Thursday, June 30, 2011

We the Processors

In a recent, insightful blog post, Paul Bohm points out,
"Bitcoin isn't just a currency but an elegant universal solution to the Byzantine Generals' Problem, one of the core problems of reaching consensus in Distributed Systems."
He mentions several applications of this problem, including domain name registration, the problem solved by Namecoin.

But, after reading his article, it occurred to me that there is another, arguably even more important application of the insight that Bitcoin's underlying protocol can be used to solve a wide range of distributed consensus problems:  Specifically, the problem of secure, trustable electronic voting in public elections.

Most secret-ballot voting systems are plagued by the problem that the voter always has to trust somebody to do their job right:  The people who count the paper ballots, the designer of the touch-screen voting machine or optical-scan ballot counter, election officials who aggregate results from different districts, or the website operator in the case of online voting, and even the other voters themselves (not to vote multiple times).  It is devilishly hard to devise a voting system in which the voter doesn't have to trust any authorities, and in which the ballots remain anonymous, and no one gets more than their fair share of votes.

However, if we are willing to redefine "fair share" to mean, everyone gets to vote with a weight that is proportional to their hashing power, than a Bitcoin-based protocol can solve the electronic voting problem.

The idea is simply this:

  1. The Bitcoin protocol is extended to allow blocks to be "tagged" with a payload of auxilliary fields (in addition to the usual Merkle tree, block ID, etc.).
  2. When an election is scheduled, it is declared in advance that the winner will be decided based on which candidate's name appears most often in the tags in the block chain, within a certain predefined range of (future) block numbers.
  3. Each miner, as it is hashing block candidates, optionally extends the block being hashed with the name of their preferred candidate.  When a nonce is found that gets a winning hash, that block is submitted to the network and gets added to the longest chain.
  4. Also, a mining pool can act similarly to a political party, and pre-declare which candidates it is supporting in which races, and include their names in the blocks for all of the get_work data that the pool distributes to its miners.  The miners can then choose to mine for whichever pool's stated slate of candidates best reflects their own preferences.  (Or, of course, they can also still mine random nonce subspaces on their own, and hope to get lucky.)
When the election is over, and the chain length has moved safely beyond the end of the voting period, everyone simply counts up the names on the consensus longest chain, and sees who won each race (you could hold elections for several offices and/or ballot issues simultaneously).

Obviously, since the search process is probabilistic, the result will not reflect precisely the wishes of the electorate, but, within the bounds set by the law of large numbers, it will with high probability be very close to the ideal distribution of votes, as long as a large enough range of blocks is included within the "voting period."

Of course, this system is not a "one person, one vote" democracy, but rather a sort of meritocracy, based on the notion that the amount of computing power one commands is a measure of the strength of one's decision-making ability.  Instead of working for "we, the people," such a system would work for "we, the processors."

Such a shift in political power obviously would entail certain risks, but, at least in this framework the voting system itself can be trusted - unlike the situation in our present system, in which the average person never even knows for sure whether the election system counts votes honestly, so has diminished incentive to participate.  With "Votecoin" (a possible name for this new system), every well-informed person knows that the system works fairly (and they can inspect the source code for their miner, if they wish), and so has a strong incentive to working hard to build up their hashing power so as to best support their favored candidate.

I believe that people's confidence in the underlying integrity of the voting system is key for producing strong participation in elections, and helps to create a polity that is much more actively involved in their political system, and more invested in its success.  Therefore, I think that to make such an advance in election technology would not weaken the principles of democracy, but rather would enormously increase its effectiveness.

Oh, and by the way - since anyone in the world can participate in the Bitcoin network, this approach to holding elections implies governance with global jurisdiction.  Since we don't yet have one world government of physical nations, this could be, for now, just the virtual "government" of the Bitcoin City itself - the worldwide community of Bitcoin users.  Some of us like to say that we don't need a government, but someday, we may in fact need to make important consensus decisions as a community - such as (someday) planning an upgrade to an improved, more secure protocol - which will require having a reliable method to poll the entire community for its views.

In any event, anyone who would like to help the author develop experimental prototype "Votecoin" software is invited to email me at

Tuesday, June 28, 2011

PayPal, eBay, and Bitcoin Proof-of-Shipment

Certain e-commerce websites, such as PayPal and eBay, have prohibited the sale of Bitcoins through their services.

I suspect that the real reason for this is that Bitcoin is a potential competitor to PayPal, and eBay has a strong partnership with PayPal.

However, PayPal and eBay have given various lame excuses for their policy, such as their claim that a Bitcoin seller cannot provide a "proof of shipment" for the Bitcoins so there is no way to resolve a payment dispute.

This claim is manifestly false, as anyone with the merest understanding of how public-key cryptography and Bitcoin work should immediately be able to see.  I will explain.

The whole basis of Bitcoin is a public record of all Bitcoin transfers, which is shared with (and verifiable by) every node in the Bitcoin network.

Each Bitcoin transaction (transfer order) contained in this public record is digitally signed by the sender of the Bitcoins, using the sender's public-private key pair.  The sender's public key is openly published as part of the transaction details, and cannot be repudiated by any party.  Only the sender knows the matching private key, which is required to produce the digital signature.  This is how the Bitcoin network knows that the transaction was properly authorized by the original holder of the coins.

Each Bitcoin holder keeps, on their computer, an electronic "wallet" file that only they can access, which contains the entire set of private keys that they have used to sign their transaction orders.  These private keys can be easily extracted by the user from their wallet using freely-available tools (e.g., see here), and then used to digitally sign other documents, whenever the holder of those keys desires.

Therefore, it is quite easy for me (and only me) to prove that I was the one who initiated a particular transfer of a given number of Bitcoins to a given recipient address.

For example, I could do the following:

  • Step 1: Simply tape my driver's license to a piece of paper, and write below it something like, "I, Michael Frank, did authorize the transfer of so-and-so many Bitcoins from my address with public key so-and-so to address such-and-such (the receiver's address) on date blah-blah.  These transaction details (except my name) are publicly recorded in the transaction with ID #this-and-that which may be viewed by anyone in the public block chain."  I could even have this statement notarized.  (But the only really important part of it is my name, and the transaction ID.)
  • Step 2: Scan said document into a PDF file, and then digitally sign this document using the same private key that was used to order the original transfer, which could be accomplished using any number of free open-source public-key cryptography tools, such as PGP.
  • Step 3: Present the resulting digitally-signed document to whatever party requires a "proof of shipment."  All they have to do, to verify my proof, is run the same tool on the document, checking the digital signature against my public key (the one listed in the public transaction details).  They then have absolute proof that the person producing that document (namely me) is the same person who initiated the original transfer, because nobody else has access to my private key.  

In other words, Bitcoin transactions are only optionally anonymous.  Each and every Bitcoin transaction can be irrefutably tied to the sender's real-world identity, if the sender wishes to facilitate such a reveal, and he didn't lose the digital wallet in which those coins used to be stored.

The fact that eBay and PayPal apparently don't understand these simple facts about Bitcoin and the fundamental capabilities of public-key cryptography indicates that either:

(1) They are incompetent at the most basic lessons that they should have learned in Computer Security 101, OR...

(2) They know perfectly well that a Bitcoin "proof of shipment" is quite straightforward, and actually they are just blowing smoke in everyone's eyes, because PayPal wants to crush Bitcoin, since (if it were widely adopted) it would mean that no one need be forced to suffer PayPal's fees any more, if their service is anything less than stellar.

I personally suspect it is the latter, but I guess neither one of these possibilities would surprise me at this point.

Listen up, PayPal and eBay:  You need to quit fighting Bitcoin, or else you will make your customers increasingly hate you, for failing to provide compatibility with the world's first and only secure peer-to-peer cryptocurrency, which is a revolutionary, democratic new tool for electronic commerce, one that everyone should be free to use whenever they desire.

What I suggest to you is:  Don't be evil.  Join the good guys.  Embrace Bitcoin instead.  Provide full compatibility with it, and deploy tools which you and your customers can use to allow you to easily verify the authenticity of Bitcoin transactions, in case a dispute arises.  (You could even pass the buyer's Bitcoin receiving address through your site, so the buyer cannot deny what address he provided.) 

If you do these things, your most savvy, high-powered customers will love you for it.

Monday, June 27, 2011

Bitcoin, Banking, and the New Gold Standard

Our future, totally hyperinflation-proof milli-bitcoin note.
Many Bitcoin enthusiasts and opponents alike seem to think that, since it permits secure electronic transfers to take place over the Internet with no middleman, Bitcoin somehow will make traditional banking obsolete.  This is a misapprehension.

Banks will still have a significant role to play in the future Bitcoin-based economy.  Sure, perhaps they will have greatly reduced revenue in one particular area:  Namely, fees from long-distance monetary transactions (wire transfers, etc.), but to some degree they have lost their dominance of that market already, due to Internet-based services such as Paypal and Liberty Reserve.  But, banks should still be able to make enough profit in other areas to run a healthy business.

Here are some important value-added services that banks, in a Bitcoin-based economy, can still provide.  These are services that they already provide closely analogous forms of today:

  1. Secure storage of Bitcoin reserves in a "vault" of heavily-encrypted wallets protected by multiple layers of physical and electronic security.

  2. Interest-earning demand deposit accounts.  (Where the interest paid out is earned by the bank's making loans based on those deposits.)

  3. Loans may by made crediting the debtor with a Bitcoin-denominated loan account, from which physical bank notes denominated in Bitcoins may be withdrawn, and transferred to other parties to make payments (just like with paper money today).  In a system free of central banks, each bank could set their own reserve requirement, and the market could decide which banks offer the best combination of interest rate (on deposit accounts), reserve requirements, and trustability.  Alternatively, nations that choose to maintain a central banking system could have a uniform system of paper money (like Federal Reserve Notes), except denominated in Bitcoins and backed by Bitcoins, so that the base money supply can never be inflated.

  4. Bitcoin-denominated checking accounts, with attached ATM/debit cards - these could work just like today's cards, except with transactions denominated in Bitcoins instead of dollars, and could be used to pay merchants who already have the infrastructure needed to accept such forms of payment (printed checks and plastic swipes).  The only difference is that the unit of denomination would be Bitcoins instead of dollars/euros.  Or, even better:  The dollar itself could be redefined to just be a synonym for, say, 0.00001 BTC - this would mean the total base supply of these "new dollars" would then be 2.1 trillion, about the right amount for a major base physical currency, and almost the same as the supply of physical US dollars today.
Thus, there is no reason that the mainstream banking system has to consider Bitcoin to be an enemy.  The only thing that is really fundamentally broken about the present banking system (and that Bitcoin fixes) is that the supply of base currency in dollars is not fixed, making the monetary system vulnerable to hyperinflation in times of crisis.  This cannot happen with Bitcoin, since their base supply is limited to never be more than 21 million.  The total money supply can still be inflated by a limited amount by fractional-reserve banking practices (by creating more nominal value in accounts than exists in base currency), but never by more than a factor of (say) 100x, if the reserve requirement is limited to no less than (say) 1%.

So, if everyone who holds physical dollars now (coins and bills) simply exchanges those base dollars for Bitcoins (at the fair equilibrium exchange rate, which will be somewhere in the neighborhood of $100,000 per Bitcoin), then everyone will end up with a proportional number of Bitcoins to the number of physical dollars they are holding now, and if the dollar is then just redefined to be 0.00001 BTC, then the entire existing banking system can continue to exist and operate pretty much unmodified, except that the dollar henceforth becomes forever immune to hyperinflation of its base supply, since the base supply of Bitcoins is fixed by the very nature of its peer-to-peer protocol.

In other words, the US government should simply declare that US dollar-valued bills (Federal Reserve Notes) are henceforth an inviolable promise, by the Fed, to pay the bearer 0.00001 BTC for each dollar's worth of nominal value.  This puts a "floor" under the value of the dollar, and prevents it from ever falling below that level (i.e., prevents the base supply of dollar-denominated bills from rising above $2.1 trillion).

Of course, choosing the US government and dollar for this example was merely arbitrary; any other country could do the same with its own sovereign currency, perhaps even enshrining the Bitcoin-backing of their currency in their constitution, and thereby forever stabilize their currency against any possible threat of hyperinflation.  Think about what this would do for confidence in that country's money!

Naturally, the first time some country (or set of countries) does this, the value of the Bitcoin will quickly rise to the equilibrium level determined by the target base money supply of the given currenc(y/ies), since whenever note-bearers demand an exchange for their central bank notes in base Bitcoins, the bank in question will have to buy enough Bitcoins to actually cover the note.

It will thus be a situation very similar to the old international gold standard; however, since Bitcoins can be much more easily transferred between parties, using them will make the execution of international settlements much more fluid than it was in the old gold-standard days.  Also, a country can easily prove how many Bitcoins it controls by making a transfer (since the Bitcoin transaction ledger is public).  In contrast, letting everyone weigh all the gold in Fort Knox would be far more problematic.

In other words, what I'm proposing here is nothing less than a new international standard as to how all of the world's liquid currencies should be fundamentally backed:  Not by gold, but by Bitcoins.  One could back Bitcoins in turn by gold, buy why would you?  Really, they are even safer than gold.  Unlimited amounts of new gold might someday be synthesized in advanced nuclear reactors, or produced by mining it from asteroids, but unlimited numbers of Bitcoins never can be produced - this is guaranteed by the system's design.  And, if and when any nation becomes nervous about the value of another nation's currency, they can settle this by demanding payment of the other nation's notes, in the form of the equivalent amount of Bitcoins, which can be easily transmitted over the network, no muss, no fuss.

In conclusion, rather than fighting Bitcoins, the world's banks and governments should come together and embrace them fully, as the proper universal new basis of all money, and thereby place the entire world economy on a much more secure, stable, and streamlined foundation than it has ever had before.

Mt. Gox Back Up, Market Stablizing

Bitcoin's largest currency exchange, Mt. Gox ( resumed trading yesterday (Sunday, June 27, 2011) after having been offline for a week due to a hacker who broke in to some accounts and (temporarily) crashed the market.

The post-hack transactions having been rolled back, trading resumed at a price of US$17.51/BTC, and quickly plunged to about $14 before rebounding to as high as $18 and then settling down at a price of around $17 per Bitcoin.

<begin opinion>Let this be a lesson to all those who said the Mt. Gox hack spelled the "end of Bitcoin" and that the price would crash and never recover.  No permanent harm was done by the attack, and the Bitcoin community will only be stronger and more secure for having been tested with these shenanigans.</end opinion>

Sunday, June 26, 2011

Why you can't afford NOT to invest in Bitcoins.

Many astute observers have noted that our global civilization appears to be headed towards a major resource crisis, as peak oil, peak freshwater, peak arable land and other imminent limits combine with declining mineral resources and ocean diversity, and an increasingly chaotic climate, to mean that it will soon become difficult even to feed the world's population, let alone prevent the economy from collapsing.

As a result, increasingly many countries will become filled with hungry, angry people demanding that their government provide for them or be replaced - as is already happening today in many Arab countries. Therefore, as governments become increasingly desperate to hold onto power by raising revenue to provide demanded social services, many of them will begin to either (1) tax the wealthy and/or corporations at high levels (as happened in WW2), or (2) simply print large amounts of money, which effectively taxes the wealthy and redistributes wealth downwards, by devaluing the existing dollars which are mostly being held by wealthy individuals and corporations.

Therefore, I believe there will soon be a major flight of the world's liquid wealth away from sovereign currencies into other classes of assets. However, most other assets are not nearly as liquid as currencies. Gold is heavy and difficult to transport, or else if you just own it on paper, you have to trust some third party to hold your gold in your name (while charging you high transaction fees). And stocks have the added problem that if a company has a lot of its holdings in cash or currency-denominated derivatives, the company's value may fall along with the currency.

The one exception to this set of problems is Bitcoin, the world's only anonymous crypto-currency, whose base supply is predetermined by a peer-to-peer protocol, and can never be hyperinflated by central banks or governments under political pressure. It can be easily transmitted over the Internet with negligible transaction costs. And it can be made difficult for governments to trace through the use of online "laundromats."

Thus, I believe that, relatively soon, Bitcoins will in fact come to dominate the global economy as its preferred medium of exchange and liquid store of short-term value, while existing sovereign currencies collapse as the smart money flees from them, because the governments and central banks that are clinging desperately to those currencies will cause them to be devalued, under political pressure, via destabilizing monetary policy decisions.

We can estimate what the equilibrium value of Bitcoins will be once the transition to them is complete. It has been estimated that the total base supply of the world's sovereign currencies (physical coins and bills) is in the neighborhood of $4.4 trillion. (For our present purposes, we ignore the secondary money supply in bank accounts and other currency-denominated instruments, since that same financial infrastructure could be recreated on top of Bitcoin.) The analogous base supply of Bitcoins is only 6.6 million today, and is limited to grow to no more than 21 million over the course of a decade or so. Therefore, each Bitcoin will eventually be worth over $200,000 in today's dollars. (This is not a problem for the usability of the currency, since it is easy to exchange millionths of a Bitcoin.) In the last couple of weeks, Bitcoins have been trading for $10-20, so in other words, Bitcoins should eventually appreciate by around 100,000x or so.

How long will this take? Historically, for the last several fiscal quarters, Bitcoins' value have been increasing about 10x per quarter, so the transition of the world economy to Bitcoins may take only a year and a half, especially if the economy continues to deteriorate in the meantime. Even if Bitcoin's growth slows and it takes somewhat longer, the fact that multiple resource crises are imminent still suggests that it will not take too many years.

And meanwhile, as this is happening, the value of traditional sovereign currencies will collapse at an accelerating pace. Therefore, if you keep a lot of your assets in liquid form, I think that you simply cannot afford not to move a significant fraction of these liquid assets into Bitcoins or Bitcoin-denominated holdings. Otherwise, you may be left holding the bag when the resource crisis hits and governments start calling in their sovereign wealth to keep their populations from revolting.

Sure, Bitcoin has had its share of growing pains in recent weeks, what with a handful of high-profile thefts, a major exchange getting hacked, and senators complaining about the use of Bitcoin to buy illicit goods. However, I believe that these are just minor bumps in the road, as far as the long-term transition to Bitcoins is concerned. Theft is easy to prevent by simply encrypting one's electronic wallet with free software like Truecrypt (and a long passphrase) whenever one is not actively spending one's coins. Encrypted wallets can be backed up as many times as desired to prevent loss. And when exchanges and other Bitcoin-related sites are hacked, they will just come back stronger and more secure and resilient.

In conclusion, the fundamental rationale behind the recent Bitcoin "gold rush" is sound, and its future is bright. I believe it can only continue to grow, and that the banks and governments will be unable to stop it.  It is everyone's best hedge against a chaotic redistribution of wealth, which will surely happen as soon as the coming global resource crisis hits in earnest.