Tuesday, May 31, 2011

Bitcoin: Timing is Everything

By Jon Matonis

Why did a digital currency like bitcoin take so long to appear on the scene if the basic cryptographic elements were already in place?

Two writers attempt to answer this question. The first is author gwern publishing "Bitcoin is Worse is Better" on Bitcoin Weekly explaining how the most elegant solution to a problem does not always end up becoming the prevailing technology. Gwern writes that a lack of novelty is part of bitcoin's appeal because there is less danger when not introducing new parts of a cryptosystem:

"The interesting thing is that by even the most generous accounting, all the pieces were in place for at least 8 years before Satoshi's publication, which was followed more than half a year later by the first public prototype (Satoshi claims that before he write the whitepaper, he wrote a prototype). If we look at the citations in the whitepaper and others, and then order the relevant technologies by year in descending order:

  1. 2001-2005: Nick Szabo, Bit Gold
  2. 2001: SHA-256 finalized
  3. 1998: Wei Dai, B-money
  4. 1997: HashCash
  5. 1992-1993: Proof-of-work for spam ("Pricing via Processing, Or, Combating Junk Mail, Advances in Cryptology", Dwork 1993, published in CRYPTO'92)
  6. 1991: cryptographic timestamps
  7. 1980: public key cryptography. (This is Satoshi's citation date; Diffie-Hellman, the first published system, was in 1976, not 1980.)
  8. 1979: Hash tree"

Gwern then logically concludes with the viral aspect of bitcoin being the most likely feature leading to its popularization and success:
"A cryptographer would have difficulty coming up with Bitcoin because it is so ugly and there are so many elegant features he wants in it. Programmers and mathematicians often speak of ‘taste’, and how they lead one to better solutions. A cryptographer’s taste is for cryptosystems optimized for efficiency and theorems; it is not for systems optimized for virulence, for their sociological appeal ("Bitcoin, like the recent commercial phenomenon Groupon, tends to turn people into marketers because they feel they have something to gain, however small it might be in the end; I think that partly accounts for its temporary success."). Centralized systems are natural solutions because they are easy, like the integers are easy; but like the integers are but a vanishingly small subset of the reals, so too are centralized systems a tiny subset of decentralized ones. DigiCash and all the other cryptocurrency startups may have had many nifty features, may have been far more efficient, and all that jazz, but they died anyway. They had no communities, and their centralization meant that they fell with their corporate patrons. They had to win in their compressed timeframe or die out completely. But “that is not dead which can eternal lie”.

It may be that Bitcoin’s greatest virtue is not its deflation, nor its microtransactions, but its viral distributed nature; it can wait for its opportunity. 'If you sit by the bank of the river long enough, you can watch the bodies of your enemies float by.'

The second writer is Nick Szabo, creator of bit gold which is commonly known as a precursor to bitcoin. I corresponded with Nick briefly after he left Digicash but prior to his published ideas on bit gold. In addition to being a cryptographer and an accomplished writer, he has an excellent grasp of the larger economic themes surrounding a nonpolitical digital monetary unit. In a follow-up to gwern, Nick recently wrote "Bitcoin, what took ye so long?" in Unenumerated stating:

"While the security technology is very far from trivial, the "why" was by far the biggest stumbling block -- nearly everybody who heard the general idea thought it was a very bad idea. Myself, Wei Dai, and Hal Finney were the only people I know of who liked the idea (or in Dai's case his related idea) enough to pursue it to any significant extent until Nakamoto (assuming Nakamoto is not really Finney or Dai). Only Finney (RPOW) and Nakamoto were motivated enough to actually implement such a scheme.

The "why" requires coming to an accurate understanding of the nature of two difficult and almost always misunderstood topics, namely trust and the nature of money. The overlap between cryptographic experts and libertarians who might sympathize with such a "gold bug" idea is already rather small, since most cryptographic experts earn their living in academia and share its political biases. Even among this uncommon intersection as stated very few people thought it was a good idea.

There's nothing like Nakamoto's incentive-to-market scheme to change minds about these issues. :-) Thanks to RAMs full of coin with 'scheduled deflation', there are now no shortage of people willing to argue in its favor."

I agree with Nick that the "why" has changed in the last ten to fifteen years; however, my reasons are that the world generally has become more attune to centralized monetary planning and manipulation for the benefit of the banker class and money going digital has led to a decreasing amount of personal privacy and an increasing amount of transaction reversibility, a la PayPal. Money was never intended to track identity and a payment system should not be used to censor and ban certain types of 'offensive' transactions as in the highly political case of Wikileaks temporarily losing almost all methods of online donation.

My mantra has always been that free individuals should 'resist digital money unless anonymous' and the transition to a digital cash or a digital bearer token system should not diminish the amount of basic financial privacy and anonymity that exists today in the physical world of paper cash. Otherwise, it would represent a step backwards, not forward. The digital monetary attributes which achieve that desired goal ultimately may have a value that supersedes a money's 'origin of use' value.

I believe that bitcoin's major improvements over previous attempts include both the viral nature of the distributed deployment and the enhanced security of a RPOW time-stamp service to prevent double spending without a central issuer. Indeed, Nick applauds the bitcoin author for improving security in the peer-to-peer environment:

"Nakamoto improved a significant security shortcoming that my design had, namely by requiring a proof-of-work to be a node in the Byzantine-resilient peer-to-peer system to lessen the threat of an untrustworthy party controlling the majority of nodes and thus corrupting a number of important security features. Yet another feature obvious in hindsight, quite non-obvious in foresight."

For further reading:
"No One Sends Bitcoins", Ironwolf, May 24, 2011
"Causes behind the Bitcoin Price Rally", Vitalik Buterin, Bitcoin Weekly, May 14, 2011
"Bit gold", Nick Szabo, December 27, 2008
"Bit gold markets", Nick Szabo, December 27, 2008
"Trusted Third Parties Are Security Holes", Nick Szabo, 2005
"Shelling Out: The Origins of Money", Nick Szabo, 2002

Wednesday, May 18, 2011

Ben Laurie Blathering on Bitcoin

Yesterday seemed to be the day for visceral reaction to the burgeoning bitcoin ecosystem. Starting off the day was Ben Laurie, creator of lucre, which is an implementaion of David Wagner's Diffie-Hellman variant on Chaumian blinding. He also wrote Apache-SSL, the basis of most SSL-enabled versions of the Apache HTTP Server, and is a co-author of OpenPGP Software Development Kit. Ben Laurie is a founding director of the Apache Software Foundation.

Given that backdrop, Ben blogged about bitcoin:
"A friend alerted to me to a sudden wave of excitement about Bitcoin.

I have to ask: why? What has changed in the last 10 years to make this work when it didn’t in, say, 1999, when many other related systems (including one of my own) were causing similar excitement? Or in the 20 years since the wave before that, in 1990?

As far as I can see, nothing.

Also, for what its worth, if you are going to deploy electronic coins, why on earth make them expensive to create? That’s just burning money – the idea is to make something unforgeable as cheaply as possible. This is why all modern currencies are fiat currencies instead of being made out of gold.

Bitcoins are designed to be expensive to make: they rely on proof-of-work. It is far more sensible to use signatures over random numbers as a basis, as asymmetric encryption gives us the required unforgeability without any need to involve work. This is how Chaum’s original system worked. And the only real improvement since then has been Brands' selective disclosure work."

Ben, I usually like your work and I also go back the 10 or 20 years in digital bearer certificates. But what has changed from the Chaumian (or even Brands) days is that distributed p2p architecture has flourished. It has flourished not only for efficiency but for ultimate survival. It would be irresponsible and naïve to think that a centralised issuing mint (required to prevent double-spend) can avoid shut-down if that were the goal of the authorities. Historically, bitcoin is really a peer-to-peer implementation of Wei Dai's b-money proposal and Nick Szabo's Bit gold proposal.

However, the more important consideration for digital bearer cash is that true, auditable reserves (metals or otherwise) themselves create a single point of failure through confiscation. Bitcoin has no reserves and it has value precisely because it has purchasing power. It is a fully nonpolitical unit of value with transactional non-repudiation and two-way convertibility.

Bitcoin’s author commenced a fairly lengthy (and robust) exchange on the cryptography mailing list thread prior to the January 2009 software release. It covers multiple exchanges on a broad range of topics and it is required reading for cryptographers. Regarding the prevention of double-spending, the network implements a peer-to-peer distributed timestamp server utilizing chained proofs of work which then provides the confirmations to the client. This transactional block-chain has permitted decentralisation without compromising integrity and that in itself is a major change from the prior practice of reissuing digital tokens at a centralised mint.

I’m really surprised that a friend had to ‘alert’ you to bitcoin. Realizing that all money is a mass illusion in some way or another, I would prefer to trust in cryptography than to trust in God and I thought you would as well.

Completing the day was Adam Cohen's nonsensical answer on Quora to "Is the cryptocurrency Bitcoin a good idea?", which was elegantly refuted by Sean Lynch and Brandon Smietana. This was followed by Victor Grishchenko's critical piece on bitcoin, which is slowly being negated on the Bitcoin Forum.

For further reading:
"Underappreciated (ii)", Nick Szabo, November 21, 2006
"RPOW - Reusable Proofs of Work", Hal Finney, August 15, 2004

Tuesday, May 17, 2011

Zimbabwe's Central Banker Urges Gold-backed Zimbabwe Dollar

From New Zimbabwe
Sunday, May 15, 2011

http://www.newzimbabwe.com/business-5127-RBZ+urges+gold-backed+Zim+dollar/business.aspx

The central bank says the country must consider adopting a gold-backed Zimbabwean dollar, warning that the US greenback's days as the world's reserve currency are numbered.

The government ditched the Zimbabwe dollar in 2009 after it had been rendered worthless by record inflation levels, and adopted multiple foreign currencies with the US dollar, the South African rand, and the Botswana pula being the most widely used.

Finance minister Tendai Biti says the country needs at least six months of import cover and a sustainable track record of economic growth, inflation, stability and above 60-percent capacity utilisation in industry before the Zim dollar can be brought back into circulation.

However, central bank chief Dr Gideon Gono said the country should consider adopting a gold-backed currency.

"There is a need for us to begin thinking seriously and urgently about introducing a gold-backed Zimbabwe currency that will not only be stable but internationally acceptable," Gono said in an interview with state media. "We need to rethink our gold-mining strategy, our gold-liberalisation and marketing strategies as a country. The world needs to and will most certainly move to a gold standard and Zimbabwe must lead the way."

Gono said the inflationary effects of United States' deficit financing of its budget were likely to impact other countries, leading to resistance of the greenback as a base currency.

"The events of the 2008 global financial crisis demand a new approach to self-reliance and a stable mineral-backed currency, and to me gold has proven over the years that it is a stable and most desired precious metal," Gono said. "Zimbabwe is sitting on trillions worth of gold reserves and it is time we start thinking outside the box, for our survival and prosperity."

Saturday, May 14, 2011

In Fifty Days, Payments Innovation Will Stop In Silicon Valley

By Aaron Greenspan
Quora.com
Wednesday, May 11, 2011

http://www.quora.com/Aaron-Greenspan/In-Fifty-Days-Payments-Innovation-Will-Stop-In-Silicon-Valley

Most people don't regularly check the California Senate Committee on Banking, Finance and Insurance for the latest news about potential legislation, and so it's no surprise that most people have never heard of California Assembly Bill 2789. That's too bad, because California AB 2789, passed into law in September, 2010 and effective January 1, 2011 as the Money Transmission Act (see http://www.dfi.ca.gov/licensees/...), is a ticking time bomb, and the big red numbers are glowing "50" as of midnight tonight.

What the law accomplishes sounds mundane enough: it requires money transmitters--companies that act like banks, but aren't, such as PayPal--to get licenses. As usual, however, the devil is in the details. Previously, California corporations were only required to get money transmitter licenses for international funds transfers, and domestic transfers were unregulated. Now both kinds of transfers are regulated. Also, the price of each license is a little bit steep: half a million dollars and change.

Oh, and if you want to do business nationwide, you'll need 43 more of those licenses from almost every state. The forms and requirements are different everywhere, most states want your fingerprints to do a criminal background check (the exact same criminal background check, it turns out), and the price varies wildly from a measly $10,000 to $1,000,000+ per state. Want the forms? Good luck finding them; some states don't post them on-line.

Why does California's law matter at all when the regulatory framework for money transmitters is already such a mess? Well, Silicon Valley is located in California, and if Valley startup founders risk going to jail (which, under the updated PATRIOT Act, they do; see http://www.law.cornell.edu/uscod...) for transmitting money illegally without a license, then there aren't going to be very many new companies working on ways to handle payments that don't involve the same old banks touting the same old plastic cards. Not to mention that there aren't a lot of investors who like the idea of putting half a million dollars into a company's bank account so that it can be immediately locked up and used for licenses.

In other words, the Money Transmission Act is designed to kill innovation.

The only silver lining is that the very last clause, section 1872, allows companies that had already been operating under the old law to continue doing so without repurcussion until July 1, 2011, which is when the music stops. On that date, every affected company needs a license application on file, or else the founders, employees and even investors will be committing state and federal crimes by merely continuing to operate.

Who would sponsor such a draconian law? According to legislative analysis of AB 2789 (see ftp://leginfo.public.ca.gov/pub/...), we can blame The Money Services Round Table. If The Money Services Round Table sounds like a shady political group that doesn't want to reveal its true identity, that is because it is a shady political group that doesn't want to reveal its true identity! Thanks to the Freedom of Information Act, however, we know that its lobbyists had some very important things to tell the Federal Reserve in 2006 (see http://www.federalreserve.gov/SE...), including its member list (which may have grown since then). At the time, it included such names as:
  • Western Union
  • MoneyGram
  • Travelex
  • American Express

While it's no surprise that these companies might want to keep out the competition, that doesn't make anti-competitive behavior something we should accept. The big four payment card companies (Visa, MasterCard, Discover and American Express) have managed to raise interchange fees for years and years thanks to legislative tricks, and only now is Congress trying to solve the problem by regulating debit (but thanks to lobbyists, not credit) card interchange rates via the Durbin Amendment to the Dodd-Frank Act, which has severe problems of its own.

You might argue that innovation in the financial industry is alive and well, but you'd only be right if you mean that in the most cynical terms. Case in point: Square, a payments company that is a media darling frequently cited as a leading innovator, does not disrupt the financial infrastructure in any way. In fact, Visa just invested in Square directly because it does such a good job of propagating the status quo. PayPal similarly exists to promote existing financial infrastructures, not replace them with something better.

Aaron Greenspan is the creator of FaceCash.com. Comments to the post can be found here. Reprinted with permission from Quora.

Friday, May 13, 2011

Thoughts on Bitcoin Laundering

By Jon Matonis

Recently, Alaric Snell-Pym published a thought-provoking piece on bitcoin and whether or not law enforcement would be embracing it or not. In his article, "Bitcoin Security", he concludes that the authorities will most likely revel in its transactional tracing potential thereby providing an electronic trail that regular paper cash simply cannot beat. Just take a look at the Bitcoin Block Explorer. Predicting a laundering technology arms race, Alaric writes:
"Indeed, I could make my bitcoin client sit there creating new addresses and transferring random chunks of my wealth to random new addresses 24x7, to effectively launder all my money through a few thousand identities. If I give somebody some money and, ten hops later, some of it is used to buy porn, I can't tell what those ten hops were - they might be ten transfers to different people, in which case, well, aren't we all six or so degrees apart anyway? It could be anyone. Or it could be the same person, laundering his money.
So isn't that a nightmare for law enforcement? Won't they have to crack down on this and make it illegal, before it's used to FUND TERRORISM and DESTROY CAPITALISM?!?!
Well, no. Perhaps they will do that anyway as a knee-jerk reaction. But I think it's just like cash, but a little easier for them to trace. If they realise it, they'll be behind it, which I think will be a good thing - as I think Bitcoin is a good currency that will enable all sorts of cool things that can't currently be done practically.
For a start, those laundering transactions are exactly the kinds of things intelligence services are good at figuring out. They can put supercomputers to work analysing the global transaction stream (all available in ONE place; no need to talk to lots of banks - or worry about infiltrating uncooperative foreign banks). Some value that goes into an account then buzzes through a self-contained pool of accounts for some time then zooms out to somewhere else can probably be traced through analysing the timings of transactions and the like; the pattern of automated laundering will be different from actual spending, if you have enough computer power to find the patterns. Imagine drawing a diagram with a blob for each address you know something about (eg, can tie to a person or organisation), and drawing arrows for all the transactions between them. Any single-use addresses can just be chained together as part of the same arrow. Any unknown addresses can be given small blobs on the diagram. Colour the arrows with the magnitude of the amount transferred, on a log scale. Arrange the diagram so the minimum of arrows overlap. Do this for the transactions in each day, and then make a movie of them changing over time. Take a given known-suspect transaction and treat it like a drop of dye, colouring it strongly, and mixing it with the light grey of other money flowing through the system as it dissipates, and see where that dye spreads to. Then get computers automating the analysis even further."
Another article by Mencius Moldbug, "On Monetary Restandardization", seems to reach the same conclusion with respect to money laundering and bitcoin users doing the authorities a massive favor.
"What is Bitcoin's only chance? Perhaps that Bitcoin is not really anonymous. In fact, it is anything but. All transactions, though pseudonymous (named by a random key), are public and can be tracked by anyone, including said authorities. There is no financial secrecy in Bitcoin - it's a completely transparent system.

Which means that, if money launderers try to launder money through Bitcoin, they are actually doing the authorities a massive favor. It is very easy to track dirty bitcoins. If you know Pablo, a drug dealer, is using Bitcoin address X, you can download the entire graph of parties that X trades with, and roll up Pablo's whole network. Instead of shutting down the real-money exchanges, you can secretly force them to send you their entire customer database. That way, the terrorists, drug dealers, etc, are not hiding their transactions at all - they are sharing their most intimate details with the government. Heck, the DEA probably understands Pablo's finances better than Pablo's own people. That's what he gets for using Bitcoin."
However, as I state in my comment to Alaric below, I believe that this reasoning is flawed. Law enforcement seeks 'link-ability' to a physical individual -- not mere 'traceability' -- and with a hyper-pseudonymous distributed bitcoin architecture, many avenues exist to obscure transactions:
"Your point on transactional tracing definitely made me think about 'self-contained pools' and 'transaction timing'. However, I don't think you are considering a structure of unrelated, unconnected mutual offset accounts as are used today in correspondent banking. For example, a Pound Sterling transaction comes in and a Japanese Yen transaction goes out without the two ever connecting because the offset is conducted off the grid.
Also, as more 'mixer' services -- http://bitcoinlaundry.com/ and http://app.bitlaundry.com/ -- come on line, the greater the pool of dead-end transactions and the greater the opportunity for unrelated, off-the-grid offsets."

For further reading:
"With The Napster of Banking Round The Corner, Bring Out Your Popcorn", Rick Falkvinge, May 11, 2011

Tuesday, May 3, 2011

PayPal Freezes Accounts of Two Bitcoin Exchangers

By Jon Matonis

Over the weekend PayPal froze the accounts of both Morpheus and CoinPal, two online exchangers that sold bitcoin. In taking this step, PayPal is making it clear that they intend to view bitcoin as a full-fledged e-currency and not just a reusable proof-of-work "math puzzle". Ultimately, the enforcement relies upon PayPal's Acceptable Use Policy, which prohibits transactions that are associated with money service business activities, including currency exchanges. So, the real surprise here is that, at least according to PayPal, bitcoin is now a currency. Undoubtedly, this decision will have implications in future legal cases against bitcoin.

PayPal has continually strayed further and further from their original mission of providing an global extra-governmental system of digital currency based around privacy, strong encryption, and e-mail addresses. Most recently, it was decided by PayPal that Wikileaks was not worthy enough to receive donations that utilized its payments platform. Apparently, these unfortunate incidents are part of a long history of PayPal deciding who should and who should not get paid. In 2004, the Daily Pundit blog and the civil liberties TalkLeft blog received letters from PayPal informing them that their accounts would be frozen unless the blogs removed controversial and "offensive material". From Reason's book review by Rodney Balko:
"Both letters came a month after PayPal announced an abrupt shift in its terms of use. The company would no longer permit customers to use the service for purchases associated with "mature audiences," gambling, hate paraphernalia, or prescription drugs, along with a long list of other prohibitions. It would also fine its customers up to $500 for attempting such transactions. Those terms apparently applied to donations to blogs with content PayPal found objectionable.
That's a far cry from the libertarian vision founders Peter Thiel and Max Levchin originally had for PayPal, an online payment service that enables account holders to send money to anyone in the world with an e-mail address. Thiel and Levchin had hoped PayPal would grow to become an extra-governmental system of currency, something reminiscent of the world described in Neal Stephenson's novel Cryptonomicon, in which programmers use encryption to create an offshore data haven free from government control."
PayPal has become the antithesis of a free market monetary system and now they operate as an extension of the establishment. What I find most difficult to believe is how so many people continue to support a system that has repeatedly demonstrated that it knows better than you do when it comes to how to spend your own money. It is certainly PayPal's choice to restrict any transactions that it chooses, but it also proves why a decentralized P2P digital currency like bitcoin is desperately needed in this world.

The Morpheus closure announcement can be found here and the CoinPal closure announcement can be found here.