Bitcoins - the new currency?

[esme]

What Are Bitcoins?

=========

Bitcoins are virtual coins in the form of a file that is stored on your device. These coins can be sent to and from users three ways:

 

1. Direct with peer-to-peer software downloaded at bitcoin.org

2. Via an escrow service like ClearCoin

3. Via a bitcoin currency exchange

 

Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin. A payee can verify the signatures to verify the chain of ownership.

So basically you have a digital signature which is unique to you and this is used to sign a transaction between you and someone else who then takes ownership of the bitcoin which is automatically deleted from your machine.

 

The idea seems to be that as everybodies signature is unique and known only to them then by examining a bitcoins transaction log you can trace it all the way back to it's creation and verify it's authenticity, but not actually know who was involved in any individual transaction as you don't know what anybody else's signature is.

 

All that's needed for a transaction are two people with unique signatures, one with bitcoins, the other with goods and the peer to peer software to manage the transaction between the two.

 

One immediate hole I can think of -

 

You have bitcoins on your computer, they have to be held in some form on your hard drive in order to survive a shutdown otherwise you couldn't shut your machine down overnight or worse the first powercut would bankrupt you, so the coins have to be held on non volatile storage i.e. the hard drive.

 

So when your machine is shut down, you create an image copy of your hard drive, a backup in case of disaster if anyone asks.

 

You then start your machine and perform a transaction with a second party, transferring bitcoins from your PC to the other party, the bitcoin the second party receives has valid transaction logs so they send you the goods you just purchased and the coins are removed from your system.

 

You then shut down your PC and restore your image backup, overwriting your hard drive completely, then restart your PC.

 

Your PC is now in the state it was before you performed your bitcoin transaction and you have bitcoins in your wallet once more, these bitcoins are all verifiable back to the point of origin and for all intents and purposes are completely legitemate.

 

So you then contact a third party and perform a transaction with them using these coins, all digital signatures are applied and because there is no reference to the prior transaction, there is no way of telling that these are the same coins that you just made a purchase with, the transaction is made the coins are transferred and the third party can verify them all the way back to their creation via the transaction log so they accept them and send you the goods

 

You can keep doing this until the cows come home, eventually someone will figure out that there are more coins in circulation than have actually been made and eventually trace them back to your signature by examining the transaction logs.

 

Then starting with the last transaction which gave them their coin they ask the person who they got the coin off where it came from work backwards down the transaction log to find the person that you defrauded and then they can find out where the goods that were purchased were sent and send the boys round with baseball bats

 

By which time you have changed your identity and are living the life of Riley in the South of France having sold all your fraudulently obtained goods for profit.

 

This assumes this is fully peer to peer and requires no third party to verify the transaction.

 

If it's not fully peer to peer, then there has to be a central registry to verify bitcoin authenticity against and that brings it's own problems.

 

People requiring payment to verify bitcoins being one of them - taxation, or allowing a third party the power of veto on your transaction - "sorry the bitcoin registry is unavailable please try later" - freezing yout account, allowing a third party to know the details of your transaction destroying any illusion of privacy you thought you had - coins can be tracked.

 

Completely negating the claimed benefits

The benefits of a currency like this:

 

a) Your coins can’t be frozen (like a Paypal account can be)

b) Your coins can’t be tracked

c) Your coins can’t be taxed

d) Transaction costs are extremely low (sorry credit card companies)

with the possible exception of the last one

 

And then there's the minor problem of where such a registry is physically located, if it's on US soil kiss goodbye to any ideas of confidentiality as the US have laws specifically allowing them to examine records on any computer on it's soil, and the US is supposedly one of the good guys, there are worse locations for such a registry.

 

If it's web based and the US don't like the idea of an electronic currency undermining the dollar then the US company Verisign can be asked to deny access, a bit like the FBI did to the Isle of Man based company Pokerstars last I heard the Isle of Man wasn't in the FBI's jurisdiction, it didn't stop them seizing the domain name so the site couldn't be accessed.

 

Now that's just a few of the problems I can think of, so I don't see this replacing real money any time soon.

Edited June 1, 2011 by esme
thought of more faults & corrected some spelling

[Phanerothyme]

One immediate hole I can think of -

 

You have bitcoins on your computer, they have to be held in some form on your hard drive in order to survive a shutdown otherwise you couldn't shut your machine down overnight or worse the first powercut would bankrupt you, so the coins have to be held on non volatile storage i.e. the hard drive.

 

So when your machine is shut down, you create an image copy of your hard drive, a backup in case of disaster if anyone asks.

 

You then start your machine and perform a transaction with a second party, transferring bitcoins from your PC to the other party, the bitcoin the second party receives has valid transaction logs so they send you the goods you just purchased and the coins are removed from your system.

 

You then shut down your PC and restore your image backup, overwriting your hard drive completely, then restart your PC.

 

Your PC is now in the state it was before you performed your bitcoin transaction and you have bitcoins in your wallet once more, these bitcoins are all verifiable back to the point of origin and for all intents and purposes are completely legitemate.

 

So you then contact a third party and perform a transaction with them using these coins, all digital signatures are applied and because there is no reference to the prior transaction, there is no way of telling that these are the same coins that you just made a purchase with, the transaction is made the coins are transferred and the third party can verify them all the way back to their creation via the transaction log so they accept them and send you the goods

 

You can keep doing this until the cows come home, eventually someone will figure out that there are more coins in circulation than have actually been made and eventually trace them back to your signature by examining the transaction logs.

No you can't. Once the bitcoin is spent by you, you can never respend it again. Attempts to do so will fail as your attempted transaction cannot be validated by any other clients in the cloud.

 

Then starting with the last transaction which gave them their coin they ask the person who they got the coin off where it came from work backwards down the transaction log to find the person that you defrauded and then they can find out where the goods that were purchased were sent and send the boys round with baseball bats

 

By which time you have changed your identity and are living the life of Riley in the South of France having sold all your fraudulently obtained goods for profit.

 

This assumes this is fully peer to peer and requires no third party to verify the transaction.

 

If it's not fully peer to peer, then there has to be a central registry to verify bitcoin authenticity against and that brings it's own problems.

 

People requiring payment to verify bitcoins being one of them - taxation, or allowing a third party the power of veto on your transaction - "sorry the bitcoin registry is unavailable please try later" - freezing yout account, allowing a third party to know the details of your transaction destroying any illusion of privacy you thought you had - coins can be tracked.

 

Completely negating the claimed benefitswith the possible exception of the last one

 

And then there's the minor problem of where such a registry is physically located, if it's on US soil kiss goodbye to any ideas of confidentiality as the US have laws specifically allowing them to examine records on any computer on it's soil, and the US is supposedly one of the good guys, there are worse locations for such a registry.

 

If it's web based and the US don't like the idea of an electronic currency undermining the dollar then the US company Verisign can be asked to deny access, a bit like the FBI did to the Isle of Man based company Pokerstars last I heard the Isle of Man wasn't in the FBI's jurisdiction, it didn't stop them seizing the domain name so the site couldn't be accessed.

 

Now that's just a few of the problems I can think of, so I don't see this replacing real money any time soon.

 

There is no central registry, no authority - beyond the cloud of clients that collectively hold the entire bitcoin transaction database, hashing each completed block irreversably into the next, and supplying the network with transaction processing services.

 

Complete transaction histories are tied to bitcoin keys only (you can and should generate a new key for every payment), you can have as many and varied wallets as you like, and if you wipe the bitcoins by accident - that's it - they're gone.

 

It's such an elegant design it should get a prize, never mind if this particular incarnation takes off.

 

Now it's open source, I'm awaiting the slew of experimental currencies that will follow.

[Cyclone]

How about the slew of hackers scrutinising the mechanism in order to take advantage of it?

And as soon as that happens the crash to zero value for every bitcoin that exists.

[Phanerothyme]

How about the slew of hackers scrutinising the mechanism in order to take advantage of it?

And as soon as that happens the crash to zero value for every bitcoin that exists.

What would be the point of taking advantage of it then?

 

 

Well it is open source, so there are no hiding places for loopholes or vulnerabilities. They exist, and are discussed, but because of the nature of bitcoin transaction processing they don't really pose any problem.

 

But yes of course you are right - people will try and subvert the system.

 

But this is what I mean about it being such an elegant design:

 

In essence, it will cost you less to mine bitcoin than it will to reverse the crypto on bitcoin, and you have the added benefit of being able to spend the bitcoin (on alpaca socks).

 

If you reverse the crypto, you still have to supplant the existing entire transaction chain right back to the beginning, with one of your own (doing all the proof of work required by the algorithm all over again) - by becoming the majority supplier of CPU cycles to the cloud. Given some of the mining rigs out there - that's also going to be extremely expensive.

Edited June 2, 2011 by Phanerothyme

[Cyclone]

Because until it's discovered that it's been broken you've got the chance to defraud a whole lot of people.

 

The 'mining' returns bitcoins at a decreasing rate, until 21 million are issued, at which point that's it. So as time goes by the potential pay off for breaking the system increases.

 

How can a viable 'currency' be based on giving it away for free until a cut off point is reached when no more will be issued? It makes no sense!

[Nagel]

All I know is my £250 is now worth £340, and that's in just 15 days. Over a year that would be an 860% return on investment which is like drugs money.

 

In fact it probably is drugs money as it's suspected Bitcoin will be used for nefarious purposes.

 

Of cousre it's only a profit on paper until I sell them and the trick will be to do that before it all goes pop.

[esme]

No you can't. Once the bitcoin is spent by you, you can never respend it again. Attempts to do so will fail as your attempted transaction cannot be validated by any other clients in the cloud.

this is only possible if the bitcoin you are spending is checked against every other bitcoin in circulation which is only possible with a central registry or brokerage

 

you restore a backup containing a bitcoin and you have that bitcoin to spend again, as all it's logs are intact, it's embedded history is intact and there is nothing about the bitcoin to tell anyone it's already been spent

 

if it didn't do this then a disk error would bankrupt you as you couldn't restore a backup to recover your bitcoins

 

so either there is no registry and you can defraud the system by restoring a backup as all the information to validate a transaction is tied to an individual bitcoin

 

or every transaction is verified by comparison with every other bitcoin in existence which is a little impractical if not actually impossible as they'd all need to be available for comparison

 

or there is a central registry and that has it's own vulnerabilities

 

but don't let me stop you investing if you seriously think it's a good idea, I might be wrong on this, in fact as you are so passionate about it I'll go back and re read the article to see if I missed anything

[Cyclone]

I believe it has some form of distributed infrastructure. So no central authority, but still a record that can't be tampered with by a single node (in theory).

[Nagel]

this is only possible if the bitcoin you are spending is checked against every other bitcoin in circulation which is only possible with a central registry or brokerage

 

you restore a backup containing a bitcoin and you have that bitcoin to spend again, as all it's logs are intact, it's embedded history is intact and there is nothing about the bitcoin to tell anyone it's already been spent

 

if it didn't do this then a disk error would bankrupt you as you couldn't restore a backup to recover your bitcoins

 

Try it, see if you can do it. I bet you 1000 Bitcoins you fail

[esme]

ahhhh the solution proposed in the PDF is a at heart public history of transactions for every coin in existence distributed among many peers, otherwise double spending coins cannot be prevented

 

interesting solution

 

a little reliant on governments not outlawing peer to peer filesharing, as they've come perilously close to doing on a number of occasions at the behest of the music and film industry and it's only public outcry that's stopped them

 

this could be the straw that breaks the camels back, after all you are threatening the economy of countries, you are taking away tax revenue and you are enabling the possibility of large transactions to take place completely anonymously and untraceably, which will interest the tax offices of the world as well as the police forces of the world

 

were I a government and someone presented this to me, then my immediate knee jerk reaction would be to criminalise file sharing and instruct every ISP within my borders not to merely throttle peer to peer traffic, as they occasionally do, but to block it completely, I may even go further and restrict traffic to an approved set of servers so you can only look at web sites on an approved list

 

draconian I know but completely possible

 

you want the governments of the world to take a serious interest in the regulation of the internet, then this will do it

 

and yes I know oppressive regimes have tried and failed to regulate the internet, but they failed because there were less oppressive regimes around them creating opportunities and holes whereby these controls could be circumvented

 

this doesn't just threaten some currencies it threatens all of them, there won't be any friendly network access allowing these measure to be circumvented

 

the internet remains free because governments haven't realised it's a threat ... or possibly haven't realised that we know , trust me, governments would react to this as a threat and kill it stone dead

 

nice try though

Edited June 2, 2011 by esme
can't spell tsk!