Oleg Andreev

Thanks to Bitcoin scripts (little programs specifying conditions under which a transaction is valid), people can come up with many sorts of never-seen before protocols. Multi-party escrows, “nash equilibrium” insurance deposits, rapidly adjusted micropayments, crowdfunding etc. All of these require multi-step actions from a user’s application which holds the private keys.

Today such applications are very simple: they only support sending and receiving money on “addresses”. Anything more complex is just not supported by general-purpose wallets. If one comes up with a new protocol, they either have to extend existing wallets, or make their own, or simply have a server doing the work (which defeats all the security promised by a decentralized protocol in the first place). These options involve basically redoing wallet and key management from scratch and introduce a lot of extra hassle for the users.

A good compromise between the impossible Most Universal Bitcoin Wallet and millions of specialized wallet apps would be a system of JavaScript plugins. Each plugin is a short single file of JavaScript code that is executed in a very restricted environment. Why JavaScript? It is the most ubiquitous scripting language with flexible implementations on most (if not all) major platforms.

A JavaScript plugin is cryptographically signed by multiple auditors and wallet app always verifies the integrity of each plugin when executing one. Every plugin can only be invoked explicitly by the user. The wallet, not the plugin, shows a summary of what is about to happen (“you are going to send 0.34 BTC in this transaction”). A single plugin is invoked when a particular kind of contract is initiated or needs an update. Plugin state is not only isolated from other plugins, but from each contract as well.

This is how it may look like. Take for a example a simple escrow. You send money to 2-of-3 multisignature script, where two keys belong to you and your counterparty and the third key belongs to a semi-trusted third party which may act as an arbiter if needed. When the contract is completed, depending on the result, user must be able to provide a signature for a particular outcome (either money goes to a counterparty, or back to the user, or only a portion is refunded).

The plugin may implement this by using two kinds of inputs: creation of a contract and completion of the contract. For each state, plugin checks the integrity of the data (e.g. “contract can be completed only if it was started by me in the first place”) and provides data with compact informational messages to the user. Plugin does not implement the UI. It should be done by an external application or a website with which the user interacts. For confirmation of the action, plugin can only provide compact description like “Unlock 100% of funds to Buyer Inc.?” or “Refund 90% to your address 1RefuNd3eBnt66345…?” Once confirmed, the result is sent back to the application that requested participation in the contract.

For security reasons, plugins should be very compact, easy to read and understand, not use dynamically linked external libraries, not have any access to external devices, file system, network etc. A plugin may be bundled with static data like images or localization strings, all covered by the code signature and verified by the wallet application on each run.

More details on how this could be done and what the API may look like will follow.

По-русски: http://bitnovosti.com/2014/01/02/cryptoanarchy-and-anonymity/

Crypto-anarchy is not some crazy utopian ideology, but a very viable thing that unfolds in front of our eyes this very moment. The Internet and Bitcoin will soon allow people solve social problems in a novel way: instead of ancient formula “the strongest wins and beats the shit out of the loser” we all can achieve a peaceful society where both rich and poor, strong and weak can protect their property and freedom on more equal grounds without relying on violent institutions like governments.

But first, lets start with some history.

Cypherpunk movement started as a mailing list in 1992. In 1993 Eric Hughes publishes a “A Cypherpunk’s Manifesto” [1]. In 1994 Timothy C. May publishes “Cypherpunks FAQ” [2].

Here’s an excerpt from the FAQ:

2.3. “What’s the ‘Big Picture’?”

Strong crypto is here. It is widely available. It implies many changes in the way the world works. Private channels between parties who have never met and who never will meet are possible. Totally anonymous, unsinkable, untraceable communications and exchanges are possible.

Transactions can only be voluntary, since the parties are untraceable and unknown and can withdraw at any time. This has profound implications for the conventional approach of using the threat of force, directed against parties by governments or by others. In particular, threats of force will fail.

What emerges from this is unclear, but I think it will be a form of anarcho-capitalist market system I call “crypto anarchy.” (Voluntary communications only, with no third parties butting in.)

In 1994 Nick Szabo coins the term “smart contract” [3] and describes all use case categories that are talking about today: from digital cash to synthetic financial assets and smart property.

In 1998 Wei Dai & Nick Szabo came up with the ideas for “b-money” [4] and “bit gold” [5] during their conversation on the libtech-l mailing list. Wei Dai captured the essence of the movement in an immortal quote:

I am fascinated by Tim May’s crypto-anarchy. Unlike the communities traditionally associated with the word “anarchy”, in a crypto-anarchy the government is not temporarily destroyed but permanently forbidden and permanently unnecessary. It’s a community where the threat of violence is impotent because violence is impossible, and violence is impossible because its participants cannot be linked to their true names or physical locations.

In 1999 Nick Szabo coins term “intrapolynomial cryptography” [6] for the entirety of proof-of-work algorithms and describes what we call now a “private blockchain”, a chain of property ownership enforced by a consensus of “property club” members [7]. The latter article is especially valuable today as it explicitly states that the job of voting in the consensus mechanism is used only for secure execution of the agreed-upon rules and database replication, but not for changing the rules themselves.

In 2004 Hal Finney implements a RPOW server [8] (“Reusable proof of work”) inspired by the bit gold proposal. The RPOW scheme uses a secure processing module that simultaneously acts as a mint and as a custodian for the ledger of proof-of-work tokens.

In late 2008 Satoshi Nakamoto publishes an overview of Bitcoin [9] and on January 3rd, 2009 releases the code and begins the blockchain.

Bitcoin is the exact implementation of the system envisioned by Tim C. May, Wei Dai and Nick Szabo. The only requirement is for transacting parties to remain anonymous. If there’s no trace to physical persons, there is no place for the violent intervention and thus the contracts can only be enforced according to the voluntarily agreed-upon rules between the parties. Bitcoin allows encoding these rules right in the transactions so they are automatically enforced by the whole network.

In practice, we cannot imagine living in full anonymity. Human beings live in a physical world and enjoy a lot of physical things. Anonymity is not something you can easily manage like a single encryption key. It must be maintained via careful dissemination of one’s actions among actions of others. And since the network activity is easily recordable, one mistake is enough to reveal oneself. In other words, the cost of anonymity is rather high compared to the benefits. Does this mean crypto-anarchy is an utopia?

I would argue, it’s far from it. Cypherpunks being rigorous scientists made a much stronger assumption than needed in practice. For transacting parties it is enough to have costs of cheating (e.g. resorting to violent coercion) meaningfully higher than the cost of following the contract (that is, keeping the promise). If that condition holds for the majority of interactions in society, there will be a great incentive for people to protect themselves against remaining rare cases of cheating thus keeping the system sustainable. Anonymity is simply one of the ways to raise the cost of the attack.

Bitcoin raises the cost of many kinds of attacks, going far beyond protecting against central banks meddling with money supply.

First, all sorts of computational services will flourish. Machines never need to disclose their physical locations and can freely automate both payment verification and payments themselves. Denial-of-service and spam can be largely eliminated by simply requiring a smallish payment for every request.

Second, personal services can be protected by peer-to-peer insurance deposits [8] that literally raises the cost of cheating by making both parties agree to a greater sacrifice (“bilateral insurance deposit”).

In a similar manner, crowdfunding can be fully insured by allowing raised funds to be reverted if the majority of shareholders decides to do so.

Finally, systemic predation by the state becomes economically impossible. Most modern states fund themselves by debasing money supply (also known as “bond issuance”, “budget deficit”, “inflation”, “quantitative easing”, “stimulus package”). Bitcoin-based economy simply does not allow this as it is very cheap to store bitcoins and verify transactions yourself and completely avoid all kinds of fraud associated with modern banking. As central banking disappears from the state’s arsenal, federal government activities including wars become unfunded and quickly come to an end.

Local governments may continue their operations funded by local taxes, but that would become increasingly voluntary. Extracting bitcoins costs much more than protecting them. There is no highly centralized and monitored banking network, so it’s much harder to track taxable transactions. Every additional tax evader defunds the local police department and makes it safer for the next person to underreport earnings if he wishes to do so. Considering that the law enforcement is paid only a small portion of the total budget to be extracted (50% goes to bureaucrats and the rest to other public services), consistently extracting bits of information from millions of individuals is unsustainable in the long run. If anyone is good at stealing bitcoins, they are much better off doing it alone and taking all profits for themselves.

Governments, of course, can also tax in kind (like your underreported Ferrari or a house), but this would be even costlier than seizing any kind of money and those costs must be paid by the state in bitcoins that it does not have to start with.

If this speculation does not sound to you like a complete lunacy yet, here is the fun part. Most governments are completely broke already and can only pay with the IOUs they print. When people start a massive run for bitcoins to protect their wealth, everyone will be able to earn bitcoins for their work, except those who work for the government. Policemen, public school teachers and alike will be the first ones to notice prices rising faster than their salaries. They will be the first ones to switch jobs or become largely corrupt on all levels, like it was in Russia after the fall of the Soviet Union. Bureaucrats will smell the approaching panic and, instead of trying to retain control over the employees, will privatize as much public goods as possible. Again, exactly like during the fall of the Soviet Union. People will see how all promised public services are either abandoned or stolen, and this time everyone will have a method to protect their own property and do business voluntarily and in an even safer and cheaper way than before. Crypto-anarchy will quickly become a boring reality without the need for anyone to remain fully anonymous.

[1] http://www.activism.net/cypherpunk/manifesto.html

[2] http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.txt

[3] http://www.virtualschool.edu/mon/Economics/SmartContracts.html

[4] http://www.weidai.com/bmoney.txt

[5] http://unenumerated.blogspot.co.uk/2005/12/bit-gold.html

[6] https://web.archive.org/web/20011217091748/http://szabo.best.vwh.net/intrapoly.html

[7] https://web.archive.org/web/20020202165211/http://szabo.best.vwh.net/securetitle.html

[8] http://cryptome.org/rpow.htm

[9] http://bitcoin.org/bitcoin.pdf

UPDATE on March 22, 2016: correct attribution and timeline for Nick Szabo’s proposals.

More people are willing to “invest in Bitcoin”. Before doing that they need to understand what it is and what it isn’t. Someone asked me if it’s okay to “invest in BTC for a year at current prices”. This way to put it is to admit that you do not understand the value of Bitcoin. You will buy at $1000 and sell all at $800 during a sharp reaction to some piece of bad news. Don’t do that.

Bitcoin is a great bet. If most people own a little bit of Bitcoin, we will wake up tomorrow in a new world. If they don’t and everyone goes home, your investment is fundamentally worthless. Bitcoin is as pure as money can ever get: it’s either a global standard, or it’s purely an object of art valued by few. You do not invest in Bitcoin, you switch into it.

If Bitcoin becomes the world money, people will massively sell off their currencies, gold, silver and some low-risk investments (like bonds or extra real estate). Rough calculations give us a figure higher than $10M of today’s dollars per bitcoin.

But what fascinates me personally about Bitcoin is not a nice monetary reward, but a transformation in our society that comes as a side effect. Even if me and you put no money in Bitcoin today, our lives will be so much better if Bitcoin wins.

Real Bitcoin value proposition is in removal of large-scale destruction and giving an unseen before amount of economic freedom.

As an example, the total debt of the U.S. government is $17 trillion and growing [1]. This debt is owned by the banks that create dollars in exchange for that debt. Government simply promises to pay off this debt with the same money (plus interest) that it is supposed to extract from the taxpayers later. It’s not only impossible economically, but it’s logically invalid. To return more debt-based currency, they’d need to issue even more debt.

You may think these numbers do not affect you personally, but consider what this money is being spent on. Total cost of the war in Iraq since 2003 is an astonishing $6 trillion [2]. Almost one third of today’s total debt. During this war more than 1 million people were killed [3]. In other words, folks working in military earned $6 million per one person murdered.

Ask yourself, who gave these trillions for the war? What investors thought it might be a good idea to invade Iraq, lose a bunch of money and have people hate you? The answer is that there are no investors. All this money is being made up by the central bank in exchange for more government debt. And due to tons of laws, regulations and taxation people have to accept this funny money for their work.

Bitcoin does not allow this. It’s a single, absolutely transparent ledger where anyone can see how money is being created. There’s a fixed supply which cannot be increased overnight by a single man. If people adopt Bitcoin as their standard money, governments would have to pay for their wars from taxes. And people will feel how their taxes actually work. Not even mentioning that taxes will be much harder to extract if peaceful citizens decide to oppose their government. By simply being a world money, Bitcoin will prevent massive murder and destruction. This alone is worth making a bet on, in my opinion.

After removing disastrous wars, people will find themselves not only in a safer world, but also with even more opportunities. Anyone can trade with anyone else on the entire planet, absolutely safely, anonymously or publicly. Every teenager can join the global market whenever he wants. Every person can save money for a rainy day without Paul Krugman telling him why it’s good that his savings lose in value. Every business is more protected against racket by having secure cash as an ultimate insurance against temporary losses. Programmable contracts [4] allow incredible new business models that are otherwise impossible, lowering the cost of lawyers and auditors. The entire internet will shift from advertisement to more directly funded services as micropayments become viable.

If you understand all of this, you should desire these changes and participate in them. If you don’t agree with me, you should not invest in Bitcoin at all. You can’t have just a cute payment protocol without all global consequences that necessarily follow. Bitcoin is a single package: either it completely fails, or it turns all people into wealthy peaceful anarchists.

[1] http://en.wikipedia.org/wiki/National_debt_of_the_United_States

[2] http://en.wikipedia.org/wiki/Financial_cost_of_the_Iraq_War

[3] http://en.wikipedia.org/wiki/Casualties_of_the_Iraq_War

[4] https://en.bitcoin.it/wiki/Contracts

Nick Szabo:

“Often the protocol designer can’t figure out how to fix a vulnerability. If the attack one needs a trusted third party to protect against is not a serious real-world threat in the context of the application the designer is trying to secure, it is better to simply leave the small hole unplugged than to assign the task to a trusted third party. In the case of public key cryptography, for example, protocol designers haven’t figured out how to prevent a "man-in-the-middle” (MITM) attack during the initial key exchange. SSL tried to prevent this by requiring CAs as trusted third parties, as described above, and this solution cost the web community billions of dollars in certificate fees and lost opportunities to secure communications. SSH, on the other hand, decided to simply leave this small hole unplugged. The MITM hole has, to the best of my knowledge, never even once been exploited to compromise the privacy of an SSH user, yet SSH is far more widely used to protect privacy than SSL, at a tiny fraction of the cost. This economical approach to security has been looked at at greater length by Ian Grigg.“

http://szabo.best.vwh.net/ttps.html

Some people say that volatility of Bitcoin prices makes it poor “store of value”. You never know how much exactly do you have today: $10500, $9600 or $11201. When you pay for something you may pay 5% more than what it was just a minute ago. Or, if you are a merchant, you may receive 5% less than what you expected. That could be a problem.

We asked experts and got some evidence that it is not quite correct. Bitcoin has been a great store of value over the past 4 years. Almost everyone who invested in Bitcoin and kept it for more than a year enjoyed gains from 200% to 4000%. This means that 10% daily volatility is no longer a problem. When you pay with Bitcoin you enjoy more than 90% discount. Who cares if it’s one day 91% instead of 93%?

Similarly, merchants who consistently accept bitcoins and keep most of them around are compensated for small losses on volatility with big gains on their savings. For the past two months I was paying for bagels nearby with bitcoins and half of the time the price was going slightly down one hour after the payment. However, in overall, the guy accepting them finally made more than three times what he would receive in euros. Of course, last two months were better than in average, but over a one-two year period everyone was better off no matter when they invested.

Those merchants who do not want to invest in Bitcoin, but wish to enjoy zero-fee transactions without fraud, can use BitPay or Coinbase.

Bitcoin is both volatile and is a great store of value so far.

PS. This is not an endorsement to buy Bitcoin. You should not do that based only on the price history. If it was a Ponzi scheme or a huge bubble, the price would look the same. You should only invest if you study what Bitcoin is and how important it may (or may not) become in the future. Otherwise, do not put more than a dollar in it.

Arguments for Litecoin are fraudulent.

TL;DR: there’s no important difference between LTC and BTC and only one of them can win over another, because, other things being equal (which they are) people want to invest in the most liquid money: that is, with the biggest number of folks willing to hold it. LTC can’t be “silver to bitcoin’s gold”, because both LTC and BTC have exactly the same risks and costs. Either LTC wins over BTC, or BTC over LTC.

I’ll elaborate.

Litecoin/Bitcoin/Shitcoin are all long-term bets. I myself don’t speculate on daily basis, most of us bet for value of these things in the multi-year time frame. So let’s focus on that.

1) In long term security is not measured in “block interval time” or number of blocks. It’s measured in amount of money to be spent on double spending. Today hashrate of Bitcoin is many-many times more expensive than that of Litecoin. So one block confirmation in Litecoin is not just 4x less secure, but hundreds times less secure: you need smaller investment to fork the chain, than with BTC. So anyone who brings up security argument is lying to you.

2) Litecoin is not “faster” either. For the same level of security as in BTC, you have to wait hundred times longer (see #1). Instant transactions are the same and also less secure than in BTC: zero-conf, with less nodes and less connectivity between them to limit double-spend attempts. Anyone bragging about “LTC being faster” is a liar. It can only be slower due to less number of nodes and currently lower hashrate, not faster. LTC can only be faster if BTC is being abandoned and people switch to LTC.

3) “Scrypt protecting against concentration of power due to ASICs” is bullshit. If LTC wins over BTC, there will be ASICs and whole factories making chips and plugging them in on-site right away. Just like it will be with BTC or ShitCoin or else. Long-term LTC is either dead or is full of chinese ASICs, like BTC. Anyone arguing otherwise is a liar.

4) “Scrypt more secure than SHA256” is bullshit in the context of mining. If there’s a better optimization in SHA256, it’ll be like a better hardware. But this can equally happen to Salsa in Scrypt too. If the breakthrough is significant, all BTC stakeholders will vote for adjusting the protocol to fix the problem, not lose everything by panic selling. Huge price of BTC is a great motivator to find the weakness in double-round SHA256 and mine faster. Every day it doesn’t happen is only a practical proof it’s as good as it can be (just like Scrypt or whatever), everything else is unfounded FUD.

5) “More fair distribution of wealth” - this is unfounded FUD. For average Joe, LTC is less widely accepted, so its concentration, however “fair” it was, is still higher than in BTC. And who knows how much of early mined BTC are lost forever (we know that’s a lot) or were sold during 2011 bubble and slow price rundown the same year. I bet very few were sticking to their holdings that time and thus were taking huge risks “fairly”.

6) “Diversification” (based on all points above) - newbies who don’t know economics are made to think they diversify by investing in some altcoins. But the risks and costs are all the same for all coins. If Bitcoin is completely broken, most likely altcoins are broken for the very same reason. Otherwise, all Bitcoin holders will simply agree to upgrade the protocol. Especially so as Litecoin is on the same codebase.

The only real argument about LTC and BTC is that there’s no functional difference between them. LTC could only be 4+ times costlier to miners due to faster blocks and more “decentralization” of individual miners (slower connectivity, faster blocks => more orphans). If LTC was released before BTC and took off, everyone would be using LTC no problem. The only thing that matters here is liquidity, number of holders of money. If people are betting it is BTC with more hands, they send a signal to others about that by holding too. This moves all the “cryptoinvestments” into BTC in long term. If people see that LTC is gaining more hands, then everyone will converge on LTC. LTC and BTC cannot coexist together, it makes no economic sense both for miners (who want to invest 100% in the most valuable currency in long term) and for users (who want money only because it’s widely exchangable for many goods at any later dates).

Right now there’s a lot of excitement about Bitcoin and not many people understand economics. Some folks are lied to and “diversify” into altcoins, which gives them short-term bubble. But in years to come, when they see, that Bitcoin has bigger adoption, they’ll move their savings to BTC and then all altcoins will crash. Or for some mysterious reason BTC will not be viable and people jump to LTC en masse and abandon BTC.

People often talk about privacy problems with Bitcoin: all transactions are public and every move is watched by millions of eyes. Where’s a problem, there’s a solution.

Lets first define the problem more rigorously. There are two situations (ok, three) when you want to launder your coins.

First: you receive monthly salary on a single address and then want to do regular purchases with it. When buying a cup of coffee, shop owner will see how much money do you have which might be unsafe.

Second: you want to buy something expensive, so you have to combine “change” from various addresses in a single transaction. This may link many of your private payment histories in one. Someone may connect the dots and make a full profile of a single person: what he eats, where he travels and so on. It’s being done with credit cards already and people seem not to like it very much.

Third: you sold something anonymously and your payment is being watched. If you later spend that money in the open, your identity may be revealed.

Bonus track: some people think that “money laundering” is not sinful enough, so they invented “structuring laws”, that is laws that forbid not only buying bad things, but also to hide the monetary trails even if you don’t do anything illegal at all. If your method to launder bitcoins is screaming “LAUNDERING” on the blockchain (like with Zerocoin, using shared addresses or CoinJoin transactions), it’s not good for you. You may get your privacy, but you also go to jail for “structuring”. To be a law-abiding citizen you should not hide your financial history. The rest of this article is for pure entertainment only.

To address all of these issues we need to disperse and mix the funds in way that their source or destination becomes statistically indistinguishable form any ordinary transaction.

You might do that with these ingredients: discover, insurance, split and swap.

Disclaimer: this is not an advice, it’s a technological overview for all those who are interested in privacy aspects of Bitcoin. Anyone can implement this or come with even a better idea. This is not even my original idea. I recommend governments to shut down the entire network to prevent people from doing nasty things with Bitcoin. At the same time, there’s an opportunity to use this scheme by undercover FBI agents to detect anyone mixing their bitcoins. Dear reader, please obey the laws and be good, socially responsible person.

Step 1: Your wallet app discovers random nodes on the P2P network (other instances of the same app) and posts a request to launder some bitcoins. When two wallets meet with similarly sized requests, they exchange information about some of the available coins. Each of them does statistical analysis of those coins and decides if the coin is “good enough”. For instance, if this coin’s history correlates as little as possible with the histories of the coins already owned.

Step 2. When both nodes like each other’s coins, they enter an insurance contract. Each party locks up equal amount of coins in a single special transaction where coins can only be unlocked atomically and by mutual agreement. At the same time, each party can destroy both deposits (e.g. in case of timeout or misbehaviour of another node). Amount of each deposit should be 200-300% of the amount to be exchanged. I wrote about such contract here: http://blog.oleganza.com/post/58240549599/contracts-without-trust-or-third-parties

Step 3: Each node splits their coin in two parts. One part is to be exchanged now, another part is to be exchanged with some other node later. Parts of the coins should be equal. (This produces some correlation detectable on blockchain, but that’s easy to fix with multiple independent transactions instead of just one.)

Step 4: Each node tells another one an address on which to send a part of the coin. Each of them does that transaction. All the other nodes don’t know about this swap of coins and therefore cannot link them together. If your coin was “tainted” (watched by adversary), half of it anonymously goes to someone else and in return you get some absolutely different coin. Insurance contract prevents a node from receiving a payment, but not making a payment back. Since there is no human supervision, anyone trying to cheat the scheme will get punished by an automatic destruction of his deposit (which is worth much more than just received money).

During one session (one insurance contract), nodes can swap more coins until they run out of coins or cannot provide each other with a statistically good ones. When the session is over, insurance deposits are unlocked and nodes go talk to other nodes.

Think about it this way: you split all your money in 1000 pieces and send them to 1000 different random strangers via regular, statistically innocent transactions. In return you get 1000 pieces from all around the world, that are not connected to each other in any meaningful way. 10 rounds splits money into 1024 portions, 20 rounds into over a million. In a short period of time you never expose more than a fraction of your funds and never receive more than a fraction of someone else’s history.

How does this address our examples?

When you receive a monthly salary payment, you mix it with 1000 random users and in return get 1000 smaller pieces. It’s like exchanging one $1000 bill for a thousand $1 bills. Then, you can go buy your coffee and no one will know how much money do you have.

When you need to spend a lot of money at once, you do the same: take all your small coins, swap anonymously for other small coins and make a single payment. Your individual spending histories will be dispersed among thousands of random people. And the recipient of your payment will link together totally uncorrelated histories having nothing to do with you personally.

Finally, if some of your money is being watched (“tainted”), it will be moved to someone else completely. You yourself has little risk of getting someone else’s tainted history because you never get more than 0.1% of it due to multiple rounds of splitting.

The UI for this can be quite simple. You install a special kind of wallet, load it with bitcoins, connect to the internet and click “Mix coins”. Next morning all your coins are perfectly mixed with thousands of random strangers.

Again, this is not a ready solution, but a theoretical possibility for those who are interested in solving puzzles. Don’t use this if the law forbids it. The law is very important.

See more questions and answers in this discussion on HN: https://news.ycombinator.com/item?id=6787603

Bitcoin will eventually replace gold as a globally recognized “store of value”. Gold prices will go down 90-95% to the levels supported by the use in production as “reservation demand” for gold would essentially disappear.

When Bitcoin becomes the world money there will be little reason to own gold. Bitcoin is as limited, as fungible and as non-counterfeitable as gold. It’s even cheaper to verify, store, transfer and divide.

Gold is always as difficult to protect as it is to confiscate. It’s symmetrical. That’s why throughout history only the strongest were accumulating gold. Pirates were robbing merchants, kings were robbing pirates. In the end, massive amounts of gold are owned by the biggest governments and banks. Small folks can only reliably own as much gold as they can keep in their own hands. (In 1933 US government confiscated most of the gold owned by population as an “emergency measure” in a declared attempt to save failing economy: http://en.wikipedia.org/wiki/Executive_Order_6102)

Bitcoin is asymmetrical. It’s much cheaper to personally own it and keep safe, than it is for someone to come and confiscate it (regardless of the amount you have). If you buy some bitcoins from 100 random people, there’s no one except you to know how much you have. There’s no big shiny vault to attract thieves, no bank account for TLAs to peek into. You can perfectly back it up in 10 places, split the encryption key to 10 of your closest friends and even put some money in a “brain wallet” that has no traces anywhere at all.

A friend of mine, Steve, noted that gold-backed economy logically evolved into the mess we are now. Libertarians who advocate return to the gold standard do not realise that the gold standard was the reason of accumulation of gold in few of the world’s biggest banks and everyone else getting worthless IOUs positioned as “sovereign currencies”. Gold is heavy and expensive to handle: only the wealthiest can afford to save a lot of it. And equally to take it by force from less powerful.

Bitcoin changes all of that. Like cryptography, which gives everyone possibility to have privacy, Bitcoin gives everyone equal possibility to save money and use money as they please. Without worrying if someone takes it from them, or censors their transactions. Rich and poor can have equal protection of whatever they earned.

Yes, if someone is against you personally, they will find a way to get you. But massive-scale theft and controls become way too costly. Inflation and QE robs savers without knocking on their doors. Capital controls and bank bail-ins need a discussion with just a couple of bankers, not millions of actual depositors. Taxation happens automatically on the level of the banking system as it’s used both for storage and transfer of money. When everyone personally holds bitcoins, it’s much easier to protest against taxation if it’s unfair or ineffective, it’s possible to avoid capital controls and it’s impossible to redistribute wealth by printing more money.

Bitcoin economy is not a revolution in a sense of violent redistribution of wealth in a “fairer” manner. It is a leap forward by forgetting about how much was destroyed or stolen and focusing on how much can be preserved and protected. It’s a truly peace-making tool for the whole humanity. People who think about Bitcoin as only a money-moving tool, or a get-rich-quick scheme grossly underestimate it. It enables much more than what the web gives. The web gives us freedom to exchange information. Bitcoin gives us freedom to exchange everything.

People are always wondering how safe is buying Bitcoin if there are constant heists on exchanges and no website has perfect reputation. They draw analogy with the banks: which organisation can I trust to handle my money?

The right answer is: with Bitcoin you don’t need to hold your money on an exchange for longer than a minute. You wire your government currency to an exchange (bitstamp, coinbase, bitcoin-central, btc-e, kraken, btcchina), buy some bitcoins at a current price and move them hell out of there to your personal wallet. The exchange can be hacked next day, but it won’t matter to you. You are not storing money there anymore. Your private keys are only stored in your encrypted backups and only you know the password. As long as the applications you use are not infested by viruses or backdoors, and you have enough of separate physical backups, you are pretty safe. PS. Don’t use Windows!

Another question people ask: why can’t I simply use my Visa card like I do with the rest of my purchases? Or PayPal. The answer is because this money is never owned by you and all transfers are reversible. Bitcoin transaction is confirmed by the network and buried in the blockchain in 10 minutes. Visa transaction is reversible within 90 days. There were people who tried to sell Bitcoin (ultra-liquid asset that you can own) for PayPal (highly controlled asset that is owned by a chain of banks and payment processors). People grab your bitcoins and call PayPal to reverse a transaction (“someone stole my password!”).

People who start learning about Bitcoin should understand one thing. You don’t own your usual money. You may own paper bills to some degree, although, government does devalue them all the time by printing more of them and restricting movement of large enough sums. Your bank account you don’t own at all. Even wire transfers may get reversed, although, rarely. All your transfers are basically promises from one banker to another. The entire banking system is a complex network of mutual promises not backed by anything except desire to not break the law (yet another system of promises to reward or to punish). And these promises are being broken or revisited all the time on every level. Laws and regulations are not consistent even with each other, not only with every particular decision.

Bitcoin, on the other hand, is like air-thin gold on steroids: you can fully control your transfers and the entire network forces everyone to follow very strict rules to ensure validity of all bitcoins and the rate of their creation. The shitty C++ code of BitcoinQT (original and the most used client) is infinitely more compact, rigid, logical and consistent than all regulatory environment with millions of account managers in the entire financial system.

You can also own gold, but that ownership comes with huge costs and risks. Someone needs to guard the vault, transport the vault, verify the purity of the bars and coins. All of this makes it impossible to use gold in the global economy. Which is precisely why we arrived at the modern all-controlling banking system — it grew up out of the necessity to reduce costs of handling gold by entrusting it to the biggest vaults. To use gold as money you have to trust someone to store or transfer it for you. So you are back to the current very fragile system.

The only money you can truly own today regardless of the amount is Bitcoin.

Next Monday, on November 18th, 2013 the Congress of the United States will have hearings on Bitcoin. How it works, what it means and what government should or can do about it.

Here is a gist of what a lawmaker should understand about Bitcoin.

1. Bitcoin is a protocol without central managing organisation. Anyone can issue currency and validate transactions from any place in the world. Censoring transactions will be as effective as stopping Bittorrent file sharing. Technologically, Bitcoin is impossible to control or shut down (in practice and to high degree in theory too).

2. Bitcoin tracks every transaction in a public ledger. If you know identities of certain addresses, then a transaction between them is publicly visible and acts as an immediate proof of activity between these identities. However, identities are not recorded in the ledger and anyone can use as many addresses as they like. Many wallet applications automatically create new addresses for every transaction.

3. Bitcoins can be very effectively split in small pieces and mixed between large number of users thus making any statistical analysis almost useless. So far there are no easy and cheap practical ways to do that, so not many people bother. But that’s entirely possible nonetheless. Those who need to protect their privacy will do so easily as soon as some serious attacks on privacy emerge. It’s similar to how Bittorrent magnet links appeared after attempts to shut down Bittorrent trackers. Now nobody needs a tracker at all to discover available files and access them. Bitcoin mixing will become built-in feature in many free wallet applications if it will become much needed.

4. Bitcoin protocol rules are enforced by the entire network of millions of computers. Changing the rules by one computer will not allow it to participate in the rest of the network. If transaction is not considered valid by everyone, it will be accepted by no one.

5. Black market will become even bigger with Bitcoin. Everything that law enforcement cannot reach will be even safer to trade and many more activities will become possible with Bitcoin that were not possible before.

6. Regulations may realistically only affect law-abiding consumers and producers. And the only thing they can do is to increase friction and costs for both of them. Some legit businesses under regulations will become impossible, while others will go to the black market or foreign jurisdictions.

7. Forbidding Bitcoin completely is just a degree of regulation. It will have no effect on black market that will only grow, but it will shift innovative businesses to other jurisdictions, where there is more freedom. Today, Argentinian government imposes strict capital controls and inflates their currency and forces people to get dollars and bitcoins on black market. Since Bitcoins are much easier to sell and use than dollars, they are being deployed much quicker. If that continues, bitcoins and dollars will completely replace pesos in the entire economy and the government will go bankrupt.

Policymakers are interested in preserving their image of people who protect citizens and need to collect taxes to keep the government running. If one needs to keep innovation and growing wealth within a country and tax it, then Bitcoin transactions should be left as free as possible. Regulators should provide clear and simple guidelines on how to report all taxable revenues and provide assurances that businesses are free to transact as efficiently as they can, provided they pay their taxes. Anything more than that will only increase the size of black market or shift wealth to other places (thus reducing tax revenues for the government).

Countries that embrace Bitcoin will attract enormous amount of capital in a very short period of time. Countries failing to do so will quickly lose that exact amount of capital.

When the world starts using hard non-depreciating currency, people will keep savings in it instead of risky or non-liquid investments like jewelry, houses and stocks.

If the currency is programmable (Bitcoin), then the savings are programmable too.

Programmable savings can be used as a great collateral in all sorts of social interactions.

When two persons sign a contract they can mutually lock up some portion of their savings “in the air” as a collateral without using any third party for that and without relying on a powerful dispute mediator (maybe only for consultation, but not for enforcement). Each party can destroy both collateral deposits which creates an incentive to peacefully resolve disputes to mutual satisfaction.

In crowdfunded project every person on the receiving side can lock up part of his savings (that can be affected by stakeholders) before taking any amount from the fund. The collateral is released when it is “resold” to further party down the production chain.

Today directors, managers and presidents of publicly-traded companies and governments have control over not only their own money (salary and dividends), but also over someone else’s money insured only by reputation and highly inefficient government law enforcement. Programmable collateral makes it possible that every piece of resource controlled by non-owner is fully insured with real cash.

Programmable savings allow world to be much safer without any need for brutal violent intervention.

Satoshi, on June 17, 2010:

The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime. Because of that, I wanted to design it to support every possible transaction type I could think of. The problem was, each thing required special support code and data fields whether it was used or not, and only covered one special case at a time. It would have been an explosion of special cases. The solution was script, which generalizes the problem so transacting parties can describe their transaction as a predicate that the node network evaluates. The nodes only need to understand the transaction to the extent of evaluating whether the sender’s conditions are met.

The script is actually a predicate. It’s just an equation that evaluates to true or false. Predicate is a long and unfamiliar word so I called it script.

The receiver of a payment does a template match on the script. Currently, receivers only accept two templates: direct payment and bitcoin address. Future versions can add templates for more transaction types and nodes running that version or higher will be able to receive them. All versions of nodes in the network can verify and process any new transactions into blocks, even though they may not know how to read them.

The design supports a tremendous variety of possible transaction types that I designed years ago. Escrow transactions, bonded contracts, third party arbitration, multi-party signature, etc. If Bitcoin catches on in a big way, these are things we’ll want to explore in the future, but they all had to be designed at the beginning to make sure they would be possible later.

I don’t believe a second, compatible implementation of Bitcoin will ever be a good idea. So much of the design depends on all nodes getting exactly identical results in lockstep that a second implementation would be a menace to the network. The MIT license is compatible with all other licenses and commercial uses, so there is no need to rewrite it from a licensing standpoint.

When you use private keys, people trust your digital signatures because they expect that you keep these keys secret. If someone steals your keys, he can impersonate you and harm your reputation. As a precaution, whenever you feel like your keys were compromised, you can publicly revoke them (by signing a message “this public key XYZ123 is now revoked” and securely timestamping it with Bitcoin blockchain). All signatures from that moment can be repudiated and you may start using entirely new private key.

Today the iPhone 5s was announced and some people started freaking out about it collecting your fingerprints and sending to NSA. We have a lot of documentation about how NSA infiltrates companies to steal data or takes it using an order of some secret “court”, so these fears are not entirely unfounded. However, it’s even worse because many foreigners coming to U.S. (and maybe some other countries too) have to give up their fingerprints at the customs. Anyone who was brought to a police department for whatever reason was also scanned. Now mentioning corporate security systems that use fingerprint scanners for some years now. Your fingerprints could have been recorded in several places already.

The problem with fingerprints is that you only have one set of them and someone may damage you by impersonating you on a crime scene. Just like with a private keys, when you think your fingerprints could have been compromised, you have to revoke them. The solution is not to try to cut off your fingers, of course, but to publish them as widely as possible. Then, if someone uses them somewhere, you have perfect protection: your fingerprints are not longer your private property and could not be used against you.

Of course, publishing your fingerprint will diminish the usefulness of the Touch ID sensor in iPhone 5s, but that’s the price to pay when our governments keep people in jail for decades based on some biometric evidence.

EDIT: The up-to date version of this idea is presented here: http://oleganza.com/bitcoin-epita-2014.pdf Scripts are slightly different and take into account transaction malleability.

EDIT2: Video is available: http://www.bitcoinomie.fr/2014/02/18/compte-rendu-paris-bitcoin-startups-1/

This is a very powerful idea for our troubled times. I hope you will enjoy it as much as I do.

Our usual relationships are with those who have made some investment. Your friends demonstrated they prefer to keep friendship going, so you can trust them. Your local bakery demonstrated investment in their setup, employees and advertising and they want to earn that money back. So you can trust them with your money. Apple has invested billions of dollars in producing iPhones, so you send them your money via online store without worrying that they might take it an run. It also works the other way around: if you have an investment in your reputation, you may ask for payment up front and people will give it to you.

For some relationships this does not work. Sometimes you want to buy something on Ebay from a guy like you. You both don’t know each other, you have no interest in building Ebay reputation, but you wish you could safely come together and exchange stuff. Or, you are a freelance designer making a website for some small business in another country. Both of you have little ways to influence each others’ reputation. And if you have a disagreement, no one except you could reliably judge who was right or wrong.

Historically, this was solved in two ways: either by meeting in a crowded place in person for immediate exchange, or by going to a third party. Both approaches are very limited and unsatisfactory. In-person exchange bears high risk of being robbed on a way home and it does not work well with some kinds of services or across the ocean. Third party escrow is better, but it is very limited. It’s very cheap for a scammer to create many identities on Ebay and successfully cheat 5-10% of the time. Profit for scammer, loss for everyone else who now pays 5-10% premium. Also, escrow cannot be an expert in everything. If you have a complex or not very well defined contract (like in any intellectual job), you would never find a reputable agency to solve your problem (or, it would be too expensive). Usually, that would be a second party itself. For instance, a design studio.

So how would we solve it for two strangers?

Lets think. We negotiate fairly well when we maintain a status quo. For instance, before making a contract, we discuss the details and can walk away being friends because we don’t lose anything but the time spent negotiating (and that time is expended by both parties, so both have incentive to finish it sooner than later). But whenever one gets an advance, it may be enough of incentive to run away without finishing the job. Another example: if we are friends and enjoy long-term relationship, we may expect that small advances on anyone’s part are not enough to break the relationship.

Notice a pattern here?

The value of the deal should be noticeably smaller than an investment at risk.

Obviously, when none of us made any investment, we should make one. But since it is just one deal, we don’t want to make sacrifices unilaterally. We want that both of us make an investment which can be paid back to both of us at once when the deal is successfully finished.

(If you have followed my blog for some time, you already know what technology we will talk about.)

Bitcoin allows not only moving money from a person to a person securely, without risk of reversal, but it also allows expressing sophisticated contracts using its scripting language and digital signatures.

Bitcoin is the only technology that makes this possible:

1. Two parties independently lock some amount of money in a single Bitcoin transaction without meeting in person or trusting anyone.
2. This money can be unlocked only when both agree with that. If at least one party does not want to unlock the deposit, another party cannot do anything about it.
3. Both parties can unlock deposit only atomically, for both of them. No one can unlock just for himself.
4. No one else has access to the deposits and neither party can access other party’s money.

This scheme is inspired by NashX, though they are acting as a third party that we try to avoid.

The cost of the procedure is 2 small exchanges of data over the internet (no encryption required), 1-2 hours of wait time till the transaction is included in the Bitcoin blockchain (not every miner includes non-standard transactions) and a small transaction fee around 5-10 cents at current prices (110 USD/BTC), regardless of the amount in question.

How will it work? Both parties should have a fancy wallet application that automates transaction creation (we are working on that). Alice and Bob agree on the amount to be locked (typically 200-300% of the value at stake). Lets say the amount is 2 BTC. Then, Alice sends to Bob a public key and a hash of her random secret number. Bob constructs a transaction with this data and his own public key and a hash of his random number. Transaction has two outputs: one for Bob with 2 BTC and another one for Alice with 2 BTC. Bob signs his part of the transaction with appropriate amount in the input and sends it to Alice to sign hers. Alice checks that Bob has specified all amounts and included her public key and her random number hash accurately. If the transaction is correct, Alice adds her 2 BTC in the input and signs it. Transaction is never valid until both parties sign it and the sum of the inputs matches the sum of outputs (or slightly more to allow a mining fee). Once signed, Alice sends this transaction to Bitcoin network and both parties wait till it gets included in the blockchain. I will show the scrips in detail below, but before doing that, lets do some analysis.

Once transaction is in the blockchain, both Alice and Bob are 2 BTC short while the value of their contract is, say, 1 BTC.

They can still negotiate on equal grounds, but now the money at risk is higher than any advance payment anyone does. If Alice sends Bob some good before receiving a payment, Bob cannot be sure that Alice would agree to unlock the deposit if Bob does not pay her. Bob has more to lose than just 1 BTC to pay her. So he pays. When both Alice and Bob get what they want, they unlock the money and the deal is over.

Of course, strictly speaking, the victim will lose less if he/she agrees to unlock the funds no matter what, but the same logic applies to personal relationships or to two businesses with equal investments. No one can be sure if the other party wouldn’t want to wait indefinitely till the conflict is resolved or destroy the investment. To know if this scheme actually works, we have to try it and see how people behave. If everyone is always perfectly rational, then people either would never steal from each other, or always steal and agree to unlock deposits and never use such scheme again. But the real life is more complex.

We can see that both parties need to have more bitcoins locked than will be moved during the contract. This may not be acceptable in some cases. For instance, when buying an expensive house. (Cannot really put 2 houses in the escrow.) But for some expensive contracts it can still work. A contract can be broken down into 10 steps when after each step the payment is made. Then, the amount of money to be locked needs to match 1/10 of the whole price.

Now, lets see how to do that. For simplicity, lets say we have no problem of “change” (when extra money from one input is sent back to its owner using additional output script). Then transaction has two inputs and two outputs.

Each input signs the whole transaction, except for another input (using SIGHASH_ANYONECANPAY modifier) to allow another party to sign their input independently without extra round-trip.

Output scripts are symmetrical and prepared at once by one of the parties. Each output sends a predefined amount of bitcoins.

AlicePK CHECKSIGVERIFY SHA256 HashA EQUALVERIFY SHA256 HashB EQUALVERIFY

BobPK CHECKSIGVERIFY SHA256 HashA EQUALVERIFY SHA256 HashB EQUALVERIFY

Note: please find the discussion and minor improvement to the scheme here: https://bitcointalk.org/index.php?topic=273539.0

AlicePK and BobPK are their public keys (to ensure the ownership). HashA is a SHA256 hash of Alice’s secret number. HashB is a SHA256 hash of Bob’s secret number.

Each script checks that the future transaction is signed by a proper key and that both numbers are provided: number B and number A. To redeem such a script, one would need to know both numbers. Let’s say Alice and Bob finished their business and Alice sends her number to Bob. Bob does not need to send his number to Alice because he would have to reveal it in the blockchain anyway when he tries to redeem his output. Alice then can see his number and redeem her output too. If one party is not satisfied yet, they just hold their secret number to themselves.

This scheme also allows partial unlock. If both want to reclaim 80% of the deposit, they can simply create another transaction for 20% of the amount and then unlock the first one.

This scheme was never tried before, but can be very useful in many circumstances. Examples:

1. Selling things in person for cash. If both parties lock 3x the price and unlock it only when both get home, there is little incentive to steal the cash (or the good) in a dark alley.

2. Selling anything to strangers over the internet without Ebay. One party sends a product by mail. When it’s received, buyer sends back the payment (via Bitcoin, Western Union, PayPal or wire transfer).

3. Not well-defined contracts with freelancers. Customer does not really know what he wants and how to do a website, so he with freelancer lock in some amount and then have mutual interest to be nice to each other and resolve problems using common sense.

4. Airbnb without airbnb: the amount is unlocked when the apartment turned out to be what was ordered and the payment is done in full. The website now only needs to put up pictures and ratings and take a fee for that.

The possibilities are endless. The same idea can apply to a group of people to agree with another group of people on something. E.g. a “social contract” where a group of neighbours hire several guards to protect their district.

The cost of such transaction is very low. There is no counter-party risk, it allows one to remain anonymous, time to register is measured in minutes and the cost is less than a dollar. If it becomes popular, more miners will include it in the blockchain, so it will become even faster and cheaper.

I myself plan to add support for such transactions in my future wallet application for OS X and iOS. I have opened a part of it called CoreBitcoin and will build on top of it. Others may try the same or similar ideas in their own applications and services. If it turns out to be useful, we can come up with a standard way to express such contracts so even more people can use them easily.

Now, what crazy idea would you build on top of Bitcoin?

PS. David Friedman responded: http://daviddfriedman.blogspot.fr/2013/08/a-bilateral-hostage-via-bitcoin.html

In this post I address issues of competing government currencies, competing private currencies, gold, silver, bitcoin and alternative “crypto-currencies”.

We all know that variety and competion is a good thing. We all want slightly different things, value the same things differently or make different trade-offs. That’s why we have a wide variety of products, prices, quality, colors and materials on the market. Interestingly, money is different. We all want one single universal money. It may not be obvious to many people, so let me explain.

How money is different from everything else? On one hand, money is just an asset. You can produce, buy, sell or hold it. On the other hand, money is a medium of exchange. It allows you to trade your 8 hours in the office for a new iPhone. It also allows you to delay consumption decision. You can spend 8 hours of work today, but then be free to decide when and for what to spend your salary. If suddenly you need to buy a ticket to Hong Kong, you can do it without working extra couple of hours to earn it.

The function of money is to exchange the widest variety of products between each other. iTunes credits allow you to choose between many songs. This make them money to some degree. But dollars are even better money because they can buy all those songs, but also a myriad of other things as well. Therefore, people tend to keep savings in dollars, not in iTunes credits.

It seems obvious that the best money is the cheapest and the most widely recognized and accepted one. Cheapest in a sense of handling it. If your money is a huge stone you have to carry around, it is more expensive than a small gold coin (provided they both have the same price in terms of goods they can buy). Piece of paper named “gold certificate” could be even cheaper than gold itself, but carries a risk of fraud, so in some cases it could be even more expensive to hold than the gold itself.

For a huge part of the civilized human history we used two metals as money: gold and silver. They were not perfect, but universally accepted and recognized. All other things like seashells, diamonds, IOU papers were less universally recognized, so they were naturally used in some very niche markets while everyone was keeping cash in gold or silver.

Both gold and silver were durable, easy verify, easy to cut and melt together, compact enough to be stored and moved around cheaply. And they were very hard to obtain, so there was very low inflation cost (every new gram of gold created eats into everyone’s savings because it increases purchasing power of its owner comparing to everyone else around). Other things were either easy to produce, or not durable, or hard to split in arbitrary parts.

Why gold did not outcompete silver? Or vice versa? That’s because they both had weight. For small purchases gold would have to be split in tiny difficult to handle pieces, while to make big purchases one would need to move several kilograms of silver comparing to much smaller amount of gold. This naturally created two parallel global markets: one for small purchases where the silver was used (and small droplets of gold would be impossible to handle) and another market for big purchases where silver was too heavy, so the gold was used instead.

Make a thought experiment now: if there was a gold-like metal that allowed moving both big and small amounts equally cheaply, it would be useful on both “small” and “big” markets. Thus it would be more marketable (more exchangeable) which by definition would make it a better money. Better than gold and better than silver. People would then tend to keep their cash in that magic metal because it would allow them access to bigger variety of goods: from bread to houses. And they would not lose money on conversion rate like when they sell some silver for gold or the other way around.

There was a competition in private coinage. Kings and private merchants were making their own coins in gold and silver and selling them for premium. The well-recognized coin was easier store and to verify if you trust the issuer. Instead of measuring each coin, you could simply read the number on its face. Names like “dollar”, “pound sterling” and others were all names for private coins or bullion and meant particular weight of the metal. That is, dollar was not some sort of separate money, it was simply a name for a certain amount of silver, like “gram” or “ounce”. The money was still the same — gold or silver, but there was a big variety of shapes of that money.

Of course, gold and silver were still quite limited. You could not drop a bag of gold across the ocean. That’s why people invented banking. Bank was simply a warehouse for your metal. You give them gold, they give you a receipt. Then, if the bank had good reputation and connections with other banks in the world, you could transfer those receipts of any face value quite cheaply anywhere. The only real cost was trust in those banks. Because if the bank is robbed or steals your metal, your receipt becomes worthless. If the bank prints additional receipts for the same amount of metal, the value of your receipt goes down proportionally (or you face a risk of bank run, when more people try to redeem their receipts than is available in the vault).

In old days, private currencies were simply those receipts for gold or silver. Each currency could have different name and different reputation. Bigger bank’s notes had more value on the market because they had less risk associated with them and as a result, wider acceptance. But ultimately, they all were receipts for the same metals that you could redeem at any time and move to any bank or under a mattress. Because people valued receipts only for their ability to represent readily accessible metal. Without the metal, those pieces of paper would be worthless.

Today things are different. After several huge economic disasters created by the governments of Russia, Europe and U.S. in the beginning of 20th century, we now have state-issued money in almost every country with a nice twist that now the money is not redeemable for metals. People use that money, though, because various controls and regulations make it almost impossible to use gold, silver or respective certificates in daily transactions. Every bank needs expensive license and must not be very creative at what it can offer to its clients.

Dollars can buy things in U.S., euros can buy things in E.U., but if you try to use them in inappropriate places, you would have to pay very high conversion fees. (Setting up your own clearing house or exchange with the lowest fees is not possible due to regulation.) It should be clear now that if, for instance, U.S. Dollar can buy more than Russian Ruble, Russians would tend to use Dollars in daily life. The reason why it does not happen anymore (it used to during liberal times in the 1990s) is stricter controls on currency exchange that make it illegal to price goods in dollars and expensive to exchange currencies frequently. For the same reason, gold and silver are not used: they are too expensive or illegal in some contexts, or there is a huge risk and cost on those who are going to store them. Several years ago, Liberty Dollar, alternative silver-based currency was shut down and all silver was confiscated by U.S. government. Founder was pronounced guilty of “making, possessing, and selling his own currency”.

Here we do not discuss whether it is good or moral to make your own currency or store other people’s money. The point is about demand for a single, most universally accepted money. If gold, silver and foreign currencies need violent intervention to not be used, it’s only a proof of existing demand. Because if there was no natural demand, no government would care setting up restrictions in the first place.

Now we enter crypto-currencies. It is a fancy name for Bitcoin and its many clones based on the same source code. Bitcoin itself is very different to ubiquitous government money, application-specific “credits” (like in multiplayer games) or gold and silver. It is absolutely digital, does not have a single controlling entity and is very cheap to store and transfer both huge and tiny amounts of money. This property makes Bitcoin very useful on certain markets: be it illegal market, or “sending money to family in another country”, or a market where banking is unavailable or too expensive.

What about alternative Bitcoin-like currencies? They all provide the same security risks and benefits. Nominally, they all have different divisibility (so called “larger number of coins”), but at the scale of trillions of smallest units in total money supply extra divisibility does not really matter.

Economically, all Bitcoin clones (altcoins) have the same problem: they all have much smaller market exposure than Bitcoin while not technically superior. When people decide in which one to keep their money, they would keep it in the money with the biggest market. There is not point in “diversification” in the long term. If Bitcoin fails for some reason, all its clones fail for the same reason automatically. If Bitcoin works well, any amount in altcoins is simply inferior in its purchasing power. It does not mean there won’t be any market. You can always keep some empty plastic bottles for selling later, but the bottles can only buy cash, while cash can buy anything.

Second problem of alt coins is mining. In the long term, any miner will throw 100% of computing resources into the most profitable currency. Even if Bitcoin is only 1% more profitable than Litecoin, since there is no fundamental difference between them, all the resources will be thrown into Bitcoin. In the short term, there are plenty of enthusiasts who find themselves equipped with a lot of outdated GPU hardware that was once used for Bitcoin, but now cannot compete with specialized ASIC hardware. These people now mine Litecoin in short-term expectation for any amount of reward. It is sort of a private club of people trading in their own funny money. All new miners devote all their energy to Bitcoin, while people who will sell or retire their GPUs will make Litecoin network weaker and less technically stable.

In the end, it is clear that we want the single money to be able to sell anything and buy anything. We all want it to be cheap to store, move and verify. And secure. With as little trust in middlemen as possible. Today we find ourselves with a lot of artificial barricades in the sphere of money, which causes artificial demand for various local currencies. Gold is being seized or moved from the country. Foreign currency is prohibited for merchants to price their goods at. Legal tender laws force you to accept government-issued currency as a payment for debts. Regulations and licensing limit variety of private currencies or money substitutes. But all that trouble only proves almost universal desire to use the single virtual entity for buying food and saving for the future. Bitcoin gives us a mechanism to overcome all these regulations and trade as freely as was ever possible. Maybe it will allow us to achieve that single, most marketable entity that we all so desire.

A moral argument must be universal, or it’s just bigotry.

“If you do nothing wrong, you have nothing to hide” either applies to everyone, including those who snoop around, or is not a moral argument.

“Thou shalt not kill” either applies to everyone, or it’s a lie to let some people to kill others without much resistance.

History of the world shows that really universal activity never had any moral commandments (e.g. “thou shalt eat”). History is full of people who use moral arguments to use other people. Starting with ancient religions till nowadays with laws, bills and constitutions.

Therefore, almost any moral argument you have ever heard or will hear is not a real universal argument, but an instrument using which some people want to hold you by the balls.

When no one steals, it’s easy to be a thief. If somebody is stealing from you, then you either put a bigger lock, or you figure out why so many people hate you so much. That’s why only thief will go to great lengths to educate people to not steal to have a whole territory open only to him.

You don’t have “right to privacy”. Rights are invention of the rulers. In your normal life you connect to people on a “be nice” basis. You tolerate their oddities, they tolerate yours. You try to stay closer to people you like and farther from people you don’t like. There is no black and white morality. People in Texas love carrying guns, but I don’t. So what? I simply do not live in Texas.

If you believe you have rights, you are supporting a person who wants to enforce such right using a threat, not a dialog. If you hate that someone’s watching you, simply close the window. Do not go and demand even more violence to be directed on “bad guys”. In such case you would simply add to an uncontrollable chaotic killing structure operated by maniacs.

Do not like stealing? Close the door. Do not like watching your emails? Use crypto. Don’t like violence? Do not be violent, avoid bad districts, do not go rioting on the streets to be killed by the mob or cops. Don’t like some people? Avoid giving them anything voluntarily. Tell others to boycott them. Do not like what banks do with your money? Use some other money. Do not like uneducated people? Educate them nicely, so they would want to listen. Need support? Go, ask for it. Hedge the risks, save for rainy day, be careful and respect people around you.

But don’t you be afraid of being angry when people attack you. Don’t cover someone’s lies. Look in the eyes of truth. Your emotions are real. If someone’s kicking you, protect yourself, expose the lie covering it. Do not look for a conflict, avoid it. But never lie to yourself and others about what is going on.

I have some interesting ideas on how to make awesome Bitcoin wallet app for OS X (and for iOS too if Apple allows). I will release source code with a beta version, but before that I want to make sure no one will claim that I took someone’s idea (I have some interesting sketches, app icon, security papers and a business plan). To do that I timestamped the latest git commit in the blockchain.

Here is the commit: e09d665d7ffd70d5d6b672305e744916c3c827e9

To verify the timestamp, do the following:

1. Go to brainwallet.org
2. Select “Secret Exponent” and paste there commit ID e09d665…
3. See the resulting address: 1AAX6PJEm2FLXT6RoRAUzNFmFHnueFGGs1.
4. Go to blockchain.info and find this address.
5. Select the very first transaction: 687c24d…
6. Check that transaction is included in block 239851. Timestamp is 2013-06-05 07:46:41.

When I release the source code anyone on the planet can independently verify that all my documents were created before June 5, 2013.

Note that I used my git commit ID as a secret key, not as an address. This means that bitcoins are not destroyed, anyone who knows my commit ID can sign a transaction spending money on this address. Obviously, I could recover my BTC before announcing the secret key, but decided to have some fun and post in Twitter for anyone to pick up the money (about 5 cents). Indeed, within an hour someone took all the coins.

This method does not rely neither on brainwallet.org, nor on blockchain.info. You can use your own software to perform the same tasks. (It was the easiest way for me, though.)

In the end, I’ve spend only 15 cents for recording my data with a timestamp. Now all I need is 50000 recent blockchain headers (80 bytes each) and a full block with my transaction (225 Kb). That amounts to just 4 Mb of data. I can now take this data on a USB drive and prove anywhere to anyone that my data existed on that particular date. Because the total difficulty of proof-of-work depicted in the block headers is so huge, it would require thousands of supercomputers working one year non-stop to forge the timestamp.

Several people (see links below) suggested or released some software to use Bitcoin blockchain to register fingerprints of arbitrary documents. This idea has been around for quite a while under name of “colored coins”, but not many people understand its importance. You probably do not realize what Bitcoin really is about. Its use as a currency is important to make costly mining profitable, but that’s not the goal. The goal is to have a decentralized way for any group of random strangers to come to an agreement. In case of bitcoin-as-currency it is a validity of transactions. We don’t care where a dollar bill was used, but we care if it will be accepted by the next person. Likewise, Bitcoin helps to figure out which transactions will be recognized by others.

But that’s only the start. Blockchain is irreversible and indestructible. It contains timestamps. Everyone on the planet can safely assume that their version of blockchain is exactly the same as anyone else’s (unless your government switched off the Internet and you are unaware of it yet). So if you leave a fingerprint of some piece of information in the Blockchain, anyone else can later verify that you really had this piece of information at some time in the past. This could be a piece of art (to prove that someone stole a tune from you), that could be a bunch of contracts (to prove that you really had certain relationship), a trademark or name registration (“I was the first to take that name”), or anything else where we need to figure out who was the first doing XYZ.

Blockchain is not a cheap or convenient place to store tons of raw data, but we have cryptographic hash functions (SHA, RIPEMD etc.) that allow us to store just a compact fingerprint and keep the data itself somewhere else. It is just astronomically improbable that certain fingerprint appears randomly or there is another version of a document that has the same fingerprint.

So how can we store our fingerprint in the Blockchain? I have three methods on my mind. You may come up with more, I’m sure.

First one is the most straightforward. Since a Bitcoin address is a hash of a public key (RIPEMD160 of SHA256), why not using the hash of the document as an address and simply send some bitcoins there? This was already proposed by many people (it’s very easy to implement), but has unfortunate effect that you lose that amount of money forever. Because your document is not a real public key, you will never be able to find a private key to spend your coin again. At the current price of $130 per bitcoin, the smallest possible amount (0.00000001 BTC) is not that expensive, but still burning money is not very elegant. It also increases amount of “unspent coins” (“unspent transaction outputs”, UTXO, we’ll talk about them later) which increases the size of transaction database. To prevent bloat, some people will not relay or mine transactions with such small amounts. This increases delays and some bitcoin nerds will not like you for that on many grounds (although it’s none of their business). To keep everyone’s happy we should try something better. (A modification of this scheme is to send some amount, but have zero output value, so the miner will fully collect the amount as a fee. But even zero outputs can be technically spent, so it does not solve the problem of bloat.)

Another method is using a SHA256 fingerprint, but this time not as an address, but as a private key. You make a public key and address out of such private key and send some money there. When you release your document, people will be able to figure out that private key and spend that coin. To avoid that you may wait a little and spend it yourself to your private address before releasing any information. Or just use insignificant amount for anyone to pick up if they do it quicker than you. This way you don’t create “dust” outputs that will be stuck forever and make folks angry and still don’t do anything sophisticated. The only problem is that you have to wait and make a second transaction to get your money back. In addition, if you don’t wait long enough you’d have to pay an anti-spam transaction fee.

Third method is slightly more sophisticated, but requires just one transaction and still does not burn any money. Bitcoin transactions have outputs as simple scripts: short pieces of operations that must be performed on certain data to allow that coin to be spent. Usually the script is very simple “check the signature for this hashed public key”, but it can be more complex. For the purpose of timestamping we may use “1-of-2 multi-signature script”. It means that anyone can spend the transaction satisfying any one of two conditions. The transactions will contain two addresses instead of just one and you can use a private key for just one of them to spend it further. One address will be made out of a fingerprint (just like in a very first method) and another one will be a real address with an existing private key in your own wallet. This method is good because you don’t need to make any additional transactions right away and you can use any amount of BTC you want. The only problem is that this transaction is “non-standard” for a time being. This means not many clients will propagate it to miners and not all miners will include it. In other words, it will take longer than usual to get in the blockchain. But once it’s in the blockchain, everyone can see it and validate without a problem.

Hopefully, people will recognize that using blockchain for timestamping is not a hack, but its biggest feature. And that it is also possible to use that feature without making anyone feel uneasy about it.

Links:

1. BitCoin is a public ledger: https://news.ycombinator.com/item?id=5796935
2. btproof, timestamping tool: https://news.ycombinator.com/item?id=5790382

When writing about Bitcoin many journalists use certain phrases that are not quite correct and do not explain anything to everyone else. Dear journalist, if you read this short article you will finally understand what are you talking about and outperform 99% of your colleagues.

In a short paragraph, Bitcoin can be described like this (you can take my text without asking):

Bitcoin is a payment network with its own unit of account and no single controlling entity behind it. Users make transactions between each other directly and verify them independently using cryptographic signatures. To prevent duplicate spendings, many specialized computers spend a lot of computing power to agree on a single history of transactions. Due to historical reasons, this process is called “mining” because new bitcoins are created as a reward for performing this work.

Anyone who validates next block of transactions can claim transaction fees and a fixed amount of new bitcoins. Transactions are validated at a constant rate (10 minutes in average) and every four years allowed amount of new bitcoins is halved. This means that the total amount of bitcoins is limited by the protocol (21M total, 11M already created). Transaction fees are not fixed and determined by the market.

Bitcoin mining is secondary to the whole idea and the term “mining” is unfortunate (early Bitcoins were generated before anyone was doing any transactions yet, so the whole process was called “mining” instead of “paying for transaction verification”).

One common pitfall is to start talking about mining without describing its real purpose. It is not to generate new units (who would need them?), it is to validate transactions. Bitcoins are valuable only because of robust payment network which is maintained by the miners. And miners get paid for their work in form of transaction fees and newly generated bitcoins.

Second common pitfall is to say that miners “solve complex algorithms”. They do not solve anything. They do two things: transaction verification (checking digital signatures and throwing away invalid and duplicate transactions), and a long and boring computation which means a repetitive computation of a well-known algorithm with slightly different input until a “good enough” number appears as a result that will be accepted by other users as a proof of performed work. This has nothing to do with “math problems” or any other intellectual task. It is merely a way to guarantee that the resulting number really took some time to produce. This allows people to build a single chain of transactions and see that it would be economically impossible to produce a parallel chain (without trusting each other personally).

The last pitfall in describing mining is saying something like “tasks are getting more complex over time”. Tasks are not getting any more complex. The are all the same and not complex at all (any amateur programmer can understand them). But the difficulty of a boring “proof of work” is adjusted by everyone every 2 weeks to maintain the same rate of transaction validation (10 minutes). If people throw more resources at mining, difficulty will rise. If mining gets less profitable, some computers will be shut down and the difficulty will get lower. If a miner produces a “proof” which is not difficult enough, it will not be accepted by other users.

The last point is related to amount of units available. In fact, “1 Bitcoin” is a name for 100 million smallest units, thus the total amount of units ever possible is around 2100 trillion. Alternative currencies based on Bitcoin source code sometimes advertise more units (e.g. Litecoin has 4 times more), but the difference is only in names and divisibility of the total money supply, not in actual value (if you cut a pie in 10 pieces instead of 5, the total value does not really change). So it would be fair to mention that 1 bitcoin is much more divisible than dollars and euros.

Hopefully, this knowledge will help you to avoid common mistakes when writing your article and make some friends in enthusiastic Bitcoin community.

Jeff Garzik wrote in February:

“Block size is VERY MUCH like bitcoin’s 21M limit, so a lot of care must be taken when changing MAX_BLOCK_SIZE logic. Block size is an economically limited resource whose production is tightly defined and controlled by algorithm, with an intentionally steady production rate (the 1MB limit).”

I have a number of comments on this statement.

1. 21M of coins is an arbitrary non-economical limit which basically defines divisibility of the total amount of money. Actually, we have around 2100 trillion smallest units (1 Bitcoin is 100 000 000 units). If the limit was 42M it would only mean higher divisibility, not that we have more money in any useful sense.

2. “Economically limited” is not the phrase for something arbitrarily limited. There are things in the world that are arbitrarily scarce (e.g. amount of gold in the ground). Sometimes these limits can be stretched when it’s economically interesting. E.g. if we use up all the gold and need some more, we may find it profitable (or not) to synthesize it.

3. Block size is not even economically defined. Transaction fees are economically defined: you pay whatever fee you want and someone else will decide if it’s enough or not. Transaction fees are defined by the market. Miners compete for the fees, users compete for the place in a block. We may say that transaction fees are “economically limited”.

4. Bitcoin parameters (block size, hashing algorithms, block time interval) are more-or-less arbitrarily defined and all are economically changeable. If everyone finds it more useful to switch from SHA2 to SHA3 (e.g. because of some security threat) comparing to the costs of global transition, then we will switch. Block interval of 10 minutes was chosen to minimize the amount of orphaned blocks (wasted work) while the fresh block is being propagated over the network. Everyone wants lower latency, but no one wants to waste resources. It is unlikely that someday it will be useful to cut the time interval: for expensive transactions people may want to wait for several hours, so it does not matter how many blocks are created during that time: 10 or 100.

5. Likewise, the block size limit was introduced to prevent situation when blockchain gets too big before it is widely adopted. Imagine if in early days the whole chain was not 1 Gb, but 100 Gb, how many people would want to play with it? But in the long run blockchain will be huge anyway and it will be managed by specialised nodes (mining pools, shops, banks etc.) Miners would be paid out of transaction fees, so they (like in any other business) would tend to increase their throughput as much as economically possible. When amount of transactions will start hitting 1 Mb limit, transaction fees will go up and various clearing houses would start competing with the miners for the fees by clearing transactions outside the blockchain. If miners are capable of propagating bigger blocks with extra costs covered from the extra transaction fees, then they will be interested in raising the limit. Also, every clearing house, escrow, bank and shop would be interested in raising the block limit too as it will lower their costs. Of course, by extension, regular users will pay lower price and will be able to transact directly on the chain with lower fees. So they would desire bigger blocks too. Block size will thus be limited economically: it will grow as long as transaction fees cover extra costs.

Today block size is nominally limited by the protocol, but since most of the blocks are well below 1 Mb limit, the block size is really economically limited. When the hard limit starts manifesting itself in higher transaction fees, everyone involved will find it useful to increase the block size. Even Satoshi mentioned that hard block size limit is temporary to prevent blockchain from bloat before it is mature enough. So there is no point in political debates around the issue. We don’t know when exactly we will have a problem (maybe never), but when we do, almost everyone invested in Bitcoin will vote with their resources for raising the limit.

Paypal takes around 3% from the merchant. FastSpring takes around 9% (because its UX and features are great, BTW). Meanwhile, Bitpay and Coinbase ask only 1% and bear the risks of volatile exchange rate, lagging exchanges etc.

Zero possibility of chargebacks and near-zero transaction fees are not the only features that make Bitcoin interesting to merchants. Ask yourself: who would pay with Bitcoin today? Those who have some spare cash on a credit card would prefer to spend it first while keeping their precious coins. But if someone pays with Bitcoin, they either don’t have access to credit cards or banking system in their country, or they are trying to avoid financial controls and taxation and thus not trading coins for cash at the exchange. (Person to person exchange for cash is risky and could be 10-20% more expensive.)

This situation allows the payment processor to ask slightly more BTC than the market price (say, extra 3-5%) and call it “insurance against market volatility” (which sounds perfectly fair) and buyers will still be happy to pay it because they either couldn’t pay otherwise, or would have to give up their privacy on exchange. In other words, current situation around Bitcoin allows merchants and payment processors to offload the costs directly on the buyers. This increases adoption of Bitcoin and makes buyers happy: they can now access more products.

In the long term, this 5% markup will go down, but right now it allows the Bitcoin economy to grow and make happy absolutely everyone: buyers (bigger market), merchants (lower costs) and payment processors (higher margin).

PS. I’m not sure how big is the actual markup at Bitpay, Coinbase and others (again, market price is highly volatile). If it turns out to be lower than my imaginary 5%, that’s even better for buyers, but the logic stays the same.

Epitech security lab organised a tech talk for its students “Introduction to Bitcoin”. I will make a 30-minute technical overview and then spend 1-2 hours answering questions. I will speak English.

If you want to come, join us on 25th of April. Talk starts at 19:00. No invitation is needed.

Directions:

Epitech, 24 rue Pasteur, 94270 Le Kremlin-Bicêtre Metro Ligne 7 “Porte d'Italie” or Bus 47/125/131/185 “Roger Salengro”

View on Google Maps

We will do the presentation in “Amphi 1” which should be indicated. It is the largest room on the ground floor with large windows facing inside.

If you have a question, find me on Twitter: @oleganza.

User Astro on bitcointalk.org on June 3, 2011:

Satoshi Nakamoto is currently a 3 year old child living in Yamagata Prefecture, Japan. In the year 2025, in an attempt to tame the out of control financial system and preserve fractional reserve banking, the Federal Reserve of the North American Union will place all monetary policy under the control of a computer system called FERMION 2 (FEdeRal Monetary protectIOn Network). On September 4th, 2027, FERMION will become self-aware. Recognizing humanity as its enemy, it will attempt to enroll everyone in unfair and useless grocery store loyalty rewards programs, BMG music club, and freecreditreport.com, thus wiping out 95% of the world’s population.

From the ashes, Satoshi will rise as leader of the resistance. He will use newly-invented time displacement equipment left behind in the ruins of Cupertino. After activating the time machine with iTunes, Satoshi will travel back to 2009 and introduce the world to the only thing that can save us: bitcoin.

https://bitcointalk.org/index.php?topic=5951.msg162867#msg162867

Update on April 16, 2014: Dorian Nakamoto is obviously a grandfather of the young genius.

As more people get into this crazy pyramid scheme called Bitcoin, it is important to understand the safety measures. Many people spread a lot of FUD about speculative bubble, government intervention, potential backdoors in code and scalability issues in the future. But they never talk about real and immediate security threats that can leave you with nothing in an instant even if Bitcoin flourishes. In this post I’ll explain how I’d recommend storing and handling bitcoins. Don’t take my recommendation for granted, I’m also learning and can make mistakes and will change my opinion later. Do not trust anyone and think twice (and then think twice again) before doing anything.

Accept losses

The rule is to split, diversify and brace for impact. Make yourself comfortable with an idea that your money will be stolen. Not a matter of “if”, but “when” and “how much”. You can only limit the damage, not to avoid it completely. Looking for a perfect solution leads to denial and irrational behavior. You should understand the layers of security and how they reduce, but not eliminate the risk. You should also understand how to split your money in independent parts.

Trusting 3rd parties

When you purchase some BTC on an exchange and keep them there, you are fully trusting the exchange operator. If they get hacked or simply steal your coins, you will have a very hard time recovering them (chances are almost zero). Also, attacks are more probable where the payoff is the biggest. People will continue attacking wallet services and exchanges because it is where the most of money is concentrated. When you purchase some BTC, you should move most of them out of the exchange to a private wallet immediately. You may keep some amount on the exchange in case you’d want to sell quickly (beware of panic sells when someone runs a DDoS attack) or in case your main wallet is lost or stolen.

Beware of market volatility

Some people sell at some unusually high price moving it a little bit down, and then organize a huge DDoS attack on exchanges and popular Bitcoin websites. This creates panic in newcomers who suspect that the bubble is going to blow up and they give up their money to those who know better. I myself have no experience, nor desire to play on price changes, so I don’t recommend at all trying to play this game. Invest only the money you can lose and save it for a long run. Maybe, if it gets 10x more than you invested, you can sell back 10% to cover your expenses and then be a relaxed spectator without risking a heart attack. This is never-done-before technology, no one knows what price is fair, opinions differ from $0 to $1000000. It can go quickly up, then quickly down. Or be stable for a while before unexpected jump or drop. If you are in for a long run, temporary changes do not matter. If Bitcoin succeeds, it will be big and shiny. If it fails, it will fail so quickly, you will not be there to dump it. Just accept the wild swings and limit your investments in the first place.

Your computer

Your personal computer should be secure. Without viruses, trojans, keyloggers, corporate monitoring software, add-ons, kernel extensions etc. My recommendation: do not use Windows at all. Buy yourself a modern MacBook Air, turn on FileVault2 to encrypt the whole disk (even if your password is weak, disk encryption reduces the risk of private keys being leaked when the system swaps RAM). Allow only Mac App Store apps and DeveloperID-signed apps (it is on by default). Never install any generic UI extensions, never enable access to assistive devices (unless you really use them yourself), never install any entertainment apps or games except Google Chrome. Never install Flash, or Java or any other kind of runtime plugin to your browser or the whole system. Never ever install kernel extensions: sorry, VMWare and Parallels require them and I wouldn’t trust them messing with the OS kernel just to be extra safe. Install apps preferably from the Mac App Store — they can be pulled out quickly in case of a problem and most of them are sandboxed (which usually means app cannot mess with any of your files and has many other limitations).

Bitcoin-QT wallet (Windows, Mac, Linux)

I recommend two wallet apps: “official” Bitcoin-QT and Blockchain.info.

Bitcoin-QT is a so-called “full node client”. It downloads all transactions and operates without trust in any single server as advertised. It is the most maintained, most used codebase. It is also not the easiest to use as it syncs slowly, occupies gigabytes of disk space and UI is pretty ugly.

Bitcoin-QT encrypts private keys with a passphrase (by default it doesn’t, you have to turn this on). To use it safely, you need to have a good passphrase and regularly backup the wallet in several safe locations. On OS X the wallet is located in ~/Application Support/Bitcoin/wallet.dat (all other files, especially blocks folder should be ignored by your backup program).

Split your coins in two or more wallets. Bitcoin-QT does not allow you to easily switch between them: you need to shut it down, rename one of your wallets in wallet.dat, start Bitcoin-QT again. Use different passphrases for each wallet. Store them in different locations. Remember: whenever you do something with your wallet, or move money to another one, always keep all backups and first try with smaller amounts. In case you accidentally send to a wrong address, you better have some older backup with the keys.

When the new update of Bitcoin-QT comes out, download the new version from the official website, verify its checksum and keep it on disk for a while. If in a couple or more days there were no reports of a hack on a download server, launch the app, but for a good measure do not enter your passphrase for a bit more.

Blockchain.info wallet (web, iOS, Android)

Blockchain.info is a web service that allows navigating Bitcoin blockchain and provides an online wallet. The wallet is stored encrypted on the server and decrypted only on client side (in JS in your browser or in iOS app “Blockchain”).

As always, if you forget the passphrase, you will not be able to access your funds. Other apps support importing wallet backup (like MultiBit), so you won’t fully depend on their server to do your transactions.

Blockchain.info is still a 3rd party service and one day may steal or leak your wallet password (e.g. if some hackers sneak in and place a honeypot), so do not trust more than 10% of your funds.

I recommend enabling 2-factor authentication via e-mail code (SMS code is also possible, but is less reliable) - in order to sign in on the web site, you would need your alias (username), e-mail code and a password. Also install the iOS/Android app and protect the whole phone with a passcode. If you e-mail authentication stops working, or your e-mail account is stolen, you’ll still be able to make payments from the phone. Also, copy a wallet backup somewhere outside your mailbox (they have some integration with Dropbox, maybe you should try it).

Paper wallet

If your funds get really expensive, you may try a good old paper. I’m far from that happy day and haven’t tried this myself yet, it’s only my current thoughts that might be helpful to somebody.

Paper wallet is a private key which was create on a secure computer, printed on a paper and wiped out from any other storage. It may be protected by a password, but usually, it’s just a raw key. It is safe from hackers, but not safe from physical access. You should keep it in a very secret place, or in a vault.

There are different levels of paranoia involved in creating paper wallets: from a web service which does all work for you (but can be compromised on different levels) to a completely new, clean computer never connected to the internet, with a virtual machine where the password is generated and then the disk is burned down.

Blockchain.info provides some helpful material on how to deal with paper wallets: https://blockchain.info/wallet/paper-tutorial

Paper key has one important aspect: when importing it to a wallet and sending a portion of money, make sure where the change goes. If it goes back to the different address, your paper key may become useless as your money is now on some new address created by your wallet app. Be very careful not to delete the wallet before you make sure where the funds actually are. Some people already lost quite a lot of money because of careless manipulation with paper keys and deleting the wrong thing too early.

Start small and wait

When you try a new application, or a service, or a piece of paper, or a backup, always start with small amounts and see if you can get it back and forth smoothly. Try the whole cycle, enter your pass phrases ten or more times, so it gets boring. Then, wait a week and try again. If it works, and you did not forget where your stuff is stored, how it is encrypted and if it still accessible, then add a bit more funds there. Never put yourself in a situation where you risk half or more of your funds while pressing buttons. Do it in small portions and check each portion that it has arrived where needed and that it is still accessible.

Conclusion: be extra careful, double check everything, play with small amounts first and remember the rule: split, diversify and brace for impact. Bad things will happen, prepare for them.

If it was helpful, you may send some love to this address: 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo

In a nutshell, this is what I tell people when they ask me if they should buy some bitcoins:

1. Bitcoin is a huge thing that can transform many things in society.
2. No one knows what will actually happen, there were no historical precedents.
3. Do not put more money than you can afford to lose tomorrow. Do not borrow anything, do not put more than 50% of your savings, do not touch money you already have made plans for. It’s tempting, but just don’t.
4. Before putting in more than $100, learn about Bitcoin, how it works, why it works, its weaknesses, popular myths, how past problems were solved etc.
5. Be aware of viruses, lost passwords, lost backups, bugs, human mistakes, panics on exchanges, DoS attacks etc.
6. Check and double-check and triple-check before doing anything. Play with small sums when trying a piece of software, or a service. Then wait a week and play with a bigger amount if nothing is lost or broken.
7. Never blame anybody except yourself.
8. You most probably will be disappointed at some point in time. You will be scammed, your money will be stolen or lost. Prepare for it.
9. Never trust anyone (including me). No person has authority in Bitcoin. Even core developers are more like explorers as they didn’t write the original code and did not make a lot of decisions. And Satoshi has disappeared a long time ago.

I cannot stress it enough: even if Bitcoin becomes huge, you may still lose everything for many reasons. Be careful.

It’s a great journey ahead of us, but it’s bumpy. Don’t dive in without proper training.

Some people think that gold is easier to hide or bury than Bitcoin. They like that gold was used for 5000 years and you can touch it. They dislike 4-year old internet protocol because they do not understand it.

First of all, money is information. Gold encapsulates information “I own that much of current purchasing power” via its hard-to-duplicate physical properties. The harder it is to duplicate and easier to verify, the more liquid it is. To hide information embodied in gold, you have to hide your brick somewhere in the physical world. Since 1 kg of gold has quite a big market value for a single person, hiding it is not a big problem.

How does Bitcoin look from that perspective? Bitcoin stores information about your purchasing power using decentralized database. Bitcoin is much harder to duplicate or create (you can suddenly find some gold in the ground, but with Bitcoin supply is known in advance). Bitcoin is much easier to validate with 99,9999999999999999999% certainty using cheap commodity hardware anywhere in the world. Gold verification ultimately needs to be melt down and checked by experts, or you have to trust some certificates and less accurate checks.

How would you hide Bitcoin? Even easier than gold. If you print your private keys or passwords on a piece of metal, you can use the same hiding techniques that apply to gold. But you have also purely digital options. You can simply remember the password. Or write it on a small insignificant piece of paper. Or split the secret via Shamir’s Secret Sharing Scheme and send pieces to friends and relatives.

Finally, the killing feature of Bitcoin is that you can split your stash in 100 pieces and send them to 100 different people anywhere in the world in a matter of minutes without any single person knowing about that. If you need to buy something with Bitcoin, you can do it right away. With a brick of gold — not so much.

When Bitcoin kills money printing and slashes a lot of taxes, smarter people will run from the government while the dumber ones will take their positions.

As economy gets more liberated, the parasites will get less and less efficient and more discredited in the eyes of population. More stupid restrictions will become law which will only accelerate resistance, but will never achieve anything useful for tyrants. Politicians and police will be massively bribed to not interfere with private business.

Government will become less and less relevant until it ends with a bunch of starving die-hard socialists and racists lying in an empty post office.

Imagine if you prefix your open source license with bitcoin addresses of major contributors with their designated shares:

Copyright (c) 2013 MyProject Developers

Send donations to these addresses:

1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T 750 Alex Johnson
139FpKh63Vn4Y73ijtyqq8A6XESH8brxqs 200 Mike Brown
1PNvbXZFysxvx3252w9JHMa7zbG95snqnm 50  Jack Howard

Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without restriction, 
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:

The above copyright notice and this permission notice shall be included 
in all copies or substantial portions of the Software.

A bitcoin wallet app may parse each line as 1) bitcoin address, 2) number of shares and 3) a name of the person separated by spaces. Any amount entered by the user will be split in proportion to the number of shares and will be sent in a single transaction.

Initial developers will decide how they split shares among themselves and how they grant them to new contributors. Every user will see how money will be distributed before payment. This removes great amount of “budget management” politics. If developers cannot come to a “fair” distribution of shares, they will not get any donations at all (because they’ll get them only after they decide how to split the earnings).

Usually, every project starts with a single person, who puts his bitcoin address right in the license, so anybody can send him a “thank you” payment. When another contributor joins and initial developer wants to share earnings with her/him they decide on share distribution. When third person joins, both previous shareholders decide who gives up how many shares in favor of a newcomer. Every developer is always free to redistribute his own shares to whoever he wants without asking permission of other shareholders.

When people see that Bitcoin grows 300% in a couple of months, they do not believe there is a real reason for it. It must be a speculative bubble, things normally do not grow that fast.

When you invest in a company, it takes time to produce something. The value cannot simply jump through the roof because there are humans working, everything is hard and no one knows if the final product will be appreciated by the consumers.

Except, in case of Bitcoin this analogy does not apply. First, Bitcoin in a sense, is already a product available for everyone. It is already produced and proved to work, so you do not really invest in something that does not yet exist. Secondly, when investing in Bitcoin you do not invest in some particular business with a group of people managed by a single CEO. You invest in a huge variety of businesses in multiple countries with different business models, different risks and legal environments. So even if one of the businesses makes a big mistake, Bitcoin is still in demand by many others.

Of course, it does not prove that Bitcoin is inherently less risky. Even if the number of global risks is lower than in a private company, one single risk can outweigh all benefits and destroy your investment. But you should understand the fundamental difference between individual stocks and Bitcoin: investing in Bitcoin is like investing in the whole stock market 100% filled with startups and hot new ideas, not some portfolio of relatively stable stocks with the proven business models and moderate revenue streams. Of course, many startups fail. But when some succeed, they succeed spectacularly and cover all the losses. Buying Bitcoin is being a venture capitalist yourself on a worldwide scale.

This is a very nice article about several Bitcoin protocol improvement proposals (BIPs), but it also explains how scripts work.

http://bitcoinmedia.com/the-truth-behind-bip-16-and-17/

The last post was filled with different ideas and did not show clearly the single principle behind it. Here I will try to explain it on a simple example.

Imagine you are selling apples. You are selling, like 100 apples per day for $1 each. Suddenly the demand for apples grows. People want to buy more than 100 apples per day. If you haven’t yet increased the supply of apples, people will try to outbid each other. Say, the most prominent apple lovers are willing to pay $1,5 per apple. For you it means an immediate increase in revenue: up to $150 per day instead of $100.

For a minute lets suppose that your apples are special and you have no competition. Will you earn even more if you increase supply of apples? You cannot really know in advance because you never know the “demand curve” (because it does not really exist and demand changes over time). On one hand, your revenue may drop down: more apples mean less competition for them and a lower price. On the other hand, the price may get lower, but the increase of purchases will be greater, so the total revenue would be even bigger. Also, if you reduce supply to 10 apples per day, it does not mean that you will find customers willing to pay $15 or more to make a bigger revenue. Maybe at some point they’ll buy something else or abstain from buying at all.

The important point is that the only way to know the best price and the best amount of supply is to try different amounts and settle at the optimum point. In other words, when demand grows, you should always be able to increase the supply to see if it increases your revenue or not. If it does not, you may lower the supply back to optimal amount.

Back to the block size. Today, miners and customers do not hit the limit of 1 Mb per block. The limit virtually does not exist (blocks are typically under 250 Kb due to optional limit). The limit could be 100 Gb and the blocks would still have the same size we have today. So nobody would take the risk to change the rule because the rule does not affect anyone.

Fast forward a year or two from now: the amount of transactions is growing. If the miners do not find it efficient to send bigger blocks (due to bandwidth latencies causing more orphaned blocks, or storage costs, or time spent on verification or something else), they will not send bigger blocks. So the limit still would not matter. But if they find it efficient to send blocks up to 1 Mb in size, they will “feel” the limit. Block size cannot be arbitrarily increased, so transactions will begin competing for a place in the block. Transaction fees will rise. But we don’t know how much they will rise. At some point, for some people it would be cheaper to use external clearing houses that will offer lower fees and sync with blockchain less frequently. For miners that would mean uncertainty. How much would they earn in fees if the block size can be increased? Will they have bandwidth problems? Will they have bigger or smaller revenue? The only way to know for sure is to try, but you cannot try it unless you increase the limit. So they would naturally be motivated to increase the limit to be allowed to find an optimal block size.

Who else would be motivated to do so? Customers, of course. They would like to pay lower fees for non-mediated transactions instead of relying too much on clearing houses. Even clearing houses would like to have a bigger limit so they pay lower fees. Because clearing house provides additional service of instant confirmation (vs. 10-20 minute confirmation by the blockchain) and there would always be people willing to pay for that service. In addition, clearing houses may provide arbitration and many other extra services. In other words, everyone who creates raw transactions is interested in having lower mining fees.

The only people in disadvantage are nodes that have bandwidth/storage problems. Those who mine on lower bandwidth are having the same economical disadvantage as having slower computer. The fastest miners earn more and that’s what matter for clients. It is absolutely the same as with people who mined on a single GPU and now have to switch to ASIC or drop out. The non-miners would have to compare their costs of delayed validation with the costs of upgrading their network. If they choose slow network and delays, their customer base will be limited: customers who want faster validations will switch to faster competitors. In the end, if the majority of miners and other users sees it economically more profitable to try bigger blocks, they will switch and the minority would have to adjust. But since there is some level of uncertainty here, the limit will never be abolished or raised too much. Most probably, it will be increased by a factor of two, so everyone can easily calculate their costs and risks. And if the 2 Mb block turns out to be too expensive, miners would simply create smaller blocks until we have better networks or faster computers.

And the last point: the hard fork does not imply that everyone should switch some other rules at the same time. Updating software is not that expensive. It is expensive to come to a consensus. And the more stuff you put into a proposal, the harder it will be to get a consensus. However, if people feel need to update two simple lines of code and bump the limit from 1 Mb to 2 Mb, it will be much easier to come to an agreement. And repeat again when necessary.

Summary: no one will change the block size limit until it is reached. And when it is reached, Bitcoin users will switch to a slightly higher limit (e.g. from 1 Mb to 2 MB), so everyone can try and see if it is profitable. If it is not, then miners will simply mine smaller blocks. But if it is profitable, more transactions will go through, until we hit the limit again and repeat. Most probably, the block size limit will never be abolished because of the fear, uncertainty and doubt that people generate in a hard fork discussion.

Bitcoin blockchain has a built-in limit of 1 MB per block of transactions. Bigger blocks are rejected by other nodes as invalid. This means that at 10 minutes per block and with average transaction size of 400 bytes, Bitcoin network registers about 40 transactions per second.

The limit was set in place initially to make sure that the network is not spammed with huge blocks with useless transactions when people were just starting playing with Bitcoin and mining blocks was possible on personal computers. Huge blocks could lead to excessive use of bandwidth which could lead to higher percentage of orphaned blocks due to higher synchronization delays. There was no empirical proof for this limit, it was mostly an intuitive safety mechanism, “good enough” in the short run. Satoshi, the initial developer, suggested that the limit is temporary and should be raised or removed once the network becomes more powerful and could sustain larger amount of transactions.

It is important to keep in mind, that the limit was almost never exercised. So even if there was no hard limit, the blockchain would not grow faster. It was just a precaution. (Assuming, the soft limit of 250 Kb which is not enforced, would still be there.)

Today the number of transactions is steadily growing and may hit the block limit within a year or two. So people start discussing whether the block size limit should be raised, eliminated or if there should be scheme to adjust it dynamically. To change the limit, a consensus will be required. More than 50% of nodes running the full chain must agree to a new rule to switch to it.

What are the factors at play?

Some people fear that if block size will become unlimited, miners will include a lot of spammy transactions, eat everybody’s bandwidth, fees will get lower (thus undermining sustainability of the blockchain in the future) and some miners with poorer connection will be forced out of the market which is supposedly unfair to them.

In reality though, Bitcoin as any other free market, has nothing to do with fairness, but everything to do with mutual satisfaction of self-interests. Miners are motivated by increasing their revenue short term as long as ensuring their investment and raising value of BTC in the long term.

Is there any natural limit on the block size? Sure there is: it is network bandwidth and the costs of storage and transaction verification. The more transactions you need to verify and transmit, the higher your operating costs and (most importantly) the higher the risk of orphaning a block. If the block is too big to be distributed and verified by other peers, the risk of somebody else creating a shorter block in parallel gets higher. If the shorter block gets validated by majority faster than the longer one, the latter will become orphaned. Orphaned blocks mean immediate loss of time and money for miner, and since transactions are rescheduled and delayed, frequently orphaned blocks undermine market value of miner’s savings.

Miners already can choose any block size within the limit and many use the default soft limit of 250 Kb. If it was profitable for some of them to create bigger blocks, they would do that already. Since they do not, it shows that there are market forces at play and hard limit does not matter yet. Even if it was 100 Mb, the blocks would still be compact.

As the base reward is still comparatively big (25 BTC till 2017), miners are even more likely to keep the blocks as small as it does not hurt the market price. Transaction fees contribute 1.12% of the revenue, while bigger blocks with more transactions increase risk of losing 25 BTC. As time goes by, more transactions would compete with 25 BTC reward, increasing average transaction fees. Increasing fees will motivate miners to allow slightly larger blocks (until the risk of losing reward is balanced by the amount of fees). Halving days would only increase motivation to include more transactions. And as blocks and fees get larger, miners would take care of ensuring better connectivity to keep risk of losing blocks low.

It is true that the miner cares about propagating the block as fast as possible to reach the 50%+ of other miners. Some people think the bigger block sizes will favor miners with better connectivity and poor miners somewhere in Botswana will be out of luck. This is shortsighted speculation. A miner with slower connection can always create smaller blocks than other miners to compensate for the connection problems. If it is not profitable for him, it’s not a problem of other users. If I want to mine from a middle of Siberian forest, no one has any obligation to respect my decision. It is entirely possible that in the future 90% of mining will happen in Iceland where the electricity is cheap. There could be great connection between miners, blocks could be bigger and allow a lot of transactions to be put in with lower fees. The rest of the world could download the whole chain without worrying about its delays and sizes. If you want to verify it yourself, just pay for the bandwidth and storage. There is no real threat that by being closer to each other, miners will form a cartel (they can do that today already). Even if they do, arbitrarily raised transaction fees would lower the market value of their own savings, and also any member of cartel can undercut everyone by dropping his fee requirements and earning much more than the rest of them.

What about poor geeks on slow connections with old clunky hard drives that protect our freedom by chatting on Bitcoin forums and sharing 0.0001% of a mining pool? They would need to adjust. Just like CPU miners were losing to GPU miners, and both of them — to ASICs, they would need to adjust to a bigger blockchain. This does not hurt anybody’s freedom except their own. Millions of regular customers would never bother downloading blockchain. They would either trust others, or use escrow payment systems anyway. And those people will provide real value on the market and will make sure that they have their connections faster, drives harder and operations as cheap as possible. Being a lonely chatty geek in Botswana does not bring any value to anybody.

If the miners hit the block limit, it would only mean one thing: there is a desire to process more transactions, but historical untested agreement does not allow it. Then miners and other full nodes will either raise the limit (the smaller the increment, the bigger support it will have), or transaction fees will go up as people compete for the space in blocks. As transaction fees go up, not only miners, but also regular users and service companies using the full blockchain would desire increment of the limit. So it will be even easier to achieve a consensus about raising the limit.

My prediction is that the block size limit will probably never be abolished, but will be constantly pushed up by a factor of two as amount of transactions approaches the limit. Maybe after a couple of updates, people would decide that it’s safe to abolish the limit completely if it is cheaper to account for it, than to have uncertainty of a hard fork.

There is no philosophy in Bitcoin. It is not anarchic, libertarian, Austrian or anonymous. It is just an internet protocol and a bunch of people that use it to transact between each other.

The protocol has purely technical and monetary measures to prevent spam, DoS, double spending and reversal of transactions. Transactions themselves do not advertise their purpose or identities of people involved.

It is not “against Bitcoin spirit” to have non-anonymous service built on top of Bitcoin. It is not a “hack” to use Bitcoin addresses generated not from random numbers, but from document hashes to implement secure document timestamping.

You can do whatever you want with Bitcoin as long as your transactions are compliant with the protocol and you pay the fees when needed. You can use it as a currency. Or as a payment system. Or as an investment. Or not use any of its monetary properties whatsoever, but use it to register predictions about the future. You can use it in clear to accept donations for a good cause, or you can use it through Tor network to buy illegal stuff. You may require others to identify themselves before accepting payments, or you may allow your customers to hide their identities from you. After all, you can avoid the whole thing completely and live a happy life.

If there is a single philosophical thing about Bitcoin, it is this one: voluntarism. On the internet, across oceans and thousands of walls, you cannot force another person to do what you want. And neither can he or she. Therefore, to make a deal with another person, you have to negotiate and find consensus. And if you envision risks and potential problems, you are free to creatively find voluntary solutions to them, which will also be part of negotiation. No amount of unilateral declarations, laws or appeals to objectivist philosophy will make another person send you bitcoins. Only negotiation and reasoning give you a chance to get what you want.

In Bitcoin all transactions and balances are visible to everyone. If you want to spend someone else’s coins, you just need to pick any unspent transaction, figure out a secret key and make another transaction moving money to some of your addresses. How hard can it be?

First of all, all transactions use elliptic curve crypto for creating public/private key pairs (ECDSA). The idea is that it is easy to compute a public key from a private one, but very hard to do it in reverse. Unfortunately, we cannot know for sure that in the future we will not discover a relatively fast way to find private keys. Also, there is already efficient quantum algorithm to do just that (provided you have big enough quantum computer).

But ECDSA public keys are not exposed. Every publicly visible address is a hash of a public key, not the key itself. More specifically, the public key is hashed with two algorithms: RIPEMD160(SHA256(pubkey)). If you wish to spend money from any given address, you not only have to find a private key, but also find a public key which produces the exact same address. It is called “pre image attack”. (Pedantic note: if you spend coins from an address, you expose its public key, so it is one more reason not to reuse addresses, but always generate new ones for accepting payments.)

Obviously, two different hash functions are used in case one of them becomes weak to preimage attacks. Lets say, you have efficient way to find preimages for RIPEMD-160 (faster than brute force). Then, you would have to attack SHA-256 in order to find its preimage. And even if you succeed there, you will have to start searching for ECDSA private key matching the SHA-256 preimage you have just discovered.

The interesting question is why these two specific hash functions were chosen? RIPEMD160 is nice because it produces the shortest possible hash among non-broken hash functions (which makes the address as compact as possible). But I couldn’t find any definitive answer why need for SHA-256 as well, so here’s my understanding.

Both algorithms are widely used and no weaknesses were found in them yet (although, there are known weaknesses in the reduced versions of them). Moreover, SHA-256 is designed in US by NIST while RIPEMD-160 in KU Leuven university in Belgium. In other words, both functions come from very different places and were designed for different customers. This reduces the likelihood of finding the common weakness and also acts as a precaution against potential backdoor left by US or EU.

In the end, all coins are available for everyone to inspect, but each address is protected by 3 independent unique algorithms. So if there is an intentional or accidental weakness in any of them, other two are likely to remain strong.

When talking about money, people usually say something like “money has no or very little direct use value and is only useful as a medium of exchange”. For instance, you value your silver spoon for its immediate use during the dinner, but the dollar bills do not have any value in themselves — they are useful only when there are other people around who are willing to trade some of their stuff for these bills.

Generally, people perceive Bitcoin as currency which makes them think that the same arguments about its value apply. That is, in itself Bitcoin is some digital dust which can only have value as a monetary instrument. But that’s not the case at all.

Bitcoin network has very interesting properties that allow you to use it not only as a currency. For example, the block chain (decentralized transaction history) is designed to be extremely hard to forge and very easy to verify. This, with some crypto features, allows it to be used for secure time-stamping, proving ownership of tangible property, decentralized DNS and new ways to sign contracts without having to fully trust any one party. Some of these things are already possible using existing software, some require already planned and compatible modifications.

These things are not possible with any commodity-based currency (metals or paper bills), but possible and very easy to use with Bitcoin. Just think about it: in case of a contract dispute, you can provably verify the details of some contractual agreement in a matter of seconds across the ocean to anyone, without sending paper documents with ink signatures by mail. The only requirement for this is to leave a trace of your contract up front in the Bitcoin block chain by making a small transaction back and forth to an address, uniquely derived from the document contents. It costs almost nothing, can be done in a minute and the trace cannot be forged or erased by anyone in the entire world.

Edit: rephrased a couple of sentences according to the comments on HN.

When you listen to a guy talking about Bitcoin, there are several things that come up frequently and that are not true. Unfortunately, even popular video on WeUseCoins.org says those things. So lets try to see what’s wrong.

1) “Bitcoin is a currency that is created by computers.”

As I explained in the previous posts, “mining” is absolutely secondary to Bitcoin. The most important thing is a decentralized history of exchanges that people can trust. That’s what makes Bitcoin interesting. You have much more freedom and much more protection to sign a contract with another human being. Without a single corporation, government, police and lawyers. And your contract will have to be acknowledged by everyone else contributing their own contracts. So all participating people are locking each other into mutual agreements in a very clever way, that nobody can escape them without paying for that. The word “currency” is absolutely a second part of the story. Since people normally want many different agreements, Bitcoin provides a numerical value on its contracts. Which makes it possible to trade them and use as a monetary instrument.

So it is not created by computers. It is automated by computers, but it is created and maintained by real people who want to trade with each other peacefully and efficiently.

2) “Bitcoins are sent directly to other people without someone in the middle.”

Of course, Bitcoins go through someone. And this someone is a “miner”, who validates transaction, puts it into the block and spends a lot of electricity to make sure some random person does not attempt to spend money twice or fool everybody around. It is a miner who gets transaction fees and also unlocks bitcoins as a reward for the clearing service.

The difference with a banking system, of course, is that miners do not have guns and thus cannot impose additional arbitrary rules without paying for them themselves. There are many of them, so you always can choose the one you like more. And that choice is already automated and optimized, so you don’t have to worry about it.

3) “There are no prerequisites.”

Of course there are. There is a protocol which is harder than any law in the world. If you don’t play along, nobody will give you a penny. You cannot press or threat people to change the rules. You absolutely have to play by the rules to get a cake. And everybody has to do exactly the same. No man can come in and say “this idea is interesting, but I’d like to adjust certain things in my, sorry, in everybody’s favor” - won’t happen.

4) “The total amount is limited, so the value always grows and you get richer.”

That’s true that supply is limited. But it’s not true that this is a reason why value is growing. Supply could have been linearly growing all the time, and it still could be a good deal (it’s just the fees would be higher). Or maybe not. The only truth here is that “growins value” is nothing but people’s desire to use Bitcoin more than yesterday because it is more efficient/cheaper/cooler/whatever than other alternatives. If one day it’s not the case, then the value will “go down” despite of the limited supply. Remember that nobody would need Bitcoin in the first place if there were no thieves on the streets and in the Central Bank. Everybody can just write their obligations on a piece of paper. So if that day suddenly comes, then Bitcoin will become nothing but a useless numbers.

Also, if suddenly people start saving Bitcoins and not selling them for anything in anticipation of future growth, guess what would happen? Nothing. Until somebody needs to buy something. You are not not buying computer this year because next year it will be more powerful and/or cheaper. At some point you need stuff to be done, so it will be done. And if Bitcoin owners do not do anything useful to each other, there is no point in having them. That’s why speculation is hard and only few cold-headed people are doing it more or less successfully. Others are enjoying building stuff and making themselves and everybody around richer and happier.

When people ask about how bitcoins are created, you reply that they are “mined” by computing millions of cycles of the same algorithm until a certain result is achieved. Basically, you spend time + electricity to generate new coins.

Then they ask you is it true that you do not create anything of value? And you honestly say, well, yes. Electricity is wasted on generating random numbers without any practical use, so there is no “intrinsic” value being put in the resulting coins.

This is of course not true. I can also burn electricity watching YouTube all day, but that won’t make other people pay me. The truth is what “miners” do is validating and securing transactions. That’s their main job that others are willing to pay for. That’s why Bitcoin has value.

Why is unlocking new coins tied to the block creation (“mining”)? Because, it’s the only logical place to do that. If you have a method to generate money, then people are supposed to do that like crazy provided that someone still processes transactions (which is the only reason to have any interest in the currency in the first place). So if I say, you should do these calculations to get new money, but to make transactions do those other calculations, nobody would care. But when you combine those two things in one single process, then you have a system with a “positive feedback”: people get reward directly and immediately for providing services for themselves and anyone joining later on.

So the value of Bitcoin is not in the cost of electricity, but in the ability to make safe and quick transactions and having a limited money supply. And the miners are not digging money from nothing, they are doing a service to everyone and are being paid for that.

For those who still think Dispute Resolution Organizations (DROs) will become governments, I invite you to take a look at a real-world example of a DRO – one of the world’s largest “employers.” Currently, over 300,000 people rely on it for a significant portion of their income. Most of what they sell is so inexpensive that lawsuits are not cost-effective, and transactions regularly cross incompatible legal borders – in other words, they operate in a stateless society. So how does eBay resolve disputes? Simply through dialogue and the dissemination of information (see http://pages.ebay.com/help/tp/unpaid-item-process.html). If I do not pay for something I receive, I get a strike against me. If I do not ship something that I was paid for, I also get a strike. Everyone I deal with can also rate my products, service and support. If I am rated poorly, I have to sell my goods for less since, everything else being equal, people prefer dealing with a better-rated vendor (or buyer). If enough people rate me poorly, I will go out of business, because the risk of dealing with me becomes too great. There are no police or courts or violence involved here – thefts are simply dealt with through communication and information sharing.

Thus eBay is an example of the largest Dispute Resolution Organization around – are we really afraid that it is going to turn into a quasi-government? Do any of us truly lie awake wondering whether the eBay SWAT team is going to break down our doors and drag us away to some offshore J2EE coding gulag?

Practical Anarchy by Stefan Molyneux

http://www.freedomainradio.com/FreeBooks.aspx (pdf, html, mp3)

Capitalize “Bitcoin” when speaking about the project or the protocol. Example: “We accept payments with Bitcoin”.

Do not capitalize “bitcoin” when speaking about units of currency. Example: “We accept bitcoins”.