Bitcoin’s Collusion Problem

Yesterday I questioned whether we should expect demand for Bitcoins to be stable over the long run. Today I want to look at the supply side. A constrained supply of money is important to a currency’s stability. One of Bitcoin’s key selling points is that the number of Bitcoins issued will never exceed 21 million. But this promise isn’t credible. To understand why, we need to dig a little bit into how the protocol works.

The Bitcoin peer-to-peer network can be thought of as a giant, shared accounting ledger. Whenever someone makes a Bitcoin transaction, the record of this transaction is submitted to the various nodes in the network. At fixed intervals, each node bundles up all the transactions it has seen into a data structure called a “block” and then races with the other nodes to solve a difficult mathematical problem that takes the block as an input. The first node to solve its problem (the problem is randomized in a way that gives each node a roughly equal chance) announces its success to the other nodes. Those nodes verify that all the transactions in the new block follow all the rules of the Bitcoin protocol, and that the solution to the mathematical problem is correct. (verifying solutions is much easier than finding them) Once a winning solution is found, all nodes then treat the transactions encoded in the winning node’s block as new entries in the global transaction register.

The system has a clever incentive system: each node is allowed to insert a fixed reward (currently 50 Bitcoins) for itself into the block it is working on. If it “wins” the race for a round, then this reward becomes part of the official transaction history. Effectively, the winner of each race gets to “mint” some Bitcoins for itself as a reward for participating in the transaction-verification process. The creator of the Bitcoin protocol established an expoentially decreasing schedule of rewards. If this schedule is followed, no more than 21 million Bitcoins will ever be issued.

The limit is a social convention baked into the BitCoin software. If a rogue node tries to give itself a larger reward than the protocol allows, the other nodes are supposed to reject its proposed block. But that only works if most nodes are enforcing the rules. If Bitcoin became a “real” currency, nodes would face a tremendous temptation to collude in order to give themselves larger rewards.

If a group of nodes colluded to change the rules (say, awarding themselves 100 Bitcoins rather than 50 for “winning” a round), the result would be a “fork” of the Bitcoin network. Nodes that enforced the original rules would reject blocks with the higher rewards, effectively expelling them from their network. The “rogue” nodes would recognize one another’s blocks, and would effectively establish a second, rival Bitcoin network. Theoretically, these different networks could continue in parallel indefinitely, but it’s likely that relatively quickly one of them (probably the larger one) would come to be regarded as the “real” Bitcoin network and cash spent on the other network would become worthless.

So the question is whether it would be possible for a critical mass of nodes to collude to change the rules. And I think the obvious answer to this question is yes, for two reasons. First, the Bitcoin software itself offers a convenient collusion mechanism. If the Bitcoin protocol is anything like other network protocols, a handful of clients is likely to account for the overwhelming majority of nodes at any given time. That means that convincing the creators of the top two or three Bitcoin clients to change their implementations would be enough to effectively change the protocol.

Second, collusion will grow easier as the network grows and becomes more professionalized. Bitcoin supporters are quick to point out that their system wouldn’t require ordinary consumers to run their own Bitcoin nodes. They predict that as the network grew and the resources required to run a node increased, that nodes would increasingly be run by commercialized entities who made money by providing “eWallet” services to ordinary Bitcoin users.

We might call organizations that are in the business of running Bitcoin nodes and processing Bitcoin transactions “banks.” And we could imagine these banks forming a membership organization whose primary function is to control the size of the Bitcoin money supply. It would announce changes to the Bitcoin protocol that expand the supply of Bitcoins at the desired rate. Member banks would agree to change their software accordingly. We could call this entity a “central bank.”

So one of Bitcoin’s key selling points—a permanently fixed supply—is basically illusory. The supply of Bitcoins, like the supply of every other currency, will be controlled by the fallible human beings who run the banking system. We already have an electronic currency whose quantity is controlled by a cartel of banks. If you’re a libertarian, you might think the lack of government regulation is an advantage for Bitcoin, but it strikes me as highly improbable that the world’s government’s would leave the Bitcoin central bank unregulated. So I don’t see any major advantages over the fiat money we’ve already got.

This entry was posted in Uncategorized. Bookmark the permalink.

117 Responses to Bitcoin’s Collusion Problem

  1. Anonymous says:

    Yeah, everyone will totally run this new client version that creates more Bitcoins so that each’s coins will be worth less. I’m sure that noone will check the source code and warn others about it.

    And certainly miners will form cartels and those won’t be broken due to competition.

    I think you just don’t want it to work because remaining a pessimist is easier.

  2. Max says:

    This is a rather fanciful series of assumptions. It’s hard to see why professionals would want to vandalize the protocol, which would only destroy their business. Nobody is forced to accept bitcoins, and if the protocol doesn’t work as designed, nobody will. End of story.

  3. Vandroiy says:

    You are making claims I would not call credible. Do you have anything to back this up? A HANDFUL OF NODES enforcing an invalid block chain? Please elaborate your attack in detail to prevent your post from looking like an arbitrary guess of the type “LOL I SAY IT’LL FAIL”.

    In the first post, I thought you were serious. But now, I believe you are really just trying to temporarily get prices down.

  4. Vandroiy, I’m not sure what elaboration you need. I’m suggesting that a majority of nodes could agree to change the BitCoin protocol to increase the reward given to miners. That’s the whole attack. The question is what would prevent them from doing this?

  5. Jim Harper says:

    Can I invite a third post on the relative amenability of dollars and Bitcoins to surveillance? What about the respective costs of transacting using either currency?

  6. Matt Giuca says:

    As I understand it, this sort of attack wouldn’t work.

    First, let me discuss the sort of attack that *would* work. Say that a cartel wanted to take control of the Bitcoin network, just for 10 minutes, and they had a massive amount of CPU at their disposal. Such a cartel could jump on the network with more CPU than all of the other “honest” nodes combined, and start generating blocks. What could they do with this power? Well they could denial-of-service (DOS) the network by dropping transactions. They could also potentially “reverse” their own transactions — spend some bitcoins in exchange for goods or “real” money, then ten minutes later, put out a new block without that transaction, thereby keeping the goods AND the bitcoin. But that is why the user interface says “1/unconfirmed” — you aren’t supposed to give the goods yet. The seller should, in fact, wait for about 6 confirmations, which is about an hour. So having control of the network for ten minutes isn’t enough, you would have to take control for about an hour to do real damage.

    But you are supposing that the malicious node is able to take control of the network permanently. In that case, they could continue double-spending. But I dispute that it would last for long — we are happy to let big CPUs do the mining but if the integrity of the network was challenged, I am sure lots of people would “fight back” by turning on their generators, eventually kicking this cartel off the network.

    But now let’s discuss your scenario, where the attacker actually *changes the rules*, say, changing the mining reward from 50BTC to 100. Say that this cartel with lots and lots of CPU did generate a block with a 100BTC self-reward. AND they kept in control, and pumped out more blocks on top of that. They created a fork of the network. You suggest that if the cartel had more CPU power, the majority of clients would switch over to that “rogue” network, but that isn’t true.

    The majority of clients *will* fall for it if rogue nodes do nasty things within the rules, but they *won’t* fall for it if rogue nodes *break* the rules. Every single “honest” client will simply ignore any block which rewards 100BTC (or any non-50BTC amount) to the generator. It is as if nothing happened. The same applies for any other rule-breaking block, such as a block with an invalidly-signed transaction (wrong private key), a block which double-spends some money, etc. All of the dodgy cartel nodes would see the invalid blocks, but the vast vast majority of honest clients (even those not generating) would reject all of these blocks. The cartel would have effectively forked itself off of the main Bitcoin network and the rest of us would not notice their disappearance.

    If someone *really* wanted to change the rules, they would actually have to somehow convince the majority of users to use a malicious *client*; that is, they would need to have everybody use modified source code. In theory, the Bitcoin developers themselves could do this, or someone who took control over the Bitcoin website, but I suspect even this would be impossible. During the time it would take to have 50% of Bitcoin users update their software, someone would realise it and start emergency procedures to issue a corrected version. Such emergency procedures have been enacted before in the case of a bug that allowed a malicious block to be inserted; it was quickly patched out of the chain.

    Summary: It is theoretically possible for a powerful attacker to remove some transactions which can be used for fraud, but it is not possible for anybody to change the rules just using CPU power alone. There is a good summary on the Bitcoin wiki under “Weaknesses”.

  7. Jonathan says:

    Timothy,

    I appreciate anyone who tries to successfully find weaknesses in a system. In truth, I think that’s what makes systems better. However, you say, “That means that convincing the creators of the top two or three Bitcoin clients to change their implementations would be enough to effectively change the protocol.”

    This is simply not fact. It would not take the “top two or three BitCoin clients” to assert whether or not “rogue” Bitcoins would be accepted. It would take the majority of clients (i.e. more than 50%).

    Nonetheless, in your response to another comment, you say, “Vandroiy, I’m not sure what elaboration you need. I’m suggesting that a majority of nodes could agree to change the BitCoin protocol to increase the reward given to miners. That’s the whole attack. The question is what would prevent them from doing this?”

    You are correct in your comments, but incorrect in your article. So the question is, “What would stop them from doing this?” Well, there are 1000′s and 1000′s of people running the Bitcoin client as I write this. Convincing the majority of them to devalue their currency by joining some kind of “rogue” network seems highly unlikely–if not close to impossible! It would be like 1000′s of bankrobbers getting together one day and deciding that they’re going to take down a country’s banks by all robbing banks at once.

    I’m not saying that Bitcoin is absolutely perfect, but remember: it’s in beta stage right now!! Moreover, name ANY currency system that is perfect and I will send you a 1000 Bitcoins!

  8. Jonathan,

    By “2 or 3 clients” I mean the 2 or 3 leading programs, not 2 or 3 operators of Bitcoin nodes. As an analogy, if you want to change the web, you basically just have to convince Mozilla, Microsoft, and Google to change their browsers. Similarly, I’m assuming that most people will run one of a handful of distinct client programs, and so if those programs are modified to change the rules the change will automatically change the behavior of most nodes on the network.

    Also, I’ve seen a number of places where Bitcoin advocates point out that you don’t have to run your own Bitcoin client 24/7–you can use an ewallet service to hold your Bitcoins for you. Persumably, this would become much more common as the Bitcoin economy matured, and you’d see commercial companies emerge to provide user-friendly web interfaces to the Bitcoin network. So although there might still be 1000s of people running Bitcoin clients, a much smaller number of entities would control the majority of the computing power, users, etc. These firms would have disproportionate influence over the direction of the protocol.

  9. Jacob Shiach says:

    Currency depends on faith to gain value and colluding in such a way would destroy such faith resulting in a loss of value. So there is a profit motive to keep the “reward” down.

  10. Jonathan says:

    Timothy,

    Point well taken. I understand what you mean now. It is definitely a reasonable argument that you make.

    However, there are a number of things that would have to happen in order for this to take place. First of all, the “new, rogue” client would have to be a client different than the official client from the bitcoin.org website. It is highly likely that there will be alternative clients as Bitcoin becomes popular. So, this possibility makes sense.

    However, there is something else that would need to happen that I believe is HIGHLY UNLIKELY:

    Let’s say, for example, that there were such a “rogue” company that created a “rogue” client that falsely distributed a Bitcoin client that allowed bogus Bitcoins to be used. That particular client would have to be the majority client on the network at the given time that it began acting in an unconventional way (if it was not, all transactions from this client would be rejected). The Bitcoin system is built so that it does not accept “rogue” clients unless they become the majority. Thus, this new “rogue” Bitcoin client would have to SUDDENLY become the majority client. If this did not happen in a very SUDDEN way, innocent users of this “rogue” client would see that their transactions were being rejected when using this client and word would spread like wildfire across the internet. Consequently, I believe the client would be immediately rejected by Bitcoin users and would be “found out” so to speak without any effect on the Bitcoin network.

    Moreover, even if a “rogue” client attack were to SUDDENLY happen, I don’t think the consequences would be catostrophic. Because all real Bitcoins are stored in a digital file on each person’s hard drive (or other storage media), this outage would not affect the real Bitcoins at all! The real Bitcoins would still hold their value because there exists a record of every Bitcoin transaction that could be easily dissected and verified. A new update might be issued to the original code that disregarded all the Bitcoins issued from the rogue client or during a specified time period. Easy to do? No, but very far from impossible!

    I think the Bitcoin system is built extremely well, and although there are “possibilities” of attacking the system, it would not affect the real Bitcoins! There are no Bitcoins on the network–only transaction records. Bitcoins themselves are not a part of the network; they are stored on every users’ computer!

    Moreover, as I mentioned before, the software is in beta stage and will likely be improved as time goes on (not there is anything wrong with it now).

    Finally, on a more philosophical note, if nothing else, Bitcoin is a revolutionary idea that could completely change currency as we know it. Whether it is Bitcoin or some other anonymous, decentralized, and borderless future currency, the genie is out of the bottle–governments, banks, and predatory payment processors can no longer keep a stranglehold on our money. To me–and God I hope I’m not alone–this is VERY refreshing news!!!!

    Thanks Tim!

  11. Max says:

    Jonathan, government money is backed by force (taxes). Bitcoin can’t compete with that head on. Nor can it compete with precious metals as a store of value. But it can perhaps find a middleman role – think Paypal. It is indeed an exciting innovation, but it won’t fundamentally change the financial system.

  12. cossolus says:

    Even assuming that it’s possible to hijack the protocol in the manner you describe (which is dubious at best), bitcoin is still interesting and different from a fiat currency, simply because programmers can use the bitcoin protocol to devise new and interesting applications that are simply impossible otherwise, due to transaction fees and the fact that ALL the digital alternatives (credit cards, etc) have transactions that are repudiable! Having a decent API for non-repudiable transactions with no transaction fees opens up a whole new world of possible applications. I think most people really underestimate just how much the banks, credit card companies, and legislators have been colluding to stifle anything like this from being possible, period.

    I am skeptical that bitcoin will succeed, since as I said before, there’s nothing to keep imitators from springing up, and how will bitcoin differentiate itself from the clones? By being there first and becoming the defacto standard? Maybe. I really hope it does succeed, but I’m not converting my canadian dollars to bitcoin just yet.

  13. Aaron says:

    Max, in what way do you assume that taxes are backing a currency? And most currency these days don’t really use precious metals as a store of value. The USD for instance has some Gold backing, but we printed more money than we can support a long time ago. The real value for currency comes from collective faith that the currency is worth something.

    Aaron

  14. Jerry says:

    @ Timothy (in his response to Jonathan):

    You make interesting points no doubt: but none of them are even remotely likely to happen, at least not any more likely than the current system (controlled by central banks and bank conglomerates) being abused (as it in fact has been, which I guess is kind of the point).

    Allow me to explain:

    In your “convincing the top 2 or 3 client makers to to create intentionally malicious code” scenario; I just don’t see why or how it would happen. If we take bittorrent as an example of a widespread and longterm-successful p2p network, we can see in its history that clients have come and gone, a few of them having gone from being amongst the top clients to almost niche ones because of bad decisions they’ve made. Case in point: Azureus. A few years ago, it was by far the best and most used client around. One day the devs decided they wanted to add more “features” to an already bloated (in the sense that it was written in java) client, and rename it vuze. The result? Everyone abandoned Azureus en-masse, to the point of only being seen sparingly amongst the peer lists on any given torrent. Nowadays the client distribution is much more equal, maybe with utorrent at the top for most Windows clients (because really, there aren’t that many great clients for Windows). There’s also another point that would make this scenario impossible to realistically happen, but I’ll leave for after I address your second scenario.

    Scenario 2: the “online wallet services would collude to mess with the protocol and create more coins” scenario. This is the most ridiculous of them all.
    First of all, you seem to assume that for each “wallet client” they have, they would run an instance of the bitcoin hashing/mining/generating process with its own CPU dedicated to it. This is nonsense, uneconomical, and totally unnecessary and stupid from a business model PoV. Having a wallet and participating in the network does not require you to also turn on the mining feature, and I don’t see why these sorts of services would turn on theirs, with electricity, hardware, and such that would need to be paid for it. An online wallet service would need not much more than a single server to be able to serve perhaps thousands of customers. You seem to be confounding wallet services with mining facilities, which depending on the future value of bitcoins, might or might not become economically viable to setup (taking into account these expenses I’ve mentioned). Bear in mind that the network has no need whatsoever for huge amounts of collective processing power to function, because if the collective CPU capacity starts to go down, the protocol would simply decrease the difficulty of the hashing algorithms to maintain the 1-block-per-10-minutes average.The only reason we “need” high CPU capacities on the network as a whole is to ensure that no single entity is able to posses the majority of the power in any given moment to perform double spending attacks. But that’s besides the point.

    The point, and my final one is, that even if these hypothetical (and as of yet, still nonexistent) mining companies decided to collude to create more bitcoins for themselves (and this also works for the “convince the major clients to corrupt their software” scenario), they’d just fork themselves out of the network; as they’d find that the rest of “normal” users and their clients would simply not accept their bitcoin transactions. And why would any “regular” and “honest” person decide to change their clients in order to accept these “forged” bitcoins, when this would mean it would devalue their own bitcoin reserves? When it would mean that they would not be able to spend those same forged bitcoins with other “honest” people, or at the supermarket or other honest businesses (which no doubt will end up having firmware-based {ie: non-easily upgradeable} bitcoin terminals to accept payment)? If now what you suggest is that perhaps supermarkets and such would be part of this conspiracy to increase the bitcoin flow, then that’s just as nonsensical of being afraid that tomorrow supermarkets will decide to simply not accept US Dollars. Down to the point about there not being a good reason for it, nor a viable or reliable currency to replace it with. This is also the reason there can’t possibly emerge “central bank conglomerates” that regulate the total bitcoin stock, let alone governments taking control of them.

    As everyone else here, I agree that bitcoin might not be perfect, but it’s very close to it, and definitely orders of magnitude better than any other currency system we have in place today, at least IMHO.

  15. Max says:

    “in what way do you assume that taxes are backing a currency?”

    People need government money to pay taxes. Governments don’t accept any payment but their own money (which obviously they don’t need…so taxes must be serving some purpose other than funding).

  16. grondilu says:

    This is silly.

    Sure, miners can decide to run a modified version of the bitcoin client, so that they get a bigger reward for mining.

    But they can not force anyone to do the same. The result will be a fork of the block chain, as you mentionned it.

    But those two forks could not be confused one an other. Bitcoin will still be bitcoin, even if people will dispute about “who has the right” to use the name. It will only be a naming convention.

    It’s just as if someone, one day, created a “blue gold”. It would be a metal with exactly the same physical charasteristics of gold, except for the color.

    Such metal would not increase the total amount of “yellow gold”, as it would simply not be the same thing.

  17. anon says:

    Let’s assume that you’re assumption is correct (it’s not).

    So you expect thousands, if not tens of thousands, of people to collude together, in a market that will devalue their currency?

    If this is the nightmare scenario, then I welcome it. The market and competition should ensure this scenario never happens. On the other hand, the USA has only 9 members on the Fed who can print money and change interest rates….

    Bitcoin isn’t perfect by any means, but this is not one of it’s weaknesses.

  18. midnightmagic says:

    Timothy, unlike your last post, I can find no errors in this one. You are correct as far as I can tell. I have been mining since December, ’10, and was for a while responsible for about 5-7% of the total network hash rate. The power to move the network within the rules lies with miners, who could easily collude; the power to change the rules does indeed lie with the client software creators, who could even more easily collude. I would even say that the consensus the current developers come to is a form of collusion: participatory democratic process with the users of the network, in my opinion, does not exist but for the graces of the developers of those top-few clients. Beyond that, it is the expectation in the trust of the Bazaar-like development model that open source advocates like myself tend to put faith in. And therein lies the crux: specifically, the faith in the philosopher kings who write the software that runs the infrastructure in tempered only with the faith that other philosopher kings will step into the vacuum if the current ones “Go Bad.”

    One more example of currency manipulation you can expect in the somewhat near future is the decimal-point shift. In reality, one ฿ is actually divisible to 8 more decimal places, using integer arithmetic. The current ฿ parity with the $ ($1.18 per ฿1 at the moment) is a psychological illusion. What happens to the value when the decimal shift happens? Psychological resistance to the idea of ฿1 = $1 disappears and I would expect that within a few months or perhaps a year after that, old-style ฿ are suddenly worth 10 times more than they were. It’s all a wonderful, amazing illusion. The currency itself has strong underpinnings, but the meaning of ratios or fractions is completely psychologically arbitrary based on simple consensual hallucination.

    “They” plan on only making the decimal shift when paying for stuff with divisible ฿ is no longer feasible, but I think there is a huge incentive to make that shift.. a little early. It wouldn’t even break any of the existing rules.

  19. midnightmagic says:

    Timothy, unlike your last post, I can find no errors in this one. You are correct as far as I can tell. I have been mining since December ’10, and was for a while responsible for about 5-7% of the total network hash rate. The power to move the network within the rules lies with miners, who could easily collude; the power to change the rules does indeed lie with the client software creators, who could even more easily collude. I would even say that the consensus the current developers come to is a form of collusion: participatory democratic process with the actual users of the network, in my opinion, does not exist but for the graces of the developers of those top-few clients. Beyond that, it is the expectation in the trust of the Bazaar-like development model that open source advocates like myself tend to put faith in. And therein lies the crux: specifically, the faith in the philosopher kings who write the software that runs the infrastructure in tempered only with the faith that other philosopher kings will step into the vacuum if the current ones “Go Bad.”

    What just blows me away is that most of the reasoning behind the rules is opaque. Why 50? 2016? 600 seconds? 21 million? Why those numbers specifically? Are they truly arbitrary? I always sit back and marvel that it’s grown as much as it has without:

    · High-quality software development practices including unit tests, regression tests, proper issue tracking, and continuous integration of some sort, including build farms for github merge trees and forks.

    · Clear, threaded design discussion for things like the relatively arbitrary scripting limits. Ostensibly there to protect the user, these limits cripple what would have been an extremely powerful use mechanism to extend the ability of ฿ clients to multi-authority spend, and participate in forms of escrow, for example.

    · Actual, public, economist participation. The claims made by ฿ advocates are claims: there do not appear to be rigourous, academic-quality debates about much, if anything. The highest quality paper I’ve ever seen is one about taking advantage of pool mining.

    The best discussion available on ฿ matters happens in the IRC channels, but even there, the people whose opinions I personally trust often operate so the release of information they have dug up (pun not intended) is more tantalizing than complete. Everyone works to ensure their own investment is safe, but never completely in the open.

    One more example of currency manipulation you can expect in the somewhat near future is the decimal-point shift. In reality, one ฿ is actually divisible to 8 more decimal places, using integer arithmetic. The current ฿ parity with the $ ($1.18 per ฿1 at the moment) is a psychological illusion. What happens to the value when the decimal shift happens? Psychological resistance to the idea of ฿1 = $1 disappears and I would expect that within a few months or perhaps a year after that, old-style ฿ are suddenly worth 10 times more than they were. It’s all a wonderful, amazing illusion. The currency itself has strong underpinnings, but the meaning of ratios or fractions is completely psychologically arbitrary based on simple consensual hallucination.

    “They” plan on only making the decimal shift when paying for stuff with divisible ฿ is no longer feasible, but I think there is a huge incentive to make that shift.. a little early. It wouldn’t even break any rules.

  20. midnightmagic says:

    Corrections:

    “in tempered” => “is tempered”

    One more bullet point:

    · Full discussion and rationale as to the design of the network and choice of constants. Why those ones? Why not something else? Spelunking through the forums is a brutal process..

  21. midnightmagic says:

    One more: of course, Satoshi’s original paper is pure and excellent. :-)

  22. David R says:

    Your concern is warranted — and will likely be attempted at some point.

    Those who hold any amount of bitcoins to speak of though will not cooperate with a fork that devalues their assets. It simply is not in their self interest. Then consider that currency obtained or minted post-fork will be seen as nearly worthless without the participation from bitcoins held prior to the fork.

    You underestimate the resilience of distributed systems.

  23. roystgnr says:

    What a strange “attack”. If the attackers are going to “fork” the Bitcoin protocols, why bother to even change them? Just call themselves Bitcoin2 (or Bitcoin30, if 28 others beat them to the punch) and there’s hardly any need to futz with the source code.

    Either way the same vulnerability or lack thereof is present: will being the “original” Bitcoin be enough of a selling point (Schelling point?) to prevent people for abandoning it for a copy? Or is that a side issue to begin with; do fiat moneys really only have value insofar as “if you get some to pay your taxes, you won’t go to jail” gives them value?

  24. roystgnr, the point is that the attackers would argue that their network was the real network, and that they’d merely made a minor tweak to the protocol. And if the faction supporting the change was much larger than the faction favoring the original rule, why wouldn’t people regard the new network as the real one?

  25. Dude says:

    Questions of scale — how many users can bitcoin currently support? And forgive my gnutella-based assumptions — at what point would a layer of hierarchy (an ultrapeer)make sense? Could ultrapeers collude if they were implemented?

  26. Chris says:

    Don’t forget that computing power costs money, and the cost to even attempt the processing power to make this happen would probably be substantial. The economic benefits are dubious, the costs real.

  27. Carl Lumma says:

    A constrained **growth rate** of money is important to a currency’s stability. A constrained absolute supply is disastrous. To quote Bram Cohen, “Bitcoin is, at core, a form of digital goldbuggism, which is even more ridiculous than regular goldbuggism. Now stop asking me about it.”

  28. Anonymous says:

    cossolus: : How is a bitcoin not fiat money?

    It’s not state-issued fiat money, but since its value is purely in its exchangeability, and it lacks any token-money or commodity-money nature, it sure seems like it’s fiat money.

    (I am with Chris and Carl here in being exceedingly skeptical of why I should think bitcoin is anything but a curiosity…)

  29. Sigivald says:

    (Above was me, guess I forgot to enter identification…)

  30. iluvcapra says:

    “Yeah, everyone will totally run this new client version that creates more Bitcoins so that each’s coins will be worth less.”

    I think this basically summarizes everyone’s disagreement with the post.

    Let’s rephrase the question, though: Who decides what the reward for a calculated block is? Whoever this entity is, this is your central bank; however this value is governed, wether it’s a majority vote of miners, or unanimous consent of all Bitcoin holders (a vote which would be impossible to hold), this is your central bank, because it positively has the technical capacity, even if it may not have the will, to set the inflation rate.

    “So you expect thousands, if not tens of thousands, of people to collude together, in a market that will devalue their currency?”

    If 10,000 people were Bitcoin debtors they’d absolutely have an incentive to devalue the currency. And if they say they want it, what sort of governance mechanism is in place to address their demand? Because if you don’t, they could just walk away from the system, and the lack of a firm connection in the system between human beings and Bitcoin addresses make it impossible to do anything like proper contract enforcement or debt collection.

  31. Nathan Scott says:

    This post is so absurd on so many levels. So some bad guys are going to invest in massive computer system just so they can squeeze a few hundred coins out of 21 million? And none of those people/banks/economies owning and depending on the 21 million coins will do a thing to prevent it? And this is the sole reason to completely reject a currency that is ever appreciating, anonymous, borderless, and available to anyone with an internet connection. Right

  32. Keefe says:

    Does the lack of a firm connection between human beings and paper dollar bills in the existing dollar system make contract enforcement or debt collection impossible?

  33. Vandroiy says:

    Timothy:

    The split would be detectable, so anybody holding BitCoins would refuse the new protocol, in turn adapting their clients to ignore the invalid block chain. Plans already exist to freeze the block chain and adapt in case of a massive attack.

    I doubt any investor would take the new chain seriously, which would lead to an immediate drop in value for the newly created coins. People would call them “fake”, “counterfeit”, etc.. That should be a self-strengthening effect, dumping price and slamming the cheaters out of the market in no time.

    Your “attack” is no different from just launching a separate Bitcoin network. Apart from a short defense reaction, nothing would change on the current network. And the copycat starts close to zero value.

    I must admit that on first sight, it appears that miners should like the idea. But once you take into account that large a non-newcomer miner risks his income and faces strong psychological effects countering his move, it doesn’t appear feasible anymore. And even if the majority of them goes mad, the block chain will be split and fees for non-cheating miners rise, until business continues at higher transaction fees on a more stable, once again primary block chain. Sure, it’ll be costly for the market, but it is no catastrophic failure in my eyes.

  34. Jan says:

    Timothy has one interesting idea which wasn’t discussed much yet:

    Bitcoin supporters are quick to point out that their system wouldn’t require ordinary consumers to run their own Bitcoin nodes. They predict that as the network grew and the resources required to run a node increased, that nodes would increasingly be run by commercialized entities who made money by providing “eWallet” services to ordinary Bitcoin users.

    These eWallets won’t run server farms to mine bitcoins en masse, but average users will give up on running their own client in favor of these services. eWallet services may have certain influence over Bitcoin economy in similar way typical banks have, just through direct access to users’ wallets (e.g. to charge users for services, do automatic payments). While this have to do more with economics than technical aspects of Bitcoin, once these services have big user base, they may change protocol rules (therefore forking the network) taking their users as “hostages”. Merchants will just adapt.

    So, my point: while the protocol and technology seems to be bulletproof, you have to consider social aspects and risks of the real world usage (with -ouch- average users). General public don’t really care about openness and decentralization, but if you can take advantage of the network effect, you got ‘em.

  35. grondilu says:

    <>

    Isn’t that an attempt to rephrase Gresham’s law, but without state enforcement? Sounds purely conjectural to me.

    As long as I’m running a proper bitcoin software, the genuine bitcoin currency will exist.

  36. grondilu says:

    missing quote for the above comment (sorry):

    If a group of nodes colluded to change the rules (say, awarding themselves 100 Bitcoins rather than 50 for “winning” a round), the result would be a “fork” of the Bitcoin network. Nodes that enforced the original rules would reject blocks with the higher rewards, effectively expelling them from their network. The “rogue” nodes would recognize one another’s blocks, and would effectively establish a second, rival Bitcoin network. Theoretically, these different networks could continue in parallel indefinitely, but it’s likely that relatively quickly one of them (probably the larger one) would come to be regarded as the “real” Bitcoin network and cash spent on the other network would become worthless.

  37. roystgnr says:

    And if the faction supporting the change was much larger than the faction favoring the original rule, why wouldn’t people regard the new network as the real one?

    Again: How does this differ from a similarly-inexplicably-much-larger faction starting a “Bitcoin2″ network? If anything the latter case would be much *more* likely to get others to switch, by making it easier to come up with an excuse for the fork other than “don’t you want to switch to using e-cash supported by people who are deliberately trying to devalue your previous e-cash?”

  38. How does this differ from a similarly-inexplicably-much-larger faction starting a “Bitcoin2″ network?

    Because “Bitcoin2″ coins would be worthless. What makes them valuable is that people believe it’s the “real” Bitcoin network.

  39. Pas says:

    eWallets. I don’t think that’s a big problem. Computing power, bandwidth, storage capacity is going to rise for the forseeable future, and if BitCoin succeeds in decentralizing money-transactions, at least to a degree, then there will be a lot of regular node operators. Just as with E-mail, even though GMail, Hotmail, Yahoo are huge, there are millions of other SMTP (simple mail transfer protocol) servers out there. Every small ISP, hosting start-up, social network, company, university has SMTP servers. (Sure, Google Apps usage is on the rise, but it’s not free, they sign an SLA, and they sign for SMTP not SMTP+collusion; so every not-free eWallet will be a negative motivation to fuck up the network.)

  40. Max says:

    “Because “Bitcoin2″ coins would be worthless. What makes them valuable is that people believe it’s the “real” Bitcoin network.”

    Whether bitcoin2 would be more valuable or not depends on how well it is promoted.

    Promoting a new bitcoin currency (whatever you call it) is not an “attack”, it’s just business. There can be many competing bitcoins, all equally “real”.

  41. Jerry says:

    @ Timothy

    “Because “Bitcoin2″ coins would be worthless. What makes them valuable is that people believe it’s the “real” Bitcoin network.”

    Uhm, the new forged coins from the modified software would be just as “worthless” too, in that people using the “honest” clients wouldn’t be able to even accept these forged bitcoins. Creating a bazzillion forged bitcoins (even if they somehow managed to acquire the vast majority of the computing power of the network) would be absolutely useless if they can’t spend those “f-bitcoins” with other users of the honest network.

    This rejecting of counterfeit coins is already built into the protocol itself, it’s the reason all the blocks are chained and identifiable within it. It’s not even dependent on the % of the CPU available to the attackers. This is one of the reasons bitcoins are so inherently secure. So unless you can devise a scenario where the “colluders” will be able to convince Walmart, McDonalds, and basically all merchants to switch to their tampered version of the bitcoin protocol, it’s just not possible. The same goes for your idea of colluders turning into a sort of central bank.

    I think your failure to fully comprehend how the system works is the root of your doubts towards the system. Please take the time to read the whole wiki, as well as Satoshi’s paper, to get a more complete grip on its inner workings.

  42. Andrew S. says:

    @Carl Lumma (and Bram Cohen too, since Carl cites him)

    You boys need an evening with M. Rothbard. Goldbuggism? B-tch please!

    People who make the goldbugs-er-bad-mkay argument tend to miss the subtle effect of the shift in definitions of terms (fiat exists because interested parties slowly changed the definition of money-unit terms like “dollar”), and perhaps also are worried about the problem of divisibility and making change as an economy develops. The last is a reasonable concern, but this is factored by what emerges over time in the marketplace as the money medium(s).

    Rothbard explains this neatly in his decades old essay, “The Case for a 100% Gold Dollar”. And he also explains how an absolutely fixed supply of a monetary medium is better for entrepreneurial planning in his book, “The Mystery of Banking”. Look ‘em up.

    I must note that any “goldbug”, if pressed, will admit to you that gold is not necessary as the money commodity. It just happens to be in an elite club of past money commodities that have been especially bendable to all the desired features of a commodity money. It has also had centuries of tradition and customary use behind it. Fiat paper money (with possible Chinese exception) is comparatively still as new to gold as bitcoin is new to fiat-dollars. We modern humans just have short memories and little experience of history.

  43. Vandroiy says:

    Timothy:

    Jerry repeated and further explained my argument, which you ignored. You talk about counterfeit Bitcoins! Do you really believe such an attack can be done silently? It will cause an outcry, and the majority will NOT believe in the fake coins.

    Claiming that the majority of Bitcoin buyers would be oblivious is unrealistic, but it is necessary for your attack to work. If someone buys Bitcoins, and there are some “new” coins people call “fake”, would he value these equally compared to the real ones? Of course not! The whole attack would crumble the moment Bitcoin buyers are aware of it.

    Now please don’t make us repeat the same argument, which is deadly to your proposed attack, a fourth time without responding to it. If you really believe major movements of money are executed by uninformed fools, I can cope with your reasoning. But it won’t scratch the viability of Bitcoin, because the assumption just isn’t true as soon as sizable value enters the game.

    I repeat, I don’t know whether Bitcoin will succeed. But I am fairly certain that your proposed attack will NOT cause Bitcoin to fail.

  44. Max says:

    Bitcoins are not government money and never will be. So feel free to debate the merits of the gold standard, but this has nothing to do with bitcoins.

  45. Vandroiy says:

    Okay, let’s do this differently. I place 1000 EUR against your claim in an asymmetric bet, see my post on

    http://www.bitcoin.org/smf/index.php?topic=6243

    This should make sure we’re not just increasing the Google rank of someone trying to move the market. Everyone, feel free to join in and add some readable numbers to what we believe.

  46. Frankly, I’d be more inclined to take that bet if you’d left a real email address.

    Here’s my guess as to what will happen. All these numbers are obviously highly speculative. I think there’s a ~80% chance that the Bitcoin bubble will pop within 5 years, in which case the collusion issue won’t be relevant since there will be no value to fight over. If I’m wrong about that, then I think collusion will start to be an issue once the value of the Bitcoin economy grows to be a “mainstream” phenomenon, which I doubt would happen in less than a decade.

  47. Vandroiy says:

    A second person appeared, also offering a 1000 EUR bet.

    Please use the forum, so other people join in. As stated there, I will provide the money to a person you can trust, and am generally willing to provide security against fraud. I am very reluctant to give my email, because I still suspect your post of a shady try to conjure a temporary price drop. Maybe because I find the claims so hard to believe, but that’s my problem. If you want take the bet, of course I’ll provide email and anything else to give credibility. I am on the #bitcoin-otc web of trust and can sign a message containing the bet. And, again, I’m fine with including a trusted party.

    But it appears you seek excuses to not take the bet. The collusion problem happening after it has become mainstream? Why, your attack does not require the market to be of a certain size, as long as it’s actually worth something. That’s a strange way out, but I’ll take your word on that should Bitcoin become mainstream. :)

    Though, if you say you want to wait a decade… that’s not convincing. Who is one to claim to see ten years into the future? Remember the internet ten years ago? In all that time, a major flaw is supposed to remain unexploited, but then it suddenly appears? Following your ancient prophecy, it brings everything down? This stalls the argument with a reasoning far off from reality. I call it running away.

  48. John Maynard Keynes had a famous saying: “Markets can remain irrational a lot longer than you and I can remain solvent.” The last big digital cash scheme, digicash took 8 years to go bankrupt. I think the timescale for BitCoin’s failure might be similar.

  49. DL Davis says:

    As much as I love my country, I have to say that if Bitcoin did start to gain traction, our government would be the first to meddle in it. Even if the government stayed out of it, and allowed people to trade with Bitcoin or the like, one simple way for a government to squash it would be to put outrageous tax burdens on any Bitcoin earnings of its citizens.

    What? Anonymous trading? When it comes to money in the USA, Uncle Sam would find a way…

    “Sure you can trade those things, but when it comes to taxes, you’d be better off taking an early withdrawal out of your 401k…”

  50. John Maguire says:

    Assuming everything you said here was true…

    Users of Bitcoin would no longer be using Bitcoin. If, like you said, they created a “rival” to Bitcoin, it would be just that: a rival. Those who use Bitcoin would continue to use Bitcoin because otherwise their value would inflate, quite a bit. When the rival was created, the coins would be worth nothing, because they AREN’T bitcoins.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>