Cryptocurrency: is it worth it?

[Vebyast]

Fiat Currency needs a monetary policy.

It's theoretically possible that a place like MtGox or a coalition of fractional-reserve banks could stabilize the economy, but I'm too cynical to actually believe that people will cooperate like that. It's one reason why I own no bitcoins. I'm just sitting here defending cryptography and basic logic, which are useful in domains other than bitcoin.

---

The fact that you will never be able to use bitcoins for day to day purchases or while physically shopping makes it half a currency.

It was never intended to be a full currency. Think of it as a paypal replacement, sort of.

---

Wait a moment. How exactly can you separate 0.00001 of a bitcoin? Simplified, a bitcoin is a chunk of data digitally signed to one person. Does that mean that 0.01 BTC is 1% of that data chunk digitally signed? If so, which 1%?

First, instead of thinking about "a bitcoin", think about "a voucher for some number n of bitcoins, where n is any positive rational number". These vouchers can be infinitely combined and subdivided; for instance, this transaction takes three vouchers, combines them, and then splits the total into two vouchers that are then given to different people.

---

Wait a moment. The whole privacy thing is borked.

Bitcoins can be made completely anonymous, but by a slightly different method; basically, the line between "public" and "private" is drawn in a different place. Your current financial privacy line is drawn (by your bank's computer security) between your transactions and the public. People don't know how much money you have and what you're spending it on because they can't see your accounts. This can be verified by looking at what causes a failure in privacy: the bank releasing or losing your information, in which case everybody can see your account and transaction history.

Bitcoin, in comparison, draws the line between you and your money. Everybody can see all the transactions and all the bank accounts, but figuring out who owns which bank account can be made nearly impossible. This can be verified by looking at what causes a failure in privacy: if it's made public that you own own address 1EFQ4nJkmXojGS7rDbQBEMj6AEyMxLDfUB, for example, they can look it up in the block chain and see that you own exactly .02 bitcoins. Since you can have as many addresses as you want (most people I know use a different address for every single transaction, for example), all you have to do is make sure nobody can link any of your "real" addresses to addresses that have real-world information associated with them.

---

until the owners of the porn websites realise they need to try and buy food and rent with it.

So don't buy food and rent with it. Use it to pay for webhosting, use it to pay for computers for your photoshop team, something like that.

---

Inflate you mean?

Entirely possible. I haven't spent any time studying economics, and in particular I haven't spent any time studying the economics of unusual systems like bitcoin.

---

I've heard some suggestion that NSA knows there are flaws in the implementations of AES that allow for side channel attacks. But nothing suggesting that the NSA was retarded enough to tell the US govt it was good enough to use whilst knowing of a flaw in the algorithm.

Side channel attacks are implementation-dependent, so whoever said that was probably confused. Side channel attacks are things like measuring the CPU's power consumption during the computation or getting a virus onto the system doing the encryption and seeing how many operations it takes the system to encrypt a message. They do exist for most implementations of AES, but the only feasible one involves disrupting the computation to observe its behavior, and that in turn requires the ability to execute arbitrary code on the machine doing the encryption.

[Draco_Argentum]

Side channel attacks are implementation-dependent

That would be why I said flaws in the implementations.

[DSMatticus]

Those aren't flaws. Or rather, they're such obvious flaws that they aren't worth discussing. It's rather like saying, "I plan to go to work tomorrow." "Oh yeah? There's a flaw in that plan. What if the building's on fire?"

To do a side channel attack, you need access to the machine doing the encrypting. And not just any access, the ability to interfere with the execution of code on the current machine. And if your machine is already compromised that severely, your data isn't secure anyway, encryption or no.

[Doom]

Funny thing is, I'm at this show that sorta highlights all the stuff going on in electronics...there are plenty of displays on how to monetize online activity, but not a thing on bitcoins.

I was kinda hoping to talk to someone about it while here. Oh well.

[cthulhu]

The only thing that is close to the NSA sabotaging cryptographic algothrims is that they knew how to beat DES long before everyone else did - you can see from the advice they provided on S-Box design.

The legend about NSA sabotaging crypto comes from the design of DES. What happened is something like this

Time X - likely after WWII. NSA discovers a new approach for breaking crypto.

1970s. People are trying to get agreement on a crypto standard (DES). IBM and NASA collude to shape the standard, and are accused of deliberately weaking the standard.

At this time IBM discovers what NSA discovered about differential cryptnanalysis and is told to surpress it.

1990s. Someone else discovers differential analysis. Then everyone notices that the changes NSA wanted to DES were to harden it against differential analysis.

However, the intervening 20 years were enough to taint perceptions.

[CatharzGodfoot]

http://www.somethingawful.com/d/news/at ... tcoins.php

[Username17]

-Username17

[Prak]

Frank beat me too it, damn.

[name_here]

I like that Something Awful crashed bitcoin prices entirely without the knowledge of the site owner. Admittedly the stock market has sometimes had insanely fast value drops because automated programs occasionally completely lose their shit, so it's hardly unique to bitcoin.

EDIT: Apparently it was done on a dare, no less.

[Cynic]

While I started this topic, a lot of this has gone over my head.

That just means that I'll have to give it a once or twice over again.

But here are two simple questions.

Do we need a virtual fiat currency?

If we do, what should some of the key principles behind it be?

[name_here]

1. Eh, I'd think we can keep doing this fiat physical currency exchanged via the internet by banks forever.

2. There should be a central control system in case shit like overflow errors granting someone more money than actually exists happens.

[Vebyast]

1. Eh, I'd think we can keep doing this fiat physical currency exchanged via the internet by banks forever.

s/forever/until lightspeed delay becomes a factor/, but sure.

2. There should be a central control system in case shit like overflow errors granting someone more money than actually exists happens.

This is what the crypto is for. Crypto code is as close to perfect as any code can possibly get.

Personally:
1. Depends on if the governments let us keep our privacy to ourselves. Things like PROTECT-IP make me kind of antsy, and being subject to the Chinese equivalents of such would be entirely unacceptable. If current internet monitoring-and-censorship laws keep going in the direction they are, you bet I want a secure, private, distributed virtual fiat currency.

2. Strong cryptography. Then some more cryptography. Throw some cryptography on the side, then garnish with a sprinkling of cryptography. Serve anonymously with a side of cryptography.

More seriously, whatever system they come up with needs to be mathematically tamper-resistant. Also; it has to be distributed. A secure currency is useless without some guarantee that your information is secure. If we're positing that the government isn't trustworthy (and that many people supporting cryptocurrency means it isn't), there isn't really anybody left to trust.

[Username17]

The entire idea of having each "coin" be cryptographically secure is pointless. As long as the banks are cryptographically secure, the actual number of currency units in each account can just be a literal number. In fact, that's better, because one of the points of a fiat currency is that you can add and (more rarely) subtract money from the system, which is extremely hard to do when your currency units are individually cryptographically secure.

Fiat Currencies need to b backed by the fiat of someone or something. A nation is a good bet because they are both an insurance company and an army. Some random group of nerds who made a cool algorithm is not, because they don't offer any protection from famine or a zombie apocalypse. And that's really the bottom line as far as currency goes. You accept fiat currency because the issuing authority promises that they will protect you in situations dire enough that you would wish you had been hording shotgun shells and canned beans. If the issuing authority can't guaranty that, you actually should be exchanging the fruits of your labor for shotgun shells and canned beans instead.

-Username17

[name_here]

Okay, cryptography quality does fuck-all when the system has an overflow error and legitimately believes in what it is saying. Like so. I mean, apparently they managed to make updates and process it out of existence, but seriously, not being able to override the network when it does something unbelievably stupid is simply unacceptable for a currency.

[Username17]

Okay, cryptography quality does fuck-all when the system has an overflow error and legitimately believes in what it is saying. Like so. I mean, apparently they managed to make updates and process it out of existence, but seriously, not being able to override the network when it does something unbelievably stupid is simply unacceptable for a currency.

Yeah, a lack of a central issuing authority isn't a point in Bit Coin's favor, it's a fucking insult.

-Username17

[Vebyast]

Okay, cryptography quality does fuck-all when the system has an overflow error and legitimately believes in what it is saying.

The implementation of a protocol doesn't matter as long as it's not a monoculture. Humans don't die from the common cold because we have some genetic diversity; in comparison, tasmanian tigers are all dying from the same cancer (literally the same cancer; it's contagious) because they're too similar to each other. When that incident occurred, all twenty-five people involved were using the same (insanely immature) bitcoin software, so an implementation bug was a problem for the entire network. If bitcoin were actually adopted on a large enough scale for it to affect other economies, I can guarantee you that there would be multiple implementations and that they wouldn't all have the same bugs. Imagine how hard it would be to infect peoples' computers through their text editors and you'll have a good idea of how resilient bitcoin would be if it became an economically significant currency.

The entire idea of having each "coin" be cryptographically secure is pointless.

Yeah, a lack of a central issuing authority isn't a point in Bit Coin's favor, it's a fucking insult.

I begin to see where you got your last name.

[Kaelik]

Wait, WTF, is Vebyast another "HER HER! TROLL MAN! I GET IT" dumbass?

PS, yes, having each coin be secure isn't better than having a single secure location to track a number of coins. Because that would be just as good.

Likewise, the fact that no one can do anything to fix a problem with the currency is a flaw, not a bragging point.

[Vebyast]

Wait, WTF, is Vebyast another "HER HER! TROLL MAN! I GET IT" dumbass?

Frank asked, in rapid succession, two stupid questions that have already been answered and one not-stupid question that has already been discussed at length. Either he's an idiot or a troll; I'm going to give him the benefit of the doubt.

PS, yes, having each coin be secure isn't better

Actually, it is. The bank uses one password and one piece of software for every single user in its entire database; if that password is leaked or that piece of software is cracked everybody's money is gone. Breaking one password on bitcoin only gives you one person's money, and breaking one piece of software will, uh, let you counterfeit some money that will be blacklisted the instant someone notices what's going on. Which is exactly what happened in name_here's example. You can't fake a transaction unless there's a bug in your crypto, and even then every single person in the entire world would have to have the same bug. Remember what I said about monocultures.

Likewise, the fact that no one can do anything to fix a problem with the currency is a flaw, not a bragging point.

Yes. It is. It's why I expect the current bitcoin protocol to be eventually replaced by one with some mechanism for correcting errors. However, implementations are fixable, as you would have concluded had you read the link that name_here posted, and we've already discussed the obvious non-implementation flaw.

[name_here]

See, the thing with having multiple separate implementations with distinct flaws is that not only will they be wrong sometimes, they will disagree. So having diverse implementations just means more points of failure, because if one of them fucks up it will no longer be able to talk to the others and your currency no longer works. For a distributed currency to work even a bit, every computer on the network has to believe the same things about reality, or you'll have people paying in coins the receiver doesn't believe exists.

I'm not even necessarily talking about a deliberate attack; if there's some sort of bug (And there is always some sort of bug) that people trigger accidentally it will require half the processing power on the network to update to a fixed version to even begin sorting it out, and in the worst-case scenario one implementation will not only produce bad blocks but reject another implementation's blocks as complete lies.

---

See, if there's a bug, every computer running the implementation will believe it is valid and construct block chains on the basis of it being valid. That is actually exactly what happened in the link I posted. Now, since the network was small at the time, half the processing power of the network did get updated to a patched version, and it wasn't one of those painful, grinding bugs that take days to fix, it wasn't a terribly big deal. That state of affairs is already over. If there were a central system, it could resolve the problem simply by saying the flawed transaction never happened via the magic of regular backups, then work on a fix.

[Username17]

Actually, it is. The bank uses one password and one piece of software for every single user in its entire database; if that password is leaked or that piece of software is cracked everybody's money is gone.

Uh... no. Because there's a fucking authority. Everyone's money is gone for somewhere between 30 seconds and half an hour. The you apply a new password and restore from backups. Because you have a distinct series of backups and a record of every fucking transaction, and the real people who are really in charge can go back and nullify fraud. If you weren't attempting to access an ATM at that very moment, you wouldn't even know anything happened. Furthermore, you can have a physical ATM, because the coins aren't cryptographically secure. That means one is exchangeable for another and you can keep them in a digital cloud and convert them to physical paper that you can give to African children in exchange for village handicrafts at any ATM or bank with no hassle at all.

Central authority is superior to decentralization for currency. In all ways.

-Username17

[Vebyast]

Uh... no. Because there's a fucking authority. Everyone's money is gone for somewhere between 30 seconds and half an hour. The you apply a new password and restore from backups. Because you have a distinct series of backups and a record of every fucking transaction, and the real people who are really in charge can go back and nullify fraud.

Central authority is superior to decentralization for currency. In all ways.

You may not be aware of this, but banks don't completely reverse fraud. Instead, they pay you back out of their own pocket or out of the government's pocket and do their level best to fine the hell out of the fraudster. The fraud can be nullified as far as the users are concerned, but that money is still gone. Centralized servers are not more secure or safer, they just move the risk around.

Also, you do not understand the size of the systems you're talking about. You can't restore just "restore" one bank. That bank has sent out millions of transactions that other banks think are completely valid. If you wanted to roll back a major bank you'd also have to roll back every single financial agent - person, corporation, or bank - that has interacted with that bank in that time period. It would take months to reset a single bank; look at how long it took Sony to get PSN back online, then imagine that the bank also had to copy around petabytes of data and resynchronize thousand or millions of computers. Oh, and the bank would have to be inspected and recertified by the government as being safe enough to handle money. It would take months to revert a single bank. It would take years to revert the entire US financial system, if it's possible in the first place. So far we've been lucky enough that it hasn't happened. Yet.

---

it will no longer be able to talk to the others

Exactly the point. Let's say we have three clients with equal usage shares. A bug in one of them comes up, and suddenly one in three clients are living in their own fantasy world. This is instantly obvious, so everybody goes to the internet. Half an hour later everybody knows that there's a bug in that client, because A) only people using that client have diverged and B) you can check bitcoin blocks by hand and find the invalid one. Half an hour after that everybody has switched to a different client and everything works again. Because only one in three users were buggy, the still-good 2/3 of the system kept the valid block chain intact. So, small problem, but not crippling, and as the number of distinct implementations increases the damage any one bug can do sharply decreases.

If there were a central system, it could resolve the problem simply by saying the flawed transaction never happened via the magic of regular backups, then work on a fix.

I think that this is one of the things that bitcoin2 will have: a way for the network to agree that a part of the block chain is invalid and blacklist it. If you blacklist a part of the chain, the system just restarts from the last valid block and you have exactly the same effect as a backup of the entire financial system. It would take about half an hour.

[RobbyPants]

Lets see if I'm following this:

Fraud

Dollars - Not so likely, but possible. If it happens, it will likely be fixed in a way that's invisible to the end user.

Bitcoin - Less likely, but if it happens, you're screwed.


Regulation

Dollars - As a regulated fiat currency, if things get out of whack, they can be adjusted.

Bitcoin - While protected form tampering, if things get out of whack, you're stuck.


Buying guns, drugs, and sex

Dollars - Traceable and you can get caught.

Bitcoin - Much easier to get what you want without getting caught.


So, if I'm understanding this correctly, the end user subjects themselves to more risk with Bitcoin with the tradeoff being they can buy illegal stuff much easier.

[Username17]

You may not be aware of this, but banks don't completely reverse fraud. Instead, they pay you back out of their own pocket or out of the government's pocket and do their level best to fine the hell out of the fraudster. The fraud can be nullified as far as the users are concerned, but that money is still gone. Centralized servers are not more secure or safer, they just move the risk around.

Are you that fucking ignorant about how money works?

What you are talking about is a fraudulent invoice. That's where someone figures out a way to mimic your identity and bill you for something you didn't order or whatever. That's the thing that every money system ever is going to have to deal with and which central banks are capable of handling in some fashion. Unlike cash or Bit Coin, which can't do a single fucking thing.

You were talking about how resistant the system was to having the system hacked and either flooded with funny money or having all your base belonged to zombie net. And you can hem and haw about how awesome the math and cryptosecurity or whatever the fuck is on your system, but that shit actually will happen sometimes, because zombie net is big and constantly trying new things. And the central banking system is resilient against that sort of shit because it has backups and it does revert to them when bad information goes through the network.

So yes, someone can tell you they are going to bill you for 10 cents and actually bill you for a thousand dollars after you've accepted the charges and the bank can get notified and the police can get involved and blah blah blah. That shit can happen with Bit Coin too, except that then there's no bank to complain to and no way to prove that you actually owned any of those fucking Bit Coins and no way to get any of them returned to you ever.

And people can do a DDOS and take down a bank or some shit, and that won't actually matter for long term financial stability because the different systems actually do reverts. And if anyone does a DDOS smack down on Bit Coin, it's fucking over, because there's nothing to revert to or with.

The electronic money we currently use is awesome. Because it's just a fucking number that we can and do increment whenever our rules tell us we can.

Also, you do not understand the size of the systems you're talking about. You can't restore just "restore" one bank. That bank has sent out millions of transactions that other banks think are completely valid. If you wanted to roll back a major bank you'd also have to roll back every single financial agent - person, corporation, or bank - that has interacted with that bank in that time period.

Uh... no. Bank rollbacks happen all the time. There is an automatic system for reconciling those, and the "Nigerian Scam" is actually based on it. See they send you real money and ask you to send them less money, and then they make their money transfer come up bad and since you sent them real money with a presumably good transfer, they get your money and when the reconciliation happens you don't have any of their money. And in the meantime they empty out the account and ditch it and they have your money and the account no longer exists. Ha ha ha.

But the point is: backups and reconciliation of bank data happen every day. Many times in a day for that matter.

-Username17

[Username17]

So, if I'm understanding this correctly, the end user subjects themselves to more risk with Bitcoin with the tradeoff being they can buy illegal stuff much easier.

Pretty much. Also in the fullness of time both Bit Coins and dollars will be essentially worthless, since they are fiat money.

The US Dollar will stop having value when the United States collapses. A process which is guarded against by the United States Armed Forces, the most powerful military machine the world has ever seen; and the United States Strategic Food Reserve, a distributed collection of warehouses full of preserved food sufficient to keep the American people fed through fifty years of nuclear winter.

The Bit Coin will stop having value when people stop thinking it is "cool". A process that will happen as soon as market forces drive everyone out of the pool due to high costs or panic, or someone invents an even cooler mathematical algorithm that does the same thing better. Or as soon as the internet collapses or starts regulating Bit Coin exchanges in some way.

So basically with Bit Coin you're betting that a meme on the internet will outlast the largest and most powerful empire that has ever existed on Earth.

-Username17

[name_here]

Exactly the point. Let's say we have three clients with equal usage shares. A bug in one of them comes up, and suddenly one in three clients are living in their own fantasy world. This is instantly obvious, so everybody goes to the internet. Half an hour later everybody knows that there's a bug in that client, because A) only people using that client have diverged and B) you can check bitcoin blocks by hand and find the invalid one. Half an hour after that everybody has switched to a different client and everything works again. Because only one in three users were buggy, the still-good 2/3 of the system kept the valid block chain intact. So, small problem, but not crippling, and as the number of distinct implementations increases the damage any one bug can do sharply decreases.

Dude, the gigantic conficker botnet depended on a security flaw that was patched out months before the botnet was created. People plain don't update software that fast. In theory they should do that, but it doesn't mean they will. For starters, people who left their mining rigs on while they went to the beach for the day won't update that fast, and that's before getting into the vast number of people who aren't directly affected but have clients that keep reinforcing the bad chain, so they simply don't notice until the problem spirals and people stop accepting their coins. You could resolve that via the magic of mandatory auto-update, but then you run the risk of a drunken coder hitting the commit button and realizing in the morning that he accidentally commented out auto-increasing difficulty of mining or whatever, which is why people don't update that fast.

Also, running multiple implementations runs the risk of having two of them go into different fantasy worlds in such a way that you can't figure out which is correct. After all, if they end up in worlds in which a transaction occurred in different ways, both of which are theoretically possible, you'll never know which is right.

I think that this is one of the things that bitcoin2 will have: a way for the network to agree that a part of the block chain is invalid and blacklist it. If you blacklist a part of the chain, the system just restarts from the last valid block and you have exactly the same effect as a backup of the entire financial system. It would take about half an hour.

Except, lacking a central system for doing that, you run the risk that someone has 10 million computers outvote the others, because you no longer have the system that stops that from happening by making computers reject the consensus if they think it's wrong. That is arguably a worse problem, hence why the system currently doesn't have a blacklist.

---

You realize banks take a while to do things for more reasons than because fuck you? If it takes 24 hours for something to be processed, that's because they're making sure that the person who allegedly signed the check or whatever actually has that much money. I have absolutely no doubt that banks occasionally experience obviously nonsensical behavior and unhappen it without telling anyone outside the system it ever happened. Fraud is another matter, although banks have an advantage in that regard, too. If there is a fraudulent invoice, sometimes they notice that you've allegedly paid some russian half your bank account and refuse to let it go through until they talk to you. Also, if they become aware a credit card is stolen, they simply declare it to no longer exist.