This makes me think of another thing I was wondering about -- can some entity that doesn't like having Bitcoin around for whatever reason, DDoS it by filling it with meaningless transactions.
Maybe just setting up 100 addresses and constantly transferring small payments between them, filling the transaction history with garbage. Is that possible, and is there any protection against that?
Transaction prioritization[1] and transaction fees already rate limit stuff like that, and patches to the clients used by major mining pools may be able to fix it permanently.
In general, let's say a govt agency get assigned an $18.5m budget to break the Bitcoin currency as much possible, what could their plan of attack be, i.e. spend that money in the most efficient way possible? Create a large ring of wallets and send tiny payment around the ring? Create less wallets but send large payments between them?
Tiny payments. A transaction of 5000 bitcoins and a transaction of 0.0001 bitcoins are the same size. The size is based on the number of transaction inputs, and the number of transaction outputs.
I think they either moved to off-chain transactions or will move shortly. I haven't heard much of Satosh Dice though, wonder if it's still as "important" as it once was.
There is absolutely no proof that one-way functions exist: therefore this is not a 'proof' of existence of files at a certain date.* It is just a strong indication of it.
* that is, at some future date (or secretly, today) an algorithm could be discovered breaking the one-way function used to generate these hashes. Then a collision could be found, perhaps with chosen-prefix. Meaning an arbitrary file could be suffixed so that it looks as though that is what was hashed today. In the past, many hash algorithms thought to be strong were weakened in this way.
Adding lots of data to the transaction logs is one easy DDoS. Do so many transactions that the logs get to be larger than fit on most systems. With multiple Gigs of data already required, if someone was evil they could up the volume and keep people out of the game by making sure that that there were over a terabyte of transaction logs. Most machines won't have that kind of storage and would "fall off" the network.
Patient0 mentioned before I got to post this, the other attack I know would work. Destroying tokens. But it is a bit more complex than he mentions, but you can actually generate ECDSA key's that will work for one transaction, and then never again. A one time spend token that then self destructs for the person you paid.
I haven't been able to build anything that would work for two transactions. Which would be the most useful since you'd have a delayed "poison coin" but I don't see any reason it isn't computationally possible.
Bitcoin doesn't work by passing tokens around to represent the value. In a Bitcoin spend the value is simply added to the wallet/address's balance. Any further spend is deducted from the wallets balance.
The "coin" is not a single token that lives on and is broken apart to be spent, so there's no way a coin could self destruct after being transferred.
I understand fractional coins. I was over simplifying for brevity. I'll give you a hint. You have to move the coins between two wallets you own before you create a coin that will "break" when it goes in to the third's wallet. The Third wallet accepts a coin that no one will take afterwards. The coin becomes undependable.
Technical differences aside, proofofexistence.com predates the Cornell team's blogpost by a couple of months.[2]
I am not surprised that the Cornell team did not cite the bitcointalk forum post (given the recent frenzy of their Selfish Mining paper, where they neglected to cite a fairly closely related forum post from two years earlier). However, a published paper, CommitCoin,[1] predates both of these by about a year.
I don't believe there is any meaningful technical difference among these.
[1] Clark, Jeremy, and Aleksander Essex. "CommitCoin: Carbon dating commitments with bitcoin." Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2012. 390-398.
Timestamping services are not novel and date way back before 2012. The earliest work I know of is from AT&T back in the 80's, where they proposed to publish the hash in the NYT. The idea was so well established that there is even an RFC [1] from 2001. And by the way, virtual-notary.org was online for several months or perhaps even a year before the blog post.
But the important differences are actually technical. Virtual Notary is a much more general service, offering to attest to any kind of online factoid. Let's elevate the discussion here -- it doesn't matter who was there first (because the AT&T folks were there two decades before both services), what matters is who offers the most useful service [3].
As for the previous work on selfish mining, see here [2].
Virtual Notary offers a superset of the document verification service offered by proofofexistence.com.
It's best to think of Virtual Notary as a impartial online witness to factoids that can be checked online. Besides documents, it can attest to the content of web pages, tweets, weather conditions, stock prices, exchange rates, employment status (for those institutions where we know how to check employment status), house features and prices, etc.
It can also issue official, certified random numbers.
Virtual Notary also allows the users to download an independently-verifiable X509 certificate of attestation.
"This is why the bitcoins sent in this special transaction are unspendable, as the addresses are being generated from the document's hash fragments instead of from a private ECDSA key."
I hadn't realised before that this means that you can provably "destroy" bitcoins. That is, you can "prove" that a certain bitcoin amount will never be spent again by anyone including yourself...
Yeah, the fact that bitcoins can be permanently destroyed is a little bit worrying, one of BTC's benefits is it's cap. What's the economical consequences of these coins being destroyed?
Nothing. Since BTC is deflationary by design you just increase it a little bit. Since modern economics really dislikes deflation at any rate it does not matter how much deflationary it is.
Increased value for the existing coins I would assume.
There are plenty of cases of people "losing" or effectively destroying large amounts of bitcoins.
BTC is designed to support smaller and smaller portions of a coin to handle the scarcity iirc.
Are you trolling? What the actual fuck are people thinking when they post comments like this? Disregarding that you can spend small fractions of bitcoins, what happens when you lose a dollar bill? inb4 "Oh don't worry about it because the bank just makes money out of thin air"
It's not hard to create a new coin as well. For example Litecoins are divisible a hundred more times than Bitcoins with a cap four times larger. If we need more, make more.
You can burn fiat cash, and fire gold bars into space. What are the consequences of those actions? Other coins are presumably worth more because there are now fewer of them.
I would think in a 'tulip bulb' bubble supply is not entirely the important variable. Growing demand would be the driving force behind valuation. Losing a few coins would matter not at all. Maybe even a lot of coins.
Sure, you can just print more cash. With gold bars the gold would become (I assume) more valuable. But at what point does it seesaw and there isn't enough of it to be of any value? I guess with BTC there are satoshi's.
To spend coins from given address, you need its corresponding private key. They can demonstrate that, the way they generate these addresses, they can't know the private keys. Or possibly matching private keys might not exist at all. In that case, as an analogy, think of unix account with disabled password, the password hash in /etc/shadow is "!". There is no password which has a hash "!". So effectively it is impossible to log in with password.
There are still some Bitcoin Faucets open, such as FreeCoins[1]. They give out almost nothing, but it's enough to make transactions just for the registration, and you don't need to provide any information.
