Bitcoin

Nov. 22nd, 2012 01:13 pm
jack: (Default)
[personal profile] jack

I've read some popular articles and skimmed some quite technical explanations of Bitcoin, but when fishpi explained it to me, I realised I'd never actually quite "got it".

This is obviously a top-level summary of what it does, not sufficient detail to show it's secure, but for me the salient facts were:

  1. Accounts are identified by public keys. Anyone can have as many accounts as they like just by generating a public/private key pair on their own computer, without needing anything from anyone else.

2. There's no individual identity to an individual bitcoin. Making "new" bitcoins isn't like minting a new coin, it's just like phoning up my bank and saying "Hey, can you change my account balance so instead of saying £1,000, it says £2,000". Obviously there are specific limits on what situations you can do this.

  1. You don't have an account "balance", instead the balance of an account is defined by the sum over all of its history of zero plus all transfers in, minus all transfers out.

  2. Transferring money from my public key to yours is just a matter of publishing a transaction encoding "Public key A sends 1.7 bitcoins to public key B", and signing it with private key A so everyone knows it came from the original owner of public key A. The transaction is (presumably?) invalid if public key A is recorded as having fewer bitcoins than that.

  3. All transactions are shared in a big distributed database between everyone. Slightly scarily, this means that every key's transaction history and balance is public to everyone, giving scary possibilities for traffic analysis -- the only anonymity is creating plausible deniability in which keys you control.

  4. OTOH, it's reasonably pseudonymous, or at least, pushes the problem over to another arena, since if you buy bitcoins from a big dealer, no-one knows who controls them unless they snoop the network traffic or subpoena the dealer's records, and you can try to choose someone you think won't keep records or is out of subpoena range.

  5. The other big question for any electronic currency is "since copying is free, can you prevent someone spending the same money twice (or just inventing some more) without some authoritative central servers?" This is the slightly-complicated bit.

    • Transactions are collected into blocks, and only considered "official" once that's happened. Anyone can do this, although in practice, it's mostly done by people with dedicated software or hardware. They take all recent transactions (or some subset of them), and calculate a very processor-intensive hash.

    • The difficulty of this hash is adjusted to keep the worldwide rate of solving hashes to one every 10 minutes.

    • Each hashed block refers to previous "official" block, so all blocks are arranged in a list, or (if two people generate blocks at the same time pointing to the same previous block) a tree.

    • However, all future blocks will be based on whichever branch is longest, so one will become the primary, and then the other is discarded.

    • This means that even after a block is generated, you need to wait half an hour to see that it's not superseded. But after that, you can fairly-well assume it's official and going to stay official.

    • The reward for generating a block, is the right to assign yourself some bitcoins that didn't come from anywhere, slightly increasing the supply of bitcoins. Thus if you have faster computers than everyone else, you can actually make money doing this (which is why anyone does it, since there's no central bank).

    • The amount of bitcoins assigned is determined by a function which decreases over time, and will eventually be near-zero, with the supply of bitcoins near-fixed. However, instead of bitcoin-inflation, there's the option to add a small transaction fee to transactions, which are awarded to whoever generates a block. When this becomes necessary, conventions will develop over how much to assign.

So, what can I say about the concept?

It's not completely anonymous so if you're only interested in solutions that completely anonymous, distributed and secure, you can dismiss bitcoin now, not lie to yourself, tell yourself that bitcoin is, and then feel horribly betrayed later and rant that bitcoin "sucks". But I don't know if that will ever be possible. Bitcoin currently seems "anonymous enough".

Based on a quick overview, I don't think there's any conceptual problems with it being a distributed, secure, pseudonymous currency, and I can't speak for the technical details, but no-one's found any major problems yet.

The other limitation is that the security of your bitcoins are only as good as the security of the computer storing the private key. Obviously dollars and gold have the same restrictions, except that there's some partial standards for when banks will reimburse you if they lose your money, which may not apply to bitcoin resellers. But this isn't a flaw in the bitcoin protocol, it's inherent to any electronic currency that anyone who has your private keys can be "you".

There was a recent news article that wordpress started accepting bitcoin. A web service is an obvious first-major-company adopter, since they (i) really want microtransactions with small-to-no processing fees (ii) have little marginal cost on what they're selling, so a small amount of fraud doesn't lose them much money (iii) the only thing they sell are wordpress blogs, so if there's any problems, they can always repudiate the blog.

I'd thought bitcoin was a marvellous innovation, but I assumed we'd have to wait for the next virtual currency to see one that actually works, but I was surprised to see that bitcoin may actually go the distance itself!

Tags:

Active Recent Entries