| "Unless a truly insurmountable flaw is discovered that renders any system with the features of bitcoin infeasible." Be careful with words like "infeasible." That has a meaning in cryptography and in complexity theory, and it is not quite what you mean there. I think what you are trying say is, "There might be no protocol like Bitcoin that is secure against polynomial time attacks." That is not such an outlandish scenario. It has been proved that Merkle's Puzzles cannot be secure no matter how they are instantiated; in fact, Merkle's original system is optimal. I would not be surprised if the a similar statement were true of digital cash systems without central authorities: that there will always be a polynomial time attack, no matter how you instantiate them. Of course, before such a statement could be proved, you would first need a rigorous security definition for Bitcoin. What does it even mean for Bitcoin to be secure? "Double spending" is not even well-defined for Bitcoin; the existing rigorous definitions of double spending in digital cash systems invoke a central authority. Without good security definitions, it is hard to say whether or not Bitcoin is secure or could be secure. I doubt that even a minority of Bitcoin users are terribly concerned with the lack of rigorous definitions or analysis. If they were, the system would never have gained any traction. As you say, it would take a sustained attack on these systems to really erode the trust in them (although by the second or third system that was attacked, I think most people would just give up). It is also worth pointing out that the end game might not even be to destroy the system, but just to use it to cut off organizations like Wikileaks. The same attack that can be used to double-spend in Bitcoin can be used to prevent transactions from being confirmed; the government might just stop select targets from using Bitcoin. This would probably shake people's trust in the system, but perhaps not -- maybe the government would be very judicious, or would try to frame the target and make it look like they are trying to cheat. We could sit here coming up with possible motives for an attack all day long, of course. That is yet another reason that rigorous definitions and formal analysis are valuable: if we can show that no feasible attacks exist, then we do not need to try to guess what the attacker's purpose might be. |
I just think the question you keep missing is: Does it matter in practice?
Our entire world runs on imperfect systems. Can we really already tell whether bitcoin is worse?
Where is your mathematical proof that the current monetary system is secure against polynomial time attacks? Where is your rigorous security definition for the current monetary system?
Could it be we are witnessing attacks on the current system right now, resulting in enormous concentrations of wealth through interactions that we barely understand[1]?
Could it be we are witnessing the authorities abuse the current system to cut off organizations like Wikileaks[2]?
You seem to demand a system that is perfect in every sense on day 1 and replaces the US Dollar on day 2.
Yet couldn't it be that it is actually the academic imperfections, the pragmatic approach of bitcoin that make it a success?
Who knows whether airtight mathematical security is even the most important requirement? Perhaps the known attacks are "hard enough" already, or will be after a few more patches? Perhaps bitcoin will fail spectacularly in a few years due to scalability instead of security issues?
My point is: We simply don't know. We have no precedent, nothing even remotely close (please correct me if I'm missing it, I honestly can't think of one).
Thus I disagree the case is nearly as clear cut as you make it out to be.
[1] http://baselinescenario.com/2012/11/29/high-frequency-tradin...
[2] http://wikileaks.org/Banking-Blockade.html