Oleg Andreev
Month
Several people (see links below) suggested or released some software to use Bitcoin blockchain to register fingerprints of arbitrary documents. This idea has been around for quite a while under name of “colored coins”, but not many people understand its importance. You probably do not realize what Bitcoin really is about. Its use as a currency is important to make costly mining profitable, but that’s not the goal. The goal is to have a decentralized way for any group of random strangers to come to an agreement. In case of bitcoin-as-currency it is a validity of transactions. We don’t care where a dollar bill was used, but we care if it will be accepted by the next person. Likewise, Bitcoin helps to figure out which transactions will be recognized by others.
But that’s only the start. Blockchain is irreversible and indestructible. It contains timestamps. Everyone on the planet can safely assume that their version of blockchain is exactly the same as anyone else’s (unless your government switched off the Internet and you are unaware of it yet). So if you leave a fingerprint of some piece of information in the Blockchain, anyone else can later verify that you really had this piece of information at some time in the past. This could be a piece of art (to prove that someone stole a tune from you), that could be a bunch of contracts (to prove that you really had certain relationship), a trademark or name registration (“I was the first to take that name”), or anything else where we need to figure out who was the first doing XYZ.
Blockchain is not a cheap or convenient place to store tons of raw data, but we have cryptographic hash functions (SHA, RIPEMD etc.) that allow us to store just a compact fingerprint and keep the data itself somewhere else. It is just astronomically improbable that certain fingerprint appears randomly or there is another version of a document that has the same fingerprint.
So how can we store our fingerprint in the Blockchain? I have three methods on my mind. You may come up with more, I’m sure.
First one is the most straightforward. Since a Bitcoin address is a hash of a public key (RIPEMD160 of SHA256), why not using the hash of the document as an address and simply send some bitcoins there? This was already proposed by many people (it’s very easy to implement), but has unfortunate effect that you lose that amount of money forever. Because your document is not a real public key, you will never be able to find a private key to spend your coin again. At the current price of $130 per bitcoin, the smallest possible amount (0.00000001 BTC) is not that expensive, but still burning money is not very elegant. It also increases amount of “unspent coins” (“unspent transaction outputs”, UTXO, we’ll talk about them later) which increases the size of transaction database. To prevent bloat, some people will not relay or mine transactions with such small amounts. This increases delays and some bitcoin nerds will not like you for that on many grounds (although it’s none of their business). To keep everyone’s happy we should try something better. (A modification of this scheme is to send some amount, but have zero output value, so the miner will fully collect the amount as a fee. But even zero outputs can be technically spent, so it does not solve the problem of bloat.)
Another method is using a SHA256 fingerprint, but this time not as an address, but as a private key. You make a public key and address out of such private key and send some money there. When you release your document, people will be able to figure out that private key and spend that coin. To avoid that you may wait a little and spend it yourself to your private address before releasing any information. Or just use insignificant amount for anyone to pick up if they do it quicker than you. This way you don’t create “dust” outputs that will be stuck forever and make folks angry and still don’t do anything sophisticated. The only problem is that you have to wait and make a second transaction to get your money back. In addition, if you don’t wait long enough you’d have to pay an anti-spam transaction fee.
Third method is slightly more sophisticated, but requires just one transaction and still does not burn any money. Bitcoin transactions have outputs as simple scripts: short pieces of operations that must be performed on certain data to allow that coin to be spent. Usually the script is very simple “check the signature for this hashed public key”, but it can be more complex. For the purpose of timestamping we may use “1-of-2 multi-signature script”. It means that anyone can spend the transaction satisfying any one of two conditions. The transactions will contain two addresses instead of just one and you can use a private key for just one of them to spend it further. One address will be made out of a fingerprint (just like in a very first method) and another one will be a real address with an existing private key in your own wallet. This method is good because you don’t need to make any additional transactions right away and you can use any amount of BTC you want. The only problem is that this transaction is “non-standard” for a time being. This means not many clients will propagate it to miners and not all miners will include it. In other words, it will take longer than usual to get in the blockchain. But once it’s in the blockchain, everyone can see it and validate without a problem.
Hopefully, people will recognize that using blockchain for timestamping is not a hack, but its biggest feature. And that it is also possible to use that feature without making anyone feel uneasy about it.
Links:
On April 25 I’ve been invited by Epitech Security Lab to give a talk about Bitcoin to their students. I described how Bitcoin is designed and answered various questions.
Video is now available: http://forexlearntrading.net/bitcoin/
Some people may think that while Bitcoin removes risks of fraudulent chargebacks for merchants, it also reduces security of the customers. This is not entirely true. In many ways, security is improved for the customers as well.
Historically, credit cards worked this way: you give the merchant your personal card number and they ask your bank for some amount. They can easily charge any amount they want, or (what is more typical scenario) your card number can be stolen and used somewhere without your consent (the problem is called “identity theft”).
Since it is so easy to charge you any amount of money and you tell your credit card number to thousands of merchants, it is very easy to get in trouble quickly. Credit card processors recognised that quickly and provided a “solution”: you can dispute any charge within several days (or months). To drive adoption of credit cards, disputes were promised to give you money back instantly without much questions, so it would be a job of a merchant to prove if you really have paid for an item. Since there were no real secure solution, risk of fraud was not reduced, but merely shifted on merchants who priced it in. This made credit card payments quite expensive (try buying something worth $1 using CC from a small or medium-sized merchant) and the worries of the customers were not fully addressed. You still have to check your bank balance from time to time to make sure nothing bad happened.
When PayPal and others started making payments on the internet easier, they had an opportunity to improve security greatly. With PayPal you don’t give your identity to every shop, so the risk of fraud is greatly reduced. However, since PayPal itself was using credit cards, it was itself a subject of chargebacks. Also, the security on the web was far from perfect. People used weak passwords, had trojans and keyloggers on their computers or simply sent their passwords in response to fraudulent emails. Two-factor authentication with mobile phones was not yet possible, so PayPal and other payment processors had to allow chargebacks as well.
Bitcoin approaches the problem from an entirely new angle. You physically own all your money, not your payment provider. In addition, you never give anyone access to all your money. Instead, your trusted device signs a specific transaction with a fixed amount and fixed destination address. No one can redirect payment or charge you more. Also, it is very cheap to move money between different wallets, so you can keep your money securely in different locations. Even if keeping money with a 3rd party is convenient, it is an option, not a requirement. And with modern smartphones it is easy to have two-factor authentication to avoid using passwords at all.
This means, that when you pay with Bitcoin, only that much is leaving your wallet. There is no information that merchant could possibly leak to allow someone to spend your money. The only risk is a fraud on part of the merchant (e.g. not shipping the product). As experience shows us, it is not a major problem. Comparing to anonymous customers, merchants are often invested in their reputation and have no interest in making people unhappy. And the more customer wants to pay, the better reputation will be required from the merchant. And if you have a problem with a $3 purchase, it’s usually not a big deal. In the end, customers pay less because merchants have lower risks, can pay small amounts that are not possible with credit cards and don’t have to worry about one of thousands of merchants stealing or leaking their credentials.
For complex risky cases one can always resort to a trusted 3rd party (escrow) that provides dispute resolution and chargebacks. But it is not needed for everyday purchases from well-known merchants.
I’ve been to California last weekend for a Bitcoin 2013 conference in San Jose. On my way there I was experimenting with telling about Bitcoin to various merchants: small shop owners, taxists, hotel managers and one retired banker on my flight back.
It turned out that Bitcoin makes them really interested when you say just one thing: it is a digital money that I cannot take back from you. They like that immediately because they know just how painful credit cards are: there are licenses, high fees and you still risk losing money.
The next thing I say is that Bitcoin is easy to start accepting because there is no one to ask permission from. You can keep your own account on your computer where it can’t be frozen or even seen by anyone.
I finish the pitch by saying that transaction fees are zero or near zero and usually fixed: sending either thousands of dollars or 10 cents is often free.
This makes them really enthusiastic. No one starts asking technical questions (if you are not computer geek you would have to trust experts anyway). Instead, they start asking how you buy and sell bitcoins.
I always warn people that USD or EUR price is floating and highly volatile and they can lose all coins by forgetting the wallet password or having a virus. But that does not stop their enthusiasm: if you sell your service for bitcoins and then sell them for dollars right away, that’s not a big issue. By accepting Bitcoin they can remove 3-5% fees and 1-5% chargeback risk (and thus increase profits significantly). That’s a very refreshing idea to those who feel the pain of selling stuff very personally.
No one was much concerned about deflation, investment or technical details. They cared most about cash flow and everyday costs. From that perspective Bitcoin is a fantastic low risk and low cost payment channel. And it is immediately recognized as such.
When writing about Bitcoin many journalists use certain phrases that are not quite correct and do not explain anything to everyone else. Dear journalist, if you read this short article you will finally understand what are you talking about and outperform 99% of your colleagues.
In a short paragraph, Bitcoin can be described like this (you can take my text without asking):
Bitcoin is a payment network with its own unit of account and no single controlling entity behind it. Users make transactions between each other directly and verify them independently using cryptographic signatures. To prevent duplicate spendings, many specialized computers spend a lot of computing power to agree on a single history of transactions. Due to historical reasons, this process is called “mining” because new bitcoins are created as a reward for performing this work.
Anyone who validates next block of transactions can claim transaction fees and a fixed amount of new bitcoins. Transactions are validated at a constant rate (10 minutes in average) and every four years allowed amount of new bitcoins is halved. This means that the total amount of bitcoins is limited by the protocol (21M total, 11M already created). Transaction fees are not fixed and determined by the market.
Bitcoin mining is secondary to the whole idea and the term “mining” is unfortunate (early Bitcoins were generated before anyone was doing any transactions yet, so the whole process was called “mining” instead of “paying for transaction verification”).
One common pitfall is to start talking about mining without describing its real purpose. It is not to generate new units (who would need them?), it is to validate transactions. Bitcoins are valuable only because of robust payment network which is maintained by the miners. And miners get paid for their work in form of transaction fees and newly generated bitcoins.
Second common pitfall is to say that miners “solve complex algorithms”. They do not solve anything. They do two things: transaction verification (checking digital signatures and throwing away invalid and duplicate transactions), and a long and boring computation which means a repetitive computation of a well-known algorithm with slightly different input until a “good enough” number appears as a result that will be accepted by other users as a proof of performed work. This has nothing to do with “math problems” or any other intellectual task. It is merely a way to guarantee that the resulting number really took some time to produce. This allows people to build a single chain of transactions and see that it would be economically impossible to produce a parallel chain (without trusting each other personally).
The last pitfall in describing mining is saying something like “tasks are getting more complex over time”. Tasks are not getting any more complex. The are all the same and not complex at all (any amateur programmer can understand them). But the difficulty of a boring “proof of work” is adjusted by everyone every 2 weeks to maintain the same rate of transaction validation (10 minutes). If people throw more resources at mining, difficulty will rise. If mining gets less profitable, some computers will be shut down and the difficulty will get lower. If a miner produces a “proof” which is not difficult enough, it will not be accepted by other users.
The last point is related to amount of units available. In fact, “1 Bitcoin” is a name for 100 million smallest units, thus the total amount of units ever possible is around 2100 trillion. Alternative currencies based on Bitcoin source code sometimes advertise more units (e.g. Litecoin has 4 times more), but the difference is only in names and divisibility of the total money supply, not in actual value (if you cut a pie in 10 pieces instead of 5, the total value does not really change). So it would be fair to mention that 1 bitcoin is much more divisible than dollars and euros.
Hopefully, this knowledge will help you to avoid common mistakes when writing your article and make some friends in enthusiastic Bitcoin community.