Hacker News new | comments | ask | show | jobs | submit login
BitCoin is a public ledger (erratasec.blogspot.com)
89 points by mazsa on May 31, 2013 | hide | past | web | favorite | 48 comments

I've seen this "public timestamping" use case before, which is a very interesting exploitation of BitCoin's mechanic.

It is curious, though, that it bears a micro-cost, even at a thousandth of a penny. I've often heard it said that BitCoin is unique as a currency in that the total quantity is inherently fixed; but in fact, it's destined to ever-so-slowly dwindle over time, whether due to public ledger uses, or the loss/destruction of private keys.

One-off transactions won't register as a blip, it's possible that some future use case might run at such a staggering scale (stock market micro-transactions?) that it leads to a financial tragedy of the commons and deflation runs rampant.

Not being doom-and-gloom, just an interesting thing to think about. Just as we now marvel at the naiveté of thinking that 4 billion IP addresses or 64K of RAM would be more than enough, I wonder if someday we'll look back the same way on the minimum transaction of 0.0000001 BTC.

> I've seen this "public timestamping" use case before, which is a very interesting exploitation of BitCoin's mechanic.

Not really an exploitation, even Bitcoin's original whitepaper describes its blockchain as a "peer-to-peer distributed timestamp server".

I knew I shouldn't have used that term. :) It wasn't meant pejoratively.

If BitCoin succeeds, it will have successor digital currencies that will try to start with a peg to BitCoin. If one of these successors succeeds, then we have have a new source of digital money that is financially equivalent.

The protocol already allows the creation of publicly verifiable contracts with creation/destruction mechanics that allow BitCoin to translate into a new currency. That puts the price of BitCoin as a ceiling for the new currency. The challenge is making it popular enough that the price of BitCoin is a floor as well.

It's non-trivial, but further division of bitcoins is possible to implement and would likely be accepted by the network if it was in the best interest of the currency.

Except there's a growing number of miners are ignoring small transactions aka "dust"

In a world where bitcoin are so scarce that further division becomes necessary, that "dust" would be worth enough to have them not ignore it.

This sort of change would only be necessary if the value of a bitcoin grows significantly making today's dust into tomorrow's crumbs. I don't generally pick up pennies, but I've never ignored a dollar before.

If you use you document's SHA256 as a private key or one of keys in MULTISIG 1-of-2 transaction, then you can get your amount of BTC back to your normal address. You will only pay a fee to a miner if it's required. No coins will be destroyed.

0.0000001 BTC to store a bit of data, indefinitely, for as long as the BTC network exists? Methinks there is a Dropbox plugin on its way ..

Not quite. The default transaction fee is 0.0005 BTC per transaction. If the transaction fee you offer is too small, miners won't process it.

Is there anything built into the protocol to stop abuse? Bouncing coins around infinitely in order to store large quantities of data in the transaction metadata (as opposed to the fake address method described ITA)?


In order for a transaction to enter the block chain, it needs to be relayed by bitcoin nodes and picked up by a miner who is willing to add it to a block.

Bitcoin nodes have criteria that need to be satisfied before they relay the transaction. For example, version 0.8.2 of the reference client will not relay transactions with outputs smaller than 0.00005430 BTC. There are also rules for calculating a minimum transaction fee, and a 15000 bytes/minute cap to the amount of free transactions relayed.

If your transaction isn't relayed, you can still circumvent this by connecting directly to a miner. But the miners have their own rules for prioritizing transactions and limiting block size.

There are some rules built into the protocol (max block size of 1MB) and some rules that are default behavior in the majority of clients/miners:


Don't worry, if it ever comes to that point I'm sure the central bitcoin authority will be able to introduce new bitcoins to the market.

I mean, honestly, is there anything that makes it impossible for someone to come along and adjust the network or reprogram the clients to allow new bitcoins? The number of primes is unlimited, so the number of possible bitcoins should also be unlimited.

The main difficulty is in getting people to switch to the new client. If only some people switch, you have effectively split Bitcoin into two separate currencies with all of the old coins existing separately in each currency.

People are down-voting this (presumably for containing the words "central authority") but it's actually pretty realistic.

What we need is a log-linear graph of a few things. The BitCoin production rate is ramping down exponentially, and everybody who gets interested in BitCoin makes BitCoin more interesting, so there is probably an exponential increase in both the value of BitCoin and the number of miners of BitCoin. Finally, the cost of the ASICs needed to mine BitCoin effectively are diminishing by Moore's law at an exponential rate.

Probably when you add these effects on a log-linear plot together, they add up to a straight line going slightly upwards; it's still worthwhile to join the network. But if you just think about it for a second, all of these could change. Moore's law can break down, interest can level off, miners' ambitions could skyrocket.

It is quite plausible that the line would shift downward and new people would stop coming in, and eventually the smaller groups would stop running their own BitCoin miners. The larger miners might even buy them up. When that happens one can certainly imagine that an oligopoly of more than 50% of the computational resources of the network emerges, which turns BitCoin into a centrally regulated currency.

Moore's law has not too much to do with bitcoin, since the difficulty of mining is adjusted automatically.

That was the very first thing I said; the production rate is ramping down exponentially.

I agree that if you're a consumer, Moore's law has less to do with BitCoin, but the whole point of the comment was stop looking from a consumer's perspective. From the point of view of a miner -- i.e. of the computational clusters which compete to make the ledger work -- Moore's law has plenty to do with BitCoin. The fact that the production rate is constant means that there's essentially a fixed-size "pie" in any given time-frame. The fact that electronics are becoming cheaper and better means that your investment of $X today can be matched by an investment of k $X tomorrow for some k < 1. The person who does that will eat up part of the pie, leaving less for you.

And why should you look at it from the point of view of the miners? Because the economic pressures on the miners determine whether the system eventually stabilizes into an oligopoly. If it does, then it can degenerate into a central-authority currency.

The article recommends to split your SHA256 hash into two pieces. However, one transaction to one address is sufficient.

You just have to create the address in the same way in which Bicoin generates an address for a public key:

  Base58(RIPEMD160(SHA256(public key)))
So there's nothing wrong with doing it the same way for your data:

(That's what I'm also using in Bitcoinproof http://vog.github.io/bitcoinproof/)

Using this hash is not any "less secure" than the plain SHA256 hash, because the RIPEMD160+SHA256 combination is used by the Bitcoin network itself. So if this one is broken, the Bitcoin network itself is broken, and your timestamps would be no longer trustable anyway.

There are more of these kind of transaction types discussed at: http://codinginmysleep.com/exotic-transaction-types-with-bit...

But yes. I'm glad this is getting a lot more press. The discussion on the apparent value or its function as a currency are secondary. With any new technology, you are not just looking at its current functionality, but also the the functionality it can do that the old technology cannot.

As an aside: I can easily see this as a great compromise for DRM technologies. Both IP owner, licensee, and end-user give up a little power and control and vest that in a decentralized "public ledger".

I expect we'll see more discussions around over the next year or so as more people wake up to this possibility.

Yes, the concept of a distributed unforgeable public ledger is brand new in human history. The monetary use is interesting in that it obviously made bootstrapping possible, but the long term impact is probably bigger than just trading bitcoins.

One of the more subtle changes with this is, as people use the blockchain more, people's sense of authority shifts from traditional, centralized structures (institutions, governments) and more into a peer-to-peer accountability.

I've been on the sidelines watching a group of people try to hash out trust networks. Those really have not taken off. And I think they have not because the tokens used for trading trust don't have purchasing power for material goods the way Bitcoins does. I'm guessing that, while we may be tempted to just use the blockchain without the monetary use, the monetary use also makes each transaction like this matter a lot more. It might be possible that the very inefficiency is what allows the public ledger system to work at all.

In any case, I see much farther down the road where ... the big issue is not whether a nation-state actor's ability to issue currency is undermined by bitcoin, or even its ability to regulate it, but more that many other functions of government could eventually be expressed with Bitcoin or its technological successor.

Patents are interesting. What about real estate? Closing and transferring real estate takes a lot of paperwork, with mortgages enforced by powers of eviction and repossession.

I talked with a lawyer buddy of mine's about this subject a while ago. He tells me, the court system will be the last to convert over electronically. Legal papers have a gravitas associated with authority and control that is difficult to convert into electronic form.

Ultimately (and maybe not in this generation), wide-spread use of the public ledger will undermine deep-seated social conventions, emotional attachments, and notions we have about 'authority' and 'institutions.' Or maybe it'll be like the Millennials. All the folk who grew up in a time before wide-spread public ledgers die off; notions of central authorities becoming a quaint chapter in human history.

This is a pretty clever use of the blockchain. However, instead of destroying the bitcoins you have (wasting coins is bad, no matter how small) you can simply send bitcoins to yourself and store data in the `coinbase` field. The resulting transaction will appear in the blockchain permanently, and can always be referred back to.

There already exists a service to prove the existence of a document before a certain date (much like the one in the blog post): http://www.proofofexistence.com/ Their implementation details are lacking but it should still be clear enough to get an overview. (Edit: I seem to have missed this link in the blogpost)

Besides hosting checksums, other types of data have been found in the blockchain, such as some Wikileaks content (http://www.thebitcointrader.com/2013/04/25mb-of-wikileaks-ca...) and even links to child porn (http://www.btcpedia.com/ped0-links-in-bitcoin-blockchain/).

You could also encode the information in the size of a transaction sent to yourself. Then any money lost would go back to the miners as transaction fees.

It's my understanding that there is only one coinbase in each block, and it's set by the miner verifying the block. That would make using it for this purpose very difficult.

Just FYI - the article mentions dating your proof of concept / idea / whatever in case you are late to file a patent.

To my knowledge there isn't any major government left that recognizes 'first to invent' anymore, only 'first to file'. So you probably haven't saved yourself anything.

Yes, it's "first to file", but there is also the concept of "prior art". You cannot patent something that has been published before you filed that patent. Although this other person won't get your patent, you won't get it either.

This is a really cool concept. You could easily implement a similar "proof of [work/submission/event]" with a few lines of code, but there'd still be central points of failure: whatever server is storing these hashes.

While for Bitcoin, you can have a great degree of confidence that the blockchain up until now is legitimate. I suppose theoretically a >50% could take place, but even then, everything before that event could still be preserved and checked against.

It's nice to see that this idea becomes more widespread. Some time ago I started a small JavaScript tool "Bitcoinproof" which performs the necessary calculations automatically for you:


Unfortunately, it didn't receive much interest from the HN community:


"As another example, let’s say that you have a great idea for a patent, but it’s not quite ready. Well, write it up into a file, then add the file’s signature to the block chain. Years from now, if somebody beats you to the patent filing, you can prove that you had the idea ahead of time."

Go file a provisional patent! the patent regulations have changed since March 2013 from first-to-invent to first-to-file!:D

It would allow you to establish prior art for ideas that you didn't want to go to the expense of patenting.

Public key encryption invents the notary public, now with 10,000% more energy use?

Back of the envelope math:

Assume that the notary public needs a 70watt light bulb to function (ignoring food costs, paper, etc). 8 hour day, so about a half kwh. That electricity with a new asic miner would get you about a half bitcoin, which would let you send 1000 messages of up to 1kb each, given the transaction fees.

I'm ignoring some things, but at the moment it seems to be quite the net-win.

Don't forget the costs of relying on authority. First, trust can be broken. Second, if notary is offline or asleep you cannot register your data.

Also: even if you fully trust your notary, it's no guarantee some random people in Japan, Australia or South America will trust him too. Anyone anywhere can verify blockchain, though.

Also, the notary is a person, and needs to consume food, which also takes energy to produce and transport.

That brings up an interesting thought. Is the energy (cost) being expended actually going somewhere? I think perhaps, the fact that people put some sort of value onto teach of the transaction, no matter how minimal, accurately (though maybe not precisely) models the "stake". You wouldn't think much on using RSA keys as a public ledger, but as soon as you are tracking something that has some nominal, perceived value, people treat it with more respect and accountability. (Now, is this inherently true? I don't know.)

And 100% less human being?

We haven't hit the scaling limits of computation and are unlikely to for some time. But the scaling limit of a human is fixed at sixty minutes per hour.

I'd be curious as to the consequences of illegal numbers working their way into the block chain: https://en.wikipedia.org/wiki/Illegal_number

There is child pornography in the block chain already unfortunately.

There's also an App named "Satoshi Proof" which performs that kind of notary service for you:


In theory, couldn't BitCoin be redesigned for an electronic voting system? I would probably avoid using any system that is electronic, but a public ledger of votes that could reasonably protect the franchised (and its privacy) through a public ledger? (RSA founders still state their mistrust of an electronic voting system)

Given that bitcoin is a public ledger, and you can't let people just create their own addresses and vote with them, you'd need some authority to hand out verified but anonymized addresses. If they're doing that, they could make fake addresses which cast votes the way they like.

However, you may be interested in these simple secure voting methods invented by cryptographers. (Google cache, site's down.) http://webcache.googleusercontent.com/search?q=cache:http://...

Why would we use something with no well-defined security model and a known polynomial-time attack when we have provably security distributed voting systems? As with digital cash, cryptographers have devoted a lot of time to researching secure voting protocols.

A cool idea, but it seems like a strange tangent for a system that was intended for storage of transaction information. Surely a lookalike system built around permanent and crowd-affirmed data would be better?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact