Tuesday, January 29, 2013

Physics, Economics, and the Value of a Bitcoin


Grand Unified Theory of Physics and Economics

Here I set forth a conceptual unification of fundamental physics and economics, the basis of which is the unification of the concepts of energy and money.  Just as energy is only useful for doing meaningful work to the extent that it is organized into relatively rare & unlikely low-entropy configurations (in other words, has high negentropy, i.e. has a greater purity of free energy content), likewise money - any item to be exchanged for services - can only cause meaningful work to be done if that money is embodied by a relatively rare, well-organized configuration of mass-energy, for example a bar of gold - and even "abstract" forms of money such as bank balances and Bitcoin accounts fit this definition, since for a large amount of notional money such as this to be concentrated into a single account is a relatively rare occurrence, or must be if that currency is to be valuable.  

I will argue that this similarity of properties is not just a coincidence, but rather that, at a deep level, money and energy are fundamentally the same thing; it's simply that money is a form of energy that is organized on typically very high level, in a form that's well suited for causing or impelling useful work to be carried out by complex economic actors (e.g., humans and organizations), not just simple machines.  Sophisticated modern forms of money such as financial derivatives, Bitcoin balances, etc., are simply very complex arrangements of energy.  Their usefulness hinges on their rarity, just as the energy flowing from the sun is useful only because a spherically-symmetric radially-directed flow of energy is relatively rare and well-organized, compared to a configuration wherein energy is flowing uniformly in all directions, i.e. a thermal heat-bath with a blackbody spectrum, which is the maximum-entropy configuration, from which, in isolation, no useful work can be derived.

One form of organized monergy.
Now, some would argue that money cannot possibly be equal to energy, because the price of, say, oil in dollars fluctuates over time.  But this merely has to do with the relative sizes of our estimates of how much work can be done with a given quantity of money/energy (henceforce called "monergy") in these two forms.  If the entire universe was nothing a giant blob of light sweet crude petroleum, it would have no capacity to do any useful work, and therefore no value, because (without suitable machinery, or even oxygen to burn it) there would be no way to transform it into interesting new configurations.  Similarly, if the U.S. government declared that any slip of paper with a number of dollars written on it was henceforth to be considered legal tender, all dollars would immediately become worthless because (since anyone can easily create them in unlimited number) they would provide no one any motivation to do any useful work.  The end result in both the all-oil world and the free-dollars world would be the same - no useful work can be done with monergy in those forms (oil-universe, handwritten bills), only the details of the failure mechanisms are different.

Exchange rates therefore reflect economic actors' assessment of the relative utility of monergy (a.k.a., assets) in different configurations, which depends on factors such as their rarity, and the available instruments for causing useful work to be done by them.  Exchange rates do not reflect the total underlying amount of monergy contained in, or represented by those assets.


A device for extracting 50% of total mass
as useful monergy.
In fact, when talking about total monergy, it is equal (by E=mc2) to mass, and so in raw monergy terms, a kg of lead is equal to a kg of gold, even though their utility in the present economic environment is different.  However, if we had a small black hole nearby, and a mechanism for extracting work from objects by lowering them into it, the two kilograms would have exactly the same value, namely the energy equivalent of 1/2 kg (the extra value of the gold as gold would be negligible in comparison).  So, exchange rates always vary depending on the availability in the environment of mechanisms for harnessing a given form of monergy for a given purpose. 

Locking up valuable paper documents is much
more intuitive than mastering computer security.
In the case of Bitcoins, they will automatically gain value as tools for securing them from loss/theft and exchanging them become more readily available.  Arguably, gold is only more valuable (in toto) than Bitcoin today because anyone can easily lock their gold in a safe, and gold stores are available on (it seems) almost every street corner, and gold has a long and reliable tenure as a medium of exchange.  If Bitcoin were similarly accessible to (and trusted by) the layperson, it might have comparable value.  Every application for generating Bitcoin accounts ought to have an option to print out the private keys (or key-generation passphrase) as a sequence of human-readable words (like Electrum does), so that the user can write it down and lock it in a safe, or a safety deposit box, if he wishes.  People understand safes, and safety-deposit boxes.  And they understand securing valuable paper asses, like savings bonds, in that way.  Keeping keys for long-term wallets in electronic form is not advisable for the average user, due to the potential for theft via malware/hacking.  Paper records, on the other hand, are simple, intuitive, and unhackable without direct physical access.



How much monergy is a Bitcoin potentially worth?


The purest form, perhaps, of monergy is the traditional concept of the Joule of stored work energy, a.k.a. "free energy."  A 101.97-gram deadweight mass which has (under Earth standard gravity) a 1-Newton weight, raised up on a pulley to a height of 1 meter, is one canonical example.  An efficient generator can easily convert its gravitational potential energy to other useful forms such as electricity.  In general, the set of mechanisms that can convert monergy into other forms with close to 100% efficiency define a set of forms that monergy can be in that are effectively equivalent to each other.  No form of monergy can be more valuable than those in this set, because these are the forms that are most generally useful.

What is the long-term exchange rate between Bitcoin monergy and these "pure Joules," as it were?  This is perhaps the most meaningful measure of the value of Bitcoin, since the more traditional measures of value (e.g., sovereign currencies) are tainted by their potential for debasement and hyperinflation.  Even gold suffers from a long-term potential for debasement by over-mining and nuclear synthesis.

A typical supertanker today carries about 2 million bbl
of crude oil, worth about 10 aspirational bitcoins.
Well, we can, at least, set an upper bound on Joules-per-Bitcoin, and that is simply this:  If Bitcoin is to successfully take over the world economy, Bitcoin (as a movement) must (eventually) secure its position by being able to purchase at least half of the total world energy reserves in Joules that are known to exist at any given time, since otherwise a sufficiently determined attacker could potentially accumulate the majority of those reserves, and use them to buy enough computing resources to out-compute the rest of the network, and thereby take over the block chain, with potentially malicious intent.  This means the total value of Bitcoin needs to eventually become equal to at least half the world's energy reserves, to secure majority control.  Since the limiting number of Bitcoins is 21 million, this means that 1 BTC will eventually (in this scenario) attain a value of 1/(42M) of the world's energy reserves.  (Was Satoshi a Douglas Adams fan?).  Total energy reserves are a moving target, due to development of renewable energy sources, but as of today, reserves from non-renewable (fossil-fuel) resources are estimated at 57 ZJ (zettajoules) (en.wikipedia.org/wiki/World_energy_resources).  That puts the aspirational monergy value of 1 BTC today (just counting non-renewables) at 1.36 PJ (petajoules).  In standard barrels-of-oil-equivalent (boe) terms, that is 231,500 barrels (roughly 1/10th of a supertanker), which, at today's crude oil prices of around US$100/barrel, means about $23 million, in today's dollars.  This puts 1 Satoshi (the smallest Bitcoin unit, 0.01 microbitcoin) as worth about 0.365 liters of crude oil, or $0.23. 

A typical thermal solar power plant.
What about renewables?  Arguably, a sane global power would use its reserves of non-renewable energy strategically to build up its industrial capacity for producing renewable energy, since that is the only way to ensure its continued dominance after the non-renewables run out.  Arguably, this is what many of the world's major powers have been busy doing, to some extent, for the last century or so, namely, racing to build up their industrial capacity with an eye towards that end-game.  So, a portion of the value of even non-renewable energy today derives from their perceived future utility in terms of deployed industrial capacity to produce energy from renewable sources.  Thus, to some extent, the value of the non-renewable reserves reflects the net present value of all future renewable energy produced from all sources, so basing the above calculation on non-renewables only is still meaningful.  Currently, renewables (even including food crops) supply only a relatively small portion of total energy used annually by the industrial economy.

The Local Group of galaxies, as the largest gravitationally-bound
object of which we are a part, is the aspirational Bitcoin empire.
1 BTC can get you a duchy with a hundred thousand stars.
In the more distant future, if we imagine that our civilization moves to renewable energy, masters space travel, and eventually colonizes our galaxy and the other galaxies to which it is gravitationally bound (i.e. the local cluster), we can foresee that eventually we may command all of the free energy in that part of the universe.  With the local cluster weighing in at about 5 trillion solar masses, if we carefully compacted it into a black hole, we could theoretically extract about half of that mass as pure energy, or about 5×1059 joules.  A 42-millionth portion of this, the pure-energy equivalent of about 100,000 solar systems, would be about 1052 joules, or 1.8×1042 boe, or equivalent to about 1036 supertankers of oil.  Therefore, in this scenario, 1 Satoshi or micro-bitcent is the very-long-term, aspirational, monergy-equivalent of about $2 trillion trillion trillion in today's dollars. 
The globular cluster M15 has about 100,000 stars, or about one 42-millionth the
mass of the Local Group, so it might sell for about 1 Bitcoin someday.
Of course, before then, the Bitcoin protocol might need to evolve somewhat, since a civilization spread out around a 2.5-trillion-solar-mass black hole would require more than the canonical block-generation interval of 10 minutes to distribute new blocks to the whole network even at the speed of light, so there would be a lot of block-chain forking if this were not fixed, and also double-SHA256 would probably be easily hackable by then, so the proof-of-work hash function would need to be upgraded.  However, these are not fatal flaws, and might be easily fixable by community consensus.  I previously described how secure electronic voting can be carried out through the blockchain, so that the community can reach consensus regarding what protocol changes to adopt.




Friday, January 25, 2013

Hiding Bitcoins in Your Brain

Storing digital money in your brain

Wait, why would I want to do that?

So, in current events, this week the Republicans in the U.S. House of Representatives thankfully dropped their threat to make the U.S. default on its debt, and agreed to suspend the debt ceiling for another two months.  Now we have a nice little month-long breather until the next few idiotic, self-induced fiscal crises caused by the highly dysfunctional U.S. Federal government:
  • The onset of the "sequester" (some rather substantial automatic budget cuts), currently scheduled to kick in on March 1st (of this year, 2013).
  • The end of the current "continuing resolution" (a temporary appropriations bill under which government is operating, in lieu of a real annual budget), scheduled for March 27th.  This would halt virtually all government spending until a new budget or continuing resolution is passed.
  • The end of the current "debt ceiling suspension" which will be on May 18th.  We are currently already at or over the Federal debt limit, and if the suspension expired without first raising the limit, the U.S. Treasury would be immediately in violation of debt-ceiling law, and would immediately be forced to default on at least some of its fiscal obligations.
Given the hairiness of this fiscal and political situation, I wouldn't rest easy just yet.  Wealthy Republicans in the U.S. still seem hell-bent on avoiding higher taxation of any kind (except that they didn't seem to mind letting the highly-regressive payroll tax go up by a few points in the fiscal cliff deal).  Never mind the fact that their stubbornness is rapidly bankrupting the U.S. government's coffers, while repeatedly threatening to rudely shove our lower and middle classes into recession-inducing austerity akin to what Europe is already suffering.

It is no wonder that so many individuals, in the U.S. and elsewhere, faced with such insanity, are looking for ways to free themselves from what we see as virtual enslavement of humanity by the elite few who de facto control the world's money supply, namely, wealthy bankers & financiers, and their allies in the world's powerful Central Banks (such as the Fed) and the associated governments.  The people of the world are looking for a new, free, open, unfettered, democratic monetary system that is not so easily manipulated by banks and governments to serve the wealthy few.  And many of us have fixed our sights on Bitcoin (official link) as the most promising solution.  I have discussed the advantages of Bitcoin at length in my previous blog posts (see archive links at right), so I will not repeat that discussion here.

However, in the past, Bitcoin was rather difficult to use, which deterred many laypeople (i.e., non-computer geeks) from getting involved in it.  But today, thanks to many contributions from the community of Bitcoin enthusiasts, it is becoming easier and easier.  In this blog post, I give a brief tutorial with advice on how to quickly and inexpensively (with low fees) obtain some Bitcoins in a form that is both easy to spend, and quite secure from loss or theft.  Some of the following instructions are specific to users in the U.S., but solutions that are already as easy exist for users in many other countries - perhaps a subject for a later post.

When your wallet is permanently stored IN your brain,
you can't forget where you put it, or so one might hope...

Bitcoin Brain Wallets

One of the interesting things about Bitcoin, as a monetary technology, is that it does not require individuals to maintain any individual written or electronic records about their accounts in order to keep, send, and receive money.  This is because Bitcoin's account ledger is maintained in a public database called the "block chain" which is replicated redudantly in thousands of computers all over the world (all computers that act as "nodes" in the Bitcoin network).  The information stored in the block chain cannot be corrupted by any one party, because the other nodes in the network would immediately notice the discrepancy and reject the corrupted version.  It's security by consensus.  It's democratic because anyone with a modern computer can set up a node and participate in the network.  (Free software to do this is hosted at, and maintained by, the non-profit bitcoin.org.)

However, setting up a fully-functional Bitcoin node is somewhat cumbersome for the casual user - depending on your connection speed, it can take a whole day or more to download a complete copy of the block chain (it is currently 4.5 GB), and the standard Bitcoin client is rather resource-intensive and tends to slow down older computers.  And if your computer ever gets disconnected from the network for a while (say you turn it off when you go on vacation), it can take many hours for it to catch up.  So I don't really recommend this approach for everyday people who don't want their daily lives to revolve around Bitcoin.

Fortunately, there is a much easier way.  There are now free public web services such as Blockchain.info which will keep up with the block chain for you, so you don't have to.  All that you have to do, as a user, is remember one key piece of information - a passphrase (longish password) - that will give you access to your accounts.  What I'm going to teach you here is, how to use your passphrase to send and receive Bitcoins without ever actually giving that passphrase to another person, or to any computer but your own!  As long as you keep your passphrase totally secret (and another person cannot guess it), your Bitcoins are totally secure.  When you create a passphrase-based Bitcoin account, it is sometimes called a "brain wallet," because you are effectively "storing" your Bitcoins "in your brain" (as opposed to, on a computer, or on paper, or in a bank vault).  See this Forbes article for some additional discussion of this concept.

In addition to the browser-based clients like Blockchain.info, there are also easy-to-use "thin clients" that install on your computer and access the block chain through a server.  Electrum is one that I have tried that is very easy to install and use.  More about it later...

A brain wallet can be as secure as any safe.

Creating a Secure Brain Wallet

Nowadays, the steps required to create for yourself a Bitcoin brain wallet (containing one or more Bitcoin accounts) are very easy.  There are two ways, both easy:
  1. The extremely easy way, which for your peace of mind only requires you to trust (or verify for yourself) that the JavaScript code in Bitcoin.info's web pages, as they promise, does not actually transmit any of your private information (passwords/passphrases/unencrypted private keys) to their servers, but only processes it within your own web browser, on your computer.  Personally, I believe this promise, because blockchain.info is a widely-used and trusted tool in the Bitcoin community, and I think that if their code did not do what they say, someone in the community would have noticed it by now, and complained loudly.  But, DISCLAIMER:  I do not myself guarantee that every line of their web-page code is now, or will forever remain, true to their promise of privacy.  So, if you think that the operators of Blockchain.info might "turn evil" at some point, then you might not want to use this method for accounts in which you plan to store a very large amount of value.  But, it can still be quite reasonable to use it for day-to-day spending-money accounts.
  2. The moderately easy way, which requires no trust in anybody.  This is because it only requires you to run a program offline; your computer does not even need to be connected to the network to use it. So, if you are feeling especially paranoid, you can unplug your network cable before using the program, and then wipe your computer's hard drive afterwards, if you want to make REALLY, REALLY sure that this program is not sending any of your secrets to others.  (Or, if you ARE a computer geek, you can look at the source code, and compile it yourself, to make sure it is trustworthy.  Personally, I trust this tool because its author is widely-known and respected in the Bitcoin community, and the tool is open-source, so if it contained security breaches, others would have noticed by now.)  The disadvantage of this method is that it only allows you to receive Bitcoins, not send them; if you want to be able to send coins without running a full Bitcoin node of your own, you will need to trust or verify some software that talks to the network, at some point.
I will go over both of these methods shortly.  But first, a few words about passphrases.

Coming up with a passphrase

Nowadays, many websites force you to use weird-looking passwords that contain both letters and numbers, and sometimes also capital letters, punctuation marks, etc.

Interestingly, the "correct horse battery staple" brain-wallet has
had 40 Bitcoin transactions pass through it, with a total value of
about $9 at current prices.  As of now, its balance is 0 though.  :)
You can create a passphrase of that nature as well, but I don't recommend it.  Why?  Because it's stupid, as this XKCD comic aptly demonstrates.  It's very easy for a human (namely you) to forget exactly where you put all those numbers, capital letters, and punctuation marks, and what they all were, and plus, if you ever need to verbally convey your passphrase quickly to another human in an emergency (war coming - quick, take my Bitcoins and run!) they will almost certainly not remember it right.

Instead, I recommend taking a longish, easy-to-remember, meaningful-to-you, hard-to-guess English phrase,  and using it by itself, plain and simple, with spaces (for readability while you are typing it), but with no fancy stuff like punctuation, or uppercase letters, or punctuation at all.

To make it especially easy for you to remember, you could even make your passphrase a favorite saying, or a line or two from a favorite book or poem or song lyric, e.g., "i think that i will never see a poem lovely as a tree" (from a Joyce Kilmer poem) - note no capitals, no punctuation, all lowercase, with spaces.  That's easy to tell to others.

However, if you use this method, beware that someone else might happen to try using that SAME line, in which case they can see that you have Bitcoins stored in it, and steal them - so, if you use a published phrase at all, I'd recommend you take it from some piece of literature that is REALLY obscure.  Just be aware that someday, someone might write a computer program that scours ALL published phrases below a certain length, looking for Bitcoins stashed in them to steal, so a string of random words would be better.

To be safest, you really want your phrase to be long, random, and have zero Google hits (when you enclose it in quotation marks to force Google to take the words in order).  Pick, say, 4 moderately obscure words off the top of your head - here, I'll try:  "category platypus ennui toast" has 0 hits, done.  But, don't use that particular one, because soon Google will index this page, and it will have 1 hit at least.  :)

EDIT:  Gavin Andreesen, lead developer of the Bitcoin project, responds with the following warning:
Humans are pretty bad at being original. REALLY bad at being random. And we are terrible at comprehending huge numbers.

So if you ask the average person to create a secure passphrase, they're very likely to create something that a "determined attacker" with a lot of computing power can crack.

I think if people start to use quotes from obscure literary works as their brain wallets, then they're going to lose their bitcoins sooner or later. Attackers can try MILLIONS of passphrases per minute, to crack EVERY SINGLE brainwallet that has ever been created.

So: if you absolutely, positively won't be dissuaded from using a brainwallet, here is my advice on how you might be able to come up with a secure passphrase:

Think of two passphrases that you think you can remember. And think of a government-issued number that you can easily lookup or remember (like your driving license or social security number).

Create a brainwallet passphrase that is:

the first passphrase,the government id number,the second passphrase

Then create a 'sentinel' brainwallet that is just the first passphrase, and send a small number of bitcoins to it. When those bitcoins get spent (or more bitcoins are sent to it by somebody else), you know that the first passphrase you chose isn't good enough any more.  Choose a more complicated passphrase and create a new 'sentinel' and real brainwallet, and move your old brainwallet there.
And Casascius, who we'll talk about more later, recommends that, to foil attackers, adopting a new, slower key-generation algorithm scrypt, and says:
Second, I propose the following standardized method for creating salt: a user should enter their own birthdate and their postal code that was current at the time their brainwallet was created.  The postal code should be stripped only to alphanumeric characters (no spaces or dashes).  These should be provided as salt to the scrypt algorithm in the form YYYY-MM-DD-x where x is the stripped postal code.  The purpose of these is that it's unlikely the user will forget these (even if they move) while still providing satisfactory entropy to substantially prevent parallel cracking of the entire brainwallet universe.  If all brainwallet generators and decrypters follow the same method for generating salt, users won't be burdened with having to remember how they created their salt, nor how they formatted their information.
So, for added security, one might consider adopting one or more their suggestions.  So for example, instead of just "category platypus ennui toast," I might be well-advised to use something a bit more elaborate like "category platypus ennui toast/1968-07-24-37416/i think that i will never see a poem lovely as a tree", where 1968-07-24 is my date of birth (note: this is not my actual date of birth), and 37416 is my current ZIP code (note: this is not my actual ZIP code).  The extra personal information adds a more-or-less unique "salt" which prevents attackers from using brute-force methods to systematically search brain-wallet passphrases for everyone in the world simultaneously.

See the forum post for many, many more helpful comments and suggestions...


Creating a full (send & receive) Brain Wallet on Blockchain.info

Steps to do this are extremely easy.
  1. Go to https://blockchain.info.
  2. Click "Wallet" in the black navigation bar at the top.
  3. Click the blue "Start a New Wallet" button under "New Users" at left.
  4. Come up with an "Alias" or short, easy-to-remember name to help you pull up your wallet info on another computer.  This does not have to be secure.  It could be something very simple and obvious like "Allisons wallet" (if not already taken).  If you forget it, you can still recover your brain wallets, but not other accounts inside this Blockchain.info wallet, so make sure it's easy to remember.
  5. Come up with a password.  This is your password to access Blockchain.info's services for this wallet; it is not the "Brain wallet passphrase" I was discussing earlier.  However, you could use the same passphrase here, or a similar method to come up with it.  Blockchain.info will give you feedback on how secure your password is on the bottom of the page.
  6. Do the CAPTCHA and hit Continue.  It will give you a longish phrase that you can write down if you want, to help you recover your password if you forget it.  For security, Blockchain.info doesn't store your password, and so they can't recover it if you lose it.  They are serious business!
  7. Now you're at the Login screen.  Your Alias gets automatically transformed to an obscure account "Identifier" like 2e960961-3a5d-eadd-c2e0-30fb0938f031 which you can write down if you want, but you don't need to:  Your browser will remember it for use in future sessions, or you can just type your Alias instead.  Anyway, it does not need to be secret.
  8. Enter your password.  Now you're at the My Wallet screen.  You can see your balance (initially zero), your first account identifier (some long alphanumeric string like 14Xzhue9ZRkyUa6BHusTSCae4Pa3bmeLuH, and a corresponding QR code).  Now, keep in mind that the private keys for this new account are stored, encrypted, in Blockchain.info's servers, and require your password to decrypted.  This is not yet a true Brain Wallet, since if the Blockchain.info website was inaccessible, you would be unable to retrieve your coins.  However, Blockchain.info does provide you several methods for backing up your wallet (see Download/Dropbox/Google Drive/Email buttons under "Backup" on the Wallet Home page).  I recommend doing this if you plan to use the address that initially came with your Blockchain.info account.
  9. Now, create your true Brain Wallet account.  On the Wallet Home page, click the "Import/Export" tab, then "I Understand," then look at the Brain Wallet section.  Type your Brain Wallet passphrase and then click "Generate Key".  Now if you click on the "Receive Money" tab, you can see the newly generated brain-wallet Bitcoin account identifier (a.k.a. address) listed among the accounts in this wallet.  The passphrase "category platypus ennui toast" made the Bitcoin account 19YPrPAQdjwEsT2QnbvhVnyEuyXWxSL2Hq.  (Of course, I'm not going to put any money in this account, since everyone reading this blog can go through these steps, type this passphrase, and gain complete access to it - so it's not secure at all!)
  10. I recommend you label your brain wallet, so that in case you keep multiple brain wallets, you can remember which one this one is.  Under the "Actions" pulldown on the right side of the account identifier on the Receive Money screen, select "Label Address" and enter your chosen nickname for this particular brain wallet.
So, the benefit of creating a brain wallet is, even if you completely lost access to your Blockchain.info account, you could still access this very same brain wallet using a brand-new Blockchain.info account, or any other service that lets you access brain wallets.  If all else fails, you can even import your brain wallet into the standard Bitcoin client (but in that case, you'll have to wait for it to download the block chain before you can use it).  More on this later.

Creating a watch-only (receive-only) Brain Wallet on Blockchain.info

So, let's say you want to keep your Brain Wallet passphrase really close to your breast, because you plan to store a whole lot of value (your life savings, say) in it.  Maybe you don't completely trust Blockchain.info not to violate their promise not to transmit your password or your private wallet information that's in it, unencrypted, to their server, so you're worried that they might someday steal your coins.  You want to make sure that any copies of your passphrase/private key remain totally within your physical control at all times.

Well, you can address this problem, by never giving Blockchain.info either your passphrase, or your account's private key.  This means Blockchain.info can't be used to sign orders to make payments from that account - however, you can still use it to monitor the Bitcoin money received into that account - thus the name "Watch-Only."  If you later decide to trust Blockchain.info with your passphrase, you can always enter it at a later time, and gain the ability to make payments from that account, as well as receive them.  Or, if you still don't trust Blockchain.info, you can use some other service to make the outgoing payments, while still using Blockchain.info to monitor your account balance and transactions.

The easiest way I know is to create a brain wallet offline is to use a handy little Windows app called the Casascius Bitcoin Address Utility.  The official download page for its source code is on GitHub.

Well worth buying for their sheer beauty alone!
A little background:  Casascius (a.k.a. Mike Caldwell) is a well-known and widely-trusted member of the Bitcoin community who is perhaps most widely known for creating a beautiful line of physical Bitcoin coins.  These are self-contained Bitcoin accounts that have their private key hidden on the back under beautiful peel-off holograms.  The idea here is that if the hologram is not peeled off yet, then you know that nobody else has seen the private key yet, and so you can accept the coin at face value.  If you need to transform the coin back into electronic form, you simply peel off the hologram, and import the private key into a typical Bitcoin client (there is a handy "Import Private Key" option under the "Import/Export" tab in your Blockchain.info wallet which can be used for this purpose).

However, at the moment our focus is on using the Bitcoin Address Utility to create brain wallets, not physical wallets.  Here's how to do that:
  1. On your PC, go to https://github.com/casascius/Bitcoin-Address-Utility.
  2. Click on the button that says "ZIP" to download.
  3. Save the file to a location that you can easily find again later (e.g., your desktop).
  4. Go to the folder where the file was downloaded, right-click on the file (Bitcoin-Address-Utility-master.zip) and select an option to extract the contents.  
  5. Open the resulting folder named "Bitcoin-Address-Utility-master".
  6. Next you need a cryptography library called BouncyCastle.  Go to http://www.bouncycastle.org/csharp/.  Click on the "compiled assembly" file (latest version as of this writing: bccrypto-net-1.7-bin.zip), download it, and unzip it, then move the BouncyCastle.Crypto.dll file to the Bitcoin-Address-Utility-master folder.
    Cryptographers are a zany bunch.
  7. Next you'll need another library called the ThoughtWorks.QRCode.dll.  Go to https://code.google.com/p/qrcodetip/source/browse/trunk/libs/ThoughtWorks.QRCode.dll?r=2 and click "view raw file".  Download that file also to the Bitcoin-Address-Utility-master folder.
  8. Now that you have all the required libraries, you will need to compile the Bitcoin Address Utility application.  You will need Microsoft's C# compiler.  Visit http://www.microsoft.com/visualstudio/eng/downloads#d-express-windows-desktop .  
  9. Select the "install now" option.  Agree to license terms and click "Install."  This part will take a while, depending on how fast your computer and Internet connection are.  I was able to install it successfully on my Windows 7 laptop, but it might not work on much older computers.
  10. After VS Express is installed, run it and select "Open Project..."  Navigate to the Bitcoin-Address-Utility-master folder (in my case, I moved this folder into "My Documents\Visual Studio 2012\Projects") and select the "solution" file BtcAddress.sln and open it.
  11. On the PROJECT menu, select "Add Existing Item..." and select the BouncyCastle.Crypto.dll and ThoughtWorks.QRCode.dll library files you downloaded earlier, and click Add.
  12. At this point, I surprisingly had to do a couple of extra steps to get it working, maybe because the version of Visual Studio I had was different than the one it was built with.  On the PROJECT menu, select "Add Existing Item...", navigate to the "Model" folder, hit control-a or use shift-click to select all the .cs files, and click "Add," then navigate to the "Reports" folder, again select all the .cs files, and click Add.  I don't know why these files weren't already added to the project.
  13. At this point, under the BUILD menu, you should be able to select "Build Solution" and then the compiler will generate an executable file in bin\Debug\BtcAddress.exe.  You can put a shortcut to this file on your Desktop or somewhere, for easier access.
  14. Now you can run the utility (and if you are paranoid, you can disconnect your computer from the Internet before doing this).  Double-click on BtcAddress.exe to run it.  The current version pops up a window that looks like this:
    Main window of the Bitcoin Address Utility, version of 12/28/12.
  15. Under the Tools menu, click the first item, "Address Utility."  You will see the following dialog box:
    Bitcoin Address Utility's address-generation dialog box.
  16. The first field there is labeled "Minikey / key from SHA256 hash of a string."  This is where you enter your Brain Wallet passphrase.  However, one caveat:  Casascius himself has told me (in a personal email dated 1/27/13) that he is currently leaning towards advocating for the community to migrate to a particular new brainwallet standard involving scrypt for generating secret keys from passphrases; scrypt is designed to make it more computationally expensive for an attacker to compromise your keys by a brute-force search of possible passphrases.  However, for the time being, the de facto standard for brain wallets (proposed by Casascius himself in Nov. 2011) is to use a simpler function called SHA256.  So we'll stick with that for purposes this blog post.  So, try typing your passphrase here:  In our above example, "category platypus ennui toast", and hit Enter.  The remaining fields in the dialog are automatically computed from that, and you see:
    Example of calculating a Bitcoin address from a passphrase.
  17. Let's point out some important results.  The field labeled "Private Key (WIF)", which in this case is 5KVuSusnXeaQyeGyKk63BpoWmpeoto6BhfPdnraCyPWYVoZnSTu, is this account's private key in Wallet Input Format, which can be imported easily into most other Bitcoin clients.
  18. The field labeled "Address" is the Bitcoin address, in this case 19YPrPAQdjwEsT2QnbvhVnyEuyXWxSL2Hq, which is what you give to other people who you want to be able to send Bitcoins to this account.  Note it is the same address that Blockchain.info generated for this passphrase - showing that Blockchain.info is using the same algorithm for computing Bitcoin accounts from brain-wallet passphrases as the Casascius tool.
  19. Now that your brainwallet account has been generated (and note, no connection to the network is needed to do so), people anywhere can start sending you Bitcoins addressed to that account.  The account balance can be checked (by anyone who has the address) using any number of tools; for example, you can paste the address into the search box on the main page at blockchain.info.  
  20. If you like, you can also set up your blockchain.info account to "watch" or monitor that balance as part of your wallet - without ever giving it the private key.  Log in to your blockchain.info wallet account, click Import/Export, and paste the address (not the private key!) under "Add Watch Only Bitcoin Address", enter that, then click on the "Receive Money" tab, and you will see it listed with  "(Watch Only)" in red after it.  This way, you can watch the money coming in to your wallet, without having to worry that you've given your secret information to blockchain.info (or any website).
  21. Later on, if you want to use blockchain.info to easily spend Bitcoins accumulated into that brain wallet, you can at that time (if you trust blockchain.info) import your brain wallet passphrase and gain full (send/receive) access to your brain-wallet Bitcoin account.  Or, if you don't trust Blockchain.info, you can use some other client, and import the passphrase (if it supports brain wallets) or the private key (if not) into it.
By the way, in case you don't want to go to all that trouble of compiling the Casascius Bitcoin Address Utility, a much simpler method is to use another website called BrainWallet.org to do the address-generation calculation; however, as with Blockchain.info, using this service requires you (1) to be online, and (2) to trust (or verify) the site's source code (available in a link at the lower-right corner of the page) to be sure that it is kosher and is not transmitting your passphrase or private key to someone else.  The advantage of the Casascius utility is that you can use it offline on an isolated computer and thereby eliminate that risk, and thus reduce the need to trust other parties.

Backing Up Your Brain Wallet

With brain wallets, there is always a trade-off:  Do I keep the brain-wallet passphrase only in my brain, to make sure no one can steal it, or do I make back-up copies of it, to reduce the chance I will forget it?  (Or, maybe you want to make sure your heirs will be able to access it, in case of your untimely demise or brain-death.)

Well, you can always create multiple brain wallets, and make that trade-off in different ways in different ones.  You can make one where you NEVER give the passphrase to anybody, and never write it down or even keep an electronic copy, but you'd better make darn sure you'll remember that passphrase.  (You might not to put your entire life savings into that one, though!)  Then, you can make another one where you do keep backups, although obviously you'll want to keep those backups in a secure place.  Some possibilities:
  • Give the passphrase to a family member or close friend whom you trust totally, exhort them to memorize it.
  • Write it on a piece of paper and stash it in a fireproof safe in your house; then hide the key or combination to the safe elsewhere - but don't forget where you put it!
  • Put the paper in a box, and bury the box in your back yard or basement, or in the woods at a subtly-marked spot.
  • Put an electronic copy of the passphrase or private key in an encrypted drive (TrueCrypt is a popular tool for this); of course then, you have to remember the passphrase to decrypt the drive, so it doesn't totally solve the problem.  Back up the encrypted drive in multiple places, on USB sticks and/or in cloud storage, or elsewhere (it is safe to do so as long as only you have the decryption key).
You might want to use several of these methods, in case you are concerned that one of them alone might not be enough to prevent your stash of Bitcoins from getting lost.  If you have a large amount of savings in Bitcoin, you may want to go to great lengths to protect it.  Of course, the more ways there are for you to recover your Bitcoins, the more ways there are that someone could potentially steal them, too...  So, ultimately, you have to use your best judgement as to how much, and what kind, of redundancy is warranted.

Filling Up Your Brain With Money

Okay, let's say by now you've created a Brain Wallet (or another type of Bitcoin account), backed it up safely in several places, and now you want to actually put some Bitcoin money into it!  (Note that, unlike with real physical wallets, you can put money into a brain wallet even after it's been buried safely in a box in your back yard, without digging it up first.)  So now, how do you get some Bitcoins?

Of course, one way is simply to have another Bitcoin user send them to you - either in exchange for some goods or services from you, or as a gift.  All they have to do is send them, via the Bitcoin network and whatever client they are using, to the public address associated with your account.  Many tools, including Blockchain.info, will display an address as a QR code which can be scanned by a phone.  Or, you can copy-and-paste the address into an email message.  If the address has been used previously, there is a tool called FirstBits (firstbits.com) which can be used to look up the whole address from the block chain, given only its first several characters (case-insensitive).  For example, firstbits.com/1jwssub will let you easily communicate to others the public account identifier 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T of the "correct horse battery staple" brainwallet.  Just paste your entire address into firstbits.com to find its FirstBits.  For example, one temporary brain-wallet address that I've used before is 1N4Fr7ZrcADmigFXYGoJtQNSidNqQ9Awgs; its FirstBits short name is 1n4fr7z.  It's very easy to tell someone, "Please pay by sending 1 Bitcoin to the address with FirstBits "one-n-four-f-r-seven-z."  Since FirstBits is case-insentive, you don't even have to worry about uppercase vs. lowercase letters.

OK, well, suppose you have nothing particular to sell to some customer who has Bitcoins to give you.  How can you just buy some Bitcoins outright?  Nowadays, there are many ways.  We'll discuss a few below.

Perhaps the easiest method to buy Bitcoins, if you have a Blockchain.info account, is to use the blue "Cash Deposit" button right on your wallet home page.  This uses a popular service called BitInstant to make the transfer, but it may not always give you the very latest exchange rate, and in addition to this, it charges a 4% fee.  However, one advantage of BitInstant is that you can make deposits at many convenient locations, including Chase bank branches, CVS drugstores, Albertson's grocery stores, and even at Wal-Mart.  A direct deposit to your Bitcoin account via BitInstant is therefore probably one of the fastest ways to buy bitcoins for most people.  (Note that your Bitcoin account does not have to be loaded into a Blockchain.info wallet for you to use BitInstant; you can also make the transfer directly using BitInstant's website.)

Another method to buy coins is to directly use a Bitcoin exchange, which will allow you to get an up-to-the-minute exchange rate.  The most popular Bitcoin exchange is Mt. Gox.  (Its name historically derives from an older site, maintained by the previous owners of the domain, that was called "Magic: The Gathering - Online Exchange," LOL, very nerdy.)  There are a number of ways to get US dollars (or other currency) into Mt. Gox, but perhaps the lowest-fee way is to use a reputable money-transfer service called Dwolla which can take money directly out of your bank account.  For everyday-size transfers, Dwolla charges only a $0.25 fee; quite reasonable.  The only problems with using Mt. Gox and Dwolla are that (1) they require a rather cumbersome process to sign up (which involves verifying users' identities in several ways), (2) transfers in and out of your bank generally take a few days to process.

(...To be continued... Write a step-by-step walkthrough of how to buy Bitcoins using one of these methods...)

Friday, January 11, 2013

The Trillion-Dollar Bitcoin

After the dollar hyperinflates and we
redefine $1T = 1 BTC
I have to admit, I got out of Bitcoins in early 2012, after Congress managed to kick the debt-ceiling can down the road in exchange for the fiscal-cliff contingency plan with its "sequester" monstrosity.  At that point, I felt that the dollar was at least out of imminent danger of collapse, and frankly, I needed the money.  As of today it is still too hard to pay one's rent, and most other real-world bills and daily living expenses, directly in Bitcoins.

However, now I am reinvesting in Bitcoins again.  Why?  Because, although we just managed to blunt the fiscal cliff and dodge the sequestration bullet for another two months, we are now on the verge of another debt-ceiling crisis which has everyone so worried that we are seriously talking about printing (well, minting) money to pay our bills.

I would like to note, for the record, that even before Beowulf's famous comment about the Trillion-dollar coin idea, publicized on the Pragmatic Capitalism blog, kicked off massive attention to what's now the #MintTheCoin meme, I was already Tweeting to lamestream media outlets asking why Treasury couldn't just start printing money again, like we did in the old days.  Unfortunately, my question was ignored at the time.  (Mass media has totally forgotten how to do deep analytical investigative journalism any more, which is why we need bloggers.)

So anyway, fast-forward 18 months, and here we are with the debt ceiling looming again, but thankfully, this time, the seignorage option is catching some attention from serious people.  Personally, I think its immediate economic impact is overblown, since in practice there isn't much difference between the Fed doing quantitative easing by buying up Treasury notes in exchange for reserve account credits (as it has been doing for some time now), versus the Fed directly crediting Treasury's account in exchange for a metal token instead of a bond - other than the technicality that the coin isn't a "debt," which gets around the debt ceiling - but I do worry that for the Treasury to directly create that much money would have a significant symbolic / psychological impact, which would disturb international investors, and cause them to reconsider whether they really want to be long in dollar-valued assets in an era where the traditional sovereign privilege of seignorage is being so openly and full-throatedly exercised by our government.  Even the fact that we are talking about it may be making them a bit nervous.  As the coinage option is further discussed, and certainly if it is actually exercised, the dollar and its derivatives will likely fall against other asset classes, and although this may have some short-term benefits in terms of making U.S. exports more competitive, other nations will surely retaliate, perhaps by devaluing their own currencies as well.  The end game of this kind of competition is well-known and has historically been rather bloody, as readers of the book This Time Is Different will know.  Often, a currency war tends to escalate into a war of the bombs-and-bullets variety quite readily.

In any event, a war (of either the currency or traditional variety) between the world's major economies would certainly cause massive chaos, and individuals will (if they are smart) be looking for ways to securely protect their assets.  As I have advocated previously, the digital "crypto-currency" Bitcoin is one of the best answers.  Bitcoins are unregulated, readily available in exchange for cash (nowadays, if you don't want to muck about with exchanges, a trip to the local Chase bank, Wal-Mart, CVS pharmacy, or Albertson's grocery store is all you need to get started) and they can be securely stashed away and backed up via multiple redundant methods.  Finally, they cannot be hyperinflated by actions of any government, nor stolen from sufficiently carefully-secured accounts by any actions short of a single adversary unilaterally taking control of most of the world's computing power.

Keeping Bitcoins Safe


A bit more about Bitcoin security.  Although many options exist, my personal preferred means of keeping my Bitcoins safe is to have several redundant forms of storage:
  • brain wallet, which is a long secret passphrase that you make up, which you use to derive your Bitcoin account private keys.  You need never give away the passphrase or private keys to anyone to receive Bitcoins into that account!  It's almost as if the Bitcoins were transmitted directly into your brain.  Brain wallets can be created in your web browser using sites like Blockchain.info, or, if you feel compelled to read their Javascript source code every time you visit to convince yourself they're not appropriating your unencrypted info, you can instead create your Brain Wallet offline using an open-source tool.
  • In case you're worried you might forget your brain-wallet passphrase, you can also print it (or your private account key) on paper and stash it somewhere safe (in a locked, fireproof safe hidden in a place that you physically control, and/or in a safety deposit box at a bank).
  • For another layer of redundancy, you can import your private key into your Bitcoin client which stores its data in encrypted files, and/or simply put the key or passphrase onto an encrypted virtual drive, which you can then backup multiple times on USB sticks or to the cloud using services such as DropboxGoogle Cloud Storage, and/or Microsoft SkyDrive.
If you do all the above, and take care not to divulge your passphrase to anyone, and you minimize the number of times you type your passphrase into a potentially compromised device attached to the network, it becomes very difficult to unwillingly lose your Bitcoins, unless one of the following, relatively unlikely scenarios occurs:
  • Someone breaks into your house, breaks into your fireproof safe, and steals your paper keys.  OR they break into your bank's safety-deposit box (if that's where your paper keys are).
  • You forget your passphrase, AND lose the key to your safe, AND lose access to your safety deposit box, AND the whole cloud goes down or you lose access to it.
  • You are tortured or threatened to compel you to divulge your brain-wallet passphrase, or the key/combination to your safe, or your encrypted drive password.
The first, physical theft scenario is the same as already exists for any physical commodity, physical key, or password, and it can be eliminated by keeping all records encrypted (if you trust your brain to remember the required passphrases without physical backup).

The second loss scenario can be mitigated by keeping more backups in more places.

The third, coercion scenario (a conceivable result of an extreme authoritarian regime's asset confiscation programme) can be mitigated by dividing up your Bitcoins amongst several different brain-wallet accounts through anonymizing services to eliminate traceability.  You can give up one of the smaller accounts to the torturers to (hopefully) satisfy them, while retaining plausible deniability that you hold any additional accounts.

Note that Bitcoin is superior to gold, in the sense that, with gold, the brain-wallet option does not exist.  If you lose direct physical control of your gold, you are always vulnerable to possible loss, whereas you can never lose direct physical control of your Bitcoin brain wallet, unless you forget your passphrase. 

Gold is perhaps superior to Bitcoin in a scenario wherein the entire Internet ceases to function (although theoretically the Bitcoin protocol could be ported to work by exchanging USB sticks, or sending smoke signals).  However, a future without the Internet is arguably too horrifying to further contemplate.

The Trillion-Dollar Bitcoin



A typical result of hyperinflation of fiat currency
by a sovereign government.
As more and more people come to realize, thanks to the #MintTheCoin campaign, that fiat currencies are inherently vulnerable to being debased by sovereign governments in times of scarcity, I think that gradually more and more people will turn to solutions such as Bitcoin.  In the event of a severe currency war, in which major economies repeatedly pull the rug out from under each others' debts via debasement, it could easily happen that the value of the US dollar eventually goes the way of Zimbabwe, and meanwhile, the value of Bitcoin rises and rises, in proportion to its popularity, until eventually, a single Bitcoin literally becomes worth a trillion dollars.  As I have previously argued, at some point, it becomes logical for nations to simply adopt Bitcoin itself as legal tender (or base their currency on it) to escape the hyperinflation trap.  So, maybe today's trillion-dollar "commemorative" platinum coin will eventually become backed by a nice solid 1 BTC of crypto-money in the US Treasury's brain wallets, which amount will by then have become worth the equivalent of only about $200,000 in today's dollars.

It's still a pretty good return for only an ounce of platinum.

P.S.  As of this writing, the price of 1 BTC in US dollars has already risen by about $1, or about 7.5%, in just the last couple of weeks - a period during which #MintTheCoin was becoming increasingly widely discussed.  At US$14.23, it is nearing an 18-month high.