Oleg Andreev



Software designer with focus on user experience and security.

You may start with my selection of articles on Bitcoin.

Переводы некоторых статей на русский.


Product architect at Chain.

Author of Gitbox version control app.

Author of CoreBitcoin, a Bitcoin toolkit for Objective-C.

Author of BTCRuby, a Bitcoin toolkit for Ruby.

Former lead dev of FunGolf GPS, the best golfer's personal assistant.


I am happy to give you an interview or provide you with a consultation.
I am very interested in innovative ways to secure property and personal interactions: all the way from cryptography to user interfaces. I am not interested in trading, mining or building exchanges.

This blog enlightens people thanks to your generous donations: 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
April 11

How to keep your bitcoins safe

As more people get into this crazy pyramid scheme called Bitcoin, it is important to understand the safety measures. Many people spread a lot of FUD about speculative bubble, government intervention, potential backdoors in code and scalability issues in the future. But they never talk about real and immediate security threats that can leave you with nothing in an instant even if Bitcoin flourishes. In this post I’ll explain how I’d recommend storing and handling bitcoins. Don’t take my recommendation for granted, I’m also learning and can make mistakes and will change my opinion later. Do not trust anyone and think twice (and then think twice again) before doing anything.

Accept losses

The rule is to split, diversify and brace for impact. Make yourself comfortable with an idea that your money will be stolen. Not a matter of “if”, but “when” and “how much”. You can only limit the damage, not to avoid it completely. Looking for a perfect solution leads to denial and irrational behavior. You should understand the layers of security and how they reduce, but not eliminate the risk. You should also understand how to split your money in independent parts.

Trusting 3rd parties

When you purchase some BTC on an exchange and keep them there, you are fully trusting the exchange operator. If they get hacked or simply steal your coins, you will have a very hard time recovering them (chances are almost zero). Also, attacks are more probable where the payoff is the biggest. People will continue attacking wallet services and exchanges because it is where the most of money is concentrated. When you purchase some BTC, you should move most of them out of the exchange to a private wallet immediately. You may keep some amount on the exchange in case you’d want to sell quickly (beware of panic sells when someone runs a DDoS attack) or in case your main wallet is lost or stolen.

Beware of market volatility

Some people sell at some unusually high price moving it a little bit down, and then organize a huge DDoS attack on exchanges and popular Bitcoin websites. This creates panic in newcomers who suspect that the bubble is going to blow up and they give up their money to those who know better. I myself have no experience, nor desire to play on price changes, so I don’t recommend at all trying to play this game. Invest only the money you can lose and save it for a long run. Maybe, if it gets 10x more than you invested, you can sell back 10% to cover your expenses and then be a relaxed spectator without risking a heart attack. This is never-done-before technology, no one knows what price is fair, opinions differ from $0 to $1000000. It can go quickly up, then quickly down. Or be stable for a while before unexpected jump or drop. If you are in for a long run, temporary changes do not matter. If Bitcoin succeeds, it will be big and shiny. If it fails, it will fail so quickly, you will not be there to dump it. Just accept the wild swings and limit your investments in the first place.

Your computer

Your personal computer should be secure. Without viruses, trojans, keyloggers, corporate monitoring software, add-ons, kernel extensions etc. My recommendation: do not use Windows at all. Buy yourself a modern MacBook Air, turn on FileVault2 to encrypt the whole disk (even if your password is weak, disk encryption reduces the risk of private keys being leaked when the system swaps RAM). Allow only Mac App Store apps and DeveloperID-signed apps (it is on by default). Never install any generic UI extensions, never enable access to assistive devices (unless you really use them yourself), never install any entertainment apps or games except Google Chrome. Never install Flash, or Java or any other kind of runtime plugin to your browser or the whole system. Never ever install kernel extensions: sorry, VMWare and Parallels require them and I wouldn’t trust them messing with the OS kernel just to be extra safe. Install apps preferably from the Mac App Store — they can be pulled out quickly in case of a problem and most of them are sandboxed (which usually means app cannot mess with any of your files and has many other limitations).

Bitcoin-QT wallet (Windows, Mac, Linux)

I recommend two wallet apps: “official” Bitcoin-QT and Blockchain.info.

Bitcoin-QT is a so-called “full node client”. It downloads all transactions and operates without trust in any single server as advertised. It is the most maintained, most used codebase. It is also not the easiest to use as it syncs slowly, occupies gigabytes of disk space and UI is pretty ugly.

Bitcoin-QT encrypts private keys with a passphrase (by default it doesn’t, you have to turn this on). To use it safely, you need to have a good passphrase and regularly backup the wallet in several safe locations. On OS X the wallet is located in ~/Application Support/Bitcoin/wallet.dat (all other files, especially blocks folder should be ignored by your backup program).

Split your coins in two or more wallets. Bitcoin-QT does not allow you to easily switch between them: you need to shut it down, rename one of your wallets in wallet.dat, start Bitcoin-QT again. Use different passphrases for each wallet. Store them in different locations. Remember: whenever you do something with your wallet, or move money to another one, always keep all backups and first try with smaller amounts. In case you accidentally send to a wrong address, you better have some older backup with the keys.

When the new update of Bitcoin-QT comes out, download the new version from the official website, verify its checksum and keep it on disk for a while. If in a couple or more days there were no reports of a hack on a download server, launch the app, but for a good measure do not enter your passphrase for a bit more.

Blockchain.info wallet (web, iOS, Android)

Blockchain.info is a web service that allows navigating Bitcoin blockchain and provides an online wallet. The wallet is stored encrypted on the server and decrypted only on client side (in JS in your browser or in iOS app “Blockchain”).

As always, if you forget the passphrase, you will not be able to access your funds. Other apps support importing wallet backup (like MultiBit), so you won’t fully depend on their server to do your transactions.

Blockchain.info is still a 3rd party service and one day may steal or leak your wallet password (e.g. if some hackers sneak in and place a honeypot), so do not trust more than 10% of your funds.

I recommend enabling 2-factor authentication via e-mail code (SMS code is also possible, but is less reliable) - in order to sign in on the web site, you would need your alias (username), e-mail code and a password. Also install the iOS/Android app and protect the whole phone with a passcode. If you e-mail authentication stops working, or your e-mail account is stolen, you’ll still be able to make payments from the phone. Also, copy a wallet backup somewhere outside your mailbox (they have some integration with Dropbox, maybe you should try it).

Paper wallet

If your funds get really expensive, you may try a good old paper. I’m far from that happy day and haven’t tried this myself yet, it’s only my current thoughts that might be helpful to somebody.

Paper wallet is a private key which was create on a secure computer, printed on a paper and wiped out from any other storage. It may be protected by a password, but usually, it’s just a raw key. It is safe from hackers, but not safe from physical access. You should keep it in a very secret place, or in a vault.

There are different levels of paranoia involved in creating paper wallets: from a web service which does all work for you (but can be compromised on different levels) to a completely new, clean computer never connected to the internet, with a virtual machine where the password is generated and then the disk is burned down.

Blockchain.info provides some helpful material on how to deal with paper wallets: https://blockchain.info/wallet/paper-tutorial

Paper key has one important aspect: when importing it to a wallet and sending a portion of money, make sure where the change goes. If it goes back to the different address, your paper key may become useless as your money is now on some new address created by your wallet app. Be very careful not to delete the wallet before you make sure where the funds actually are. Some people already lost quite a lot of money because of careless manipulation with paper keys and deleting the wrong thing too early.

Start small and wait

When you try a new application, or a service, or a piece of paper, or a backup, always start with small amounts and see if you can get it back and forth smoothly. Try the whole cycle, enter your pass phrases ten or more times, so it gets boring. Then, wait a week and try again. If it works, and you did not forget where your stuff is stored, how it is encrypted and if it still accessible, then add a bit more funds there. Never put yourself in a situation where you risk half or more of your funds while pressing buttons. Do it in small portions and check each portion that it has arrived where needed and that it is still accessible.

Conclusion: be extra careful, double check everything, play with small amounts first and remember the rule: split, diversify and brace for impact. Bad things will happen, prepare for them.

If it was helpful, you may send some love to this address: 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo

April 9

Advice about Bitcoin

In a nutshell, this is what I tell people when they ask me if they should buy some bitcoins:

  1. Bitcoin is a huge thing that can transform many things in society.
  2. No one knows what will actually happen, there were no historical precedents.
  3. Do not put more money than you can afford to lose tomorrow. Do not borrow anything, do not put more than 50% of your savings, do not touch money you already have made plans for. It’s tempting, but just don’t.
  4. Before putting in more than $100, learn about Bitcoin, how it works, why it works, its weaknesses, popular myths, how past problems were solved etc.
  5. Be aware of viruses, lost passwords, lost backups, bugs, human mistakes, panics on exchanges, DoS attacks etc.
  6. Check and double-check and triple-check before doing anything. Play with small sums when trying a piece of software, or a service. Then wait a week and play with a bigger amount if nothing is lost or broken.
  7. Never blame anybody except yourself.
  8. You most probably will be disappointed at some point in time. You will be scammed, your money will be stolen or lost. Prepare for it.
  9. Never trust anyone (including me). No person has authority in Bitcoin. Even core developers are more like explorers as they didn’t write the original code and did not make a lot of decisions. And Satoshi has disappeared a long time ago.

I cannot stress it enough: even if Bitcoin becomes huge, you may still lose everything for many reasons. Be careful.

It’s a great journey ahead of us, but it’s bumpy. Don’t dive in without proper training.

April 3

Bitcoin vs. Gold

Some people think that gold is easier to hide or bury than Bitcoin. They like that gold was used for 5000 years and you can touch it. They dislike 4-year old internet protocol because they do not understand it.

First of all, money is information. Gold encapsulates information “I own that much of current purchasing power” via its hard-to-duplicate physical properties. The harder it is to duplicate and easier to verify, the more liquid it is. To hide information embodied in gold, you have to hide your brick somewhere in the physical world. Since 1 kg of gold has quite a big market value for a single person, hiding it is not a big problem.

How does Bitcoin look from that perspective? Bitcoin stores information about your purchasing power using decentralized database. Bitcoin is much harder to duplicate or create (you can suddenly find some gold in the ground, but with Bitcoin supply is known in advance). Bitcoin is much easier to validate with 99,9999999999999999999% certainty using cheap commodity hardware anywhere in the world. Gold verification ultimately needs to be melt down and checked by experts, or you have to trust some certificates and less accurate checks.

How would you hide Bitcoin? Even easier than gold. If you print your private keys or passwords on a piece of metal, you can use the same hiding techniques that apply to gold. But you have also purely digital options. You can simply remember the password. Or write it on a small insignificant piece of paper. Or split the secret via Shamir’s Secret Sharing Scheme and send pieces to friends and relatives.

Finally, the killing feature of Bitcoin is that you can split your stash in 100 pieces and send them to 100 different people anywhere in the world in a matter of minutes without any single person knowing about that. If you need to buy something with Bitcoin, you can do it right away. With a brick of gold — not so much.

April 2

How Bitcoin will change society

When Bitcoin kills money printing and slashes a lot of taxes, smarter people will run from the government while the dumber ones will take their positions.

As economy gets more liberated, the parasites will get less and less efficient and more discredited in the eyes of population. More stupid restrictions will become law which will only accelerate resistance, but will never achieve anything useful for tyrants. Politicians and police will be massively bribed to not interfere with private business.

Government will become less and less relevant until it ends with a bunch of starving die-hard socialists and racists lying in an empty post office.

March 31

Fair bitcoin donations for open source projects

Imagine if you prefix your open source license with bitcoin addresses of major contributors with their designated shares:

Copyright (c) 2013 MyProject Developers

Send donations to these addresses:

1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T 750 Alex Johnson
139FpKh63Vn4Y73ijtyqq8A6XESH8brxqs 200 Mike Brown
1PNvbXZFysxvx3252w9JHMa7zbG95snqnm 50  Jack Howard

Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without restriction, 
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:

The above copyright notice and this permission notice shall be included 
in all copies or substantial portions of the Software.

A bitcoin wallet app may parse each line as 1) bitcoin address, 2) number of shares and 3) a name of the person separated by spaces. Any amount entered by the user will be split in proportion to the number of shares and will be sent in a single transaction.

Initial developers will decide how they split shares among themselves and how they grant them to new contributors. Every user will see how money will be distributed before payment. This removes great amount of “budget management” politics. If developers cannot come to a “fair” distribution of shares, they will not get any donations at all (because they’ll get them only after they decide how to split the earnings).

Usually, every project starts with a single person, who puts his bitcoin address right in the license, so anybody can send him a “thank you” payment. When another contributor joins and initial developer wants to share earnings with her/him they decide on share distribution. When third person joins, both previous shareholders decide who gives up how many shares in favor of a newcomer. Every developer is always free to redistribute his own shares to whoever he wants without asking permission of other shareholders.

March 25

Why Bitcoin grows unusually faster than normal businesses

When people see that Bitcoin grows 300% in a couple of months, they do not believe there is a real reason for it. It must be a speculative bubble, things normally do not grow that fast.

When you invest in a company, it takes time to produce something. The value cannot simply jump through the roof because there are humans working, everything is hard and no one knows if the final product will be appreciated by the consumers.

Except, in case of Bitcoin this analogy does not apply. First, Bitcoin in a sense, is already a product available for everyone. It is already produced and proved to work, so you do not really invest in something that does not yet exist. Secondly, when investing in Bitcoin you do not invest in some particular business with a group of people managed by a single CEO. You invest in a huge variety of businesses in multiple countries with different business models, different risks and legal environments. So even if one of the businesses makes a big mistake, Bitcoin is still in demand by many others.

Of course, it does not prove that Bitcoin is inherently less risky. Even if the number of global risks is lower than in a private company, one single risk can outweigh all benefits and destroy your investment. But you should understand the fundamental difference between individual stocks and Bitcoin: investing in Bitcoin is like investing in the whole stock market 100% filled with startups and hot new ideas, not some portfolio of relatively stable stocks with the proven business models and moderate revenue streams. Of course, many startups fail. But when some succeed, they succeed spectacularly and cover all the losses. Buying Bitcoin is being a venture capitalist yourself on a worldwide scale.

February 25

How transaction scripts work

This is a very nice article about several Bitcoin protocol improvement proposals (BIPs), but it also explains how scripts work.

http://bitcoinmedia.com/the-truth-behind-bip-16-and-17/

February 24

This is how block size limit will be raised

The last post was filled with different ideas and did not show clearly the single principle behind it. Here I will try to explain it on a simple example.

Imagine you are selling apples. You are selling, like 100 apples per day for $1 each. Suddenly the demand for apples grows. People want to buy more than 100 apples per day. If you haven’t yet increased the supply of apples, people will try to outbid each other. Say, the most prominent apple lovers are willing to pay $1,5 per apple. For you it means an immediate increase in revenue: up to $150 per day instead of $100.

For a minute lets suppose that your apples are special and you have no competition. Will you earn even more if you increase supply of apples? You cannot really know in advance because you never know the “demand curve” (because it does not really exist and demand changes over time). On one hand, your revenue may drop down: more apples mean less competition for them and a lower price. On the other hand, the price may get lower, but the increase of purchases will be greater, so the total revenue would be even bigger. Also, if you reduce supply to 10 apples per day, it does not mean that you will find customers willing to pay $15 or more to make a bigger revenue. Maybe at some point they’ll buy something else or abstain from buying at all.

The important point is that the only way to know the best price and the best amount of supply is to try different amounts and settle at the optimum point. In other words, when demand grows, you should always be able to increase the supply to see if it increases your revenue or not. If it does not, you may lower the supply back to optimal amount.

Back to the block size. Today, miners and customers do not hit the limit of 1 Mb per block. The limit virtually does not exist (blocks are typically under 250 Kb due to optional limit). The limit could be 100 Gb and the blocks would still have the same size we have today. So nobody would take the risk to change the rule because the rule does not affect anyone.

Fast forward a year or two from now: the amount of transactions is growing. If the miners do not find it efficient to send bigger blocks (due to bandwidth latencies causing more orphaned blocks, or storage costs, or time spent on verification or something else), they will not send bigger blocks. So the limit still would not matter. But if they find it efficient to send blocks up to 1 Mb in size, they will “feel” the limit. Block size cannot be arbitrarily increased, so transactions will begin competing for a place in the block. Transaction fees will rise. But we don’t know how much they will rise. At some point, for some people it would be cheaper to use external clearing houses that will offer lower fees and sync with blockchain less frequently. For miners that would mean uncertainty. How much would they earn in fees if the block size can be increased? Will they have bandwidth problems? Will they have bigger or smaller revenue? The only way to know for sure is to try, but you cannot try it unless you increase the limit. So they would naturally be motivated to increase the limit to be allowed to find an optimal block size.

Who else would be motivated to do so? Customers, of course. They would like to pay lower fees for non-mediated transactions instead of relying too much on clearing houses. Even clearing houses would like to have a bigger limit so they pay lower fees. Because clearing house provides additional service of instant confirmation (vs. 10-20 minute confirmation by the blockchain) and there would always be people willing to pay for that service. In addition, clearing houses may provide arbitration and many other extra services. In other words, everyone who creates raw transactions is interested in having lower mining fees.

The only people in disadvantage are nodes that have bandwidth/storage problems. Those who mine on lower bandwidth are having the same economical disadvantage as having slower computer. The fastest miners earn more and that’s what matter for clients. It is absolutely the same as with people who mined on a single GPU and now have to switch to ASIC or drop out. The non-miners would have to compare their costs of delayed validation with the costs of upgrading their network. If they choose slow network and delays, their customer base will be limited: customers who want faster validations will switch to faster competitors. In the end, if the majority of miners and other users sees it economically more profitable to try bigger blocks, they will switch and the minority would have to adjust. But since there is some level of uncertainty here, the limit will never be abolished or raised too much. Most probably, it will be increased by a factor of two, so everyone can easily calculate their costs and risks. And if the 2 Mb block turns out to be too expensive, miners would simply create smaller blocks until we have better networks or faster computers.

And the last point: the hard fork does not imply that everyone should switch some other rules at the same time. Updating software is not that expensive. It is expensive to come to a consensus. And the more stuff you put into a proposal, the harder it will be to get a consensus. However, if people feel need to update two simple lines of code and bump the limit from 1 Mb to 2 Mb, it will be much easier to come to an agreement. And repeat again when necessary.

Summary: no one will change the block size limit until it is reached. And when it is reached, Bitcoin users will switch to a slightly higher limit (e.g. from 1 Mb to 2 MB), so everyone can try and see if it is profitable. If it is not, then miners will simply mine smaller blocks. But if it is profitable, more transactions will go through, until we hit the limit again and repeat. Most probably, the block size limit will never be abolished because of the fear, uncertainty and doubt that people generate in a hard fork discussion.

February 22

Economics of block size limit

Bitcoin blockchain has a built-in limit of 1 MB per block of transactions. Bigger blocks are rejected by other nodes as invalid. This means that at 10 minutes per block and with average transaction size of 400 bytes, Bitcoin network registers about 40 transactions per second.

The limit was set in place initially to make sure that the network is not spammed with huge blocks with useless transactions when people were just starting playing with Bitcoin and mining blocks was possible on personal computers. Huge blocks could lead to excessive use of bandwidth which could lead to higher percentage of orphaned blocks due to higher synchronization delays. There was no empirical proof for this limit, it was mostly an intuitive safety mechanism, “good enough” in the short run. Satoshi, the initial developer, suggested that the limit is temporary and should be raised or removed once the network becomes more powerful and could sustain larger amount of transactions.

It is important to keep in mind, that the limit was almost never exercised. So even if there was no hard limit, the blockchain would not grow faster. It was just a precaution. (Assuming, the soft limit of 250 Kb which is not enforced, would still be there.)

Today the number of transactions is steadily growing and may hit the block limit within a year or two. So people start discussing whether the block size limit should be raised, eliminated or if there should be scheme to adjust it dynamically. To change the limit, a consensus will be required. More than 50% of nodes running the full chain must agree to a new rule to switch to it.

What are the factors at play?

Some people fear that if block size will become unlimited, miners will include a lot of spammy transactions, eat everybody’s bandwidth, fees will get lower (thus undermining sustainability of the blockchain in the future) and some miners with poorer connection will be forced out of the market which is supposedly unfair to them.

In reality though, Bitcoin as any other free market, has nothing to do with fairness, but everything to do with mutual satisfaction of self-interests. Miners are motivated by increasing their revenue short term as long as ensuring their investment and raising value of BTC in the long term.

Is there any natural limit on the block size? Sure there is: it is network bandwidth and the costs of storage and transaction verification. The more transactions you need to verify and transmit, the higher your operating costs and (most importantly) the higher the risk of orphaning a block. If the block is too big to be distributed and verified by other peers, the risk of somebody else creating a shorter block in parallel gets higher. If the shorter block gets validated by majority faster than the longer one, the latter will become orphaned. Orphaned blocks mean immediate loss of time and money for miner, and since transactions are rescheduled and delayed, frequently orphaned blocks undermine market value of miner’s savings.

Miners already can choose any block size within the limit and many use the default soft limit of 250 Kb. If it was profitable for some of them to create bigger blocks, they would do that already. Since they do not, it shows that there are market forces at play and hard limit does not matter yet. Even if it was 100 Mb, the blocks would still be compact.

As the base reward is still comparatively big (25 BTC till 2017), miners are even more likely to keep the blocks as small as it does not hurt the market price. Transaction fees contribute 1.12% of the revenue, while bigger blocks with more transactions increase risk of losing 25 BTC. As time goes by, more transactions would compete with 25 BTC reward, increasing average transaction fees. Increasing fees will motivate miners to allow slightly larger blocks (until the risk of losing reward is balanced by the amount of fees). Halving days would only increase motivation to include more transactions. And as blocks and fees get larger, miners would take care of ensuring better connectivity to keep risk of losing blocks low.

It is true that the miner cares about propagating the block as fast as possible to reach the 50%+ of other miners. Some people think the bigger block sizes will favor miners with better connectivity and poor miners somewhere in Botswana will be out of luck. This is shortsighted speculation. A miner with slower connection can always create smaller blocks than other miners to compensate for the connection problems. If it is not profitable for him, it’s not a problem of other users. If I want to mine from a middle of Siberian forest, no one has any obligation to respect my decision. It is entirely possible that in the future 90% of mining will happen in Iceland where the electricity is cheap. There could be great connection between miners, blocks could be bigger and allow a lot of transactions to be put in with lower fees. The rest of the world could download the whole chain without worrying about its delays and sizes. If you want to verify it yourself, just pay for the bandwidth and storage. There is no real threat that by being closer to each other, miners will form a cartel (they can do that today already). Even if they do, arbitrarily raised transaction fees would lower the market value of their own savings, and also any member of cartel can undercut everyone by dropping his fee requirements and earning much more than the rest of them.

What about poor geeks on slow connections with old clunky hard drives that protect our freedom by chatting on Bitcoin forums and sharing 0.0001% of a mining pool? They would need to adjust. Just like CPU miners were losing to GPU miners, and both of them — to ASICs, they would need to adjust to a bigger blockchain. This does not hurt anybody’s freedom except their own. Millions of regular customers would never bother downloading blockchain. They would either trust others, or use escrow payment systems anyway. And those people will provide real value on the market and will make sure that they have their connections faster, drives harder and operations as cheap as possible. Being a lonely chatty geek in Botswana does not bring any value to anybody.

If the miners hit the block limit, it would only mean one thing: there is a desire to process more transactions, but historical untested agreement does not allow it. Then miners and other full nodes will either raise the limit (the smaller the increment, the bigger support it will have), or transaction fees will go up as people compete for the space in blocks. As transaction fees go up, not only miners, but also regular users and service companies using the full blockchain would desire increment of the limit. So it will be even easier to achieve a consensus about raising the limit.

My prediction is that the block size limit will probably never be abolished, but will be constantly pushed up by a factor of two as amount of transactions approaches the limit. Maybe after a couple of updates, people would decide that it’s safe to abolish the limit completely if it is cheaper to account for it, than to have uncertainty of a hard fork.

February 18

Philosophy of Bitcoin

There is no philosophy in Bitcoin. It is not anarchic, libertarian, Austrian or anonymous. It is just an internet protocol and a bunch of people that use it to transact between each other.

The protocol has purely technical and monetary measures to prevent spam, DoS, double spending and reversal of transactions. Transactions themselves do not advertise their purpose or identities of people involved.

It is not “against Bitcoin spirit” to have non-anonymous service built on top of Bitcoin. It is not a “hack” to use Bitcoin addresses generated not from random numbers, but from document hashes to implement secure document timestamping.

You can do whatever you want with Bitcoin as long as your transactions are compliant with the protocol and you pay the fees when needed. You can use it as a currency. Or as a payment system. Or as an investment. Or not use any of its monetary properties whatsoever, but use it to register predictions about the future. You can use it in clear to accept donations for a good cause, or you can use it through Tor network to buy illegal stuff. You may require others to identify themselves before accepting payments, or you may allow your customers to hide their identities from you. After all, you can avoid the whole thing completely and live a happy life.

If there is a single philosophical thing about Bitcoin, it is this one: voluntarism. On the internet, across oceans and thousands of walls, you cannot force another person to do what you want. And neither can he or she. Therefore, to make a deal with another person, you have to negotiate and find consensus. And if you envision risks and potential problems, you are free to creatively find voluntary solutions to them, which will also be part of negotiation. No amount of unilateral declarations, laws or appeals to objectivist philosophy will make another person send you bitcoins. Only negotiation and reasoning give you a chance to get what you want.

+

On circulation of money

Murray Rothbard, “What Has Government Done to Our Money?”

Economists err if they believe something is wrong when money is not in constant, active “circulation.” Money is only useful for exchange value, true, but it is not only useful at the actual moment of exchange. This truth has been often overlooked. Money is just as useful when lying “idle” in somebody’s cash balance, even in a miser’s “hoard.” (At what point does a man’s cash balance become a faintly disreputable “hoard,” or the prudent man a miser? It is impossible to fix any definite criterion: generally, the charge of “hoarding” means that A is keeping more cash than B thinks is appropriate for A.) For that money is being held now in wait for possible future exchange—it supplies to its owner, right now, the usefulness of permitting exchanges at any time—present or future—the owner might desire.

It should be remembered that all gold must be owned by someone, and therefore that all gold must be held in people’s cash balances. If there are 3,000 tons of gold in the society, all 3,000 tons must be owned and held, at any one time, in the cash balances of individual people. The total sum of cash balances is always identical with the total supply of money in the society. Thus, ironically, if it were not for the uncertainty of the real world, there could be no monetary system at all! In a certain world, no one would be willing to hold cash, so the demand for money in society would fall infinitely, prices would skyrocket without end, and any monetary system would break down. Instead of the existence of cash balances being an annoying and troublesome factor, interfering with monetary exchange, it is absolutely necessary to any monetary economy.

It is misleading, furthermore, to say that money “circulates.” Like all metaphors taken from the physical sciences, it connotes some sort of mechanical process, independent of human will, which moves at a certain speed of flow, or “velocity.” Actually, money does not “circulate”; it is, from time, to time, transferred from one person’s cash balance to another’s. The existence of money, once again, depends upon people’s willingness to hold cash balances.
February 7

How to steal all coins

In Bitcoin all transactions and balances are visible to everyone. If you want to spend someone else’s coins, you just need to pick any unspent transaction, figure out a secret key and make another transaction moving money to some of your addresses. How hard can it be?

First of all, all transactions use elliptic curve crypto for creating public/private key pairs (ECDSA). The idea is that it is easy to compute a public key from a private one, but very hard to do it in reverse. Unfortunately, we cannot know for sure that in the future we will not discover a relatively fast way to find private keys. Also, there is already efficient quantum algorithm to do just that (provided you have big enough quantum computer).

But ECDSA public keys are not exposed. Every publicly visible address is a hash of a public key, not the key itself. More specifically, the public key is hashed with two algorithms: RIPEMD160(SHA256(pubkey)). If you wish to spend money from any given address, you not only have to find a private key, but also find a public key which produces the exact same address. It is called “pre image attack”. (Pedantic note: if you spend coins from an address, you expose its public key, so it is one more reason not to reuse addresses, but always generate new ones for accepting payments.)

Obviously, two different hash functions are used in case one of them becomes weak to preimage attacks. Lets say, you have efficient way to find preimages for RIPEMD-160 (faster than brute force). Then, you would have to attack SHA-256 in order to find its preimage. And even if you succeed there, you will have to start searching for ECDSA private key matching the SHA-256 preimage you have just discovered.

The interesting question is why these two specific hash functions were chosen? RIPEMD160 is nice because it produces the shortest possible hash among non-broken hash functions (which makes the address as compact as possible). But I couldn’t find any definitive answer why need for SHA-256 as well, so here’s my understanding.

Both algorithms are widely used and no weaknesses were found in them yet (although, there are known weaknesses in the reduced versions of them). Moreover, SHA-256 is designed in US by NIST while RIPEMD-160 in KU Leuven university in Belgium. In other words, both functions come from very different places and were designed for different customers. This reduces the likelihood of finding the common weakness and also acts as a precaution against potential backdoor left by US or EU.

In the end, all coins are available for everyone to inspect, but each address is protected by 3 independent unique algorithms. So if there is an intentional or accidental weakness in any of them, other two are likely to remain strong.

February 4

Direct use value of Bitcoin

When talking about money, people usually say something like “money has no or very little direct use value and is only useful as a medium of exchange”. For instance, you value your silver spoon for its immediate use during the dinner, but the dollar bills do not have any value in themselves — they are useful only when there are other people around who are willing to trade some of their stuff for these bills.

Generally, people perceive Bitcoin as currency which makes them think that the same arguments about its value apply. That is, in itself Bitcoin is some digital dust which can only have value as a monetary instrument. But that’s not the case at all.

Bitcoin network has very interesting properties that allow you to use it not only as a currency. For example, the block chain (decentralized transaction history) is designed to be extremely hard to forge and very easy to verify. This, with some crypto features, allows it to be used for secure time-stamping, proving ownership of tangible property, decentralized DNS and new ways to sign contracts without having to fully trust any one party. Some of these things are already possible using existing software, some require already planned and compatible modifications.

These things are not possible with any commodity-based currency (metals or paper bills), but possible and very easy to use with Bitcoin. Just think about it: in case of a contract dispute, you can provably verify the details of some contractual agreement in a matter of seconds across the ocean to anyone, without sending paper documents with ink signatures by mail. The only requirement for this is to leave a trace of your contract up front in the Bitcoin block chain by making a small transaction back and forth to an address, uniquely derived from the document contents. It costs almost nothing, can be done in a minute and the trace cannot be forged or erased by anyone in the entire world.

Edit: rephrased a couple of sentences according to the comments on HN.

January 24

Efficiency and bullying

Disclaimer: in this post I’m not going to pretend that I don’t want to hurt anybody’s feelings.

Dear folks at Hacker News and around the web,

You sure like to discuss practical things instead of debating about abstract philosophy. When someone somewhere does some stupid thing, you are glad to find some optimizations and corrections to it. If the government tries to put a guy in prison for many years where he will be regularly raped, and then the guy goes mad and kills himself, you, of course, do not start questioning the whole situation. Instead, you want to optimize the flow of things. Fire this guy, change that law, complain here, petition there etc.

When anybody comes in and asks: why do you think it is better to fire this prosecutor and hire another (a “better” one) instead of just firing the prosecutor and not let that situation happen ever again in principle? What is the reaction of you, people? Your reaction is to downvote and let him know about all statistical models and wise books about how society needs to be organized to maintain rights, order, peace and, by the way, are you some kind of an crazy anarchist who knows nothing about how the “real” world works?

Ok, lets suppose we care about efficient organization. And models, and social sciences. I totally accept that and have no intention to disprove any of those. Because it does not matter.

How do you decide from a theory of something (lets say, a theory of evolution), that some people can put other people into jail? Also: how can you even study people’s choices (in economics and politics) without drawing a line (even a fuzzy one) between coerced behavior and free behavior? How do you know, what people generally tend to do or be, if somebody is constantly keeping a gun on the table?

Soon, unlocking the phones in US will be illegal. Do you know why it makes people angry? No, not because “It’s my property, dammit, I have a right to do what I blah-blah”. It is because of one-sided relationship. Nobody negotiated this decision with you. Some people somewhere talked about it and decided that. Some other people voted for some abstract ideas. Nobody made a written contract with anybody, and now you become evil person starting January 26 at 00:00 if you disobey. Did Apple or Google ask you how you feel about unlocking and made a contract with you? If yes, then you should obey agreement and protest the redundant laws. If no, then why did you enter the agreement? And if you think that agreement is void because you feel like it, then why do you complain when somebody writes the laws the way they like it? And if the contract sounds unfair and inevitable, then why is that? Isn’t it because you have no place to go and complain for real? Because courts and lawyers are part of a very expensive violent monopoly? So every silly EULA is not a negotiation, but a something like a threat of a very unequal fight in a very expensive court?

Asking yourself all these questions is the way to understand many problems that people ignore.

If you want to adjust existing laws and behaviors to make them more “efficient” for you or “society”, you are doing a very bad thing.

When you say “for copyright infridgement you should put in prison for 1 month instead of 35 years”, this is what you are saying in reality:

  1. It is good in case of a conflict, ultimately resolve it using violence (democratic or otherwise).
  2. It is good to have prisons paid by taxpayers, regardless of who they vote for.
  3. It is good to put in prisons many different people, including crazy killers and rapists.
  4. It is good to put in the same prisons guys who copy some files without authorization.
  5. It is good to have a complicated and opaque and easily corruptible process of deciding whether someone can be forced to go to prison, or if we tries to disagree, shoot him.

Many people accept these things, and I accept living with these people without feeling depressed too much. This is sad news, but it does not kill my soul. What really hurts is when people demonstrate sincere capacity for humility and love. When somebody kills himself because of bullying, and others feel depressed by it. And then they try to fucking adjust the murderous system to make it slightly less murderous. When you do that, you are a sick fucked up skin of a slave, not an independently thinking human being. First, prove the morality of what you are trying to modify. Then we’ll talk.

Next time, when something horrible happens, like a law saying “if you put a finger in your nose, we can impose a fine on you, and if you don’t pay, we will threaten to kill you”, then think about why is it good to even have a possibility of some people writing these things and some other people obeying them. Instead of discussing economical efficiency and how this will change the price structure and amount of unemployment around you.

January 17

Racism

There was a conversation on Twitter about this picture:

https://twitter.com/old_sound/status/291677199470297088

The guys did notice that not only this picture is funny for obvious reasons, but it also shows a general dismissal of latinos as a category. Which obviously shows that authors of such pictures are themselves racists.

So let me show what’s wrong here. The problem with racism is not in the racists themselves. They sure do harm, but they do not benefit from that. Racists of any kind alienate a significant portion of people creating a long-term economical and political problems for themselves. We all know how it works by numerous historical examples.

The root of any social problem is where the money is. In other words, who benefits? Well, that’s all kinds of political leaders: gangsters or government. They directly benefit by manipulating some crowd and making it spend their emotions on religion, racial differences, income classes etc. So whenever you feel that your feelings have been hurt by some racists, you know that there are evil people that want to smash together you and another emotionally-unstable person. If you think that by opposing racists you solve the problem, you are mistaken. By opposing racists you play the game that is designed to have just that: people attacking other people while someone else harvests obedience from them.

To win this game, you should not play it. There are racists, there are offended people. But what counts are actions: if you don’t wage a holy war back on your offenders, but protect real things: yourself and people around you on tangible grounds, not based on your race or religion, then you can avoid escalation and have a chance to show your enemies that the racism is just someone’s method to enslave them.