Hacker News new | ask | show | jobs
by betterunix 4705 days ago
1. Bitcoin has no rigorous security definition.

2. Bitcoin can be "attacked" (for some vague notion of what it means to attack a system that has no security definition) in polynomial time.

3. The economics of Bitcoin are extremely suspect and based on a poorly developed economic model, supported by neither the Austrian school nor by modern monetary theory. This is probably the underlying cause of the lack of a security definition, as the security definition of a digital cash system will almost certainly be driven by the system's economic model.

These issues have been covered ad nauseam by many people, and have been largely dismissed by the Bitcoin community. All the while we have seen increasing amounts of energy sunk into Bitcoin mining, we have seen a major block chain fork that left transactions in question, and we have seen wild fluctuations in the value of Bitcoin currency.
3 comments
javert 4705 days ago
It's hard to downvote a thoughtful comment from a smart person, but you're just plain, flat out wrong.

Bitcoin is a heuristic for Byzantine concensus that requires 50% + epsilon of mining hash power to subvert.

This is not explicitly stated in the original paper, but the original paper comes very close.

I don't know what else you would want.

Regarding economics: All you need for a functioning currency is a supply of speculators who will bet on its future value and thus prop it up. That is only sustainable if the currency is the best at what it does for some meaningful niche (e.g. untrusted digital transactions). This is not part of any proir school of economics, but it's close to common sense, and is strongly supported by the success of bitcoin thus far.

link
betterunix 4704 days ago
You are already giving an unclear definition when you use terms like "mining hash power." What rigorous definition can you give for that term? What sort of model of computation are we working with (or is the definition based on information theory?)?

For comparison, consider the definition of security used in this recently published paper:

http://eprint.iacr.org/2013/443

The definition is long, but very clear. Probabilistic polynomial time Turing machines are used as a model of computation; the adversary is given more power by being allowed to be non-uniform (i.e. the adversary can be a different machine for different security parameters). The security properties are clearly defined in terms of this model of computation, and a construction is given and proved to meet the properties (under certain hardness assumptions).

Note that there is no possible way that Bitcoin could meet the security definition given in that paper, because that definition requires the existence of a bank that issues the cash. This is true of previous work on digital cash as well, including the work that preceded Bitcoin. That is why it is necessary to develop a security definition that makes sense for systems like Bitcoin -- digital cash systems in which there is no bank. That is the complaint I have: no satisfactory definition has been given.

"This is not part of any proir school of economics, but it's close to common sense, and is strongly supported by the success of bitcoin thus far."

Economics often defies common sense, so I would be wary of using common sense as the basis for a currency.

link
jafaku 4705 days ago
1. What do you mean?

2. Countries can be attacked too. I don't know what your point is here. If bitcoin survives its infancy, it could become more resilient than any other currency.

3. Could you explain it in practical terms? Because as long as it works, why should I care about what theorists say? Bitcoin's creator said himself that it was an experiment, and rightly so, we have never seen anything like Bitcoin taking off before. Seems like he nailed it on his design.

Yeah, I have seen a lot of people raging. How is that evidence of anything, other than fear of the unknown?

link
betterunix 4705 days ago
Typically cryptographers will define a security goal in rigorous terms, then prove that their system meets that goal (at least for "cryptomania" type applications like digital cash). There are good reasons for doing this:

1. It makes proofs of security possible, which make us a lot more confident about cryptosystems.

2. It allows us to be clear about what it means to "break" a system. If we are not clear about this, someone could claim that their system cannot be attacked by simply defining security to be the exact behavior of whatever they created. This is analogous to having a falsifiable hypothesis in a scientific experiment.

The original Bitcoin paper did not have such a definition. I am aware of one attempt at making such a definition, but it resulted in a very weak notion of security that placed unrealistic restrictions on what an attacker could do (basically, the authors were trying to find some definition that Bitcoin could satisfy; see point 2 above). In general, Bitcoin's security is highly suspicious, since by design the honest parties must scale their work in proportion with the work done by the attacker.

"Countries can be attacked too. I don't know what your point is here. If bitcoin survives its infancy, it could become more resilient than any other currency."

If you are admitting the possibility that an army might attack a country, then you are allowing Bitcoin to be fractured by an army destroying the outgoing Internet connections of a country. In the past, countries have been cut off from the Internet by accident (e.g. anchors being dropped on undersea cables). You could keep an attacking army outside of your territory and still wind up unable to communicate with the rest of the Bitcoin network. This is not a highly convincing argument.

Of course, this is all irrelevant, because a polynomial time attack is not the same as an act of war. There are a lot of organizations with the resources needed to perform the "51% attack" on Bitcoin and no compelling reason to think that a faster attack is not possible. You could attack Bitcoin by performing a lot of computation locally, without ever needing to step foot out the door. Bitcoin also does little to prevent attacks based on sending malicious messages into the network, despite the fact that cryptographers began developing techniques for dealing with that decades ago and despite the fact that almost all that work is freely available.

"3. Could you explain it in practical terms?"

Sure. Let's start with a thought experiment: I have something very rare, which has no practical uses but which is easy to give to others. Will you give me your car for a big pile of it?

Unless you are crazy you would not give up your car. The reason is that you are receiving something that is useless in exchange, and that you would have to go find some other person willing to take a pile of useless (but rare) items. Would your landlord accept some of these rare items as a rent payment? Would the bank accept some as loan repayment? Would the government accept it as a tax payment (let's just pretend that you are a law-abiding citizen who pays their taxes)?

How is Bitcoin any different? A lot of hype was generated about it, but at the end of the day you will not be able to pay your taxes with it, banks are unlikely to accept it for loan payments, and the majority of businesses that claim to accept Bitcoin payments actually accept payments in fiat currency via a Bitcoin exchange. Bitcoin currency has no practical uses (it is basically an energy sink) so the Austrian school does not support it, and it is not legal tender nor is it accepted for tax purposes by the government so modern monetary theory does not support it either.

"why should I care about what theorists say?"

For the same reason you should care about what cryptography theorists, physicists, and doctors have to say.

"we have never seen anything like Bitcoin taking off before."

That is because Bitcoin is the first of its kind. It is the first attempt to create a currency without a legal system. Even gold had value as currency because of a legal system.

"Yeah, I have seen a lot of people raging. How is that evidence of anything, other than fear of the unknown?"

You are calling the informed opinions of dozens of experts in cryptography and economics "raging" because they are saying that the system you love and support is based on dubious technical and economic ideas. It sounds more like you started out believing that Bitcoin is the future and are not willing to accept any argument that concludes anything else.

link
jafaku 4705 days ago
> There are a lot of organizations with the resources needed to perform the "51% attack" on Bitcoin and no compelling reason to think that a faster attack is not possible.

I'm aware of that. There are also lots of organizations with the power to kill you, yet you won't lose your sleep, because they have nothing to gain from that, so you are pretty sure that it won't happen. It could be argued that the central banks have a lot to lose to Bitcoin, so they should attack it. But after giving it a bit of thought, I remembered that most people just try to pass the current problems to the next guy (think of presidents, bankers, etc), so why would they bother? Right now, Bitcoin is not big enough to be a threat to anyone. It will keep growing as a threat, but everyone will pass the problem to the next guy, until Bitcoin becomes too big to be stopped. If there is a future that makes sense, this is it. Bitcoin takes over because lazy politicians don't do what they have to (in this crazy world, where their function seem to be to ruin everything), and ironically, that will be the best for everyone.

> For the same reason you should care about what cryptography theorists, physicists, and doctors have to say.

I was thinking about economists mostly (which in many cases will have vested interests), but still, if it works it works. Many theorists have spoken against the phone, the internet, the email, the aeroplanes, etc, and see what happened. I'm no cryptographer, but Bitcoin doesn't seem like something that would require one to begin with since all its crypto was done at the user level, it's pretty simple. Satoshi didn't try to create his own hashing algorithm or anything like that.

> You are calling the informed opinions of dozens of experts in cryptography and economics "raging" because they are saying that the system you love and support is based on dubious technical and economic ideas. It sounds more like you started out believing that Bitcoin is the future and are not willing to accept any argument that concludes anything else.

There are quite informed people on the other side too. So what do we do about them? Ignore them? I said raging, because Bitcoin has this crazy effect on a lot of people. They will hate Bitcoin for no reason, spread outright lies, and try to convince everyone that it is a scam. Why? We still don't know what causes it, so we just call it fear of the unknown.

link
betterunix 4704 days ago
"Satoshi didn't try to create his own hashing algorithm or anything like that."

No, he tried to create his own digital cash system, and digital cash is a cryptography problem that has been extensively studied by cryptographers (and had been studied for decades prior to Bitcoin). Bitcoin is also a system that involves multiparty computation, and secure multiparty computation has also been studied extensively by cryptographers, also going back decades. It is a mistake to think that the only relevant cryptography in Bitcoin are digital signatures and hash functions.

This is really the crux of the issue here. Bitcoin is not a hash function. It is not a digital signature system. The security of hash functions and digital signatures is not in question here; Bitcoin could be vulnerable to attack even if it is built using secure hash functions and secure signature systems. The point of having a security definition is to be clear about these things. We need to be clear about what the meaning of "security" is in the case of Bitcoin if we want to make any statements about whether or not Bitcoin actually achieves that security goal. It is not hard to see that the definition of security for a hash function or a digital signature system is not what we want for Bitcoin; what is not so clear is what we actually do want.

link
drewblaisdell 4705 days ago
> Sure. Let's start with a thought experiment: I have something very rare, which has no practical uses but which is easy to give to others. Will you give me your car for a big pile of it?

How does the success/value of gold not completely destroy this line of reasoning?

I'm not saying it is destined for success or failure, just that this is not a coherent argument against Bitcoin.

link
westicle 4705 days ago
I read that whole thought experiment assuming that "something very rare, which has no practical uses but which is easy to give to others" was cash.

Which is awkward.

link
betterunix 4705 days ago
Go buy your lunch with a lump of gold if you need to be reminded that gold is not used as a currency outside of a few highly niche markets.
link
aryastark 4705 days ago
This line of reasoning is inane, and comes up every time gold or Bitcoin is mentioned.

Gold and Bitcoin are merely stores of value. Just like your paper bills with dead presidents on them. Or stocks or bonds. Which has next to nothing to do with how you pay for something. You can easily barter for an item, or pay with credit cards. Some places still do not accept American Express. Some places don't accept any credit cards. That doesn't take away from the fact that they are convenient. Likewise, I can see that Bitcoin could eventually become very convenient for micropayments, since credit cards charge merchants a fee. AFAIK, Bitcoin transfers are cheap or entirely free, thus making micropayments possible.

link
betterunix 4704 days ago
Currencies are not just stores of value. Real estate is a store of value also, but nobody uses land or buildings as currency.

Once upon a time, gold was used as currency. Merchants would have scales, weights, and other equipment needed to deal in gold. That is not how gold is used in today's world; there are only a few highly niche markets where gold is used as currency, and everywhere else you have either fiat currency or currency that is backed by gold (with fiat currency being vastly more popular these days).

It is also wrong to separate printed money from the rest of the money supply when you are talking about fiat currency. Paper money is just a representation of the currency; the value of a dollar bill is equal to the value of four quarters and equal to the value of a bank account with one dollar in it. Fiat currency is an abstraction created by laws, which is implemented in various ways (paper money, coins, electronic transactions, etc.).

link
jafaku 4705 days ago
I guess the Yen and the Pound Sterling are not currencies either then, since my local restaurant doesn't accept them.
link
betterunix 4704 days ago
The Yen and the Pound are currencies in certain markets. Lumps of gold are used as currency only in highly niche markets. I did say that gold is a currency in such markets, but it is not generally used as currency in most of the world.
link
bpodgursky 4705 days ago
Adding a few of my own peeves:

4. Bitcoin is inherently deflationary, which is an awful idea if you talk to anyone who knows anything about money

5. Bitcoin is fundamentally backed by pointlessly wasting CPU cycles and wasting energy trying to reverse hashes.

link
jafaku 4705 days ago
4. Last time I checked, gold was still very valuable. And it has been used for what... Thousands of years? The economies of the world did just fine without forced inflation and consumerism.

5. Printing paper money wastes way more resources. And how is using energy to create something of value a bad idea anyway? Bitcoin doesn't even require that you use a contaminating type of energy, for all I know you could be hashing with solar energy.

link
bpodgursky 4705 days ago
Most transactions now do not involve cash, and credit card transactions are in fact far more energy-efficient than bitcoin transactions. And it is not just using energy to "create something of value"--it is an artificial waste of energy barrier.

Furthermore, there will be an energy cost to transactions even after no substantial number of bitcoins are mined, since just verifying transactions requires wasteful hashing.

The solar energy part is totally irrelevant--if you happen to have a solar panel sitting around, you could just as easily use it for actual work (and offset coal burning) rather than computing hashes.

link
jafaku 4704 days ago
> credit card transactions are in fact far more energy-efficient than bitcoin transactions

Huh? You seriously think Visa/Mastercard are using less energy than Bitcoin?

> Furthermore, there will be an energy cost to transactions even after no substantial number of bitcoins are mined, since just verifying transactions requires wasteful hashing.

You can call it wasteful all you want, but if you don't see the value in creating/maintaining a global framework for storing and exchanging value, then I don't know what to tell you. Besides, you are comparing apples to oranges. Bitcoin is a currency. You can build things like Visa around Bitcoin.

link
dangero 4705 days ago
Gold being valuable isn't the point. In fact, I think calling bitcoin deflationary indicates the belief it will actually be more valuable in the future.

Question for you regarding your reference to forced inflation and consumerism: Do you believe there would be even a temporary economic collapse if the world were to suddenly move to a deflationary currency? If so, how many months/years would the collapse have to last before you would say that the transition to a deflationary currency isn't worth it?

The reason I ask is because while fundamentally I have a lot of problems with our financial system, I've come to the conclusion that historically there were periods of recession that lasted hundreds of years. I just don't feel that my lifetime in a bad transition economy is worth the sacrifice of moving to a "better" financial system. I'd rather just keep the status quo as it slowly degrades to something worse and worse since I think that's the best outcome for me. It's a selfish outlook, but I have to believe it's the outlook of most people and that's why we are where we are right now.

link
retrogradeorbit 4705 days ago
re: 4. Deflation is bad for the asset rich, but good for the asset poor. Inflation is good for the rich and bad for the poor. Those who usually spout the 'inflation is better than deflation' argument are the rich.

The argument that inflationary expectation is better than deflationary expectation because during period of deflation purchasing stops because 'it will be cheaper tomorrow' is flawed because such periods of deflation are short lived, and the market returns to a price where people are willing to re-enter the market and purchase to gain utility from the goods and services.

Just be careful believing people who "know anything about money" without thinking it through.

For more: http://www.zerohedge.com/news/guest-post-if-you-want-help-po...

link
scythe 4705 days ago
No, deflation is bad, period, for the economic actors who depend on deflationary currencies, and this is verified simply by looking at pretty much any historical instance of deflation.

http://en.wikipedia.org/wiki/Deflation#Historical_examples

Notice how nothing good ever comes of deflation? That should be a hint. I would be highly suspicious of the unsourced "In Ireland" section:

http://byline.timetric.com/2010/11/25/ireland-deflation-debt...

though there were some upsides: http://marketmonetarist.com/2012/08/14/good-deflation-the-ca...

I'm not against Bitcoin per se, but all this anti-inflation crap is, quite simply, at odds with historical data to the point that it has become essentially "views differ on shape of planet". If economics is to be useful at all, it has no choice but to be empirical, and everything we've ever measured has always told us that deflation is bad.

Perhaps Satoshi simply felt it was easier to implement finite Bitcoins than a constantly increasing supply. I don't think he can be blamed for that. Bitcoin is, if nothing else, certainly intriguing.

link
jafaku 4705 days ago
You are confusing the short lived deflation that could be caused by a deflationary currency, with the deflation caused by all the other problems mentioned in the wikipedia article, like "technological progress that created significant economic growth", "great advances in productivity", etc. Apparently the only problem brought by gold and silver was that there was a scarcity of coins (a physical problem), which would never happen with Bitcoin (a digital currency).

> Perhaps Satoshi simply felt it was easier to implement finite Bitcoins than a constantly increasing supply. I don't think he can be blamed for that. Bitcoin is, if nothing else, certainly intriguing.

No, he was against inflation. In the first block of the blockchain, he added a message; it was something about Bernake approving a new bailout for the banks.

link
phaemon 4705 days ago
> No, deflation is bad, period, for the economic actors who depend on deflationary currencies,

USD (or GBP or AUD etc) are deflationary relative to technological items, such as computers. By your theory, no-one should buy such items. In reality, they do.

I think this shows your theory is wrong.

link
bpodgursky 4705 days ago
You absolutely have 4 backwards. Deflation is good for those rich enough to have money sitting around, and who can make money just by sitting on it and not investing it. Inflation is bad for the rich because suddenly they have to DO something with the money, or it disappears.
link
jafaku 4705 days ago
Inflation is good for the rich's income. Deflation is good for the rich's savings. Seems like they win in both cases? Though I would argue they win more in the first case, since inflation don't necessarily force them to do something with the money. Eg: They could just sit on gold or real estate if they wanted to. But most rich people didn't get there by doing nothing, so they tend to do something anyway, no need to force them.
link
Gormo 4705 days ago
A deflationary currency can be a bad idea as a monopolistic currency.

But adding a deflationary currency to an ecosystem that also contains inflationary currencies isn't the same thing as having a deflationary currency be the only currency available.

link
maged 4705 days ago
5 is pretty equivalent to the mining of precious metals (well those with no practical applications).
link