--- a/handouts/ho08.tex Fri Nov 21 02:39:17 2014 +0000
+++ b/handouts/ho08.tex Fri Nov 21 14:35:56 2014 +0000
@@ -30,7 +30,8 @@
\end{center}
\noindent The latter also contains a link to a nice youtube
-video about the technical details behind Bitcoins.
+video about the technical details behind Bitcoins. I will
+also use some of their pictures.
Let us start with the question who invented Bitcoins? You
could not make up the answer, but we actually do not know who
@@ -67,7 +68,7 @@
\]
\noindent allows everybody with access to the corresponding
-public key $K^{pub}$ to verify the message came from the
+public key $K^{pub}$ to verify that the message came from the
person who knew the private key. Signatures are used in
Bitcoins for verifying the addresses where the Bitcoins are
sent from. Addresses in Bitcoins are essentially the public
@@ -77,9 +78,9 @@
generate a public-private key pair it is very unlikely that
you step on somebody else's shoes. Compare this with the
email-addresses you always wanted to register with, say
-Googlemail, but which are already taken.
+Gmail, but which are already taken.
-One main difference between Bitcoins and traditional banking
+One major difference between Bitcoins and traditional banking
is that you do not have a place, or places, that record the
balance on your account. Traditional banking involves a
central ledger which specifies the current balance in each
@@ -108,12 +109,12 @@
data that is ever stored in the Bitcoin system (we will come
to the precise details later on). The transactions are
encrypted with Alice's private key so that everybody,
-including Bob, can use Alice's public key $K^{pub}_{Alice}$
-for verifying that this message came really from Alice, or
-more precisely from the person who knows $K^{priv}_{Alice}$.
+including Bob, can use Alice's public key $K^{pub}_{Alice}$ to
+verify that this message came really from Alice, or more
+precisely from the person who knows $K^{priv}_{Alice}$.
The problem with such messages in a distributed system is that
-what happens if Bob receives 10, say, of these transactions.
+what happens if Bob receives 10, say, of these transactions?
Did Alice intend to send him 10 Bitcoins, or did the message
get duplicated by for example an attacker re-playing a sniffed
message? What is needed is a kind of serial number for such
@@ -143,15 +144,18 @@
would also be an easy target for any government interference,
for example. Think of the early days of music sharing where
the company Napster was the single point of ``failure'' which
-was taken offline by law enforcement. Bitcoins is more a
-system like BitTorrent without a single central entity that
-can be taken offline.
+was taken offline by law enforcement. Bitcoins is more like a
+system such as BitTorrent without a single central entity that
+can be taken offline.\footnote{There is some Bitcoin
+infrastructure that is not so immune from being taken offline:
+for example Bitcoin exchanges, HQs of Bitcoin mining pools,
+Bitcoin developers and so on.}
Bitcoin solves the problem of not being able to rely on a bank
by making everybody the ``bank''. Everybody who cares can have
the entire transactions history starting with the first
transaction made in January 2009. This history of transactions
-is called \emph{blockchain}. Bob, for example, can use his
+is called the \emph{blockchain}. Bob, for example, can use his
copy of the blockchain for determining whether Alice owned the
Bitcoin he received, and if she did, he transmits the message
that he owns it now to every other participant on the Bitcoin
@@ -168,11 +172,11 @@
above, and also a reference to the previous block, written
prev. The data in a block (txn's and prev) is hashed so that
the reference and transactions in them cannot be tampered
-with. This hash is the unique serial number of each block.
-Since this previous-block-reference is also part of the hash,
-the whole chain is robust against tampering. I let you think
-why this is the case?\ldots{}But does it actually eliminate
-all possibilities of fraud?
+with. This hash is also the unique serial number of each
+block. Since this previous-block-reference is also part of the
+hash, the whole chain is robust against tampering. I let you
+think why this is the case?\ldots{}But does it actually
+eliminate all possibilities of fraud?
We can check the consistency of the blockchain by checking
whether all the references and hashes are correctly recorded.
@@ -210,17 +214,18 @@
``consolidate'' your funds: if it were only possible to split
transactions, then the amounts would get smaller and smaller.
-But in Bitcoins it is also important to have the ability to
-split the money from one or more incoming transaction to
-potentially more than one receiver. Consider again the
-rightmost transactions in Figure~\ref{txngraph} and suppose
-Alice is a coffeeshop owner selling coffees for 1 Bitcoin.
-Charles received a transaction from Zack over 5 Bitcoins, say.
-How does he pay for the coffee? There is no explicit notion of
-\emph{change} in the Bitcoin system. What Charles has to do
-instead is to make one single transaction with 1 Bitcoin to
-Alice and with 4 Bitcoins going back to himself, which then
-Charles can use to give to Emily, for example.
+In Bitcoins you have the ability to both combine incoming
+transactions, but also to split outgoing transactions to
+potentially more than one receiver. The latter is needed.
+Consider again the rightmost transactions in
+Figure~\ref{txngraph} and suppose Alice is a coffeeshop owner
+selling coffees for 1 Bitcoin. Charles received a transaction
+from Zack over 5 Bitcoins, say. How does he pay for the
+coffee? There is no explicit notion of \emph{change} in the
+Bitcoin system. What Charles has to do instead is to make one
+single transaction with 1 Bitcoin to Alice and with 4 Bitcoins
+going back to himself, which then Charles can use to give to
+Emily, for example.
\begin{figure}[t]
\begin{center}
@@ -237,22 +242,22 @@
Bitcoin, she has two possibilities: She could just forward the
transaction from Charles over 4 Bitcoins to Alice split in
such a way that Alice receives 1 Bitcoin and Emily sends the
-remaining 3 Bitcoins ``back'' to herself. In this case she
-would now be in the ``possession'' of two unspend Bitcoin
-transactions, one over 3 Bitcoins and the independent one over
-6 Bitcoins. Or, Emily could combine both transactions (one
-over 4 Bitcoins from Charles and the independent one over 6
-Bitcoins) and then split this amount with 1 Bitcoin going to
-Alice and 9 Bitcoins going back to herself.
+remaining 3 Bitcoins back to herself. In this case she would
+now be in the possession of two unspend Bitcoin transactions,
+one over 3 Bitcoins and the independent one over 6 Bitcoins.
+Or, Emily could combine both transactions (one over 4 Bitcoins
+from Charles and the independent one over 6 Bitcoins) and then
+split this amount with 1 Bitcoin going to Alice and 9 Bitcoins
+going back to herself.
I think this is a good time for you to pause to let this
-concept of transactions really sink in\ldots{}You should see
-that there is really no need for a central ledger and no need
-for an account balance as familiar from traditional banking.
-The closest what Bitcoin has to offer for the notion of a
-balance in a bank account are the unspend transactions that a
-person (more precisely a public-private key address) received.
-That means transactions that can still be forwarded.
+concept of transactions to really sink in\ldots{}You should
+see that there is really no need for a central ledger and no
+need for an account balance as familiar from traditional
+banking. The closest what Bitcoin has to offer for the notion
+of a balance in a bank account are the unspend transactions
+that a person (more precisely a public-private key address)
+received. That means transactions that can still be forwarded.
After the pause also consider the fact that whatever
transaction is recorded in the blockchain will be in the
@@ -277,7 +282,7 @@
this is also a way how you can get robbed of your Bitcoins. By
old-fashioned hacking-into-a-computer crime, for example, an
attacker might get hold of your private key and then quickly
-forward the Bitcoins that are in your name to an address the
+forwards the Bitcoins that are in your name to an address the
attacker controls. You will never again have access to these
Bitcoins, because for the Bitcoin system they are assumed to
be spent. And remember with Bitcoins you cannot appeal to any
@@ -312,10 +317,9 @@
and whenever Bob tries to convince, or validate, that he is
the rightful owner of the Bitcoin, then the puppy identities
agree. Bob would then have no reason to not give Alice her
-coffee. But behind his back, however, she has convinced
-everybody else on the network that she is still the rightful
-owner of the Bitcoin. After being outvoted, Bob would be a tad
-peeved.
+coffee. But behind his back she has convinced everybody else
+on the network that she is still the rightful owner of the
+Bitcoin. After being outvoted, Bob would be a tad peeved.
The reflex reaction to such a situation would be to make the
process of validating a transaction as cheap as possible. The
@@ -332,7 +336,7 @@
\subsubsection*{Proof-of-Work Puzzles}
In order to make the process of transaction validation
-difficult, Bitcoin uses a kind of puzzles. Solving the puzzles
+difficult, Bitcoin uses a kind of puzzle. Solving the puzzles
is called \emph{Bitcoin mining}, where whoever solves a puzzle
will be awarded some Bitcoins. At the beginning this was 50
Bitcoins, but the rules of Bitcoin are set up such that this
@@ -384,15 +388,18 @@
it is an NP-problem. If we want the output hash value to begin
with 10 zeroes, say, then we will, on average, need to try
$16^{10} \approx 10^{12}$ different salts before we find a
-suitable one. In Bitcoins the puzzles are not solved according
-to how many leading zeros a has-value has, but rather whether
-it is below a \emph{target}. The hardness of the puzzle can
-actually be controlled by changing the target according to the
-available computational power available. I think the
-adjustment of the hardness of the problems is done every two
-weeks. I am not sure whether this is an automatic process. The
-aim of the adjustment is that on average the Bitcoin network
-will most likely solve a puzzle within 10 Minutes.
+suitable one.
+
+In Bitcoins the puzzles are not solved according to how many
+leading zeros a hash-value has, but rather whether it is below
+a \emph{target}. The hardness of the puzzle can actually be
+controlled by changing the target according to the available
+computational power available. I think the adjustment of the
+hardness of the problems is done every 2060 blocks
+(appr.~every two weeks). I am not sure whether this is an
+automatic process. The aim of the adjustment is that on
+average the Bitcoin network will most likely solve a puzzle
+within 10 Minutes.
\begin{center}
\includegraphics[scale=0.37]{../pics/blockchainsolving.png}
@@ -404,33 +411,34 @@
Remember that the puzzles are a kind of proof-of-work that
make the validation of transactions artificially expensive.
-The validation and the derivation of the puzzle is done as
-follows:
+Consider the following picture with a blockchain and some
+unconfirmed transactions.
\begin{equation}
\includegraphics[scale=0.38]{../pics/bitcoin_unconfirmed.png}
\label{unconfirmed}
\end{equation}
-\noindent There are some unconfirmed transactions. Choosing
-some of them, the miner (i.e.~the person/computer that tries
-to solve a puzzle) will form a putative block to be added to
-the blockchain. This putative block will contain the
-transactions and the reference to the previous block. The
-serial number of such a block is simply the hash of all the
-data. The puzzle can then be stated as the ``string''
-corresponding to the block and which salt is needed in order
-to have the hashed value being below the target. Other miners
-will choose different transactions and therefore work on a
-slightly different putative block and puzzle.
+\noindent The puzzle is given as follows: There are some
+unconfirmed transactions. Choosing some of them, the miner
+(i.e.~the person/computer that tries to solve a puzzle) will
+form a putative block to be added to the blockchain. This
+putative block will contain the transactions and the reference
+to the previous block. The serial number of such a block is
+simply the hash of all the data. The puzzle can then be stated
+as the ``string'' corresponding to the block and which salt is
+needed in order to have the hashed value being below the
+target. Other miners will choose different transactions and
+therefore work on a slightly different putative block and
+puzzle.
The intention of the proof-of-work puzzle is that the
-blockchain is at every given moment nicely linearly ordered,
-see the picture shown in \eqref{unconfirmed}. If we don’t have
-such a linear ordering at any given moment then it may not be
-clear who owns which Bitcoins. Assume a miner David is lucky
-and finds a suitable salt to confirm the transactions. Should
-he celebrate? Not yet. Typically the blockchain will look as
+blockchain is at every given moment linearly ordered, see the
+picture shown in \eqref{unconfirmed}. If we don’t have such a
+linear ordering at any given moment then it may not be clear
+who owns which Bitcoins. Assume a miner David is lucky and
+finds a suitable salt to confirm the transactions. Should he
+celebrate? Not yet. Typically the blockchain will look as
follows
\begin{center}
@@ -443,28 +451,32 @@
\includegraphics[scale=0.65]{../pics/block_chain_fork.png}
\end{center}
-\noindent What should be done in this case? The tie is broken
-if another block is solved, like so:
+\noindent What should be done in this case? Well, the tie is
+broken if another block is solved, like so:
\begin{center}
\includegraphics[scale=0.4]{../pics/bitcoin_blockchain_branches.png}
\end{center}
\noindent The rule in Bitcoins is: If a fork occurs, people on
-the network keep track of all forks. But at any given time,
-miners only work to extend whichever fork is longest in their
-copy of the block chain. Why should miners work on the longest
-fork? Well their incentive is to mine Bitcoins. If somebody
-else already solved a puzzle, then it makes more sense to work
-on a new puzzle and obtain the Bitcoins for solving that
-puzzle. Note that whoever solved a puzzle on the ``loosing''
-fork will actually not get any Bitcoins as reward. Tough luck.
+the network keep track of all forks (they can see). But at any
+given time, miners only work to extend whichever fork is
+longest in their copy of the block chain. Why should miners
+work on the longest fork? Well their incentive is to mine
+Bitcoins. If somebody else already solved a puzzle, then it
+makes more sense to work on a new puzzle and obtain the
+Bitcoins for solving that puzzle, rather than wast efforts on
+a fork that is shorter and therefore less likely to be
+``accepted''. Note that whoever solved a puzzle on the
+``loosing'' fork will actually not get any Bitcoins as reward.
+Tough luck.
+
\subsubsection*{Alice against the Rest of the World}
-Let is see how the blockchain and the proof-of-work puzzles
+Let us see how the blockchain and the proof-of-work puzzles
avoid the problem of double spend. If Alice wants to cheat
-Bob she would need to pull off the following ploy:
+Bob, she would need to pull off the following ploy:
\begin{center}
\includegraphics[scale=0.4]{../pics/bitcoin_blockchain_double_spend.png}
@@ -474,87 +486,173 @@
example, for an online order. This transaction is confirmed,
or validated, in block 2. Bob ships the goods around block 4.
In this moment, Alice needs to get into action and try to
-validate the fraudulent transaction to herself instead.
+validate the fraudulent transaction to herself instead. At
+this moment she is in a race against all the computing power
+of the ``rest of the world''. Because the incentive of the
+rest of the world is to work on the longest chain, that is the
+one with the transaction from Alice to Bob:
\begin{center}
\includegraphics[scale=0.4]{../pics/bitcoin_doublespend_blockchain_race.png}
\end{center}
-\noindent At this moment she is in a race against all the
-computing power of the ``rest of the world''. She has to solve
-the puzzles one by one, because the hash of a block is
-determined by all the data in the previous has. She might be
-very lucky to solve one puzzle for a block before the rest of
-the world, but to be lucky many times is very unlikely. In
-order to raise the bar for Alice, merchants accepting Bitcoin
-use the following rule of thumb: A transaction is
-``confirmed'' if (1) it is part of a block in the longest
-fork, and (2) at least 5 blocks follow it in the longest fork.
-In this case we say that the transaction has ``6
-confirmations''. A simple calculation shows that these number
-of confirmations can take up to 1 hour and more. While this
-seems excessively long, from the merchant's point of view it
-is not long at all. For this recall that ordinary credit cards
+\noindent As shown in the picture she has to solve the puzzles
+2a to 5a one after the other, because the hash of a block is
+determined via the reference by all the data in the previous
+block. She might be very lucky to solve one puzzle for a block
+before the rest of the world, but to be lucky many times is
+very unlikely. This principle of having to race against the
+rest of the world avoids the ploy of double spend.
+
+In order to raise the bar for Alice even further, merchants
+accepting Bitcoin use the following rule of thumb: A
+transaction is ``confirmed'' if
+
+\begin{itemize}
+\item[(1)] it is part of a block in the longest fork, and
+\item[(2)] at least 5 blocks follow it in the longest fork. In
+ this case we say that the transaction has ``6
+ confirmations''.
+\end{itemize}
+
+\noindent A simple calculation shows that this amount of
+confirmations can take up to 1 hour and more. While this seems
+excessively long, from the merchant's point of view it is not
+that long at all. For this recall that ordinary creditcards
can have their transactions been rolled-back for 6 months or
so. The point however is that the odds for Alice being able to
-cheat are very low.
+cheat are very low, unless she can muster more than 50\% of
+the world Bitcoin mining capacity.
Connected with the 6-confirmation rule is an interesting
phenomenon. On average, it would take several years for a
typical computer to solve a proof-of-work puzzle, so an
individual’s chance of ever solving one before the rest of the
-world, which typically takes 10 minutes, is negligibly low.
-Therefore many people join groups called \emph{mining pools}
-that collectively work to solve blocks, and distribute rewards
-based on work contributed. These mining pools act somewhat
-like lottery pools among co-workers, except that some of these
-pools are quite large, and comprise more than 20\% of all the
-computers in the network. It is said that BTC, the largest
+world, which typically takes only 10 minutes, is negligibly
+low. Therefore many people join groups called \emph{mining
+pools} that collectively work to solve blocks, and distribute
+rewards based on work contributed. These mining pools act
+somewhat like lottery pools among co-workers, except that some
+of these pools are quite large, and comprise more than 20\% of
+all the computers in the network. It is said that BTC, a large
mining pool, has limited its members to not solve more than 6
blocks in a row. Otherwise this would undermine the trust in
Bitcoins, which is also not in the interest of BTC, I guess.
+Some statistics on mining pools can be seen at
+
+\begin{center}
+\url{https://blockchain.info/pools}
+\end{center}
\subsubsection*{Bitcoins for Real}
-\ldots
+Let us now turn to the nitty gritty details. As a user you
+need to generate and store a public-private key pair. The
+public key you need to advertise in order to receive payments
+(transactions). The private key needs to be securely stored.
+For this there seem to be three possibilities
+
+\begin{itemize}
+\item an electronic wallet on your computer
+\item a cloud-based storage (offered by some Bitcoin service)
+\item paper-based
+\end{itemize}
+
+\noindent The first two options of course offer convenience
+for making and receiving transactions. But given the nature of
+the private key and how much security relies on them (recall
+if somebody gets hold of it, your Bitcoins are quickly lost
+forever) I would opt for the third option for anything except
+for trivial amounts of Bitcoins. As we have seen securing a
+computer system that it can withstand a breakin is still very
+much an unsolved problem.
+
+An interesting fact with Bitcoin keys is that there is no
+check for duplicate addresses. This means when generating a
+public-private key, you should really start with a carefully
+chosen random number such that there is really no chance to
+step on somebody's feet in the $2^{160}$ space of
+possibilities. Again if you share an address with somebody
+else, he or she has access to all your unspend transactions.
+The absence of such a check is easily explained: How would one
+do this in a distributed system? The answer you can't. It is
+possible to do some sanity check of addresses that are already
+used in the black chain, but this is not a fail-proof method.
+One really has to trust on the enormity of the $2^{160}$
+number.
+
+Let us now look at the data that is stored in an transaction
+message:
\lstinputlisting[language=Scala]{../slides/msg}
-\noindent
-The hash in Line 1 is the has of all the data that follows. It
-is a kind of serial number for the transaction. Line 2
-contains a version number. Line 3 and 4 specify how many
-incoming transactions are combined and how many outgoing
-transactions there are. In our example there are 1 each. Line
-5 specifies a lock time for when the transaction is supposed
-to become active---this is usually set to 0 to become active
-immediately. Line 6 specifies the size of the message; it has
-nothing to do with the Bitcoins that are transferred. Lines 7
-to 11 specify where the Bitcoins in the transaction are coming
-from. The has in line 9 specifies the incoming transaction and
-the \pcode{n} in Line 10 specifies which output of the
-transaction is referred to. The signature in line 11 specifies
-the address (public key $K^{pub}$) from where the Bitcoins are
-taken and the digital signature of the address, that is
-$\{K^{pub}\}_{K^{priv}}$. Lines 12 to 15 specify the value of
-the first outgoing transaction. In this case 0.319 Bitcoins.
-The hash in Line 14 specifies the address to where the
-Bitcoins are transferred.
+\noindent The hash in Line 1 is the hash of all the data that
+follows. It is a kind of serial number for the transaction.
+Line 2 contains a version number in case there are some
+incompatible changes to be made. Lines 3 and 4 specify how
+many incoming transactions are combined and how many outgoing
+transactions there are. In our example there are one for each.
+Line 5 specifies a lock time for when the transaction is
+supposed to become active---this is usually set to 0 to become
+active immediately. Line 6 specifies the size of the message;
+it has nothing to do with the Bitcoins that are transferred.
+Lines 7 to 11 specify where the Bitcoins in the transaction
+are coming from. The has in line 9 specifies the incoming
+transaction and the \pcode{n} in Line 10 specifies which
+output of the transaction is referred to. The signature in
+line 11 specifies the address (public key $K^{pub}$) from
+where the Bitcoins are taken and the digital signature of the
+address, that is $\{K^{pub}\}_{K^{priv}}$. Lines 12 to 15
+specify the value of the first outgoing transaction. In this
+case 0.319 Bitcoins. The hash in Line 14 specifies the address
+to where the Bitcoins are transferred.
-\ldots
+As can be seen there is no need to issue serial numbers for
+transactions, the hash of the transaction data can do this
+job. The hash will contain the sender addresses and
+hash-references to the incoming transactions, as well as the
+public key of the incoming transaction. This uniquely
+identifies a transaction and the hash is the unique
+fingerprint of it. The in-field also contains the address to
+which a earlier transaction is made. The digital signature
+ensures everybody can check that the person who makes this
+transaction is in the possession of the private key. Otherwise
+the signature would not match up with the public-key address.
+
+When mining the blockchain it only needs to be ensured that
+the transactions are consistent (all hashes and signatures
+match up). Then we need to generate the correct previous-block
+link and solve the resulting puzzle. Once the block is
+accepted, everybody can check the integrity of the whole
+blockchain.
+
+A word of warning: The point of a lottery is that some people
+win. But equally, that most people lose. Mining Bitcoins has
+pretty much the same point. According to the article below, a
+very large machine (very, very large in terms of June 2014)
+could potentially mine \$40 worth of Bitcoins a day, but would
+require magnitudes more of electricity costs to do so.
+
+\begin{center}
+\url{http://bitcoinmagazine.com/13774/government-bans-professor-mining-bitcoin-supercomputer/}
+\end{center}
+
\subsubsection*{Anonymity and Government Meddling}
One question one often hears is how anonymous is it actually
-to pay with Bitcoins? Paying with paper money in the past was
-quite an anonymous act (unlike paying with creditcards), but
-this has changed nowadays. You cannot come to a bank anymore
-with a suitcase full of money and try to open a bank account.
-Strict money laundering and taxation laws mean that not even
-Swiss banks are prepared to take such money and open a bank
-account. With Bitcoins the situation is different, but I fully
-agree with the statement by Nielsen from the blog article I
-referenced at the beginning:
+to pay with Bitcoins? Paying with paper money used to be a
+quite anonymous act (unlike paying with creditcards, for
+example). But this has changed nowadays: You cannot come to a
+bank anymore with a suitcase full of money and try to open a
+bank account. Strict money laundering and taxation laws mean
+that not even Swiss banks are prepared to take such money and
+open a bank account. That is why Bitcoins are touted as
+filling this niche again of anonymous payments.
+
+While Bitcoins are intended to be anonymous, the reality is
+slightly different. I fully agree with the statement by
+Nielsen from the blog article I referenced at the beginning:
\begin{quote}\it{}``Many people claim that Bitcoin can be used
anonymously. This claim has led to the formation of
@@ -572,50 +670,57 @@
\end{quote}
\noindent The only thing I can add is that with Bitcoins we
-will have even more fun with many more confessions like the
-infamous ``I did not
+will have even more fun hearing confessions like the infamous
+``I did not
inhale''.\footnote{\url{www.youtube.com/watch?v=Bktd_Pi4YJw}}
The whole point of the blockchain is that it public and will
-always be. There are some precautions that are suggested, like
-to use a new public-private key pair for every new transaction
-or access Bitcoin only through the Tor network. But the
+always be.
+
+There are some precautions that are suggested, like to use a
+new public-private key pair for every new transaction, and to
+access Bitcoin only through the Tor network. But the
transactions in Bitcoins are designed such that they allow one
to combine incoming transactions. In such cases we know they
must have been made by the single person who new the
corresponding private keys. So using different public-private
-keys for each transaction, might not make the de-anonymisation
-task much harder. And the point about de-anonymising
-`anonymous' social networks is that the information is
-embedded into the structure of the transition graph. And this
-cannot be erased with Bitcoins.
+keys for each transaction might not actually make the
+de-anonymisation task much harder. And the point about
+de-ano\-nymising `anonymous' social networks is that the
+information is embedded into the structure of the transition
+graph. And this cannot be erased with Bitcoins.
Finally, what are the options for a typical western government
to meddle with Bitcoins? This is of course one feature the
-proponents of Bitcoins tout: namely that there aren't any
-options. In my opinion this is too naive and far from the
+proponents of Bitcoins also tout: namely that there aren't any
+options. In my opinion this is far too naive and far from the
truth. Let us assume some law enforcement agencies would not
-have been able to uncover the baddies from Silk Road 2.0 (they
-have done so by uncovering the Tor network, and incredible
-feat on its own). Would a government have stopped?
+have been able to uncover the baddies from Silk Road 1.0 and
+2.0 (they have done so by uncovering the Tor network, which is
+an incredible feat on its own). Would a government have
+stopped? I think no. The next target would have been Bitcoin.
+If I were the government, this is what I would consider:
\begin{itemize}
\item The government could compel ``mayor players'' to
- blacklist Bitcoins (for example at exchanges). This
- would impinge on what is called \emph{fungibility} of
- Bitcoins and make them much less attractive to baddies.
- This blacklisting can be easily done ``whole-sale'' and
+ blacklist Bitcoins (for example at Bitcoin exchanges).
+ This would impinge on what is called \emph{fungibility}
+ of Bitcoins and make them much less attractive to
+ baddies. Suddenly their hard-earned Bitcoin money cannot
+ be spent anymore.The attraction of this option is that
+ this blacklisting can be easily done ``whole-sale'' and
therefore be really be an attractive target for
governments \& Co.
-\item They could attempt to coerce developer community of the
- Bitcoin tools. While this might be a bit harder, we know
- certain governments are ready to take such actions (we
- have seen this with Lavabit, just that the developers
- there refused to play ball and shut down their complete
- operation).
+\item The government could attempt to coerce the developer
+ community of the Bitcoin tools. While this might be a
+ bit harder, we know certain governments are ready to
+ take such actions (we have seen this with Lavabit, just
+ that the developers there refused to play ball and shut
+ down their complete operation).
\item The government could also put pressure on mining pools
- in order to blacklist transactions from baddies. Or be
+ in order to blacklist transactions from baddies. Or be a
big a miner itself. Given the gigantic facilities that
- are built for institutions like the NSA
+ are built for institutions like the NSA (pictures from
+ the Utah dessert)
\begin{center}
\includegraphics[scale=0.04]{../pics/nsautah1.jpg}
@@ -623,16 +728,68 @@
\includegraphics[scale=0.031]{../pics/nsautah2.jpg}
\end{center}
- this would not be such a high bar to jump over.
-\end{itemize}
+ this would not be such a high bar to jump over. Remember
+ it ``only'' takes to temporarily be in control of 50\%+
+ of the mining capacity in order to undermine the trust
+ in the system. Given sophisticated stories like Stuxnet
+ (where we still not know the precise details) maybe even
+ such large facilities are not really needed. What
+ happens, for example, if a government starts DoS attacks
+ on existing miners: They have complete control
+ (unfortunately) of all mayor connectivity providers,
+ i.e.~ISPs.
+
+ There are estimates that the Bitcoin mining capacity
+ outperforms the top 500 supercomputers in the world,
+ combined(!):
+
+ \begin{center}\small
+ \url{http://www.forbes.com/sites/reuvencohen/2013/11/28/global-bitcoin-computing-power-now-256-times-faster-than-top-500-supercomputers-combined/}
+ \end{center}
+
+ But my gut feeling is that these are too simplistic
+ calculations. In security (and things like Bitcoins) the
+ world is never just black and white. The point is once
+ the trust is undermined, the Bitcoin system would need
+ to be evolved to Bitcoins 2.0. But who says that Bitcoin
+ 2.0 will honour the Bitcoins from Version 1.0?
+ \end{itemize}
-\noindent Finally the government would potentially not need to
-follow up with such threads. Just the rumour that it would,
-could be enough to get the Bitcoin-house-of-cards to tumble.
-Because of all this I would not have too much hope that
-Bitcoins are free from government \& Co interference when it
-will stand in its way.
+\noindent Finally, a government would potentially not really
+need to follow up with such threads. Just the rumour that it
+would, could be enough to get the Bitcoin-house-of-cards to
+tumble. Some governments have already such a ``impressive''
+trackrecord in this area, such a thread would be entirely
+credible. Because of all this, I would not have too much hope
+that Bitcoins are free from government \& Co interference when
+it will stand in its way, despite what everybody else is
+saying. To sum up, the technical details behind Bitcoins are
+simply cool. But still the entire Bitcoin ecosystem is in my
+humble opinion rather fragile.
+
+\subsubsection*{Further Reading}
+
+Finally, finally, the article
+\begin{center}\small
+\url{http://www.extremetech.com/extreme/155636-the-bitcoin-network-outperforms-the-top-500-supercomputers-combined}
+\end{center}
+
+\noindent makes an interesting point: If people are willing to
+solve meaningless puzzles for hard, cold cash and with this
+achieve rather impressive results, what could we achieve if
+the UN, say, would find the money and incentivise people to,
+for example, solve protein folding
+puzzles?\footnote{\url{http://en.wikipedia.org/wiki/Protein_folding}}
+There are projects like
+Folding@home\footnote{\url{http://folding.stanford.edu}} which have
+This might help with curing diseases such as Alzheimer or
+diabetes, which to a large portion baddies and goodies will
+suffer at some point. The same point is made in the article
+
+\begin{center}\small
+\url{http://gizmodo.com/the-worlds-most-powerful-computer-network-is-being-was-504503726}
+\end{center}
\end{document}