Schneier on Security
A blog covering security and security technology.
« Elite Panic |
| Nice Security Mindset Example »
April 9, 2013
Bitcoins in the Mainstream Media
Interesting article from the New Yorker.
I'm often asked what I think about bitcoins. I haven't analyzed the security, but what I have seen looks good. The real issues are economic and political, and I don't have the expertise to have an opinion on that.
By the way, here's a recent criticism of bitcoins.
EDITED TO ADD (4/12): Four more good links.
EDITED TO ADD (4/16): Another good bitcoin story, although it's from 2011.
Posted on April 9, 2013 at 6:05 AM
• 50 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The crypto-math side is probably the only thing that works good for bitcoin... the economic side is a rather big fail.
To replace a national currency because it is controlled by one big entity (the national bank) by another currency which is mainly controlled by one big entity (mtgox) and calling it "free" is.. facepaw-worthy. Add in complete lack of understanding of in-/deflationary effects and a bit of hype, and you end up with the current state of the Bitcoin, a weakly disguised pyramid scheme.
From a crypto standpoint, I think it's interesting that the hashing is done with SHA256(SHA256(x)). Maybe that's more common than I think, but the only places I've seen it are bitcoin and Practical Cryptography. Maybe the protocol designer is a fan?
The crypto side looks fine (unless SHA256 gets broken, which is unlikely in the near future). The economic side is more reason for pessimism. Bad money tends to drive good money out of circulation, so bitcoins will mostly be hoarded and not used in actual trades. Without actual economic relevance and vulnerable to speculation (the market is still quite small, as evidenced by the current explosion of exchange rates), it will never be able to challenge fiat currencies. That's how they got to their position in the first place - they are pretty much the "worst" money imaginable (not counting forged bills) so everyone tries to get rid of them ASAP for something of at least some actual worth. Hence, trade.
@Woo How is mtgox controlling BC? I'm no BC fan, but how does an exchange control a currency?
Since when has political-economy relied on expertise?
The day technocrats take over is the day we all lose Fuck the experts.
@Autolykos : the problem with fiat money (and generally, debt fueled economy) is that the inflation it tends to cause is detrimental to those who cannot afford to "trade" for profit. The trade that happens for necessities of life (such as food, water etc) will happen regardless, so "bad" money is only good for those who manage to get a lot of it, while those who _just_ get by are disadvantaged.
This is the root cause, imho, the wealth gap.
I'm looking forward to observing the next collapse of Bitcoin.
Why does the "fiat currency" crowd sound so much like the flat Earth crowd? Other than the obvious reasons, of course.
chii, rich people usually don't have their wealth in form of fiat money (either on the bank account or in bills under the mattress). They, directly or indirectly, own stuff (companies, real estate) that makes them more money with minimal work, or lend that money to someone who does some actual work with it. And since there is no limit on how much money you can make this way (it doesn't require much of your time or resources, and not significantly more if you have more to work with), their assets grow exponentially. All that money has to come from somewhere, namely the people who do the actual work and will (except for a few very skilled/lucky ones) never have enough left over to play that game. THAT is the reason for the wealth gap.
Denninger is a bit of a crank (seriously, just look at all that bold+italic+underline) but the bottom line is correct. Bitcoin has no intrinsic value. And I don't mean "durr it's just bits", I mean if the exchanges shut down and Bitcoin's only utility were trading for goods and services, the price would go to zero. Because only a few really believe in its true purpose as a currency. Most are just using it to get rich quick.
I do think he misses the mark about validation. Bitcoins require being online to validate, and it can take about an hour to get the recommended 6 confirmations to to do, and that's really inconvenient. But it's a stronger validation than real world currency because it can't be faked.
The exchanges don't control bitcoin. They're the only thing making it useful to the majority of traders, but they don't hold the reins. That would be the ASIC miners. There is now custom silicon being manufactured and sold (at snail's pace) and used privately to mine bitcoins, and there's no way the average GPU owner can compete. Things started off flawed with the increasing difficulty meaning that early adopters get a huge pile. But now a few wealthy investors can control the whole block chain. The really farcical part is how people have been iterating on more and more efficient ways to waste power computing hashes of nearly meaningless data.
As I wrote this it looks like the price just hit $205 USD/BTC. A week ago it was half that, and two weeks before that half again. This bubble will be a test of faith for the true believers, but with custom silicon now being used to mine coins they've got too much "invested" already to quit now.
@Jim Harper: He's completely right, of course. But privacy was never a strong suit of Bitcoin (or pretty much anything else online) to begin with. What Bitcoin is good at is being extremely hard to shut down. You could outlaw it, but that would only restrict its use to illegal (and semi-legal) activities, and leave about a billion dollars that could now only be spent on illegal stuff. Doesn't sound like a very clever move to me (which doesn't mean it won't happen...).
It seems reasonably secure as to forgery, but what about theft? If anyone can steal your digital money without repercussions, it's not too useful.
William Gibson recently called Bitcoins "Dunning Kreugerands"
"Bitcoin has no intrinsic value."
And those paper rectangles with guilloche printing on them do? ;-)
I think many criticisms of Bitcoin compare it to nirvana rather than existing money and payment systems.
@Autolykos: "restrict its use to illegal activities" - isn't that already what 95%+ of Bitcoins is being used for? Paying for botnet rent, online gambling and drugs.
@Jim Harper: At least a certain share of currently circulating paper rectangles are still backed by gold reserves.. which makes them inherently more trustworthy than Bitcoins.
Denninger misses the point when he starts talking about validation because he makes the same mistake that everybody else seems to make, which is to think that all transactions will happen on the blockchain. This is clearly not the case, since the blockchain cannot support that many transactions, nor would it be expected to do so.
The purpose of the blockchain is to establish a method by which two parties can exchange value without trusting in a third party. But that's not to say that the two parties don't trust a third party at all, just that they don't have to do so.
Consider a bank. If you and I both have accounts at this bank, then we can simply tell the bank to transfer funds via whatever manner. We both trust that the bank will do it, presumably without asking questions. No record goes anywhere outside of that bank, nor does it really need to do so. Now consider where you and I have different banks, but banks which communicate with one another over a network. Same deal.
The existence of Bitcoin does not eliminate the need for local ledgers of transactions, where "local" can be defined as any area of any size you like. I don't expect to be conducting my transactions on the main blockchain forever. I expect there to be organizations that have their own ledgers and methods of transacting value, and using Bitcoins on the main blockchain to exchange value between each other. It won't be me paying for a cheeseburger and waiting 10 minutes for the transaction to be verified by the blockchain. It'll be one bank sending the value of thousands of cheeseburgers to other banks and settling the total exchanges between accounts, using the blockchain to do so.
As for his concern about the loss of coins, these are just numbers here. They can be divided indefinitely. There will always be enough numbers to go around. 22 million bitcoins = 2.2 million-billion satoshis. And the protocol can be expanded to divide further than 8 decimal places if needed. Yes, value is lost to an individual when a coin is lost, but the same value is gained by all the other coins in existence as their value thus increases by a tiny amount.
His complaints about early-adopters would apply equally well to the early-adopters of anything new and potentially valuable. Is he complaining about people who buy stocks in an IPO as well?
All you folks in favor of intrinsic value need to know is that you can trade your "unbacked" bitcoins for Shire Silver which is an alternative currency that embeds the backing (gold and silver) directly inside the medium of exchange. :-)
Government-issued money may be intrinsically worthless, but it nevertheless creates a base demand for it that you can use them to pay your taxes -- most governments in fact insist that taxes be paid in the government's own money, even if the taxed economic activity itself is conducted with another currency, or as barter.
Once this base demand is in place, and there is a basic level of trust in the government's determination and ability to maintain a limited supply of their currency in the long term, it becomes practically convenient for non-government economic actors to use the government's currency in their everyday transactions. And then we arrive at a mostly stable self-reinforcing demand for the government money.
Bitcoin has excellent trust in a future limited supply, but I don't see it having anything like the you-can-pay-your-taxes-with-it factor that can be magnified into a stable non-speculative demand for them.
I think that it's great that Bitcoin is getting so much attention. With the run-up in price and various other items of Bitcoin related drama, it is becoming a minor media darling. Good for the Bitcoin crew! They deserve some recognition for all the long hours in relative obscurity.
But can we all remember for a minute that this is an experiment? That this is the first serious step on the way to a world where dependable digital cash exists? And that digital cash is a really important thing and will make the world a better place? (https://www.eff.org/deeplinks/2011/01/bitcoin-step-toward-censorship-resistant)
Note: The EFF no longer accepts Bitcoin donations. While they philosophically support the work of the Bitcoin developers (and other digital cash developers) they decided to avoid the possible legal complications of an experimental currency.
Bitcoin will evolve and may or may not fail. To own bitcoins is to be involved in this story, a good thing to remember. It is exciting to see this play out in the wide world with real unpredictable consequences. It seems likely that the digital cash story will go forward and Bitcoin is involved in that story for now.
So we'll see how it works out. And hats off to the Bitcoin development crew and good luck to them.
Share this discussion
For the economics, bitcoins can be compared to gold. You own some, some gold is mined per year, you cannot really do anything useful with it (besides, for gold, some electronics and beautiful things; but remember that 90% of mined gold just goes into safes), you don't get any interest. Its value is inherently based on the fact that others are willing to buy. It is anonymous to a certain degree, and just like gold, it it universal and not bound to countries.
Of course there are differences as well.
Downsides: The most notably is that gold is well known and many traders exist. Bitcoints are not (yet), which might or might not change. Also, you do not have anything physical in your hands (though you could print your private key and delete its digital version, and voila - a pice of paper worth money). Of course, hackers are a problem (stealing your wallet from your hard drive might be easier than breaking into your home or bank safe).
Upsides: Bitcoins can be "sent" in no time to any place on earth. This allows to use them as currency, much easier than gold.
Summary: Bitcoins are a step towards an old-school system with a gold-backed of gold-made currency. Analyzing the economics of bitcoins is equivalent to analyzing gold-based currencies.
Lots of speculation, no measurements in this thread. Also lots of obvious fallacies.
The "SHA256(SHA256(x))" construction is not recommended in Schneier's books. He recommends the following dbl-sha256 for sha256:
sha256(sha256(message) || message))
I see this misquote all the time.
To replace a national currency...
BTC doesn't replace a national currency.
I don't have the images right now (I'm at work on my lunchbreak) but if you overlay the bitcoin-to-USD-over-time graph from MtGOX and the Google Trends graph for "bitcoin" over time, the curves are identical.
@Otto You state that this only applies to transactions applying on blockchain and that using a trusted third party intermediary would bypass that issue.
The first issue with that argument is that using a trusted third party to anonymise the transactions is something you can do with or without bitcoin. It isn't a argument for their adoption.
The second is that it relies on your trust being well founded. The history of bitcoin is littered with failed intermediaries and other ventures. MtGox itself has had a couple of shady happenings in the past and is still more or less totally opaque in its dealings. Whilst I haven't dealt with them lately I still see regular caveats about putting dollars in being easier than getting dollars out. It is obviously essentially totally unregulated at the moment which is a bonus as far as many people are concerned but the finance industry has shown what happens when too much trust is coupled with two litle oversight (be it private or from government).
That really makes very little sense. The government demand for government money makes it valuable? That is circular reasoning at its finest. Why isn't it the *government* that needs to serve the demands of the *people* when it comes to the exchange of value? If everyone in a small community agrees to pay each other with chickens, what place does the government have to deny them their right to privacy? If the government can't use chickens, the burden should be on *them* to perform the exchange for something else they consider valuable.
Ask yourself why the Treasury hasn't *itself* introduced any form of online cash. Why must all online credit/debit transactions go through a bank? If countries in Europe can get together to introduce a new currency, why won't any government introduce a digital currency? It would be trivially easy to do; it could even be based on the Bitcoin protocol!
"I don't have the expertise to have an opinion on that."
Thank you, Bruce. It was extremely refreshing to see that sentiment expressed.
(repeat without links, to avoid blocking)
I've suggested the following hash scheme, to prevent future preimage attacks to SHA256. It is based on EC product, with the curve provided by the protocol.
1) h0 = SHA256(block header)
2) h1 = SHA256(h0); actually, h1 is the output to be compared with the target in order to validate the block.
3) m = h1 mod n, where n is the prime order of the curve.
4) Now an EC product is performed: R = m·Q, where Q is the fixed point in the curve.
5) r = Rx*p + Ry, where (Rx,Ry) are the coordinates of point R and p is the prime generator of the field
6) h2 = SHA256(r)
7) h3 = h2 XOR h0. The process outputs h3 as the 256-bit hash to be compared with the difficulty-tuned 256-bit target.
Another thing to bear in mind is that if usage does take off properly storing the whole blockchain will become prohibitive. There are some workarounds (keeping only a working set of the block chain excluding most transactions) but these would then require a certain amount of centralisation to be built into the system. This would most likely further entrench intermediaries like MtGox or whatevern banks started getting involved should BitCoin become a mainstream success.
"Ask yourself why the Treasury hasn't *itself* introduced any form of online cash. Why must all online credit/debit transactions go through a bank? If countries in Europe can get together to introduce a new currency, why won't any government introduce a digital currency? It would be trivially easy to do; it could even be based on the Bitcoin protocol!"
Yeah, I know - it's not a currency. But still, the government players are not unaware of this stuff.
@Impossibly Stupid: You ask " The government demand for government money makes it valuable?"
But yes, this is right. If you live in a country and all your tangible assets are in that country, you have to pay taxes in that country. If you don't pay taxes the government will coerce you even up to the point of killing you if you don't pay. If they only accept one kind of currency for payment of taxes then for those people who live in that country and can't leave without losing their assets, that currency has value for that reason alone.
This is well-known economics. A good introduction is Debt: The First 5000 Years by David Graeber.
"Ask yourself why the Treasury hasn't *itself* introduced any form of online cash. Why must all online credit/debit transactions go through a bank?"
Um... you do know that in the US at least, the Federal Reserve is a private bank, right? And the treasury department is wholly dependent upon the Fed...
"I'm looking forward to observing the next collapse of Bitcoin"
Me too. I love Bitcoin the technology, Digital Signatures and Proof of Work combination, but still I would like to see a crash so that I can find out what the 'real' price is, beyong speculation + I want a stable price.
@Trisectangle - The concern he was actually making there had to do with validation of the transaction and it taking 10 minutes to an hour to process in the blockchain. My point was that most transactions won't actually happen directly in the blockchain if BTC was indeed to become a global currency.
It's totally unfeasible to process all global transactions in a publicly broadcast manner. Bottom line is that nobody really cares where my money went when I bought a cheeseburger. Local means of keeping the ledgers balanced must therefore exist. Those don't necessarily have to use a blockchain if they're through a trusted network. The whole point of the blockchain is to be a network without requiring trust.
If my bank keeps my money for me, then it matters very little how it's denominated or transferred to other accounts within that bank. And like it or not, even with bitcoin, you're going to need banks, eventually. Sure, everybody can keep their money in their heads if they really want to do so, but economy is more than just people having control over their money.
You're naturally correct about the history of bitcoin, but I'm not talking about where it's been, I'm talking about where it must naturally go if it is to really become a store of value.
Also, anonymity is not a goal of bitcoin, except insofar as it makes it difficult to associate coin addresses with a physical person. In the original paper, this is named "privacy", which isn't necessarily the same thing. All transactions on the chain are public, there is zero anonymity. However, transactions are only associated with addresses, and you can generate as many addresses as you want (ideally, one per transaction), making it difficult (but not impossible) to connect user A with address B.
I would argue that managing the blockchain is already prohibitive. I do very little with Bitcoins currently, but I do have a small balance, so I fire up my client every month or so to get current. It takes *hours* for that task to complete. Bandwidth requirements will only get worse if Bitcoin usage increases. I couldn't imagine trying to do anything with Bitcoins on a smartphone.
Thanks for that link. I tend to see "challenges" like that as a way to get a lot of cheap work without paying for it. Regardless, it still seems to be a backward approach to the problem. It makes no sense for people to develop applications for MintChip if it isn't backed by real money. Until a government does that, which is the only thing that gives existing fiat money its value, their efforts are even less legitimate than Bitcoin!
"you have to pay taxes in that country"
Why? Because the government tells you to pay! And to pay with the money *they* print! It's the ultimate shakedown; no different than "protection" sold by people the government turns around and labels criminals. How funny is it that the government has RICO and anti-monopoly laws on the books, but there is no escape from being exploited by the corruption and monopoly the government itself imposes. It's a world full of company towns, and that is most certainly *not* what is right for the people.
No, I don't know any of that. I would ask why it is supposed to make sense that a private bank is in control of the public's money. I would ask why the government is allowed to spend with both increasing debt and deficit. Whatever Bitcoin offers, it at least gets people refamiliarized with the idea that economic value is something "We the People" hold, along with all of our other rights, independent of whatever burdens the government attempts to impose (including privatization that is not for the public good).
I didn't say it was right and good, I said that it gives value to the money. Henning's point was that the fact that you can only pay taxes in the money is what gives it value. I pointed out that the value ultimately rests in the fact that the government may kill you and will certainly mess up your life if you don't have the money. Whether this is a good thing or a bad thing is not relevant to this fact, and is certainly way more off-topic than we already are.
Take another read through, the books actually discuss both :) They initially discuss SHA(SHA(message) || message) but point out the obvious shortcoming that you need to have the entire message available at once and read it twice. They then suggest SHA(SHA(message)) as a reasonable alternative with somewhat reduced security properties and ends up recommending the second option as a good solution.
Cryptography Engineering actually goes farther and suggests SHA(SHA(00....00 || message)) as a good construction. The 0 bytes help prevent the input to the two SHA functions from being the same. Bitcoin obviously doesn't use this construction although it's a bit better, but I bet it would have if Cryptography Engineering had been published when Bitcoin was designed.
I disagree. I think who controls money and how they do it is *highly* relevant to any discussion of Bitcoins. I do not like the fact that a collusion between banks and government is "valuable" in a way that encourages fundamental rights of life and liberty to be taken from people. With Bitcoin is the proposition that the power to produce value lies in the people themselves, which I think better reflects how traditional mediums of exchange like precious metals are seen. Neither Bitcoins nor gold nor paper has any *intrinsic* value as currency, but one of those things is definitely not like the others when it comes to how easily someone in power can debase the value.
But are bitcoins *useful*? I would argue that because of their unique properties, they are indeed useful. As long as the blockchain's integrity is preserved, the utility of the network will be non-zero.
Bitcoin truly is a unique experiment. The results of the experiment will be valuable - the value of bitcoin will also emerge naturally. All the opining from "economic experts" and "libertarians" won't matter in the long run.
It sounds like you're talking about modern monetary theory or neo-Chartalism. This is generally considered interesting but kooky among economists, and shouldn't be taken as a "well-established" explanation.
Also, nobody criticizing bitcoin appears to know the correct (legal) definition of a pyramid scheme. "Early adopters get a larger benefit" is not the definition, or social security would be one.
That's not to say there aren't potential issues; Krugman has pointed out that a deflationary environment might cause hoarding, but this wasn't a huge problem for deflating metallic currencies. It generally just meant you had to melt and re-coin some gold plates when demand for money increased (in war, trade booms/deficits, or to ransom King Richard).
Watching it in action will be very interesting, but people who are buying at the peak of this hype will be very disappointed.
One major problem I found with the "criticism" as linked by Mr. Schneier was the argument on self-validation. Yes, a dollar bill self-validates. Yes, a "bitcoin" is a string of binary data.
Mmhm. And a wire transfer of dollars and euros isn't a string of bits? Do all transactions in all government-backed currencies involve self-validating cash? I don't think so.
The validation comes from the exchange (in this case, the bank), not from any feature of the currency itself. Checks are similar.
And to extrapolate from that to require a complete chain from creation to now to prove they didn't just make it up? Hello fractional lending - Banks do exactly that all the time; invent money to loan out at some ratio to the actual money they have.
So with that fundamental point shot down, there's not much left, imho.
Also the forum attached to that criticism post is FULL of crazy, wow.
Deflation also hasn't hurt things like the tech industry. Everyone knows the "value" of a CPU or hard drive decreases with each new generation that doubles the speed/capacity, but that doesn't keep many people from buying what they need today. Deflation is good for Bitcoin, because it means that there is value for just "being there", and then that network effect will produce economic activity in the long term.
So, by that measure, I don't know that you can say we're currently experiencing a hype-based peak. I'll grant you that there is a lot of hype at the moment, but it is not clear to me that Bitcoin is peaking. Right now the price seems to be hovering right around $250/BTC, meaning the full value of a Bitcoin economy (assuming all 21 million coins were mined) is limited to around $5.25 billion. Does that seem large enough to represent the full global market for government-independent digital cash? It doesn't seem so to me, so either the price will go up further, or alternatives will be introduced (or both).
A big question in my mind is what percentage of mined coins are actively circulating in the Bitcoin economy. As you say, the creators got a huge chunk at the start, but that is only a factor if that "supply" is sitting around to potentially crash the market. My guess is that anyone with a large chunk of blocks is smart enough to trickle in what they have to avoid destabilizing the value too much. I mean, sure, Bitcoin *could* just be a billion dollar scam for them (peanuts compared to the likes of Madoff), but digital cash is *such* a good idea that it seem like Bitcoin (or something else like it) is going to exist long into the future.
As for the block chain, there's no actual requirement for every user to maintain the entire block chain, as long as you can connect to a network that has the block chain. The reason that most PC bitcoin clients keep the entire block chain is for overall network health. All you need to keep bitcoins is to know where in the chain your coins are (so you can refer to them when sending).
There are some experimental (I think they're still experiments, been a long time since I've gotten into the nuts and bolts of bitcoins) that can do this both by selectively looking at the network and relying on "third party" chain holders.
Now, waiting for confirmations (for receiving coins) is an issue, but double-spending bitcoins is generally a non-trivial (and somewhat expensive) problem unless you can figure out a way to control large parts of the computational power on the network in a predictable fashion or have a method to specifically target the person receiving the coins on the network and feed them essentially fake confirmations, but there are practices which can mitigate those risks.
The appeal of the Bitcoin experiment is that it's a nice "proof of concept" that secure, pseudo-anonymous, digital currency is viable.
Despite a plethora of paragraphs, italics, underlines, and bolding, Denninger is really making three points, all of which have been made before:
1. It is not anonymous in the strictest sense.
2. Verification takes more time than with physical currencies, encumbering spot transactions.
3. It is likely to be inherently deflationary due to the inability to recover lost coins.
On the first, sure, with enough computing power one could mine the data and likely assemble enough evidence to connect users with transactions, assuming at knowledge of actual participants in at least some transactions. However, the amount of data is growing quickly, driven by the level of computing resources being devoted to mining. His arguments about the illegality of theoretical methods of making transactions more anonymous seem circular.
The simple answer to the second, as others have mentioned, is credit. Most retail transactions (like most transactions today) don't need to be handled on the main block-chain as long as there is a local trusted intermediary, like a credit card issuer. Ironically, this is the only proper most anti-leverage folks (like myself, and presumably Mr. Den) envision debt having in an economy.
On the third, who cares? The currency is infinitely divisible, so losing units shouldn't matter, and is only a cost to whoever didn't keep his wallet key safe, and a profit to everyone else. The implied (and in Den's case explicitly stated) argument that bitcoin is a pyramid scheme is a useless one as well. Of course it is a "pyramid scheme"; how else would you propose to incentivize early adopters to either mine or exchange their current holdings for bitcoins? It may not look like it now because bitcoin (it appears) is taking off, but early adopters took large risks in both expending time, effort and energy mining the first (worthless) coins, and exchanging valuable dollars for (potentially valueless) BTC; they would have lost 100% of their investments had BTC failed.
Bitcoin is no money
The cryptographic quality is a secondary question in this context.
As the name suggests, bitcoin is a coin, not money.
Subtile difference: a coin is something backed by an authority, which asserts a cap.
In bitcoin the authority is distribute in the block chain, the cap in the software.
But coins are a kind of pyramide selling, due to the cap.
Money is different. It's derived from a chain of liabilities backed by valuable assets owned by the debitors.
Since everyone may create valuables, there is no cap.
The value however is only assessed during transfer.
Slightly simplified: Money starts out with a bill of exchange. In several steps the bill is evaluated and accepted by a human based on the reputation seen by the drawee in the debtor. All accepting members in the chain are liable in case of default. Last to first.
Once there are several (at least two) persons liable for a single payment, there is more reputation/trust than value in the bill. Hence it can be used (after applying a discount based on statistics on default) to back the issuing of banknotes. Thereby cutting the chain short to free the receivers from the burden to assess the reputation of the debtor when receiving payment.
((Note that some experts believe that stock options and other derivatives may be used instead of bills of exchange. Others see this as the reason of monetary systems to fail. I'm not an expert. Dunno.))
Bitcoins do satisfy one of the more core aspects of money as a medium of exchange, and the whole drug market thing shows this has been adopted. One person had cash, the other has drugs. They don't want to exchange cash for drugs, so they mutually agree on a trusted medium of exchange: Bitcoins. The person who received the bitcoins can then exchange those coins with another person who has something the dealer wants. It's eggs and wheat all over again.
We come here for informed crypto comments. But let me quote Autolykos:
"The crypto side looks fine (unless SHA256 gets broken, which is unlikely in the near future)."
This misses the point, which is that at some date in the future, SHA256 will be broken. The important questions are, "How long will it before SHA256 is broken?" and "What will happen to Bitcoin then?".
Nobody has even addressed these questions, let alone answered them.
@ Nick J
"This misses the point, which is that at some date in the future, SHA256 will be broken. The important questions are, "How long will it before SHA256 is broken?" and "What will happen to Bitcoin then?".
Nobody has even addressed these questions, let alone answered them."
We don't know that. There are a few crypto primitives that got plenty of attention and are still unbroken. IDEA, Blowfish, Whirlpool and RIPEMD-160 have remained safe for a long time. Hash functions are more at risk of new attack discoveries due to cryptographers having less experience with them. Yet, they're still unbroken and SHA-256 might outlast the Bitcoin craze.
That said, I definitely agree that someone should address this issue so there's a backup plan. That people aren't talking about it is unwise. I would have used several cryptoprimitives together. One shouldn't put their eggs in one basket.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.