[betterunix]

Is there some reason to think a more "resilient" protocol is even possible? Can you even give a rigorous definition of the security properties these protocols are trying to achieve?

That aside, do you really think the government would not try to destroy Bitcoin even if it meant a new system replaced it? Have you not been paying attention to what happened with Megaupload? Governments are perfectly willing to attack systems even when they know the systems will be replaced, just to disrupt the users of the system and pressure people to avoid them.

[moe]

Is there some reason to think a more "resilient" protocol is even possible?

I'm not a bitcoin researcher but the first thing I'd have to note is that so far it's holding up not bad at all. At non-trivial scale and under permanent attack. Not a small feat for the first impl of a global, cross-platform P2P crypto money system, don't you think? Just consider the history of infinitely simpler systems (e.g. twitter).

Furthermore there are various efforts underway (e.g. SolidCoin) to address the known weaknesses, even before we know whether any of them turns out to be a bigger problem than the issues that we take for granted in our current banking system (e.g. "too big to fail" or the perpetual banking crisis that has been going on for the past 10 years).

That aside, do you really think the government would not try to destroy Bitcoin even if it meant a new system replaced it?

Personally yes, I doubt any half-sane government will equate bitcoin with software piracy.

Bitcoin addresses one of the core mechanics of society (money exchange). That's not even in the same ballpark as people downloading vampire movies without paying for them.

just to disrupt the users of the system and pressure people to avoid them.

This is where I think the average government would be smarter than you.

You can't kill demand for something so useful unless you utterly convince a majority that it can not possibly work - here your piracy-analogy holds water again.

They may indeed pull a Napster (we've seen how that played out) but I think it's much more likely they would try a very long-term, elaborate stealth attack to erode trust in p2p money systems as a whole.

But just as with piracy this seems like a losing proposition. Unless a truly insurmountable flaw is discovered that renders any system with the features of bitcoin infeasible.

[betterunix]

"Unless a truly insurmountable flaw is discovered that renders any system with the features of bitcoin infeasible."

Be careful with words like "infeasible." That has a meaning in cryptography and in complexity theory, and it is not quite what you mean there. I think what you are trying say is, "There might be no protocol like Bitcoin that is secure against polynomial time attacks."

That is not such an outlandish scenario. It has been proved that Merkle's Puzzles cannot be secure no matter how they are instantiated; in fact, Merkle's original system is optimal. I would not be surprised if the a similar statement were true of digital cash systems without central authorities: that there will always be a polynomial time attack, no matter how you instantiate them.

Of course, before such a statement could be proved, you would first need a rigorous security definition for Bitcoin. What does it even mean for Bitcoin to be secure? "Double spending" is not even well-defined for Bitcoin; the existing rigorous definitions of double spending in digital cash systems invoke a central authority. Without good security definitions, it is hard to say whether or not Bitcoin is secure or could be secure.

I doubt that even a minority of Bitcoin users are terribly concerned with the lack of rigorous definitions or analysis. If they were, the system would never have gained any traction. As you say, it would take a sustained attack on these systems to really erode the trust in them (although by the second or third system that was attacked, I think most people would just give up).

It is also worth pointing out that the end game might not even be to destroy the system, but just to use it to cut off organizations like Wikileaks. The same attack that can be used to double-spend in Bitcoin can be used to prevent transactions from being confirmed; the government might just stop select targets from using Bitcoin. This would probably shake people's trust in the system, but perhaps not -- maybe the government would be very judicious, or would try to frame the target and make it look like they are trying to cheat.

We could sit here coming up with possible motives for an attack all day long, of course. That is yet another reason that rigorous definitions and formal analysis are valuable: if we can show that no feasible attacks exist, then we do not need to try to guess what the attacker's purpose might be.

[moe]

Well, all your concerns may very well be provably correct, from a purely academic perspective.

I just think the question you keep missing is: Does it matter in practice?

Our entire world runs on imperfect systems. Can we really already tell whether bitcoin is worse?

Where is your mathematical proof that the current monetary system is secure against polynomial time attacks? Where is your rigorous security definition for the current monetary system?

Could it be we are witnessing attacks on the current system right now, resulting in enormous concentrations of wealth through interactions that we barely understand[1]?

Could it be we are witnessing the authorities abuse the current system to cut off organizations like Wikileaks[2]?

You seem to demand a system that is perfect in every sense on day 1 and replaces the US Dollar on day 2.

Yet couldn't it be that it is actually the academic imperfections, the pragmatic approach of bitcoin that make it a success?

Who knows whether airtight mathematical security is even the most important requirement? Perhaps the known attacks are "hard enough" already, or will be after a few more patches? Perhaps bitcoin will fail spectacularly in a few years due to scalability instead of security issues?

My point is: We simply don't know. We have no precedent, nothing even remotely close (please correct me if I'm missing it, I honestly can't think of one).

Thus I disagree the case is nearly as clear cut as you make it out to be.

[1] http://baselinescenario.com/2012/11/29/high-frequency-tradin...

[2] http://wikileaks.org/Banking-Blockade.html