Bitcoin Трейдинг

Click here for cryptocurrency Links

CRYPTOGRAPHERS’ OBJECTIONS
I think it’s instructive to look at Satoshi’s ANN thread on the Cryptography newsgroup/mailing list; particularly the various early criticisms:

disk/bandwidth won’t scale20

Satoshi’s response was that he expected most Bitcoin users to eventually become second-class citizens as they switched to the thin client scheme he outlined in the whitepaper for only keeping part of the blockchain and delegating storage to the real peers. This doesn’t seem ideal.

proposal is under-specified (omitting all the possible race conditions and de-synchronization attacks and scenarios in a distributed system) and details available only in ad hoc code21

conflating transactions with bitcoin creation requires constant inflation

it is very difficult to achieve consensus on large amounts of distributed data even without incentives to corrupt it or attacks

domination of the hash tree by fast nodes and starvation of transactions

pseudonymity %story% linkable transactions22 (irreversible transactions also implies double-spend must be very quickly detectable)

Nick Szabo summarizes the early reaction:

Bitcoin is not a list of cryptographic features, it’s a very complex system of interacting mathematics and protocols in pursuit of what was a very unpopular goal. While the security technology is very far from trivial, the “why” was by far the biggest stumbling block—nearly everybody who heard the general idea thought it was a very bad idea. Myself, Wei Dai, and Hal Finney were the only people I know of who liked the idea (or in Dai’s case his related idea) enough to pursue it to any significant extent until Nakamoto (assuming Nakamoto is not really Finney or Dai). Only Finney (RPOW) and Nakamoto were motivated enough to actually implement such a scheme.

As well, let’s toss in some blog posts on Bitcoin by the cryptographer Ben Laurie and Victor Grischchenko; Laurie particularly criticizes23 the hash-contest which guarantees heavy resource consumption:

“Bitcoin”
“Bitcoin 2”
“Bitcoin is Slow Motion”
“Decentralised Currencies Are Probably Impossible: But Let’s At Least Make Them Efficient”
“Bitcoin?”, Victor Grischchenko
What’s the common thread? Is there any particular fatal flaw of Bitcoin that explains why no one but Satoshi came up with it?

Aesthetics
No! What’s wrong with Bitcoin is that it’s ugly. It is not elegant24. It’s clever to define your bitcoin balance as whatever hash tree is longer, has won more races to find a new block, but it’s ugly to make your network’s security depend solely on having more brute-force computing power than your opponents25, ugly to need now and in perpetuity at least half the processing power just to avoid double-spending26. It’s clever to have a P2P network distributing updated blocks which can be cheaply %story% independently checked, but there are tons of ugly edge cases which Satoshi has not proven (in the sense that most cryptosystems have security proofs) to be safe and he himself says that what happens will be a “coin flip” at some points. It’s ugly to have a hash tree that just keeps growing and is going to be gigabytes and gigabytes in not terribly many years. It’s ugly to have a system which can’t be used offline without proxies and workarounds, which essentially relies on a distributed global clock27, unlike Chaum’s elegant solution28. It’s ugly to have a system that has to track all transactions, publicly; even if one can use bitcoins anonymously with effort, that doesn’t count for much—a cryptographer has learned from incidents like anon.penet.fi and decades of successful attacks on pseudonymity29. And even if the money supply has to be fixed (a bizarre choice and more questionable than the irreversibility of transactions), what’s with that arbitrary-looking 21 million bitcoin limit? Couldn’t it have been a rounder number or at least a power of 2? (Not that the bitcoin mining is much better, as it’s a massive give-away to early adopters. Coase’s theorem may claim it doesn’t matter how bitcoins are allocated in the long run, but such a blatant bribe to early adopters rubs against the grain. Again, ugly and inelegant.) Bitcoins can simply disappear if you send them to an invalid address. And so on.

The basic insight of Bitcoin is clever, but clever in an ugly compromising sort of way. Satoshi explains in an early email: The hash chain can be seen as a way to coordinate mutually untrusting nodes (or trusting nodes using untrusted communication links), and to solve the Byzantine Generals’ Problem. If they try to collaborate on some agreed transaction log which permits some transactions and forbids others (as attempted double-spends), naive solutions will fracture the network and lead to no consensus. So they adopt a new scheme in which the reality of transactions is “whatever the group with the most computing power says it is”! The hash chain does not aspire to record the “true” reality or figure out who is a scammer or not; but like Wikipedia, the hash chain simply mirrors one somewhat arbitrarily chosen group’s consensus:

…It has been decided that anyone who feels like it will announce a time, and whatever time is heard first will be the official attack time. The problem is that the network is not instantaneous, and if two generals announce different attack times at close to the same time, some may hear one first and others hear the other first.

They use a proof-of-work chain to solve the problem. Once each general receives whatever attack time he hears first, he sets his computer to solve an extremely difficult proof-of-work problem that includes the attack time in its hash. The proof-of-work is so difficult, it’s expected to take 10 minutes of them all working at once before one of them finds a solution. Once one of the generals finds a proof-of-work, he broadcasts it to the network, and everyone changes their current proof-of-work computation to include that proof-of-work in the hash they’re working on. If anyone was working on a different attack time, they switch to this one, because its proof-of-work chain is now longer.

After two hours, one attack time should be hashed by a chain of 12 proofs-of-work. Every general, just by verifying the difficulty of the proof-of-work chain, can estimate how much parallel *****U power per hour was expended on it and see that it must have required the majority of the computers to produce that much proof-of-work in the allotted time. They had to all have seen it because the proof-of-work is proof that they worked on it. If the *****U power exhibited by the proof-of-work chain is sufficient to crack the password, they can safely attack at the agreed time.

The proof-of-work chain is how all the synchronisation, distributed database and global view problems you’ve asked about are solved.

How Worse Is Better
In short, Bitcoin is a perfect example of Worse is Better (original essay). You can see the tradeoffs that Richard P. Gabriel enumerates: Bitcoin has many edge cases; it lacks many properties one would desire for a cryptocurrency; the whitepaper is badly under-specified; much of the behavior is socially determined by what the miners and clients collectively agree to accept, not by the protocol; etc.

The worse-is-better philosophy is only slightly different:

Completeness—the design must cover as many important situations as is practical. All reasonably expected cases should be covered. Completeness can be sacrificed in favor of any other quality. In fact, completeness must be sacrificed whenever implementation simplicity is jeopardized. Consistency can be sacrificed to achieve completeness if simplicity is retained; especially worthless is consistency of interface.
…The MIT guy did not see any code that handled this [edge] case and asked the New Jersey guy how the problem was handled. The New Jersey guy said that the Unix folks were aware of the problem, but the solution was for the system routine to always finish, but sometimes an error code would be returned that signaled that the system routine had failed to complete its action. A correct user program, then, had to check the error code to determine whether to simply try the system routine again. The MIT guy did not like this solution because it was not the right thing… It is better to get half of the right thing available so that it spreads like a virus. Once people are hooked on it, take the time to improve it to 90% of the right thing.

Guarantees of Byzantine resilience? Loosely sketched out and left for future work. Incentive-compatible? Well… maybe. Anonymity? Punted on in favor of pseudonymity; maybe someone can add real anonymity later. Guarantees of transactions being finalized? None, the user is just supposed to check their copy of the blockchain. Consistent APIs? Forget about it, there’s not even a standard, it’s all implementation-defined (if you write a client, it’d better be “bugward compatibility” with Satoshi’s client). Moon math? Nah, it’s basic public-key crypto plus a lot of imperative stack-machine bit-twiddling. Space efficiency? A straightforward blockchain and on-disk storage takes priority over any fancy compression or data-structure schemes. Fast transactions? You can use zero-conf and if that’s not good enough for buying coffee, maybe someone can come up with something using the smart contract features. And so on.

But for all the issues, it seems to work. Just like Unix, there were countless ways to destroy your data or crash the system, which didn’t exist on more ‘proper’ OSs like OpenVMS, and there were countless lacking features compared to systems like ITS or the Lisp machine OSs. But like the proverbial cockroaches, Unix spread, networked, survived—and the rest did not.30 And as it survives and evolves gradually, it slowly becomes what it “should” have been in the first place. Or HTML31 vs Project Xanadu.

Paul Ford in 2013 has stumbled onto a similar view of Bitcoin:

The Internet is a big fan of the worst-possible-thing. Many people thought Twitter was the worst possible way for people to communicate, little more than discourse abbreviated into tiny little chunks; Facebook was a horrible way to experience human relationships, commodifying them into a list of friends whom one pokes. The Arab Spring changed the story somewhat. (BuzzFeed is another example—let them eat cat pictures.) One recipe for Internet success seems to be this: Start at the bottom, at the most awful, ridiculous, essential idea, and own it. Promote it breathlessly, until you’re acquired or you take over the world. Bitcoin is playing out in a similar way. It asks its users to forget about central banking in the same way Steve Jobs asked iPhone users to forget about the mouse.

But he lacks the “worse is better” paradigm (despite being a programmer) and doesn’t understand how Bitcoin is the worst-possible-thing. It’s not the decentralized aspect of Bitcoin, it’s how Bitcoin is decentralized: a cryptographer would have difficulty coming up with Bitcoin because the mechanism is so ugly and there are so many elegant features he wants in it. Programmers and mathematicians often speak of “taste”, and how they lead one to better solutions. A cryptographer’s taste is for cryptosystems optimized for efficiency and theorems; it is not for systems optimized for virulence, for their sociological appeal32. Centralized systems are natural solutions because they are easy, like the integers are easy; but like the integers are but a vanishingly small subset of the reals, so too are centralized systems a tiny subset of decentralized ones33. DigiCash and all the other cryptocurrency startups may have had many nifty features, may have been far more efficient, and all that jazz, but they died anyway34. They had no communities, and their centralization meant that they fell with their corporate patrons. They had to win in their compressed timeframe or die out completely. But “that is not dead which can eternal lie”. And the race may not go to the swift, as Hal Finney also pointed out early on:

Every day that goes by and Bitcoin hasn’t collapsed due to legal or technical problems, that brings new information to the market. It increases the chance of Bitcoin’s eventual success and justifies a higher price.

It may be that Bitcoin’s greatest virtue is not its deflation, nor its microtransactions, but its viral distributed nature; it can wait for its opportunity. “If you sit by the bank of the river long enough, you can watch the bodies of your enemies float by.”

Objection: Bitcoin Is Not Worse, It’s Better
Nick Szabo and *****ko Wilcox-O’Hearn disagree strongly with the thesis that “Bitcoin is Worse is Better”. They contend while there may be bad parts to Bitcoin, there is a novel core idea which is actually very clever—the hash chain is a compromise which thinks outside the box and gives us a sidestep around classic problems of distributed computing, which gives us something similar enough to a trustworthy non-centralized authority that we can use it in practice.

Gwern’s post fails to appreciate the technical advances that BitCoin originated. I have been trying, off and on, to invent a decentralized digital payment system for fif***** years (since I was at DigiCash). I wasn’t sure that a practical system was even possible, until BitCoin was actually implemented and became as popular as it has. Scientific advances often seem obvious in retrospect, and so it is with BitCoin.35

Nick Szabo thinks that the main blocking factors were:

ideological beliefs about the nature of money (liberals not interested in non-state currencies, and Austrians believing that currencies must have intrinsic value)
obscurity of bit gold-like ideas
“requiring a proof-of-work to be a node in the Byzantine-resilient peer-to-peer system to lessen the threat of an untrustworthy party controlling the majority of nodes and thus corrupting a number of important security features”
some simplification (not markets for converting “old” %story% harder-to-mine bitcoins to “new” %story% easier-to-mine bitcoins, but a changing network-wide consensus on how hard bitcoins must be to mine)
My own belief is that #1 is probably an important factor but questionable since the core breakthrough is applicable to all sorts of other tasks like secure global clocks or timestamping or domain names, #2 is irrelevant as all digital cryptographic currency ideas are obscure (to the point where, for example, Satoshi’s whitepaper does not cite bit gold but only b-money, yet Wei Dai does not believe his b-money actually influenced Bitcoin at all36!), and #3–4 are minor details which cannot possibly explain why Bitcoin has succeeded to any degree while ideas like bit gold languished.