[Cryptography] Dispelling some myths about Bitcoin, from a Bitcoin fan

Sun Jun 15 07:25:26 EDT 2014

2014-06-15 4:26 GMT+02:00 <lmgoodman at hushmail.com>:

> However, the cryptography in Bitcoin is the easy part.

Well..........

It's easy if you only have to use it. Those things not intertwined with
N=NP, entropy, signal-to-noise ratio's, and 100% correctness are typically
just as important for a good application, but a LOT easier to produce to an
acceptable level of correctness.

P.S.: Good piece! I'd like to add three:

Myth #6: Bitcoin is inherently Democratic or at least more democratic than
usual money
Fact: Bitcoin is plutocratic, controlled by the wealthy

When people speak of Bitcoin "voting" they usually refer to the mayority of
hashing power agreeing on something. The one who owns the most hashing
power invested the most money (Bitcoin or otherwise) into Bitcoin mining
hardware. No other conditions exist but to have a lot of money to be able
to win a vote. A cheaper alternative is mining-pools, which centralize the
vote to the owner of the pool. It is true, nowadays, that mayority is so
expensive that the amount of wealthy that could singlehandedly break
Bitcoin is decreasing. Yet, even when there isn't anyone who could do it
singlehandedly all choices are still made by voting with wealth, not voting
per person.

Usual money is dictated by the people elected by "the people", at least
that's what the wrapper reads. If you're as worried about the correct
functioning of "the democratic system" as I am you wouldn't like to use the
word democratic anymore. But, certainly, the Euro is more democractic than
Bitcoin. The Dollar is about the same (neither the FED nor the global
people take orders from USGOV). Many national currencies will be more
democratic than the Euro, simply because every individual person has
greater influence over it. If everyone were equally wealthy Bitcoin would
be democratic, the less equally wealthy people are the less democratic
Bitcoin is. There's some people out there that can buy whole cities, and
employ their people. So Bitcoin, not very democratic. But democracy, was
that really what you were looking for?

Myth #7: It's too late to get in and reap huge profits (I can not be an
"early adaptor" anymore)

Fact: Bitcoin's value is arbitrary, based upon nothing and limited by
nothing.

If nothing goes wrong adaption will steadily grow and the price will
fluctuate depending on market liquidity, which can be arbitrarily low.
(Note: supply/demand refers to how many people are selling, how many people
are buying, not to actual supply or anthing.) Without any organization to
smooth over those fluctuations Bitcoin can crash (fully) one day and rise
to mighty hights (the sky is no limit) the next. Just because Bitcoin was
once x and is now 100x, doesn't mean that it can't be 10000x. Do you think
Bitcoin has reached it's maximum adoption? Me nether.

Note: Bitcoin's price does not have to climb. I think the biggest risk is a
superior altcoin, as all the rest does not truly kill Bitcoin (there is
always a purpose).

Myth #8: A 51% attack is very, very bad.

Fact: no invalid transactions can be inserted into the blockchain ever.
That would make it a different blockchain that is not accepted by
"standard" Bitcoin clients.
Fact: the greater the attack's hashing power, the higher the chance he
might be able to double spend. It is possible (but increasingly less
likely) to double spend with less than >50% hashingpower.
Fact: above 51% an attack is able to alter the order of transactions, and
is thus able to "alter history". That means he might spend money /again/,
while undoing his other previous spending (you cannot spend money twice).
We call this a double spending attack

Many think that having 51% allows you to do anything with the blockchain.
The blockchain only timestamps transactions relatively to eachother, and
relative to GMT in a non-trivial manner. The need for that is great because
of this: I can write two people a check for the sum of my grandmother's
savings account. The first person to go to the bank gets the money, the
other's check bounces. Before they reached the bank both might consider
themselves paid (and they kind of are, in a fractional reserve way). This
is why it's called "double spending". In Bitcoin the bank is replaced by
the blockchain, first in the blockchain gets the coin. If someone is able
to change who was the first, he can change who got the money.

The real trick with being an attacker is making sure that person 1 felt
like he was paid (he cashed his check) and did something for you. Then
after he cannot reverse what he did you alter the blockchain, causing
person 2 to be paid instead of person 1. Person 2 is the attacker, and
person 1 was tricked.

Finally, the blockchain is build up out of different blocks referring one
another. Per processingpower unit spend you have a certain chance
(lotterylike chance) to be able make a block, this chance is ensured
through cryptographic means. That means that someone might get a block even
whilst not having significant hashing power. This has tricked some people
in the past. It may also happen that two people find a block pretty much at
the same time, then two different blocks are validly the longest chain. One
has to wait for one of the two to become longer than the other to know
which one is valid. This can take many blocks to happen, as much as 4 has
happened
<https://bitcoin.stackexchange.com/questions/3343/what-is-the-longest-blockchain-fork-that-has-been-orphaned-to-date>
!

The lesson is that you should wait for a few confirmations before you can
consider a transaction legitimate. If there's a stronger attacker you
should wait longer. At 50% you might have to wait forever, but you are more
likely to win or lose eventually. Above 50% you are more likely to never
win, the attack might even rewrite history if he attempts to generate a
longer chain than has already happened.

You can easily calculate if it's worthwhile for an attacker to rewrite your
transaction. Only if they really hate you would an attacker lose more money
than he makes,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140615/1ebf8cd1/attachment.html>