I still haven’t heard a good explanation for how BitCoin solves the following two problems:
Scalability
Each transaction is added to the list of transactions. What happens when you have hundreds of thousands, or millions, of transactions every second? How can the network possibly cope?
The “double spending” problem
Assume there are two different retailers, A and B, who accept BitCoin. I initiate a transaction with each one, simultaneously. I use the same BitCoin(s) for each transaction. What happens? (How does network lag affect this?) If it’s really as anonymous as claimed, how would anyone know who was doing this?
Note how these two problems butt up against each other. If care is taken to avoid allowing double spending, then each node (or at least a large percentage of them) must be made aware of each transaction as it’s made. Everyone must be constantly aware of each BitCoin as it is spent, lest someone cheat. This presents huge problems for scalability.
More transactions requires more processing but that is exactly what a bigger network provides.
Those separate transactions will set off on a race for verification. If you initiate the transactions at the same time, it would be hard to say which will be confirmed first but one of them is guaranteed to be if the Bitcoins are valid. They can’t both be confirmed at the same instant. A confirmation is the network agreeing that a spend is valid and not a double spend. The vanilla client is configured to accept a transaction after 6 confirmations. Many online services require just one confirmation. The second vendor will say your transaction didn’t clear and if you bought a coffee or tipped a hotel porter, he’d probably just write you off as a deadbeat. For bigger transactions, I would ask that you stick around until I get a confirmation or 2 just so that there is little chance of a reversal if nodes on the other side of the planet come back with a report of those Bitcoins being used with an earlier time stamp.
The point is that it isn’t anonymous. It’s pseudonymous. There is an history to track the same way I can track your post back to BlackKnight. I can also track where the money you spent came from all the way back to when it was created. I just can’t pin those transactions on anything more real than whatever identity you (and your money’s preceding owners’) have decided to associate with the sending and receiving addresses you used for that money. If you signed up to the SDMB with your real name and a GPG signed email address, I can track BlackKnight back to you. I actually have receiving addresses that are registered to me that way and you can check with authorities that money going to that address is actually going to me. I could generate other addresses, receive funds, send them though a Bitcoin mixer, get them back and then nobody would ever be able to tell where it came from with any certainty.
It doesn’t matter who conducts a tranasaction, for what reasons, services or products for it to be valid. There is no ethical judgement in the transfer of Bitcoins. All that matters is that particular coins are unable to leave an address more times than they’ve gone to that address.
No, it doesn’t present problems for scalability. It presents the necessary tasks for the miners to work on while they mine and collect transaction fees. The issue with scalability is the size of the block chain a long way down the road. Now, the main client downloads the entire block chain because it is small enough for that to be convenient. Eventually, when the block chain is too cumbersome for that, standard clients will only need to download a kind of summary of that chain. The only entities that would need to download the lot would be the big hubs like exchanges and banks or perhaps research organisations.
You haven’t stumbled over Bitcoin’s Achilles Heel. The points you raise are at the very beginning of any FAQ about Bitcoin. At the moment, I don’t believe there are any known technical faults with the protocol or the implementation that render it vulnerable to attack or instability. This stuff is picked over by a lot of talented and informed people with a fine tooth comb. Like GPG, if there is a problem, it is only known to a few very powerful organisations like the NSA or perhaps an organised crime gang specialising in computer security. When you start learning about the mathematics behind it, it becomes apparent that even wildly speculative abilities that someone like the NSA might have still wouldn’t be enough for them to attack and cripple Bitcoin.
Bitcoin was made by mathematicians and hackers. Talented ones at that and it will survive whatever gets thrown at it from crackers in the service of government or criminals. However, I wish Bitcoin had a more diverse range of economic thinkers involved in its design as well as some more PR people onboard around about now. Public apathy will allow laws that will impede Bitcoin’s open use and politicians will have an authoritarian urge to strangle it as we are already starting to see.
I think the greatest weakness is its deflationary nature. If I could change one thing, it would be a bias towards slight inflation or holding steady. Deflation is disastrous for investment if there is only one currency but Bitcoin will never be the only currency available (partly because of its deflating nature) so that problem is mitigated.
I’m not referring to processing, I’m referring to bandwidth. What does it mean for “the network” to agree? Every node? A majority? If not every node is informed, then there is room for chicanery. If every node is informed, then that strikes me as highly impractical. Imagine if every single transaction in my bank account had to propagate to every other bank in the country (or world, over laggy connections, etc.) before it registered. That’s the issue I’m curious about.
According to the BitCoin FAQ, this sticking around will take on average of 10 minutes a transaction. That strikes me as very impractical. The FAQ also says:
Unless I very much misunderstand this, this is just silly. It doesn’t matter if the transaction is not of high value. A ne’er-do-well could simply perform multiple such transactions. (Or a bunch of ne’er-do-wells would independently each steal something “not of high value”.
How would BitCoin deal with the following: The NSA (or whatever branch of the US government has the most mileage of computing power) simply mines the everlovin’ crap out of BitCoin. They then sit on it, never spending a single one. Thus, very few (if any) new BitCoin are introduced into the economy. No revolution in mathematics needed - simply raw computing power on a massive scale.
Do you have a cite for this? Everything I’ve read about it says it was developed by one person.
I’ve been wondering about this as well. If I understand it right, the block chain serves as a distributed ledger, recording all transactions on the network. The block chain is distributed to all clients, and in doing so, informs them of transactions. This reminds me of the early internet, where the complete host table was distributed to all network nodes. Will this scale well as the number of Bitcoin users increases? Is there something I am not understanding?
Think of the network as the largest blockchain along with every client that refers to that blockchain and every miner that adds to it. A description of every valid transaction is encoded in that blockchain and the chain is added to at staggered intervals of about 10 minutes. Transactions don’t propagate directly to every other node but via the blockchain which is constantly updated if your client is online. If a client has just been reopened after a long period and has a lot of new blockchain to download, it won’t be able to make valid transactions until it has downloaded everything up until the most recent blocks. So every node that can participate must be in unanimous agreement about the state of the block.
I doubt you misunderstand that part. It is trivially simple. It’s more likely we just disagree on what common behaviour would be in an environment where small purchases are made like a cup of coffee using a phone based wallet for example. Sure, there will be deadbeats who try stupid stuff like that. There are infamous people in most towns who make a regular thing of sitting down to a meal and then not paying. Restaurants throw those guys out and write the losses off as an extraordinary expense since it isn’t worth the drama of bringing the cops in. Restaurant customers suck but not often in that particular way and life goes on. Massive underground networks even of ne’er do wells carrying out co-ordinated attacks where they set their phone client up to another address of theirs at the exact same moment they draw on a small sum for a cup of coffee. I don’t know. I’m clutching at straws trying to envisage a scenario where you could initiate 2 transactions as close as possible for small fees without attracting suspicion. The point is that only one of those transactions will be written to the block and so clients will only regard one of them as valid. You would only benefit if your client gave your own self-paying transaction a slight head start to the one the vendor got because the first is the likely one to be written to the block by a miner somewhere in the world. If the vendor gets the money first, you haven’t scammed anyone. If your account gets it first, congratulations, you got a free coffee and a room full of people who think you’re a cock or an IP ban or your forum account gets terminated. Possibly your photo on the wall behind the counter of a bunch of shops around town. The ne’er do wells would have to set up a ne’er do well guild if they want anybody to talk to.
Dear NSA, I know you read my thoughts when my tinfoil hat falls off but please do this. I can sell into a bubble that dwarfs the recent one and then when the majority of people get sick of your bullshit, someone will fork the blockchain and we’ll all go with that. Sorry about the massive amounts of computer power you wasted on something the market abandoned. Perhaps you should have used it to save your country from becoming an old faded empire.
I really doubt Satoshi is Japanese or even an individual person. 8 years in Japan and I haven’t met a single Japanese who speaks vernacular like him. Going by his English, I’d be shocked if the people who wrote the stuff attributed to him aren’t native English speakers, or possibly Dutch or Scandinavian. Gavin Andresen, the project lead is a Princeton grad with a CS background. The other big name is Jeff Garzik. From what I can see on the web and his home page http://yyz.us/ he seems like a protoypical hacker. The components of Bitcoin like public key cryptography are all designed and built by math/CS/hacker types. I assume you don’t want a cite for something like that though.
I had to rush off a reply but I’ll be back to check after work. Assuming the NSA didn’t read this and seek petty vengeance before I get home tonight.
According to this. Apx. 6 blocks of bitcoins are created every hour, with the block size decreasing geometrically over time by around 50% every 4 years. Thus the NSA could outmine everyone else, but still only at the predetermined rate. It works sort of like a lottery I hear, I assume your ‘number of tickets’ is proportional to the amount of CPU work provided.
One question I have is, what happens when/if the remaining amount of bitcoins left to be mined (and their block size) reaches a point where people no longer decide it is worth committing substantial computer resources to mining/processing transactions?
The page I linked has a graph on it showing the total bitcoins over time, with less than 1m bitcoins (out of 21m) left to be mined by around 2025. At this point I estimate the block size will be about 5. That is about 10% of the current block size, which means to keep the same payout as today (for miners) each bitcoin would need to be worth 10x as much. So IMO unless there are enough interested parties to keep the distributed base of computing going, once the gold rush so to speak is over with the network may lose much of its processing power, unless the price per coin increases drastically. The system very much seems to benefit those who adopt early, and sit on their bitcoins as long as possible.
Just to be clear, I didn’t write the stuff I was quoted as saying above although there are thousands of skeptics on Youtube and forums like this who have. And they all think they are the first person to hypothesise this particular failure mode for Bitcoin.
Your first paragraph is right though I’m not sure even the NSA could approach the 50% required to seize control of the network. Bitcoin has had more hashing power than its closest openly acknowledged rival (folding@home) for a long time and I doubt if even the NSA could come close to a controlling stake. I’m quite sure nobody else could. For a while there, Deepbit, an enormous pool of small time(ish) miners did have control of just over half and there were hotheads suggesting the blockchain be forked for fear of what Deepbit’s owner would do. Cooler heads prevailed and his share went back under 50% but if there was ever any suspicion that over 50% was controlled by anything like a company or state entity, the current main chain would be dropped like a losing ticket at the track.
Distribution of the 50BTC rewards is probabilistic. Do more than 50% of the work for a block and there is more than a 50% chance you’ll get the reward. Don’t use CPUs though. GPUs are the way to go and folks are working on FPGAs which in turn will be superseded by ASICs I believe. It’s been ages since CPUs were profitable to mine with but you’re right that it’s all about the processing power you have to contribute. At the moment, the bulk of the reward is in the 50BTC/block lottery but my guess is that around 2013 when the reward halves, the revenue from transaction fees will overtake the 25BTC rewards.
In this case early adopters have been rewarded. In what successful venture endeavour aren’t they rewarded? I’ve read endless bitching about how it isn’t fair as though fairness is a goal. Coase’s theorem often gets bandied about in these discussions but even without that, I’m still inclined to believe the early adopters are due whatever they get. Paris Hilton having a roof over her head is more unfair than the early adopter geeks of Bitcoin having some play money.
The price crashed over the weekend when some old salt/s with loads of untouched 50BTC lots unloaded some of his haul onto the market. He obviously thought the bubble had peaked or perhaps he just got nervous and decided to cash in his chips. The point is that it took a bubble to draw out these hoarded funds and it will probably take a few more to get all of the old stashes out and into the market. More players, more volume, more liquidity, options. All these things are developing and will serve to stabilise the price. Some more bubbles to come before we get there I believe though.
Is there a way to try mining without spending untold hours learning a new technogeek language? I’ve spent an hour or so reading and still have no idea how to actually go about it.
Gotta learn technogeek I’m afraid. You could start mining (unprofitably) without it but any earnings would probably be lost because you’d be scammed out of them or you’d lose them. Technogeek is what you use to check that people are who they claim they are, prove who you say you are or encrypt your info and wallet data. These things are the necessary minimum if you want to use Bitcoin and not just be a mark for Eastern European gangs.
I don’t have time for a long post now, and I haven’t had time to read the technical paper yet. I just want to point out two things.
Jenga wrote: “… it becomes apparent that even wildly speculative abilities that someone like the NSA might have still wouldn’t be enough for them to attack and cripple Bitcoin.”
In response to this I asked what happened if someone with vast resources simply tried to out-mine everybody else. Jenga’s response was, IMHO, too dismissive. Ultimately, the block chain could be forked and the old one discarded, he said. Personally, I think the ability to force a discard of the current blockchain counts as being able to cripple the system. Especially when you factor in that this could be done, in theory, without anyone knowing that a single group was behind it! How does everyone agree to fork the system when you don’t know what, if anything, is wrong?
Please note that I’m not saying this will likely happen, nor that it should happen, or anything like that. I’m talking about what’s possible. I have little doubt that the US government could, if it for some reason wanted to, out-compute the current number of BitCoin users.
The advertised distributed nature of BitCoin is somewhat misleading - the BitCoin wiki itself says:
To me this sounds like: BitCoin doesn’t scale properly, unless we reduce the security.
Final disclaimer: I know I’m being hypercritical. The truth is, BitCoin is really very brilliant. I’m just not convinced it’s as useful or revolutionary as advertised. I mean, Anselm’s ontological argument is brilliant, too, but I’m still an atheist.
I don’t care how many people on YouTube think they are the first person to have found a flaw in BitCoin. I care whether there are flaws. If there are, there are; if not, not. YouTube has no bearing on that one way or another.
The Economist magazine has a really well done article on Bit Coins. Its conclusions are questionable but overall a very well researched story. If you are interested in BitCoins I recommend giving it a read.
The difficulty of mining a BitCoin scales automatically. If someone throws a supercomputer at it then the future BitCoins become more difficult to mine. This is a built in aspect of the system and cannot be circumvented.
As a result the rate at which BitCoins are released remains very predictable.
You misunderstand. The theoretical attack isn’t on the rate of production, it’s on the ownership of that which is produced. That is, if you introduce enough computing power, you will, probabilistically, have a larger share of the produced bitcoins. With large enough amounts of computation, you could have the vast majority of all new bitcoins. If you then sat on them, the system would be neutered.
If few or no new bitcoins enter the economy, the value of each other bitcoin will go up only if demand does. But there is little reason for demand to grow if the economy is crippled by a more-or-less fixed size. If the makers of BitCoin had limited it to no more than 100 bitcoins, maximum, how much demand would there be for any one of them? Very little, if any; anyone could see that with a very restricted pool of currency, the system as a whole just isn’t very useful, hence demand for any of it wouldn’t get off the ground. BitCoin has enough hype right now that if new bc stopped being minted, the demand would grow for existing bc in the short term. But in the long term it would, at best, be stagnant. Most likely, it would implode.
(And this is ignoring other forms of disruption that someone with a significant percentage of bc could perform.)
Agreed, but irrelevant to the discussion of a theoretical attack. And “hugely expensive” means something different than usual when discussing major governments.
Which would be just as vulnerable to the same attack.
I came across some guy who (he posted a video) built multiple computers to BitCoin mine 24x7. While any computer is technically capable of mining for BitCoins you really want a computer with a dedicated GPU (video card). The more powerful the video card the better (AMD video cards are also distinctly better at this than Nvidia cards are).
This makes the rig setup pricey. Not hugely expensive but certainly not cheap.
Left to a normal computer without a dedicated GPU (ala a laptop) it can take weeks or months or more to produce a BitCoin. I think my setup at home (which by chance happens to have the ideal video card for this) could produce one in three days as things currently stand (and it will only get harder).
In the end I am not sure if it makes monetary sense to mine your own BitCoins and expect to make a profit. I suppose it is possible but the guy in the video was a bit underwhelmed at his income especially considering his expenses.
Not saying don’t do it. If you have a PC that may as well be put to work fine but a $1,000 investment per PC to do this will take awhile to pay off (there are also electricity costs which actually are enough with those video cards running full-tilt to eat into your profits as well).
For the elctricity thing consider that an AMD 6990 (which costs around $700 each) when overclocked can draw 450 watts and since it will be running to flat out capacity it is likely to really use that much electricity.
In Illinois (just checked the ComEd page) they tell me electricity costs $0.10/Kwh.
So, just one card will cost you $0.045/hour to run (and frankly most people use multiple card setups). If you can mine a BitCoin once every three days that is $3.24 of electricity.
Not huge but not insignificant compared to the worth of a BitCoin. That is also not counting power the rest of the PC draws. If you have lots of video cards doing this they will be pumping out serious heat so now add in cost and electricity for a decent cooling system for the lot.
This relates tangentially to the question I have. Let’s say I have a bitcoin worth roughly $20 US. What do I do if I want to buy something like a condom that costs $1 US? Do I have to buy 20 of them (close to a lifetime supply at the current rate of consumption) or can the bitcoin be fractionalized into lesser denominations like a dollar can be broken into 100 cents? I could see how this would be the case if the bitcoin number is thought of as more of an authorization number that allows you to conduct transactions. At the beginning you would be given the number and one coin in that account. Then the distributed databases would keep track of what fraction you used and what fraction was remaining.
The way this relates to the quote above is as follows: If the currency can be fractionalized then there is really no limit on how much of it is available. You are just moving the decimal place around. The limitation isn’t due to the currency but to the number of people allowed to participate in the system (the quantity of numbers issued). As more people enter the system each coin is worth more and each fraction of a coin is worth more. No problem, you just divide each coin ever more finely. I guess eventually there may be some erosion or inaccuracy due to rounding error.
But if it is fractionalized then you don’t have a unique identifying number for each part of the coin. So the bitcoin number has to be thought of as an account with a certain amount in it that is tracked by the system. That being the case you don’t have one unique number to each fraction. If I understand what I have read previously this does not seem to be the way it works but at the same time it seems it would have to work this way to be of practical use. All currencies work that way.
At any rate, I can’t really see anyone using this as payment for something tangible. Even if you sold a tangible good like a condom your problem would be finding something you could buy with your gain since your choices would be very limited in that regard. I could see it being used for services. Things like pornographic live web shows etc… where all the provider would be out is his or her time.
The other thing is that since the currency is deflationary by nature the incentive is to sit on it and not spend it. I think this is one reason fiat currencies always try to be inflationary. If you don’t spend it then it becomes worth less. In this case the opposite would happen. Lots of these things sitting in hoards doesn’t get you the critical mass of transactions needed for these things to be commonly accepted which touches again on the quote above.
None of the currency aspects are unique to bitcoin. Even the concept of an electronic currency is not new since people have already been trading various virtual currencies from role playing games in exchange for various things. In that case at least you have a floor on the currency’s worth which is its utility to you in the game you enjoy playing.
I can foresee a possible future where criminals distribute their profits by getting online and having their avatars meet in the (virtual) dark of night, somewhere in an alley of an online game. The question is would the avatar of a copper come by and catch them in the act?