Bitcoin and Digital Currencies

You can't blacklist hardware without breaking anonymity, so no that is not an option.

I'm breaking anonymity with a single plain-text cipher-text pair, I don't require acquiring your private key, I only need to know your public key and tie it to a particular individual. I can then see your transactions in the soup because I have linked a public key to a particular person.

The pdf stated that a bitcoin is defined by a chain of digitally signed transactions. So the transaction history IS the bitcoin as far as anybody is concerned. So a new coin is any coin which starts with zero history. Who creates this coin?

So why I stated that the scheme for acquiring a person's public key is very important yet not stated at all in the scheme goes like this. (This is also the circular transaction issue).

—-

Person A spends his bitcoin to Person B.

This transaction is recorded via creating a hash based on the previous hash of the bitcoin and Public Key B. This creates Signature 0, which is then digitally signed via Private Key A. This indicates that A was aware of the transaction and approved of it. Using the Public Key of A, we can then get back Signature 0, which we can easily verify is the hash of the previous hash and Public Key B.

I'll assume the Hash function is cryptographically secure.

Next we create a fraudulent transaction. This can only be accomplished if we can screw with the acquisition of the Public Keys. So we go through the same steps. Here's where I need information on the public key acquisition scheme.

The second transaction, transaction 1, has Signature 1. It is signed by Private Key B which we do not have. So we use Private Key B' which is paired with Public Key B'. Upon request of the Public Key B, my botnet steps in and then gives you Public Key B' instead, verifying the transaction as real. You then do your proof of work and at this point, it doesn't matter whose proof of work you accept because you're doing it for transactions that never happened.

You sell to Person C who then is not a real person which then merrily reuses the bitcoin. Meanwhile Person B would have to break anonymity and claim that someone stole his money.

If I constantly fabricate new people and do this, I can constantly steal money and you cannot block the entry of new people.

—-

So that gets me to thinking (I have to run so maybe someone else can do this more thoroughly), if I do this instead:

We have Alice and Bob. Alice buys something from Bob with her bitcoin. Alice then fraudulently attaches MANY fake transactions after it. I don't broadcast this transaction beyond my botnet, complete the difficult proof of work on it. The last few transactions are all fake people whose private/public key pair I know, so their transactions are real.

The one fake transaction is the only one you can verify as not real. But if the transaction history is long enough, it could be truncated. Then you wouldn't be able to verify it anymore. I can now double spend the coin.

This is useful for bitcoins of large value.

On that note, I'm questioning the addition of garbage to the end of the hash to do some kind of attack.

edited 17th May '11 12:41:57 PM by breadloaf

Okay, I'm back and I've taken more of a look at the scheme in total.

Economics

• Built-in deflation is not good. When the incentive is to start charging massively for transaction fees that starts to break the entire system, it doesn't make sense to ever spend versus hoard.

• This system tends to support early adopters due to deflation.

• Generation of new coins is based on computing nodes receiving a problem and then attempting to solve it. Usage of a botnet to an attacker is essentially free, so the introduction of a p2p system makes trojans way more profitable. In addition, early adopters profit at the expense of late adopters. So, are we expected to build servers to compete with botnets? Heck, that's half the point of botnets in the first place.

Cryptography

• I'm starting to find this to be almost not important at all even if it's totally secure.

I'm not going to argue the economics either way. I'm just interested in the technical side.

Already noted- the first transaction of a block can transfer a particular sum to somebody (presumably under the hasher's control) without requiring previous history for that amount.

Public Key: You don't have to "acquire" a person's public key- they are already identified by their public key. Funds are associated with keys; a person could have one key that they have all their money going to and from, or they could divide up their funds across a hundred keys over time. (I suspect anonymity is probably limited in most cases, but that's not my concern.)

That's a hard requirement of a good electronic cash system in cryptography.

• Recognizable (as legal tender)
• Portable (easily carried)
• Transferable (without involvement of the financial network)
• Divisible (has the ability to make change)
• Unforgeable (difficult to duplicate)
• Untraceable (difficult to keep a record of where money is

• Anonymous (no record of who spent the money)

I have a huge problem now that I read more about bitcoin (as I like trying to find flaws in schemes like this). It basically doesn't work as an economic scheme if it becomes popular, it only works if it is not popular. That's screwed up. But let's focus on the technical side of it.

• Recognizable (as legal tender)

This just a matter of acceptance.

• Portable (easily carried)

It's digital so if we presume most of the economy is online, a bitcoin is okay.

• Transferable (without involvement of the financial network)

Considering it's the whole point of this scheme, I think it passes this check.

• Divisible (has the ability to make change)

I think it is okay for this.

• Unforgeable (difficult to duplicate)

Okay, I looked at it and it seems reasonably difficult.

• Untraceable (difficult to keep a record of where money is

Well obviously with the why the transactions are recorded, it fails instantly.

• Anonymous (no record of who spent the money)

It depends on whether it is difficult to associate a public key with a particular person. From what I can tell, statistical analysis would break this with a high chance.

—-

My main issue is that the whole point of bitcoin is to say "p2p will make the big players go away" but it doesn't. Control of the network and the money supply depends on computing power. The average person isn't going to turn on their computer, have it run 24-7 for over 3 months to validate a single block and get 50 bitcoins. Shall he buy new computers? If he runs it overnight for say 8 hours a day, then we extend that time to 9 months to get 50 bitcoins.

So who gets the bitcoins to spend? Google server farms, botnet herders, government agencies. They're the only ones with the resources to actually create this stuff. In the end, only the bank can do this so it defeats the purpose.

If it doesn't catch on, then the early adopters win out with a larger share of bitcoins and control of the market.

—-

It feels like a total scam. A total market value of 94 million and not a single cryptographer has looked at the scheme.

I think the goal isn't so much to eliminate big players, but to allow business to carry on without them. They would stand to profit off the network, being able to take the inflation tax and later transaction fees, (which may be an incentive for them to popularize it?) but you don't need them in particular to make payments, and they are forced to stay honest. Especially if competing big players are also on the system.

Eh. Still not looking practical right now.

edited 17th May '11 3:07:21 PM by Tangent128

I guess, but if the big players (ie. the freaking government) is gone, I think you got bigger problems :)

Okay, so further analysis (mind you, because I'm just doing it out of hand, some of my earlier posts have some mistakes that I correct myself in later posts).

On forging transactions. I think I have a better understanding of how it works now (for some reason their wiki is down so it was very difficult to get a good description of the scheme). This depends on whether I can "bury" any transactions. Is it possible for me to bury a bad transaction behind a lot of real transactions between a bunch of bitcoin addresses which I just made up?

According to the PDF, when there are enough transactions, you would stub off the hash tree.

So Alice sends her bitcoin to Bob. Then Alice and her evil botnet immediately proceed to invent many transactions after this. Once the hash tree of transactions (where only one transaction, where Bob sends his bitcoin to someone else is false, all other transactions are between bitcoin addresses I've invented) is sufficiently large, it is stubbed off. The information (the bad hash) of Bob to fake person, is lost.

Then I have my botnet immediately work on the "proof of work" for this set of transactions and publishes it. Other nodes will accept this and at works merely produce their own proof of work.

Did I even need majority hold of CPU power for that?

I believe it is still rejected, since blocks depending on bad blocks are rejected themselves. It would only stub off data for transactions known to be good and no longer relevant (that is, all involved money has changed hands). (And it doesn't stub off data yet, apparently.)

Wired.com Article on Bitcoin related manipulations and malware

Important note, the malware is akin to just hacking your computer to capture your credit card information.

I would call malware a tool used in hacking not hacking specifically but that is my opinion.

The botnet manipulation was what I noticed most.

I read that botnet as nothing more than putting a CPU cruncher on a system, that's been done since Seti@Home and other such distributed programs came out, nothing new.

Not sure what you're saying with the other part.

The problem is that Bitcoin relies on the abscence of botnets.

If one group gets control of 50% of the total computing power, they gain complete control over the entire system.

If you have control over that much computing power, I think you can do something more useful than Bitcoin.

What? Send spams?

Yeah, well, good luck with that.

Okay, a botnet can have, at the largest size, around 10 million computers. That SHOULD be some serious processing power.

However, legitimate producers have the benefit of generally having very powerful rigs set up for mining. Out of those 10 million computers, how many are going to have powerful ATI cards that can hash quickly? A single ATI 5970 is capable of about 800 megahash per second, whereas the best, top of the line CPU can manage maybe 10 at full power and most have troubles reaching one. The best N Vidia card can manage about 150 at best and most will max out at around 30. ATI cards above the 42xx series outside of a handful of the best (again, 59xx, 69xx, 58xx) will go between 40 and 300 Mhash.

How much will ten million botnet computers do? The chances of THEM being rigged for mining are very low, so they will be remarkably inefficient at mining. Meanwhile, there are bitcoin miners with bitcoin farms, hundreds of top-of-the-line computers specifically built for mining. When you consider that there are hundreds or thousands of such farmers in addition to small timers with above average cards and people who have computers rigged for gaming who decide to put their strong cards to use mining, it becomes pretty clear that it would take a botnet of absurd proportions to take over, and if another one tried something they would cancel each other's influence out.

So what you're saying is that a PS 3 botnet would be even more effective?

Something to note about bitcoins: They're stored in a wallet file on the individual's computer. Said file can be deleted. Those bitcoins cannot be recovered afterwards.

Furthermore, bitcoins are ridiculously unstable as a currency. One post from a Something Awful user managed to make the value plummet. And right now, they seem to be used less as currency and more as a money making scheme, with a side use for laundering money and purchasing drugs.

edited 19th Jun '11 3:13:04 PM by Miijhal

i like how they talk about mining but it's almost impossible to do without just "buying in" to a mining farm. I figured i might as well try it since i own an ATI 5850.

The wiki talks about mining a lot but provides no method to do so. googling around finally found me the program, which doesn't work. program just flubs and closes itself when I run it, and it seems to be a common error judging by the comments. no fixes seem to work.

In any case, the concept isn't any worse than paper money- if people accept it, they accept it. The only difference is that paper money generally has real gold or other valuable material backing it up somewhere and it validly represents something. Bitcoin is... just further abstracted.

I noticed that too. Playing around with the program, I was surprised that it told me I had $0 money in my wallet and that I had this ID code which was a ridiculous string of random letters and numbers. I'm not memorizing that. I wondered how i was supposed to keep track of that going to a different computer when I didn't have any kind of username to identify myself with (other than the long, crazy string) and where it stored my money... and then I found out my "wallet" is a local file. Uh... yeah. no thanks.

edited 19th Jun '11 4:14:45 PM by willyolio

Well that's a serious problem with bitcoin is that it presumes users know a lot about cryptography but not too much. Aside from the fact that people can just steal it, I'm not sure how someone can state that "A botnet can *only* have 10 million computers" versus one guy, with a video card. Let me answer the question for you, ten million computers is better.

Plus what about these bitcoin farms? A botnet costs me relatively zero dollars while you spend tens of millions on bitcoin farms? That's ridiculous. You'll never compete economically. It assumes attackers actually spend significant resources to take down the network. This thing is a scam design to profit first-time entry people and screw everyone else that comes in later, it's written into the code and completely public. Anybody with ANY knowledge of economics should see it.

The economics do seem a bit skewed there, true. And I suspect the whole early-adopter glut of currency may actually turn people away from the system in the future.

From a technical perspective, though, what do you expect somebody building a botnet to control over half the network's resources to be able to accomplish?

whoopsies! http://gizmodo.com/5813622/bitcoin-price-tumbles-after-massive-account-hack-and-sell+off-on-trading-site-mtgox

now they're just going to "roll back" the currency and peg it to a fixed amount?

somehow, I see this as being commonplace pretty soon.

That was a trading site being hacked, not the bitcoin system itself.

The entire system's safety is predicated on having the computing power in the hands of legitimate users. This means that if bitcoin were ever useful, then attackers would flock to ruin the system but on the other hand if it's not useful then only legitimate users would be on it (thereby gaining them less money than they are spending to get).

Pretty much anything. They could shutout all legitimate commerce, and probably counterfeit arbitrary amounts of money.

Unless I am mistaken, that would not be enough to counterfeit money (you'd have to break a seriously nasty encryption for that) or to take money from others. What such a botnet could do is double spending its money; it could use some bitcoins to pay something, convince the seller that the payment went through, then "get its money back".

Which would be nasty, but is not exactly "pretty much anything".