[alphamerik]

The problem is that if the cryptography is broken, in regards to #3, you have no idea if a token created with the 'old method' is real or counterfeit.

In a decentralised service you would need to convert all old tokens into new tokens before the old cryptography was compromised, which requires work - you would be generating new coins, and would have an exchange rate. Or you could setup a centralised validation service for coins as the article suggests, before the cryptography was broken, to ensure people aren't creating fake money.

I am not sure what you mean by accepting a bitcoin vs voting for a bitcoin, can you clarify? "Voting" doesn't look like a method they normally use for validation...

[illumin8]

This is very similar to the way the US Treasury handles physical currency updates. If I recall correctly, in the 1990s, Iraq still had a working money press that could print perfectly legitimate US dollars as fast as possible. PC printer technology had also advanced to the point where $20s and $100s were easily counterfeited.

The US Treasury had to go through a transition period where new money with new security features were printed and the old money was taken out of circulation. I assume BTC will have to go through a similar digital verification.

The way this would work in theory is that old BTC will be converted to new BTC on a 1 to 1 basis, but first each old BTC will need to be validated against the blockchain. You could just say that any BTC with over 1,000 confirmations is valid, since it is highly unlikely that so many confirmations could be falsified.

Another way to convert from old-BTC to new-BTC would be to use the miners to validate each conversion. For example, if a sufficient number of miners verifies that yes, indeed a certain BTC appears in the blockchain, then that one is considered valid and is inserted into the new blockchain, and removed from the old blockchain. This algorithm could actually pay a new-BTC reward for validating old-BTC to the miners that validate each transaction, thus ensuring a sufficient amount of CPU power is dedicated to this process.

[tptacek]

It is difficult to launder huge volumes of $20's and $100's.

It is trivial to launder huge volumes of forged Bitcoins; they are as liquid and convenient as real Bitcoins of any denomination.

Similarly, while you have to read interesting long-form journalism to learn about Iraq and North Korea counterfeiting operations, the whole world would know if either country could trivially forge Nasdaq transactions.

[ezyang]

To clarify this some more, if the hashing algorithm is sufficiently broken, then I can doctor an arbitrary transaction of bitcoins to where-ever I want. If the old bitcoins are that insecure, they will necessarily become worthless.

[drcode]

I see- I agree this wouldn't work if there was a _catastrophic_ break in the crypto algorithm... My post assumes that if the algorithm is broken, it would mean that questionable bitcoins could be created at a higher-than-expected rate, but that there would be time for people to backstop it by updating their clients. I would think that a less catastrophic issue (leading to only an order-of-magnitude improvement in hash solutions) is more likely, but I suppose a fully catastrophic break is also possible.