[Cryptography] Bitcoin is a disaster.

[Howard Chu]

Kapilkov, Michael wrote:
> 
> 
> 
>> Okay, this may be just my depressive side talking, or it may be the stress of the last year just boiling over.  But I'm inclined to think it's not and it isn't. 
> 
>> It is my opinion that Bitcoin is a failure.  Worse than that, it's a disaster.

Bitcoin was a Pilot system, a good first effort. It did what a Pilot system is intended to do:
show where the pitfalls lie. You're supposed to learn from it, then toss it out and go back to
the drawing board. This missing step is what all the Bitcoin proponents have failed at. They kept
pushing the prototype, instead of throwing it out and designing a proper production system. They
insist that its immutability is its source of strength, instead of recognizing that no first stab
at any design is ever really that good, and systems need to evolve as we learn more about how they
work in practice.

> I'd say we'll never agree on this issue unless we first establish the criteria for failure v. success.  Since for most these criteria are going to be different, they'll never agree.  Satoshi's main goal (my interpretation of his writings) was to improve on DigiCash, RPOW and other similar schemes that had a fair degree of decentralization but still relied on a central authority.  Satoshi managed to solve this problem in a genius way with by combing existing technologies and understanding of human psychology (incentivization through mining).  This should not be underestimated in my view.  People had been trying to solve it for decades without any luck.  People like Wei Dai and Szabo came close but never managed to materialize their visions (assuming they're not Satoshi).
> 
>> The pseudonymity of coins being owned by the bearer of some cryptographic key is a failure;  People have been eavesdropping and aggressively analyzing the block chain from day 1.  And the block chain will always be there, it will always be public, and it will always be subject to further analysis.  And we are learning that analysis of that record is sufficient to destroy any pretense of anonymity or pseudonymity.  
> 
> True.  But preserving true anonymity online takes a lot of work anyway.  Very few people <1% care enough to bother.  With Bitcoin one can preserve his anonymity but it does take much labor.

Much labor and many transaction fees. But other systems have come along that studied Bitcoin's
shortcomings and solved them. Such as CryptoNote in 2013, which used stealth addresses to hide txn
recipients, and ring signatures to hide txn senders. (Both concepts which Satoshi referred
to himself, in various Bitcointalk threads.) Once again, Bitcoin isn't broken because nobody
knew how to solve its issues - it's broken because people decided not to implement known fixes.

Today Monero, which evolved from CryptoNote, uses RingCT to hide senders and transaction amounts.
CT - Confidential Transactions - is one of many solutions created by Bitcoin developers, but
never deployed onto the Bitcoin network.

>> The scarcity of block chain space has led people to re-invent every last feature of the banks they thought they were going to be escaping.
>> Including debt brokering (lightning network) and fractional-reserve banking, starting with the case of Mt.Gox and continuing to ventures today by "responsible" businesspeople who just don't get, or don't care, or both, that the entire reason the system existed, as far as the early adopters were concerned, was to get away from exactly that.  They have made Bitcoin into a debt-based system like any other; as long as the "exchange" holds your keys for you, there is no obligation for them to maintain assets equal to the deposits.  You can't prove that they are, or aren't, maintaining sufficient assets until after those assets are spent and the evidence appears in the block chain.
> 
>> And it's useless for small transactions.  Had it been deployed to a market the size of, say, a college campus it could bear the load and the bidding for block space wouldn't exceed the value of most transactions.  But had it been deployed to a market the size of a college campus, the small pool of miners available would make mining bursty and unstable, and the block chain therefore not well protected from tampering.  Same could have happened to Bitcoin early on, which is why Satoshi was mining like crazy and jumping on when needed to prop up the block rate and back off again when the blocks were coming too fast.
> 
> Because of Bitcoin, nowadays we have much more scalable and efficient protocols.

Yes. Again, Bitcoin showed us where the pitfalls are, so we can focus attention on solving them.
Monero does pretty well here too, with dynamic blocksize to handle sudden spikes in txn volume,
and dynamic fees to discourage spamming the network.
> 
>> And that brings us to mining.  Bitcoin mining has encouraged corruption (Because it's often done using electricity which is effectively stolen from taxpayers with the help of government officials), wasted enormous resources of energy, fostered botnets, centralized mining activity in a country where centralization means it's effectively owned by exactly the kind of government most people thought they *DIDN'T* want looking up their butts and where the people who that government allows to "own"
> this whole business work together as a cartel.  
> 
> I'd agree that the fact that a normal person can't really participate in mining anymore is a major setback.

The Power Law is probably always going to favor larger centralized mining operations.
Though things like P2Pool might be a solution to that. Remains to be seen.

>> There's a pretense of monitoring the network to guard against a 51% attack, but to me it seems pretty clear that what they're guarding against is merely the mistake of the cartel failing to give the latest warehouse full of miners a distinct network identity.  The whole idea of proof-of-work mining is broken the instant hardware comes out which is specialized for mining and useless for general computation because at that point the need to have compute power for other purposes is absolutely irrelevant in having any effect on mining, and there ceases to be any force that causes mining to be distributed around the world.
> It becomes a "race to the bottom" to find where people can get the cheapest electricity, and then mining anywhere else - anywhere the government tries to make sure ordinary people actually get the benefit from electricity bought for tax money, for example - becomes first pointless, then a net loss. 

>> Mining is f***ng broken, and ASICs make it actively work against a significant number of its design goals.

This is why we continued to push for ASIC resistance in Monero. The RandomX PoW algorithm
will remain resistant without any algorithm tweaks for at least 3-5 years before we need
to look at re-tuning it.

>> So, Bitcoin was a good effort, it deployed some new ideas and technology, and showed that at some scale the "block chain" idea worked, but ultimately, although a successful proof of concept, failed to deliver.  It doesn't scale, except by becoming the very thing it was supposed to replace.
> 
>> The more scalable the network becomes, the more centralized it becomes, until ultimately a "scalable" cryptocurrency would be doing things exactly the same way as a credit card processor.

Privacy and security are pretty much diametrically opposed to efficiency/scalability.
I don't see any way around that. I suppose we can accept different degrees of privacy.
E.g., TLS keeps a communication private, but not secret - an observer can't tell the
content of the communication, but they can tell that the communication occurred between
two parties. TOR or I2P can keep comms secret - an observer can't tell that two parties
are communicating at all. TLS imposes an overhead cost compared to plaintext comms, and
TOR/I2P imposes even more overhead compared to that.

Just as with the HTTPS-Everywhere initiative, I think the age of insecure, plaintext
comms is over. We shouldn't settle for transparent financial networks any more either.

> Bitcoin isn't perfect but it still has certain features that other networks do not.

Sure, but we have to accept the fact that it is in no way going to be the currency of
the future. If there's going to be one universal currency of the future for all human
commerce, it's going to need a network protocol that works on interplanetary scale,
because we're probably going to at least have colonies on Mars by the year 2140.

Bitcoin was a landmark achievement, as a prototype, but it's not fit for purpose,
and we need to (and can!) design better systems going forward.

> Bear

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/