Bitcoin's security?" Then they would notice that polynomial time attackers can double spend Bitcoin currency and stop bothering with the entire system.
This is the sort of work in this field that top-notch crypto people create:
It is worth pointing out that Digicash survived longer than Bitcoin has even been around -- twice as long, in fact. The reasons for its failure are not as simple as "people just did not care." There were forces in the US government actively working against all civilian use of cryptography, especially those systems that might thwart law enforcement investigations. Patents on cryptography (ironically, this includes patents held by Chaum himself) did what they typically do: prevent systems from being deployed on a large scale. There were bad management decisions, like Chaum's refusal to accept a huge monetary offer from Microsoft to integrate his system with Windows 95 and another large offer from Visa.
Yes, there was a general lack of concern on the part of credit card users about the security of their card data. That lack of concern is largely fueled by all the legal protections bank customers get -- nobody actually feels the pain of credit card fraud, except for the money mules:
That lack of concern is equally challenging for Bitcoin. I suspect that most people do not really care about any of the issues Bitcoin is trying to solve. Few people are seriously worried about runaway inflation of the US Dollar or of the Euro. Bank fees aggravate merchants, but those same merchants are generally unwilling to accept anything other than their nation's currency, and deal in Bitcoin only through intermediaries that perform currency exchange.
In another four years, if the news about Bitcoin is something other than, "Bitcoin trading at all-time lows," or "Analyzing the failure of cryptocurrencies," you can at least claim that Bitcoin fared better than Chaum's systems.
This is not an "only". The central issuer also apparently makes management decisions that lead to the success or failure of the scheme, as the anecdote about Chaum relates.
It is also important to remember that Chaum's poor management of Digicash did not exist in a vacuum; the patents on the digital cash concepts and protocol designs were key in ensuring that only Chaum could deploy the system. Were there no patents, Microsoft might not have bothered to make an offer; they could have just implemented a digital cash protocol themselves. There is no single reason for the Digicash failure, but rather a list of reasons that collectively doomed the system.
There is clearly a market for Bitcoin. Between the large black markets, the anti-government libertarians/anarchists and the speculative traders, there is little doubt there are fortunes to be made.
I just don't know if I'd care to be in such a business.
Please provide citation that silk road and other black markets are the majority of bitcoin's economy.
As we used to say back in the day, “don’t believe the hype.”
As for business using Bitcoin, more “real” businesses are doing so all the time, including Foodler, OKCupid and WordPress to name a few: http://www.coindesk.com/10-businesses-that-use-bitcoins/.
On a recent podcast of Lets Talk Bitcoin (http://letstalkbitcoin.com), it was mentioned that donations to projects, websites, etc. were the majority of Bitcoin transactions, not black market ones.
It’s not a coincidence that Bitcoin first appeared in 2009, after the world economy was nearly destroyed by regulated financial institutions and government-controlled central banks.
There’s certainly nothing shady about wanting a way of exchanging and storing value (i.e. money) that’s unencumbered with the legacy of how we’ve handled transactions in the past.
One of the innovations of Bitcoin is that it decentralizes trust, which is just what we need these days--Bitcoin May Be the Global Economy's Last Safe Haven: http://www.businessweek.com/articles/2013-03-28/bitcoin-may-...
In a gold prospecting rush, it's good to be in the shovel and provisions business. Even better if people will pay you to take the shovel back if they decide to stop prospecting.
So are most of these bitcoin startups just banks/exchanges? Is there anyone doing anything more unique with bitcoin?
Since it is hard to judge the true value of a bitcoin since it fluctuates so much, perhaps bitcoins would be best suited to pay for services and goods that are hard to judge in value?
Someone should create a bitcoin based fiverr or mechanical turk.
It would also be interesting to see something completely close the loop when it comes to bitcoins. For example, raise bitcoins to pay for the production costs of a movie, pay actors and staff in bitcoins, charge bitcoins for movie download, and repay investors in bitcoins.
But from reading HN it seems that there is a lot more controversy about bitcoin than about 3D printing.