## Bitcoincerns

Bitcoincerns — as in Bitcoin concerns! Get it? Hahaha.

Despite having an interest in ecash, I haven’t invested in any bitcoins. I haven’t thought about it any depth, but my intuition says I don’t really trust it. I’m not really sure why, so I thought I’d write about it to see if I could come up with some answers.

The first thing about bitcoin that bothered me when I first heard about it was the concept of burning CPU cycles for cash — ie, setup a bitcoin miner, get bitcoins, …, profit. The idea of making money by running calculations that don’t provide any benefit to anyone is actually kind of offensive IMO. That’s one of the reasons I didn’t like Microsoft’s Hashcash back in the day. I think that’s not actually correct, though, and that the calculations being run by miners are actually useful in that they ensure the validity of bitcoin transfers.

I’m not particularly bothered by the deflationary expectations people have of bitcoin. The “wild success” cases I’ve seen for bitcoin estimate their value by handy wavy arguments where you take a crazy big number, divide it by the 20M max bitcoins that are available, and end up with a crazy big number per bitcoin. Here’s the argument I’d make: someday many transactions will take place purely online using bitcoin, let’s say 75% of all transactions in the world by value. Gross World Product (GDP globally) is $40T, so 75% of that is$30T per year. With bitcoin, each coin can participate in a transaction every ten minutes, so that’s up to about 52,000 transactions a year, and there are up to 20M bitcoins. So if each bitcoin is active 100% of the time, you’d end up with a GWP of 1.04T bitcoins per year, and an exchange rate of $28 per bitcoin, growing with world GDP. If, despite accounting for 75% of all transactions, each bitcoin is only active once an hour, multiply that figure by six for$168 per bitcoin.

That assumes bitcoins are used entirely as a medium of exchange, rather than hoarded as a store of value. If bitcoins got so expensive that they can only just represent a single Vietnamese Dong, then 21,107 “satoshi” would be worth $1 USD, and a single bitcoin would be worth$4737 USD. You’d then only need 739k bitcoins each participating in a transaction once an hour to take care of 75% of the world’s transactions, with the remaining 19M bitcoins acting as a value store worth about $91B. In the grand scheme of things, that’s not really very much money. I think if you made bitcoins much more expensive than that you’d start cutting into the proportion of the world’s transactions that you can actually account for, which would start forcing you to use other cryptocurrencies for microtransactions, eg. Ultimately, I think you’d start hitting practical limitations trying to put 75% of the world’s transactions through a single ledger (ie hitting bandwidth, storage and processing constraints), and for bitcoin, that would mean having alternate ledgers which is equivalent to alternate currencies. That would involve some tradeoffs — for bitcoin-like cryptocurrencies you’d have to account for how volatile alternative currencies are, and how amenable the blockchains are to compromise, but, provided there are trusted online exchanges to convert one cryptocurrency into another, that’s probably about it. Alternate cryptocurrencies place additional constraints on the maximum value of bitcoin itself, by reducing the maximum amount of GWP happening in bitcoin versus other currencies. It’s not clear to me how much value bitcoin has as a value store. Compared to precious metals, is much easier to transport, much easier to access, much less expensive to store and secure. On the other hand, it’s much easier to destroy or steal. It’s currently also very volatile. As a store of value, the only things that would make it better or worse than an alternative cryptocurrency are (a) how volatile it is, (b) how easy it is to exchange for other goods (liquidity), and (c) how secure the blockchain/algorithms/etc are. Of those, volatility seems like the biggest sticking point. I don’t think it’s unrealistic to imagine wanting to store, say,$1T in cryptocurrency (rather than gold bullion, say), but with only 20M bitcoins, that would mean each bitcoin was worth at least $50,000. Given a current price of about$500, that’s a long way away — and since there are a lot of things that could happen in the meantime, I think high volatility at present is a pretty plausible outcome.

I’m not sure if it’s possible or not, but I have to wonder if a bitcoin based cryptocurrency designed to be resistant to volatility would be implementable. I’m thinking (a) a funded exchange guaranteeing a minimum exchange rate for the currency, and (b) a maximum number of coins and coin generation rate for miners that makes that exchange plausible. The exchange for, let’s call it “bitbullion”, should self-fund to some extent by selling new bitbullion at a price of 10% above guidance, and buying at a price of 10% below guidance (and adjusting guidance up or down slightly any time it buys or sells, purely in order to stay solvent).

I don’t know what the crypto underlying the bitcoin blockchain actually is. I’m surprised it’s held up long enough to get to where bitcoin already is, frankly. There’s nominally $6B worth of bitcoins out there, so it would seem like you could make a reasonable profit if you could hack the algorithm. If there were hundreds of billions or trillions of dollars worth of value stored in cryptocurrency, that would be an even greater risk: being able to steal$1B would tempt a lot of people, being able to destroy $100B, especially if you could pick your target, would tempt a bunch more. So in any event, the economic/deflation concerns seem assailable to me. The volatility not so much, but I’m not looking to replace my bank at the moment, so that doesn’t bother me either. I’m very skeptical about the origins of bitcoin. The fact it’s the first successful cryptocurrency, and also the first definitively non-anonymous one is pretty intriguing in my book. Previous cryptocurrencies like Chaum’s ecash focussed on allowing Alice to pay Bob$1 without there being a record of anything other than Alice is $1 poorer, and Bob is$1 richer. Bitcoin does exactly the opposite, providing nothing more than a globally verifiable record of who paid whom how much at what time. That seems like a dream come true for law enforcement — you don’t even have to get a warrant to review the transactions for an account, because everyone’s accounts are already completely public. Of course, you still have to find some way to associate a bitcoin wallet id with an actual person, but I suspect that’s a challenge with any possible cryptocurrency. I’m not quite sure what the status of the digicash/ecash patents are/were, but they were due to expire sometime around now (give or take a few years), I think.

The second thing that strikes me as odd about bitcoin is how easily it’s avoided being regulated to death. I had expected the SEC to decide that bitcoins are a commodity with no real difference to a share certificate, and that as a consequence they can only be traded using regulated exchanges by financial professionals, or similar. Even if bitcoins still count as new enough to only have gotten a knee-jerk regulatory response rather than a considered one (with at $500 a pop and significant mainstream media coverage, I doubt), I would have expected something more along the lines of “bitcoin trading is likely to come under regulation XYZ, operating or using an unregulated exchange is likely to be a crime, contact a lawyer” rather than “we’re looking into it”. That makes it seem like bitcoin has influential friends who aren’t being very vocal in public, and conspiracy theories involving NSA and CIA/FBI folks suggesting leaving bitcoin alone for now might help fight crime, seem more plausible than ones involving Gates or Soros or someone secretly creating a new financial world order. The other aspect is that it seems like there’s only really four plausible creators of bitcoin: one or more super smart academic types, a private startup of some sort, an intelligence agency, or a criminal outfit. It seems unlikely to me that a criminal outfit would create a cryptocurrency with a strong audit trail, but I guess you never know. It seems massively unlikely that a legitimate private company would still be secret, rather than cashing out. Likewise it seems unlikely that people who’d just done it because it seemed like an interesting idea would manage to remain anonymous still; though that said, cryptogeeks are weird like that. If it was created by an intelligence agency, then its life to date makes some sense: advertise it as anonymous online cash that’s great for illegal stuff like buying drugs and can’t be tracked, sucker in a bunch of criminals to using it, then catch them, confiscate the money, and follow the audit trail to catch more folks. If that’s only worked for silk road folks, that’s probably pretty small-time. If bitcoin was successfully marketed as “anonymous, secure cryptocurrency” to organised crime or terrorists, and that gave you another angle to attack some of those networks, you could be on to something. It doesn’t seem like it would be difficult to either break into MtGox and other trading sites to gain an initial mapping between bitcoins and real identities, or to analyse the blockchain comprehensively enough to see through most attempts at bitcoin laundering. Not that I actually have a problem with any of that. And honestly, if secret government agencies lean on other secret government agencies in order to create an effective and efficient online currency to fight crime, that’s probable a win-win as far as I’m concerned. One concern I guess I have though, is that if you assume a bunch of law-enforcement cryptonerds build bitcoin, is that they might also have a way of “turning it off” — perhaps a real compromise in the crypto that means they can easily create forks of the blockchain and make bitcoins useless, or just enough processor power that they can break it by bruteforce, or even just some partial results in how to break bitcoin that would destroy confidence in it, and destroy the value of any bitcoins. It’d be fairly risky to know of such a flaw, and trust that it wouldn’t be uncovered by the public crypto research community, though. All that said, if you ignore the criminal and megalomaniacal ideas for bitcoin, and assume the crypto’s sound, it’s pretty interesting. At the moment, a satoshi is worth 5/10,000ths of a cent, which would be awesome for microtransactions if the transaction fee wasn’t at 5c. Hmm, looks like dogecoin probably has the right settings for microtransactions to work. Maybe I should have another go at the pay-per-byte wireless capping I was thinking of that one time… Apart from microtransactions, some of the conditional/multiparty transaction possibilities are probably pretty interesting too. ### 4 Comments 1. Russell Stuart says: > The idea of making money by running calculations that don’t provide any benefit to anyone is actually kind of offensive IMO. Those calculations do provide benefit. They allow people to conduct bitcoin transactions. In that sense they are no different to the calculations being performed by the credit card networks, or the banks. I’m sure the electrons don’t care if they are used by a mining rig, or to power a tellers light in a bank branch. Still it would be nice if the calculations could be used in the discovery of new knowledge. To do that you need a problem that: 1. Whose solution depends on a bag of bits. 2. The solution is easy to verify once you know it. 3. The solution is only discoverable by checking every possibility. Ie, it is NP hard. Currently the problem is to find an SHA256 hash for the bag of bits that is below a given value. (Various other altcoins have substituted different hashes, but the central idea is the same.) One novel attempt to do something useful is to find counter examples to the Riemann hypothesis ie find a group of large primes that are close together. (I’m not sure how that is useful, but the inventors thought it was.) So aj, here is your opportunity to act as a benefactor for all of mankind. Invent a mining puzzle that does something useful. > On the other hand, it’s much easier to destroy or steal. Certainly easier to destroy. If they don’t address that bitcoin will disappear over time. But addressing it isn’t hard (and it also address the deflation “problem”). Easier to steal? Yes, they can be almost arbitrarily easy to steal, if it you don’t know anything about computers it’s even easy to so unintentionally. But you can also make a$20 note easy to steal by dropping it in a busy high school ground. The main difference is people know they should not leave their wallets lying around, but somehow backing their bitcoins doesn’t occur to them.

But … unlike gold and notes you can also make it arbitrarily hard to steal. For example, so make it as hard as a gold bar to steal, by writing the key inside of the bar so you have to x-ray it to get it out. You want it harder? Split the key across several bars and store them in different places on the planet.

It’s not just theoretical. Some bitcoin clients will encrypt your key, encode it as a QR-Code, and print it plus decode instructions to a PDF, and then give you the key by a separate channel. You are expected to print the PDF and put it in a bank deposit box (or several copies in different places) and save the password to the key other different places. You can then throw all other copies away. The thing is, you can till deposit to your “cold storage” with the public key. You only need access the private key if you want to spend it.

> I’m surprised it’s held up long enough to get to where bitcoin already is, frankly.

Really? The banks have used the same crypto for years now. It has been a juicy target long before bitcoin came along.

> The other aspect is that it seems like there’s only really four plausible creators of bitcoin

Actually, while we don’t know who wrote the bitcoin software, we do know who created the foundations it is built on (ie, bitcoin’s equivalent of Chaum). That is Nick Szabo. He is not a mathematician, a private startup of some sort, an intelligence agency, or a criminal outfit. He is a Law Professor at George Washington University. (Aside: I wonder how that fits into your speculations on bitcoin avoiding regulation.)

> transaction fee wasn’t at 5c

The fee isn’t enforced by the miners, but it is enforced by the relay channels. As of version 0.9.0 it dropped to 0.0001 BTC per kilobyte of transaction. A simple payment takes about 1/3 of a KB. That’s around 0.2c.

With the cessation of mining rewards there will be a little point in enforcing a minimum any more. The rewards are far greater than the mining fees so the miners seem to ignore them. (You occasionally see transactions with 0 fees being processed.) The minimum is there to protect the block chain against attacks that look like spam. Attacking bitcoin has been a popular pastime for years now. When the rewards become negligible the miners won’t pick up transaction that doesn’t pay for the electricity needed to process it. At that point mining will become a pure market, providing a service (securing the block chain) for a fee.

> 52,000 transactions a year, and there are up to 20M bitcoins

Assuming one bitcoin transaction, that translates to a around 10MB of transaction data per second. A good NBN link (as opposed to the CBN) link could maintain that.

Jokes aside, the job has already been partially parallelised as the bitcoin network stratifies into specialities. The relay nodes verify the transactions (which by happy circumstance means all the slow stuff, the crypto, is handled at the network’s edges), other nodes assemble them into blocks (the major check here is to prevent double spends), the mining pools pick up blocks, summarise them into a few SHA256 hashes and hand them out to miners.

The double spend checking is the thing that requires a lots of compute power, but the check itself is literally just a hash lookup, followed by checking setting a bool “spent” flag. The process will require gobs of memory and will be memory bandwidth limited, but it is amenable to sharding. I can’t see it being a problem.

2. aj says:

Hmm, I need to actually review the bitcoin protocol to really comment. I’d distinguish “transformative” work, like signing/encrypting something that actually creates information that’s used later, from “proof of work” that just shows you’ve done something difficult to ensure scarcity, like move rocks from from here to there, then back again.

If the bitcoin stuff were /just/ doing the latter (in the same way that hashcash did), then the blockchain wouldn’t actually be safe against forking. AFAICS, the blockchain is already safe against making the algorithms cheaper/faster, which hashcash wasn’t.

Having the hashing algorithm both secure the block chain and generate independently useful results as a side-effect

>> I’m surprised it’s held up long enough to get to where bitcoin already is, frankly.
> Really? The banks have used the same crypto for years now. It has been a juicy target long before bitcoin came along.

SHA2 is, sure; but crypto is hard because it’s not just a matter of finding secure primitives — exactly how they’re put together and used in the real world matters, and is usually done badly.

> That is Nick Szabo. He is not a mathematician, a private startup of some sort, an intelligence agency, or a criminal outfit. He is a Law Professor at George Washington University. (Aside: I wonder how that fits into your speculations on bitcoin avoiding regulation.)

Based on the trailing comment in http://unenumerated.blogspot.com.au/2009/05/liar-resistant-government.html he seems to view it as related work, but not something he’s responsible for. Unless he is Satoshi, I wouldn’t nominate him as the creator. In any event, looking at his blog, I’d put him as smart, super-interesting academic type. If he did the coding and the improvements from bitgold to bitcoin, add super-smart.

http://unenumerated.blogspot.dk/2011/05/bitcoin-what-took-ye-so-long.html seems about right as to why I’d count Satoshi as the creator of bitcoin, rather than anyone who’d done previous work. Beyond that, there’s something very impressive about having not only made design decisions that work technically, but that are appealing enough to actually put into use.

(Actually, going by “who benefits”, a tax collection agency is another possible contender for the creator of bitcoin — having a public ledger of all transactions available could potentially enhance tax fraud investigations substantially. I don’t find that plausible because I can’t imagine any tax agencies actually having an R&D group capable of making bitcoin, or letting them have the time to develop it. If it happened, they could have been leaned on by law-enforcement types to not claim credit, in order to allow some sting operations against criminal organisations, who might be a bit more suspicious of a cryptocurrency from a tax office, than an anonymous hacker, which would explain the pseudonym, the lack of regulatory problems, and why Satoshi’s bitcoins haven’t been spent)

3. Russell Stuart says:

> SHA2 is, sure; but crypto is hard because it’s not just a matter of finding secure primitives — exactly how they’re put together and used in the real world matters, and is usually done badly.

For what it is worth, bitcoin uses remarkably little crypto. It doesn’t encrypt anything. It uses digital signatures for their intended purpose – signing a transaction to you can prove only you could have created it. And it for the most part it uses hashes purely as compression functions – it create a small bag of bits that can uniquely identify a bigger bags of bits so they don’t task too much space to store in the block chain. The only “novel” use of SHA is in the proof of work, which isn’t novel to bitcoin.

The magic of bitcoin is in how it forces a group of competing miners to rapidly come to a consensus. Once you have wrapped your head around how that works (and in particular what causes the miners to settle on the same set of rules) you understand the core underpinnings of bitcoin. It has very little to do with crypto. As one the blog posts you link to point out, it so simple people now call it obvious and wonder why it took so long to come up with it.

There many outright bugs in the beginning, but they were fixed when fixing them was easy. The current bug that is attracting a lot of attention is the transaction malleability “bugs”. The word bugs (there was multiple all causing the same issue) is in inverted commas because it doesn’t effect the core bitcoin protocol (multiple different looking but otherwise identical transactions are double spends, which it is amply protected against), but makes tracking your transaction in the block chain harder than it need be.

And yes there are probably more bugs, but unlike Chaum’s protocol there isn’t much in the way of crypto magic so they are unlikely to be in the crypto.

> I wouldn’t nominate him as the creator.

This describes the core idea: http://unenumerated.blogspot.com.au/2005/12/bit-gold.html It’s the first paper from anyone that describe it.

Notice that it references something he wrote in 1999. He had been playing with these ideas for a long time.

> he seems to view it as related work, but not something he’s responsible for.

Counter quote from http://unenumerated.blogspot.com.au/2011/01/tech-roundup-012211.html : “Bitcoin, an implementation of the bit gold idea (and another example of where the order of events is important), continues to be popular.”

> I’d put him as smart, super-interesting academic type.

Yes, you were right the first time.

4. Russell Stuart says:

The best explanation of the bitcoin protocol I have come across so far:
http://www.igvita.com/2014/05/05/minimum-viable-block-chain/