[LINKs] Bitcoin hits mainstream; intelligent technical critique

post by SilasBarta · 2011-05-19T18:30:35.402Z · score: 8 (8 votes) · LW · GW · Legacy · 13 comments

Annie Lowrey discusses Bitcoin in Slate.  No clear thesis, but important that it gets attention there.  She gives a general overview, with emphasis on its benefits to fringe elements on society, and gives quick attack at the end.  The attack seems misinformed, but it links to something more interesting, specifically...

A technical critique by Victor Grishchenko, PhD, who was mentioned here in the context of causal trees.  He describes a few problems he sees with Bitcoin:

1) Asymmetry favors attackers, in that it takes a lot more effort to check for double spending than to attempt a double-spend, eventually requiring "supernodes" that have disproportionate influence over the network.

2) It needs to continuously spend spend cycles to stay free from attackers.  He then describes an attack I don't quite understand that involves holding on to a discovered block and then broadcasting it at just the right time

3) It doesn't compare well against existing systems in terms of privacy, speed, or transaction cost.  (I found this questionable because the system he's comparing it to is still subject to warrants, and Bitcoin takes significantly less time -- 1 hour or so -- to ensure a transaction than the wiring transfers Grishchenko discribes.)

Finally, he credits Bitcoin in being advantageous similarly to Bittorrent: the latter was clumsy and complicated compared to regular downloading, but could perform well enough in a niche niche to force change in the broader markets.

13 comments

Comments sorted by top scores.

comment by David_Gerard · 2011-05-19T20:43:11.475Z · score: 4 (4 votes) · LW · GW

The Salon article goes to quite some effort to equate libertarians and criminals.

(I remain almost entirely unconvinced by bitcoins - I would not deal in them until I felt I actually understood the risks of trading in a currency that may become all but worthless at any moment, and I really don't - but that article's glib gloss over the writer's clear lack of knowledge got up my nose.)

comment by rhollerith_dot_com · 2011-05-20T05:56:26.552Z · score: 7 (7 votes) · LW · GW

I remain almost entirely unconvinced by bitcoins - I would not deal in them until . . .

I'd deal in them -- I just wouldn't hold them.

comment by wedrifid · 2011-05-19T19:51:53.546Z · score: 1 (3 votes) · LW · GW

3) It doesn't compare well against existing systems in terms of privacy, speed, or transaction cost.

Privacy? But making the transactions private is about as you can get. Without physically accessing your computer while you are making transactions the only information an external entity can access about you is "there has been an encrypted connection established from your location to an arbitrary and potentially unrelated computer on the internet".

comment by SilasBarta · 2011-05-19T20:33:46.685Z · score: 1 (1 votes) · LW · GW

Yeah, I know. That was the part that stood out the most for me -- the electronic funds transfer network he's using cannot possibly be offering the privacy that Bitcoin does, as long as his name his tied to it and a central arbiter sees all the transactions.

Not claiming that critique was flawless, just that it's (for the most part) intelligent and based on familiarity with the system.

comment by [deleted] · 2011-05-20T12:31:21.552Z · score: 2 (2 votes) · LW · GW

I think what he's getting at with the privacy comparison is that with conventional online money transfer, your bank knows about your transaction history, but nobody else does (unless the bank is hacked or threatened, I suppose).

With bitcoin, although it's anonymised, everyone can see the complete historical record of all transactions. Although you can make a new address for each transaction, there'll be a lot of timing information leaking out there - eg, if fifteen addresses send a total of 100 bitcoins to a new address in the space of a second, and then all those coins are sent to yet another address, chances are the original 15 addresses all belong to the same person.

Patterns like that are preserved forever, so anyone in the future can run some sophisticated analysis algorithm to find out about what you're doing today, and you won't even know it's happening, because they're using publically available data to do it.

ETA: This can be worse than the typical computer-system vulnerability. Normally, you're only at risk between the attack being invented and the problem being fixed. With this, you're at risk from the beginning of time. On the other hand, the longer in the future it is, the less you probably care.

comment by SilasBarta · 2011-05-20T14:21:51.346Z · score: 0 (0 votes) · LW · GW

I think what he's getting at with the privacy comparison is that with conventional online money transfer, your bank knows about your transaction history, but nobody else does (unless the bank is hacked or threatened, I suppose).

Right, hence the problem: Bitcoin has no one to target with a warrant, while the private service used by the author does.

With bitcoin, although it's anonymised, everyone can see the complete historical record of all transactions. Although you can make a new address for each transaction, there'll be a lot of timing information leaking out there - eg, if fifteen addresses send a total of 100 bitcoins to a new address in the space of a second, and then all those coins are sent to yet another address, chances are the original 15 addresses all belong to the same person.

True, but that's not nearly asymmetric enough in favor of the attacker -- the holder of the coins doesn't need to use so naive a method as to do them all at the same time. They can randomize the transfers to the point where they just blend in with the noise of regular transactions. Plus, you'd have to compare traffic analysis effectiveness against regular banking.

comment by [deleted] · 2011-05-20T15:19:41.291Z · score: 0 (0 votes) · LW · GW

Right, hence the problem: Bitcoin has no one to target with a warrant, while the private service used by the author does.

It depends on the the threat . Against governments with a search warrant looking for something specific, bitcoin would be better. Against governments doing secret large-scale surveillance, the bank may well be better.

True, but that's not nearly asymmetric enough in favor of the attacker -- the holder of the coins doesn't need to use so naive a method as to do them all at the same time. They can randomize the transfers to the point where they just blend in with the noise of regular transactions. Plus, you'd have to compare traffic analysis effectiveness against regular banking

You don't need to be that naive. But how clever do you have to be? And how clever are people actually being? Unless there's a randomisation strategy that comes with good reason to believe it's secure against unknown attacks, I wouldn't want to put too much confidence in the anonymity.

comment by SilasBarta · 2011-05-20T19:43:04.116Z · score: 0 (0 votes) · LW · GW

You don't need to be that naive. But how clever do you have to be?

Not at all. The protocols for bitlaundry-type arrangements just have to be updated to add random time delays all throughout. No extra effort on the user's side.

There's definitely a lot of extra work, though, that could be done on developing Bitcoin clients that automatically handle stuff like this. (It would have to, without being promted, generate new addresses every so often, and feed them to a service, either which has the time delays, or does it with a patter than would conceal data from traffic analysis.)

comment by [deleted] · 2011-05-20T20:47:13.337Z · score: 0 (0 votes) · LW · GW

"could be" is all very well, but for the people using bitcoin right now, it needs to be "is".

How long do the delays have to be? Does it matter if the recipient isn't using a randomisation service? Etc? I'm not saying these questions are unanswerable, it's just that they need real solid thinking done on them, which (as far as I know, which isn't very far) hasn't really been done. And then the answers need implementing.

comment by QuicklyStarfish · 2011-05-20T12:57:41.457Z · score: 0 (0 votes) · LW · GW

It should be noted that services exist that allow you to send coins from one user to another with some actual anonymity by mixing coins from different sources (example). However, I'm uncertain about how effective they currently are.

comment by jsalvatier · 2011-05-21T15:13:06.818Z · score: 0 (0 votes) · LW · GW

I know very little about cryptography. Say I wanted to start my own currency. Would it be possible to create a secure currency JohnCoin where I and only I can produce new JohnCoins?

comment by Eugine_Nier · 2011-05-21T15:18:42.211Z · score: 3 (3 votes) · LW · GW

Would it be possible to create a secure currency JohnCoin where I and only I can produce new JohnCoins?

If that's your only criterion that's easy.

Convincing anyone else to use a currency that you and only you can create is much harder. ;)

comment by jsalvatier · 2011-05-21T20:04:56.264Z · score: 1 (1 votes) · LW · GW

Of course.

So, in principle a central bank (say the Fed or the ECB) could switch its currency to a similar system without changing its model very much.