Den harde nordmann
De Marquis: I guess I am having trouble comprehending your message.
Besides, when X amount of bitcoins have finally been generated there will not be generated any more of them. That is the entire idea.
Tuefel Hunden IV: Techology my boy, that will solve a lot. One of the goals from one of the groups who are thinking about bitcoin is that it will basically be paypal except with no overhead. No problems, etc.
Well, if it actually become that is inded a interisting issue.
Night Clerk of the Apacalypse.
If it is reliant on tech to make it work we have problem til tech gets to where it works out then. Until that point I will just use pay pal. If bitcoin lets me skip the bit coin and simply place dollars on my account I would use it.(providing vendors want to use it)
Who watches the watchmen?
@del: Yes, there is some basic confusion going on here. Maybe we should check facts. According to your understanding, if I want to, say, purchase an action figure on-line using bitcoin, where does the money to do this actually come from? Is it generated within the bitcoin system, or come directly from my bank account, or what?
Den harde nordmann
De Marquis: Either I use a bank for the exchange, where the bitcoins exchanged from the bank ends up with the site you bought from.
Or direct transactions.
:P
Well, there are apparently several schemes anyhow.
Thread hop:
I'll ignore the fact that the bitcoin pdf has disturbingly little math inside of it. But here are my thoughts
- The security scheme is terribly broken. With the way they've designed it, the public-private key encryption and hashing schemes don't even matter. I just need a botnet to screw you. I don't see how they didn't think about this because there are literally tens of millions of infected computers out there.
- In order to even make it remotely secure you require immediate buy in from a lot of people at once to make the scheme work
- There's no reason to make this p2p, it's completely pointless and seems more like an attempt at a buzzword than anything p2p is actually useful for.
There's already electronic cash solutions why are they reinventing the wheel?
Also, as for the OP, this has nothing to do with inflation or whatever. Bitcoins (aka ecash) is just another form of cash. You can't fabricate these. When you withdraw money from a bank, you get bitcoins/ecash instead of paper/coins.
More like giant cherries
Well you can't fabricate them without a bunch of computing power at any rate.
Basically, the system sounds to me like a theoretical design exercise completely divorced from reality.
edited 14th May '11 9:01:23 PM by storyyeller
Blind Final Fantasy 6 Let's Play
Den harde nordmann
breadloaf: What is then wrong with bitcoin? You never stated it.
A guy called dvorak is tired. Tired of humanity not wanting to change to improve itself. Quite the sad tale.
From what I gather, at least, the goal is for it to be transferable without relying on a central authority. Thus, the system isn't brought down by an attack/accident on the central servers, and nobody can block exchanges. Just like cash.
That is a good technical reason to make it P 2 P.
They do mention the botnet issue, at least- in the paper:
The damage is still limited; the attacker can refuse to verify transactions, thus possibly allowing them to take back deals they were involved in, but they can't forge transactions. Creating money out of thin air, apart from what the protocol allows for, would not be possible either. And if you have two comparable botnets from different attackers, neither has a majority of the CPU power.
Do you highlight everything looking for secret messages?
I think you misunderstand me about electronic cash. There are pre-existing offline schemes for it that do not require anything and are not susceptible to botnet assaults. They state that you'd need a "majority" of CPU power to fabricate stuff, well the same statement goes for real transactions as well. Would real transactions be backed by botnets? The organisational power of malicious nodes is far greater than honest ones, so I don't see that working. You need a system that is actually cryptographically secure, not one based on trust. Trust is worthless. In cryptography if you say you have to trust something, I immediately distrust the entire scheme.
I wouldn't use bitcoin because it's reinventing the wheel for electronic cash and doing it poorly. If I spent a month on it, I could probably fundamentally break the system, that's my gut feeling.
Den harde nordmann
breadloaf: And what exactly do you think happens when the botnet gets overpowered by not matching the hash of the larger net?
This is the p2p part, and it is fun.
![[up]](https://static.tvtropes.org/pmwiki/pub/smiles/arrow_up.png "[up]"){kind=icon}
The honest nodes don't have to be more organized than the malicious ones- they simply endorse all transactions where the math works out.
The malicious nodes' goal, on the other hand, is to only endorse some transactions, so that they can double-spend money or try and block an opponent's transactions. If any honest node, or non-cooperating malicious node, finds the hash for a block containing a transaction they tried to squelch and advances the honest chain before they can advance the dishonest one, the transaction makes it into the history and they fail.
There's no trust beyond the assumption that anyone who wants to block your transfers can't overpower the people who don't care either way. Again, organization doesn't matter- you don't need to coordinate honesty, only lying.
But I don't follow these things closely. What are some of the other systems out there?
Do you highlight everything looking for secret messages?
There's a lot of different schemes out there, just look up "ecash" and hopefully google gives you some good answers.
I think you're a bit mistaken on how p2p works if you think it's just magic and stuff gets broadcasted everywhere. An honest node, making an honest transaction, with real bitcoins would work as described in the scheme. Why do I have to follow the scheme?
Which is what exactly? Special! Therefore it works. I don't see any math here to show that it is unbreakable.
Need proof.
—-
He makes the presumption I cannot create a closed circuit with my botnet where I do my calculations to gain my time advantage (that is organisation) and then move back out to the wider p2p world where they cannot catch up because they would never bother to do so. I already look like a verified transaction. However, there's so little math I'm not sure if what I'm saying is true or not because I can barely verify their statements.
The first transaction is "special" in that the money coming in is less than the money going out. There is a limit on the amount that may be introduced (is it 25 now?), which is decreased exponentially over time.
That is, the normal checking the other nodes do to make sure the transaction is valid allows that particular creation of money. Otherwise, transactions have to put in at least as much money as they dish out (extra money may be left over, which is allowed to be taken as a transaction fee by the solving node).
How does your closed botnet gain any time advantage? The network at large is working on solidifying the history while you are fabricating your own- why would it accept the blocks you try to introduce, when the existing chain is longer?
(Googling "ecash" only led me to stuff about money-transfer systems that still involved banks. Just like checks, credit cards, or Paypal. Which does nothing to deal with the centralization problem Bitcoin wants to solve.)
Do you highlight everything looking for secret messages?
Is that cake frosting?
About the "not enough mathematics" comment: I think that, for a high-level description of the system as the one of that paper, using more mathematics than what they did would actually have been quite inappropriate. Once you have specified the protocol in all details, as I guess they have done somewhere, you can do some pretty interesting stuff with formal analysis and with simulations; but at this level of description, any formal analysis would require so many abstractions that it would be basically useless.
I already have a few doubts about the relevance of the short analysis at the end of the paper, for example — it's not wrong, per se, but it does not take in account the topology of the network, the way in which the topology changes when nodes are connected or disconnected, the average message-passing time and a myriad of other factors which would have a big practical effect.
Now, granted, in order to be entirely sure that the protocol has no defects one should have to check everything in the minimal details, down to the level of the very source code of the implementations; but for now, I was interested in reading opinions about the general concept of the system.
Thanks for all the comments, by the way, it's been a very interesting read!
EDIT: If someone wants a more in-depth description of the protocol, the bitcoin wiki
contains it (see also: protocol rules, discussion of weaknesses).
edited 17th May '11 8:51:17 AM by Carciofus
But they seem to know where they are going, the ones who walk away from Omelas.
Give me a moment to analyse the scheme in depth because to me gut feeling screams "Something horribly and fundamentally wrong with it".
Is that cake frosting?
Thanks! I knew that asking on TV Tropes was a good move to get some opinions from knowledgeable people 
More like giant cherries
Another point noone seems to have mentioned
You don't actually need 50% of the total computing power. In fact, you don't even need 50% of the computing power in use at any given time. This is because an attack can be optimized, whereas honest nodes will still be executing the full algorithm plus verification.
Blind Final Fantasy 6 Let's Play
Is that cake frosting?
Good point — but would that actually give the attacker that much advantage? Generating the "magic numbers" for the hashes is the most expensive part of the algorithm by far, and an attacker would need to do that anyway.
edited 17th May '11 9:31:52 AM by Carciofus
But they seem to know where they are going, the ones who walk away from Omelas.
If I understand it right, the attacker's blocks still have to pass verification, or they simply get ignored.
Do you highlight everything looking for secret messages?
Jupiterian Local
The whole system depends on their being more honest users in the system than dishonest ones. A sufficiently large botnet would completely fuck them — and, in the worst case scenario, do it without anyone even knowing they'd been fucked. There have been botnets out there consisting of tens of millions of computers. It's not hard to envision a botnet overpowering the honest users.
Really from Jupiter, but not an alien.
Is that cake frosting?
Well, yes. As long as Bitcoin is not hugely popular, this is definitely possible.
But such a botnet could not steal other people's bitcoins, or fake new ones: in order to do so, it would have to break some serious cryptography first — and it were capable of doing so, it could just as easily steal anything from any bank ever.
What it could do is some double spending, that is, use some bitcoins more than once without the others noticing immediately (they would eventually notice, of course, because their records would conflict; but that would only happen after the sale has been completed).
edited 17th May '11 10:25:43 AM by Carciofus
But they seem to know where they are going, the ones who walk away from Omelas.
Okay this is my cursory glance on this topic (don't take me for an expert cryptographer or something :) )
Double Spending
- The scheme is designed to block modification of previous transactions. Great. But what about circular transactions? For instance A -> B -> C (fake) -> A, there is no scheme to verify a transaction itself is actually real.
- Public-private Key scheme has no verification method for identifying real people from fake digital people. I can create an unlimited number of fake owners to avoid blacklisting (if for instance I am discovered to be double spending my coins)
- What is the method for fabricating new coins? Why can't I just inflation tax everyone to death by constantly creating new bitcoins?
Anonymity
- What is the method for acquiring a person's public key? This is rather important for verifying ownership of a coin, since I must have the public key to verify the digital signature on the coin. For instance if private key A is used to sign the coin, then only public key A can decrypt it (given a long enough bit length). If we leave public key anonymous, we get anonymity at the cost of being unable to verify between real owners and fake owners (and fake owners are important because I can use them for circular transactions)
- You can packet inspect nodes in the network to see the digitally signed hash chain block they are sending (the definition of a bitcoin). This allows to steal bitcoins. However, you can encrypt the protocol between nodes.
- With the way you broadcast out your transactions, I can use statistical analysis to partially break anonymity.
- A single plaintext-ciphertext pair shatters anonymity. If we presume I can acquire at least one such pair for a bitcoin, then I will have discovered your identity permanently.
See ALL the stars!
edited 17th May '11 11:25:50 AM by Yej
Da Rules excuse all the inaccuracy in the world. Listen to them, not me.
Could you be more specific on what that transaction does? I'm not sure what's wrong with it...
Yes, anonymity precludes blacklisting for the most part. That's why different approaches for preventing double-spending are taken instead.
New coins may be created by whoever successfully calculates the next block in the chain, which should happen every 10 minutes. The amount they may create goes down with time (25 per block now, halved in a couple years to 12.5, halved again later on...).
Otherwise, all transactions must balance, or they will presumably not be accepted.
Nope. The signed block is already public information. It simply records transactions, in a form that rapidly becomes impractical to forge.
The blocks are not the bitcoins- the bitcoins are just the amounts going into and out of each transaction.
Do you highlight everything looking for secret messages?
I have yet to have problem with pay pal. wikileaks pissed people off and stepped on a lot of toes on purpose so I am not surprised it happened.
I have serious doubts that bitcoin would work so well. For every system there are always a few flaws and ways to game and abuse the system.
Again I am paying real money into paypal. I do not need to translate my funds between bit coin and u.s. dollars. The money in my account for pp and my bank is already USD the value is the same and no translation is needed (aside from doing business with businesses using a different currency ie business in another nation). This is also kind of why I dislike these little various points based purchases in place in micro-market systems for games and other online services. Like XBOX live points. I would rather see a flat dollar value so I know exactly what I am paying for a product. All i see bitcoins as is yet another complication to doing business online that is not really needed.
I got to steam or any number of various vendors who use PP and chances are very high they are asking for money in USD in some form or other and I do not need to play with exchange rates. Game A costs 10 bucks I have 10 bucks in pay pal. All I have to do is hit my payment button.
Who watches the watchmen?