Hacker News new | comments | ask | show | jobs | submit login
Bitcoin is Worse is Better (gwern.net)
152 points by gwern on Sept 29, 2013 | hide | past | web | favorite | 50 comments

Not really sure that Bitcoin involves "no major intellectual breakthroughs".

Perhaps no breakthroughs for independent parts (Satoshi did not create a new cryptographic function, for example) but the placement of known parts into a working system is in itself an intellectual breakthrough.

I don't understand how the author can say that Bitcoin is in no way an intellectual breakthrough. Perhaps I misunderstood the article.

Maybe the author misses the creative and novel system that Satoshi built just because the bricks are not all brand new. Even Bill Gates called Bitcoin a techno tour de force.

Agreed. The blockchain itself is an intellectual breakthrough, at least in application.

Exactly: Saying that the blockchain was not an intellectual breakthrough is like saying the lightbulb wasn't an intellectual breakthrough because it relied on the invention of electrical wires.

Did you read the whole article?

I agree with much of this essay, but it only hints at a key point: the most brilliant elements of Bitcoin's design are not in the realm of technical achievement, but in the realm of social engineering.

Bitcoin is not just a "technology" but a social platform with built-in incentives for attracting miners and transaction processors, and therefore end-users; growing demand from end-users attracts even more miners and transaction processors -- a self-reinforcing feedback loop.

All other prior crypto-currency efforts failed because, not because they were technically "inferior" (in the narrow sense of that word), but because they lacked the incentives necessary to attract a sufficient number of adopters.

I agree Bitcoin's approachability and incentive structure were crucial. The interesting question now: is Bitcoin sui generis (like say TCP/IP, and further cemented in place by network effects) or the harbinger of many similar systems (like say Napster/Gnutella)?

A lot of people were deterred from trying things in this sphere because of a (flawed) conventional wisdom that there was no room for success — that various academic attacks would be fatal, and social/institutional barriers too strong. But now that Bitcoin shows that an ugly "Minimum Viable Cryptocurrency" with the right balances/incentives can take off, we're already seeing lots of new interest and experiments.

I strongly expect some of these will discover new workable tradeoffs, in some cases even better than Bitcoin's brilliant+lucky mix, that will then either coexist with Bitcoin in overlapping domains, or feed into the evolution of 'Bitcoin Prime'. Lots more fun ahead.

Bitcoin works because it's actually a sneaky way of teaching the world Hayekian monetary theory without all those extremely long translated German sentences with multiple subordinate clauses. Ever read "The Denationalization of Money"(http://mises.org/document/3970)?

I would suggest rather John Law's 1705 essay "Money and trade considered: with a proposal for supplying the nation with money". Interestingly enough Graeber's history of debt overlooks this crucial step, namely the establishment of fiat currency of which there are different forms.

Agreed, social engineering was key. Just this morning I was explaining (in Mandarin, in a Thai taxi, mind you!) that the best and worst feature of Bitcoin was mining as a solution for the initial distribution problem.

Is this exactly what, in hindsight, crypto-currencies probably needed to get started? IMHO, Yes.

Is this a good feature going forward? IMHO, No.

Does it matter anymore? IMHO, No ... as there will be loads of alternatives and Bitcoin and related ecosystems have cracked open a wedge of reality that can never again be shut.

In short: MVP crypto-currency of its era? Maybe. Very good fit for the era? History says yes. Very good fit for the future? IMHO, probably not... but also, not going away soon. Whatever one's views on Bitcoin, it's hard to challenge its credentials as a damn good hack that changed the world. I'll be proud to tell my grandchildren that back when it all started I (ab)used my admin powers to undelete Bitcoin's Wikipedia page, despite the shit-storm that caused! ;) Hahah.

If the legal issues are not a big deal, one big competitor will be a low fee, price stable, zero coin like system underwritten by a commercial entity.

Commercial backing will be more interesting to many consumers than the network of miners.

Definitely, or a consortium of backers.

I could also see USGov offering a FedCoin (guaranteed redemption for USD) or TBillCoin (instantly tradable, divisible, interest-bearing USGov debt as currency).

They might even be able to cook up something that's more anonymous than Bitcoin (ZeroCoin-like) most of the time, but deanonymizable sfter some 'CoinCourt' due process legal proceedings. (Think ClipperChip/key-escrow, but for cryptocurrency.)

> USGov offering a FedCoin

i highly doubt this will ever occur - the Fed Reserve (or more correctly, the current cohort of "elite" bankers who control the Fed Resesrve) will either fight bitcoin if it threatens the dominance of the US dollar as the world currency, or the public will drag it kicking and screaming to adopt it (without much success i'd presume).

Control of currency is of utmost importance to those who are in power - and i mean really in power, not those who are voted into power like the POTUS.

First of all, the US dollar is not "the world currency." You need not go further than Vancouver to find places where USD is not widely used as currency. While USD is a very strong currency, it is by no means the only currency in widespread use.

It is equally false to try to separate money from law. Currencies have their value because of the law -- because of tax laws, and debt laws, and tort laws, and all the other laws that result in people being legally obliged to make certain payments. Control of currency is important to governments in the same way that control of speed is important to someone driving a car. The control is inherent and the issue is really about not completely screwing things up.

The US dollar IS the world currency if you round up from about 65%: http://en.wikipedia.org/wiki/File:Reserve_currencies.svg

Financial institutions buy dollars and sell the others when there is the slightest panic. Chinese buy Argentinean wine with US dollars. The USD holds a unique title, an exorbitant privilege.

Furthermore, money operates outside of the law very often -- even dollars -- just look at criminal activities, both low-brow and complicated, e.g. off-shore accounts.

> Currencies have their value because of the law

Fiat currencies have value because their issuing institution has a local monopoly on violence. Your phrasing is much more palatable.

> Control of currency is important to governments in the same way that control of speed is important to someone driving a car.

Citizens are cars to be carefully driven by central bankers? How delightful!

> The control is inherent and the issue is really about not completely screwing things up.

The average age of fiat currency is about 27 years old. I don't understand where your warm tingling sensation is coming from.

"Fiat currencies have value because their issuing institution has a local monopoly on violence. Your phrasing is much more palatable."

It does not have to be violence, you know. It can be non-violent -- like a general agreement by everyone that they will abide by the rulings of courts, even when those rulings work against their personal interests. Most debt disputes are resolved peacefully, even when people are watching their cars being towed away and even when they need to leave their homes. Even here in the USA, where the police are soldiers and more people are in prison than anywhere else, the majority of legal disputes are resolved peacefully and the majority of people at least try to follow the law.

It is also false to claim that non-fiat currencies are not subject to this. A currency backed by, say, gold, is still a currency whose value arises because of the law -- a law that connects the paper money to gold in some way, and that requires some form of mandatory payments in that currency. If the US government decided to return to the gold standard, gold would be currency again -- whereas right now it is nearly impossible to trade gold for anything, even on the black market.

So yes, the government does and will always have tremendous power over currency. Currency and law are inseparable except on the smallest scales.

Fiat currencies have their value because people agreed on that they have value. Bitcoin is more of a fiat currency than it is anything else. I.e. it has no value but for the consensus of people saying it has value and is not directly redeemable for anything that does value. Unlike, cows, iron,copper,gold, or promissory notes for them, which are the usual non fiat currencies.

The fact that it doesn't depend on violence ought to tell you to stop blindly parroting every single libertarian catch phrase you hear. They are not all true.

Fiat currency typically means money declared by a government to be legal tender. You can argue the value of bitcoin is arbitrary, but that doesn't make it a fiat currency. Way to slam dunk a straw man.

The only currency that can surpass the US dollar is gold. The US dollar is the de facto world currency, because the world's oil is mostly traded using US dollars. The US Gov't enforces this, by using strong arm tactics, or resort to millitary intervention - case in point, Iraq.

More likely VisaCoin and MasterCoin.

We provide this.

Although you are right about all previous crypto-currencies falling, it's difficult to ascribe their failures to lack of incentives for most of them. The major theoretical and commercial work on e-cash was done by David Chaum. His stuff was centralized, efficient, and anonymous.

He had several major parties trying to license his technology, including Microsoft ( who wanted to put it in Windows) and several banks. These deals fell through because of issues with Chaum allegedly. Without buy in from a trusted name, people were then unwilling to use Digicash.

The point is given that bitcoin has gotten so much attention, some known name may attempt Chaum style e-cash and get it to work. Incentives are only an issue for distributed e-cash systems and as people's willingness to use Visa shows, they can trust centralized ones.

Chaum's systems also failed because of a lack of demand. In the early-to-mid-90s it seemed sensible that nobody would spend money online without at least some of the security guarantees of digital cash. In retrospect, however, there are these issues:

1. Banks have centuries of experience in combating fraud. It is not clear that digital cash actually improves the situation for banks, given the higher infrastructure costs. If you cannot show banks that they will lose less to fraud with digital cash than the new infrastructure would cost, the banks will not care -- it is easier to analyze spending patterns and identify likely fraud.

2. Most users have a very poor understanding of the security implications of spending money online. On some of that, the fraud that users have to deal with is only partially defended against by digital cash; scams involving people taking money and not delivering the goods are even older than the banking system and are not addressed by digital cash. While the theft of credit card data causes headaches for users, banks are sufficiently good at stopping it that few people are clamoring for a better system.

3. It is unclear that merchants would have benefited from digital cash. While certain kinds of fraud affecting merchants might have been mitigated (e.g. no charge backs), the real issue is whether or not merchants would make more money with such systems. That is unclear, as the banks can and mostly certainly would still charge fees for the service and would likely charge at least as much as they charge for credit cards. Offline systems would mitigate the issue of service fees, but would also increase the risk of fraud and would leave merchants with the short end of the stick.

If anything, Bitcoin reinforces the point that security is not the deciding factor here. Bitcoin does not even have a clear security definition, yet for reasons that we could argue about for hours on end it has become more popular than systems with provable security.

Security never was that big a point with Chaum's e-cash either. It was anonymity. Which it's unclear if anyone values that much. Bitcoin isn't really anonymous and for all the things I hear people saying about Zerocoin, no one has bothered to integrate it.

Security was and remains an important goal for digital cash. Anonymity in digital cash is a security matter (in fact, anonymity in general is a security matter), and it can be formally defined and a system can be proved to achieve it (not different than other cryptographic security notions). It is also the case the anonymity was not the only security goal; protection against double-spending was equally if not more important, and in systems that support offline transactions there is the notion of protection against "frame ups" i.e. ensuring that the bank cannot produce a proof of double spending if the double spending did not occur.

Sorry, I was using security in the sense of physical security that one associates with money, not cryptographic security. But yes, they are both cryptographic properties of the system and for most systems they are provable properties.

If I remember correctly, Chaum's original paper didn't deal with offline double spending. It was blind signature based online e-cash that depend on the bank keeping a list of spent serial numbers(which isn't much easier keeping an account balance). So it's point was mainly anonymity.

His subsequent work did offline e-cash with double spend detection, but at least the original paper on that was very inefficient. I'm curious which line of work Digicash tried to deploy.

There is a large gap in my knowledge of the literature after that which also handily ignores the work of Stefan Brands, but as far as I know, the first system with really efficient offline double spend detection was due to Camenisch, Hohenberger, and Lysyanskaya, in 2006, long after Digichash went under.

"If I remember correctly, Chaum's original paper didn't deal with offline double spending. It was blind signature based online e-cash that depend on the bank keeping a list of spent serial numbers(which isn't much easier keeping an account balance). So it's point was mainly anonymity."

The point was anonymity and the assurance that double spending is hard. Let's put it this way: how do you know that the attacker cannot create tokens that the bank did not issue, but that the bank will believe are valid? The point of Chaum's original system is that you can prevent such an attack and allow anonymous spending. If the only concern were anonymity, the system would not be hard to create: the bank would just accept everything and the spenders would just create random strings instead of using the withdrawal protocol.

I find it fascinating that this invention is still not understood and when then only through layers of tech. BTC allows transactions in a network without a central party. that is it. the real question is why we haven't seen any real major new use case, but for instance the new micropayment protocol points in that direction. I believe there is a sort of tail end of this development which will come much later. BTC is a kind of hackers utopia, because the whole economy could be reshaped with code.

> that is it. the real question is why we haven't seen any real major new use case

Because its ahead of its time..

When we got the first cars, what kind of road did we have back than? Roads for horses and bandwagons..

Its the same with this centralized internet design.. and the ones that profit the most with this design, wont do any move to change things in that

Did you see any Google product that its p2p? or Apple? or MS? why? an army of smart people and none of them could create new products thats are not proxyfied over their clouds, or make us dependent of them somehow?

Its the same Office Package model, just that its one from the age of internet.. specially the ones that are "free"

Interesting. At the same time it took Ford to build cars. But perhaps we will have new types of collectives instead of corporations. I think there could be new types of systems of laws. So Bitcoin in the end could become something like a protocol for software agents to act in the real world. Mike Hearn has spelled some parts of this out. It's a bit of a shame that Satoshi didn't write more, because these ideas were close to the original cloud of ideas.

There's been an increase in gwern articles on Hacker News recently, I like it. Just curious why now?

Oh, that's easy: because I'm submitting them. More interesting is why I'm submitting them: I've long waffled on whether I should routinely submit my stuff to HN because while one or two submissions did well, most of my submissions sank without a trace. The obvious thing to do in this situation is to test it out systematically, so for the past few days (and until such time as I get bored with it or run out), I've been submitting 3 links a day: 1 link to a good gwern.net article, and 2 links to non-gwern.net articles which I liked a lot.

Do you also submit your links at the same time of the day each day (when the same part of the globe is awake, the rate of new stories is similar, etc.) or do you vary the time? There have been several examinations of HN story performance vs. timing (e.g., http://nathanael.hevenet.com/the-best-time-to-post-on-hacker...).

I submit them early in the morning as one of the first tasks. So the timing isn't perfectly synchronized (I don't think it'll make a huge difference), but they're all fairly comparable. Amusingly, this turns out to be pretty similar to that post's recommended time.

Interesting, I can expect a post on your findings then?

Whenever I lose patience, I suppose. That can take a while: eg my Redshift sleep experiment is up to 495 days so far.

I, for one, am suspicious. Gwern's posting of old articles from his site (which are nonetheless articulate, intelligent, and interesting) makes me think that this is step 437 of a 21352 part plan that ends with him as Emperor of the Moon, laughing as he abuses the escape from Earth's gravity well to extract utility via threat of kinetic bombardment.

To paraphrase Arthur Weasley: "Never trust anyone if you can't see where they keep their utility function."

Perturbation, I am hurt by your comments. What did I ever do to deserve such well-founded paranoia?

What is non-well-founded paranoia? Is it when you think there's a conspiracy behind the conspiracy behind the conspiracy... and so on indefinitely?

n+1 conspiracies are strictly less likely than n conspiracies, for obvious reasons. There's got to be some length of the conspiracy chain beyond which you're forced to assume that either (a) you've postulated too many conspiracies, or (b) there's a conspiracy whose main goal is the creation of ridiculously long chains of conspiracies behind other conspiracies, and it's doing a good job.

Hey, wait! That's my plan.

By the way, I don't think there's anything wrong at all with bribing early adopters. Just sayin'...

Check the username of the OP.

I don't think I've ever seen such a comprehensive summary of opinion on Bitcoin from so many different names inside what could easily be from the digital cash chapter of a yet-unborn history textbook.

Zooko (known, to me anyway, for Zooko's triangle), Stefan Brands and Wei Dai are all names I recognise from casual research on e-cash, and it's great to see such a rich set of citations.

Couple of missing data points:

* the number of connected internet clients. compare the years 2008 and 2000. In the year 2000 the idea of Bitcoin would have been pie in the sky (although it would be an interesting thought experiment of alternative history of Bitcoin appearing during the INET bubble)

* eGold peaked in 2008

* bandwith. identification methods. opensource collaboration. we speak of the internet and the web but they are not constant through time.

Is there an actually usable RSS feed of the essays on the site? Importing http://www.gwern.net/atom.xml into i.e. The Old Reader gives me a feed of all changes to the site - not really what I want.

Such an RSS feed can only be written in retrospect, after time has passed and I know whether I'm done with an essay or not, so it doesn't exist. http://www.gwern.net/Changelog is probably what you want.

Hate the title.

Complain to rpg. He invented & named the concept, I'm just using it.

Whenever I see the "worse is better" meme, I know I'm in store for a criticism of some engineering decisions or other by someone who doesn't understand the decision criteria. (And often, someone who was pushing an alternate solution that failed because of this lack of understanding.) Engineering is more than just implementing theoretical work. It's about making tradeoffs in the real world.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact