Cryptocurrency and the Blockchain: What is This Stuff?

By Shamus Posted Tuesday Mar 6, 2018

Filed under: Column 147 comments

Lots of people are curious about Bitcoin and cryptocurrency these days. This is particularly true among PC gamers. Not only is cryptocurrency making headlines, it’s also screwing up the graphics card market. Which naturally leads people to asking questions like, “What is this stuff?”

I am not remotely an expert and I’ve never had a reason to use Bitcoin, but I understand a little bit of the underlying technology and I think I can help explain it to people.

Essentially, a bunch of math nerds have invented a new form of money and the world is curious what’s going to happen next. We’ve never had “money” that worked like this before. It’s not tied to a specific paper currency. It’s not guaranteed by a bank. It’s not issued by a government. It’s not backed by precious metals. Instead the currency is governed by a few simple rules and guaranteed by math. This creates a lot of interesting questions regarding economics, trust, law, and existing financial regulations.

But we’re not here to have those debates. We’re here to try and understand what this system is and how it’s possible to have a secure currency with no centralized power. Do note that every level of simplification is bound to bruise the truth a little. What I’m going to give is a very rudimentary overview and many, many details have been left out. This will not make you an expert, but I hope I can at least help you understand a couple of basic questions like:

  1. How does cryptocurrency work?
  2. What is this “block chain” thing people keep talking about?

Cryptocurrency is built using two key technologies: asymmetrical cryptography, and hash functions. Those terms might sound complex and scary, but anyone can grasp them. So before we explain cryptocurrency and the blockchain, let’s explain these two technologies.

Asymmetrical Cryptography

Asymmetrical cryptography requires two keys to work. But not these kinds of keys.
Asymmetrical cryptography requires two keys to work. But not these kinds of keys.

You’re probably familiar with symmetrical cryptography. You’ve probably even used it. If you’ve ever accessed a password-protected ZIP file then you’ve got the basic idea. A password is used to scramble a file, and you can only unscramble by using the password. This scrambling of data to make it unreadable is called “cryptography”. This stuff with passwords is “symmetrical” because you use the same password to encrypt (scramble) the data as you do to decrypt it.

An asymmetrical system is one where you actually have two passwords: A and B. If you use A to encrypt, you need B to decrypt. If you encrypt with B, then you’ll need A to decrypt.
Actually, A and B aren’t really “passwords” in the classic sense. They’re numbers. Typically, they’re numbers that might be a hundred digits long. I can barely follow the mathematics involved and I don’t feel safe trying to explain them, but if you’d like to know more then this 8-minute video gives a pretty good overview.

A and B are usually called a key pair. You find yourself two very large prime numbers at random and use them to make your key pair. One of them you share openly with anyone that might want to communicate with you, and the other is kept secret. These are called your public key and your private key. This allows us to do two things:

One, my friend can encrypt a message with my public key. Remember, if you encrypt with one key then you can only decrypt with the other. Since I’m the only person with access to my private key, my friend can feel confident that I’m the only person in the world that can open it. This gives us incredibly strong security.

But we can also do something else: I can encrypt a message with my private key and send it to you. If you can open it with my public key then you can feel 100% confident that the message came from me and not from someone pretending to be me. This gives us incredibly strong authentication.

(If you want to get really fancy then we can combine these techniques. If you want to send me a message you can encrypt it with my public key, and then encrypt it again with your private key. This means you can know for sure that I’m the only one who can open it, and when I do I can be sure you’re the one who sent it.)

Asymmetrical cryptography is used in a lot of different places, not just in internet funnymoney. Speaking of which, there’s one more technology we need to understand to make sense of this Bitcoin stuff:

Hash Functions

Information in, garbage out. I don't see what the big deal is. A lot of my programs end up doing this by accident.
Information in, garbage out. I don't see what the big deal is. A lot of my programs end up doing this by accident.

Above we talked about cryptographic functions, which are designed to scramble some information so that it can be unscrambled later by someone with the right key. For contrast, a hash function is designed to scramble things without hope of recovery.

Let’s say I rolled a handful of dice and added up the rolls to get a total of 28. Based on that number, you can’t reverse the process to know what numbers I added up. No matter how carefully you study that 28, you’ll never be able to determine how many dice were rolled, how many faces they had, or what numbers I got. In a case this simple you could come up with lots of plausible theories, but you’d never be able to prove any of them. This adding up of values is a fundamentally one-way function and information is irrevocably lost in the process.
The above example wouldn’t be particularly useful in computer science, but a more complex hash can be used to make a system secure almost to the point of invincibility.

The hash we’re talking about in this case is a hash function called SHA256. It takes input and outputs 256 bits of complete noise. The input can be anything you like: A password, a list of numbers, or the text of an entire novel. Doesn’t matter. The input can be short or immense. What matters is that the process is entirely one-way and always outputs noise of the same length.

If you want to see it in action, you can try a web-based version of SHA256 here. Just type in some random input, hit the button, and look at the gibberish it spits out. For example, if you type “Shamus Young” into it, you’ll get the following:

e671c469c4e2c73c0499dfe74c4792fd3438d6ffe8371ea26dd70ea14bd54bf3

This is a hexadecimal representation of the result. You could also express it in binary, but then you’d wind up looking at a half-page of random 1’s and 0’s, which isn’t very interesting. The trick here is that you’ll always get this same result from the same input.

Now look at what you get if you enter “Zhamus Young”:

849a3f601e417a6bc2d2f5555778529b575831db1af8231574d1663e291a94c6

I made a very slight change to the input, and the entire result changed. Most importantly, there’s no way you could determine what input I used to get this result. You can look at that big string of gibberish all day and you won’t have any way to reverse the process and discover my secret input of “Zhamus Young”. You won’t even know if the input was a couple of short words or several paragraphs. If you saw that string of gibberish you wouldn’t have any way to figure out what the input was other than simply brute-force trying every possible combination of words, sentences, numbers, and paragraphs.

How secure is this? Well, this video explains that even if we had a network of supercomputers that spanned 4 billion galaxies, and even if we let them run for 500 billion years, we’d still only have a 1 in 4 billion chance at finding the input by brute force.

Okay, that’s enough about the technology. Let’s talk about…

How Cryptocurrency Works

Bonus fact: You can't lose bitcoins in your couch cushions.
Bonus fact: You can't lose bitcoins in your couch cushions.

There’s no central bank or government running this thing, so instead cryptobux like Bitcoin use a distributed system. Think of it like a ledger of transactions, like so:

1. Gordon pays $50 to Alyx.
2. Alyx pays $10 to Eli.
3. Isaac pays $10 to Eli.
4. Wallace pays $100 to Judith.

You can look at the history of transactions and see how much money each person has at any given time. As two people do a trade, the payer broadcasts their payment to the other people using the system. When the payee sees the transaction show up in the public ledger, they know they’ve been paid and they can give the payer the goods or services they paid for. (Or whatever they’re doing.)

So what’s to stop Wallace from broadcasting a bunch of bogus transactions saying that everyone else gives him all the money? Well, the payer must digitally sign each transaction. Remember earlier I said that asymmetrical cryptography allows us to verify identities.

Gordon can take the line, “1. Gordon pays $50 to Alyx.” and encrypt it with his private key. This encrypted message can then be the signature for the transaction. Anyone else can decrypt this signature using Gordon’s public key. When they do, they’ll see the contents of the signature “1. Gordon pays $50 to Alyx.” exactly matches the transaction, “1. Gordon pays $50 to Alyx.”, so this signature belongs to this transaction. And since they opened the signature using Gordon’s public key, they know he created this signature. So there’s no way for Wallace to create bogus transactions.

However, the other trick Wallace could pull is trying to tamper with the ledger by removing legitimate transactions. Maybe Wallace paid $50 to Gordon in exchange for Gordon’s lucky red crowbar. Now that Wallace has the crowbar, he wants to try to spoof the system by leaving his payment out of the ledger so he gets to keep his money.

This finally brings us to…

The Blockchain

The blockchain ledger doesn't use real names like in my examples, so the system is both (probably) secure and (theoretically) anonymous.
The blockchain ledger doesn't use real names like in my examples, so the system is both (probably) secure and (theoretically) anonymous.

Ledger entries are grouped. These groups are called “blocks”. I guess you can think of a block like a single page of the ledger, but each block has a few thousand transactions and I’m not sure how far you want to stretch this metaphor.

Sure, Wallace is a participant in the system and maybe he wants to set up some tricky hack to propagate bogus blocks. Maybe he’s made a lot of poor purchasing decisions and now he’s looking to erase those transactions after the fact. Since the whole system is distributed, doesn’t that mean anyone can add new “pages” to the ledger? (That is, a new block to the chain.) Some people are saying Wallace spent a bunch of money. But Wallace, having erased his transactions after getting his goods, is offering a block that shows he spent nothing. How does the system tell a correct block from a bogus one? This is the internet. Anyone can be lying about anything at any time. Even if we added some sort of “voting” feature and let the crowd vote on what was legit and what isn’t, there would be nothing to stop Wallace from making hundreds of bogus sock puppet accounts that would all support his version of events. How can we possibly verify anything in this world of anonymous participation?

To do this, we use proof-of-work.

Proof of Work

I have no data on the exchange rate between Memebux and cheevos.
I have no data on the exchange rate between Memebux and cheevos.

Some people on the system have taken it upon themselves to certify blocks as legit. I’ll tell you what these people are called in a couple of paragraphs, but for now just think of them as accountants. The important thing is that in order to certify a block of transactions as legit, you have to do some computational work. Someone looking to certify a block will listen for all the transactions being broadcast by the people using the system. They can take these entries, check the signatures, and bundle the transactions to make a block. Once they have all the data gathered up and checked, they run the whole thing through SHA256.

Let’s say we’ve got a couple thousand entries.

1. Gordon pays $50 to Alyx.
2. Alyx pays $10 to Eli.
3. Isaac pays $10 to Eli.
4. Wallace pays $100 to Judith.
- much later...
1999. Wallace pays $100 to Metro.
2000. Judith pays $45 to Eli.

As I said above, you can shove any old data into SHA256 and get a string of gibberish back. Let’s say the person certifying a particular block runs it through SHA256 and gets out a string like this:

50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c

The thing is, for a block to be validated the SHA256 value for the block must have an unusual property. It must begin with a whole bunch of zeroes.

00000000000074225559f647571c15a4e4cbf13e9494e89cb556d71b5c7ec515

Note the start of the string. Since there’s no way to control or predict what the output of SHA256 will be, there’s no quick way to find something like this. The person trying to certify the block can just append a single random number to the end of the block and run it through SHA256 again. When that doesn’t work, they can try a different random number. The system is set up so that this is basically a lottery. Somewhere out there is a number that you can stick on the end of this ledger block that will cause the whole thing to yield a SHA256 hash that starts with a lot of zeroes. This number is called a “nonce”.

Once someone has a winning value, they finalize the block and broadcast it to everyone else. The other people trying to certify the block can check the work and see that the block is indeed valid. The signatures check out, the math checks out, and the nonce does indeed yield a SHA256 value with a bunch of zeroes. So this new block gets added to the chain, and the lottery for the next block begins.

Whoever wins this lottery – whoever finds the nonce – is allowed to add a special transaction to the start of the block, granting themselves a modestThese days, it’s not at all modest. Bitcoin is worth so much now that it really is like winning a lottery. finders fee.

Now I’ll tell you what these people doing block certification are called: They’re called Bitcoin Miners.

Yes, that’s what a “Bitcoin Miner” is. The name makes it sound like they’re somehow mining for virtual money with a pickaxe, but what they’re really doing is using their computing resources to help certify blocks, and getting paid for their trouble. The money incentive is there so lots of people will participate. Having lots of people playing the lottery makes things even harder for the…

Cheaters!

I mourn the loss of cheat codes in modern games. I do not mourn the loss of brick-shaped controllers. Ow.
I mourn the loss of cheat codes in modern games. I do not mourn the loss of brick-shaped controllers. Ow.

So let’s get back to Wallace, who is trying to certify a bogus block where he didn’t pay anyone anything. First, he needs to find a nonce to certify his bogus ledger. He’s the only one working on this bogus block, so he has to find it all by himself. And he needs to find it fast. It won’t do him any good if his Bitcoin-mining setup certifies the block three days from now. By then the world will have moved on. The real block – the one with the transactions he’s trying to erase – will have long since been accepted.

But it could happen! Maybe Wallace gets lucky and somehow finds a nonce for his bogus block before the other thousands of Bitcoin miners find a nonce for the real one. The trick is that he’s not done. That magic lottery number? The nonce? That number gets put at the start of the next block in the chain. In this way, each block is connected to the one before, and the one that follows. Thus forming a chain of them. Hence, “Blockchain”. So basically Wallace is working as a Bitcoin miner, except he’s certifying his bogus block instead of the legit block everyone else is seeing.

However, since the blocks are in a chain, changing THIS block means it will also change the NEXT one, and the one after that, and after that, and so on. Wallace has to certify this bogus block, and then the next block in the chain will require him to win another SHA256 lottery, and so on. Even if he just wants to erase a single transaction, it will put him on the hook, forcing him to forge new blocks to the end of time. These latter blocks might be totally legitimate, but they’ll be descendants of his one bogus block and thus require different SHA256 solutions.

If you watched American sitcoms in the 80s then I’m sure you saw an episode where a character tells a single lie at the start. But then later someone calls them out on it and they have to tell another lie to support the first one, then a third lie to cover for the second, and so on. “Hilarity” ensues. This is the same deal. If you want to offer a fraudulent block to the system, then you need to maintain that fraud with a never-ending chain of blocks.

Note that people can't TELL these blocks are bogus just by looking at them. (Assuming the signatures are good and the math checks out, I mean.)
Note that people can't TELL these blocks are bogus just by looking at them. (Assuming the signatures are good and the math checks out, I mean.)

People using the system will see Miner #2,954 is offering one block, while Wallace is offering another one. How do they know which one of them is telling the truth? Who has the real block? From the perspective of the rest of the system, it looks like the blockchain has “forked” and there are two possible records for everyone’s transaction history. From the perspective of other people on the system, you can’t immediately know which fork to trust. Maybe Wallace is trying to erase transactions so he can keep his money, but maybe someone else is trying to add transactions that never took place to steal his moneyIgnoring the problem of how they could possibly forge his signature.. Who do we trust?

But unless Wallace has over half the computing power of all bitcoin miners, he’ll never be able to keep up. Everyone else on the system – thousands and thousands of bitcoin miners with tens of thousands of workhorse mining computers – will build on the legit blocks much faster than poor Wallace can certify blocks on his aberrant branch of the chain. The system is designed to trust whichever blockchain is the longest, and there’s no way Wallace can outpace everyone else on the system. Sooner or later (probably very soon) the system will leave his sad attempt at fraud behind. Everyone else on the system will agree that Wallace spent that money and that he doesn’t have it anymore.

Cryptocurrency is a complex technology. Much of this explanation is a watered-down version of the already simplified explanation given by 3Blue1Brown. If you’re looking for a bit more detail but you’re not ready to do a deep dive on the mathematical theory behind all of this, then his video is the next step up in sophistication.

So that’s what I can tell you about bitcoin. Next week we’ll talk about why it matters for PC gaming.

 

Footnotes:

[1] These days, it’s not at all modest. Bitcoin is worth so much now that it really is like winning a lottery.

[2] Ignoring the problem of how they could possibly forge his signature.



From The Archives:
 

147 thoughts on “Cryptocurrency and the Blockchain: What is This Stuff?

  1. Daemian Lucifer says:

    Whole thing on the front page,boss.

    1. Echo Tango says:

      You cheated – your post wasn’t visible above the on-topic comment below! I call ninja shenanigans!

  2. Olivier FAURE says:

    Wait, I was with you until the fake-proofery thing.

    Why is it easier for people to build on the authentic blockchain than on Wallace the Cheater’s bogus blockchain? You’re saying that Wallace has to win the lottery to certify the next bogus block, but couldn’t a random miner win the lottery by appending authentic transactions to what they think is the new blockchain?

    (nice explanation, by the way)

    1. Redingold says:

      The blocks are added roughly every 20 minutes on average, so to add a bogus block, you’d need to find a solution within that 20 minutes. This is enforced by increasing the number of 0s required at the start of the hash as more people join the network, so the problem gets harder as more people join, which means on average the 20 minute figure is maintained. If it takes you an hour to come up with your bogus block, then the chain already has 3 other blocks on it. You can still act like your new block is the legit one, but since the convention is to take the longest chain as the legitimate one, your branch won’t be accepted by anyone else.

      So you can in principle add a bogus block, but only if you’re lucky enough to find a solution for your bogus block before anyone else on the network finds a solution for the correct block. This is phenomenally unlikely unless you have as much computing power as everyone else on the network combined.

      1. Parkenf says:

        Thanks but this restates what’s above without addressing what’s missing.

        The explanation that the real block chain moves faster explains why Wallace can’t cheat with his bad block – even if he gets lucky once.

        What’s missing is, if he does get lucky once, why doesn’t everyone then pick up Wallace’s block? He found a nonce, he publishes the bogus block, he publishes his nonce, everyone starts the next block with that? Why is everyone else starting the next block with the “correct” nonce and not Wallace’s?

        1. Leonardo Herrera says:

          Because “luck” is a bad choice of word for “probability.” Here the probability is, for all practical purposes, zero.

          The main weakness of a network is when one actor controls more than half the network. This has happened.

          1. Parkenf says:

            That section of the post is defunct then. If the control is that Wallace can’t succeed fast enough – and there is no effective control if he (or his cabal) defraud the block, then the block remains defrauded – then it should say so rather than talking about chain length.

            1. Decius says:

              The other part is that the only proof the recipient ever has that they were paid happens when the block is certified.

              1. Olivier FAURE says:

                Yeah, I watched another video on bitcoin and that seems to be the main answer to my original question.

                If I’m understanding this correctly, you can not include your transaction in the blockchain and tell someone you did, just like you can not send someone a money transfer and send them fake bank papers to pretend you did, but the other person can easily access non-fakeable information that proves that the transaction happened / didn’t happen (in that case, that the transaction is in a chain with enough “mined” blocks after the transaction that there has to be a non-Wallace-The-Cheater community building that chain).

        2. Adeon says:

          Because all of the legitimate miners will know that it’s incorrect. This is where the proof of work part comes in.

          The important part here is that every miner in the system has the dataset that SHOULD be in the block (after all they’re using that dataset to try and find the nonce). So let’s say Wallace does manage to find the nonce for his fake block and publishes it. Now any legitimate miner can test this. They can take the data set for the block that they have, combine it with his nonce and hash it. Since they have a different data set from Wallace his nonce won’t work for them and they’ll know that he’s lying.

          So yes, you can temporarily have two competing “legitimate” blocks but any miner can easily validate both of them, find which one is correct, and use that for the next block that they work on. It’s difficult for a non-miner to know which blockchain is legitimate but a miner can find out very easily and so after a few cycles the fake chain will fall behind due to more miners working on the legitimate one.

        3. Shamus says:

          All miners are listening for transactions on the network. (I don’t actually know how this bit works.)

          Let’s say there are five transactions in this block: A, B, C, D, and E. Wallace certifies a block that leaves out transaction C.

          The other miners on the network see that transaction C is still missing. They heard about it, on this peer-to-peer network (I assume?) and see it as an available transaction to include in the next block. So now Wallace has to certify the NEXT block to make sure that transaction C isn’t included AGAIN. (And again, and again.)

          1. Wolf says:

            Miners are connected to a group of peers given during initilization of the mining node by querying a trusted source (this is a trust issue I will ignore) and maintained by querying the peers for their peers or by others connecting to you.
            These are the people you will send new blocks to and who you will query for new blocks. You will become aware of a fork if two people in this peer group send you different but valid blockchains. If these are of differing length you will accept the longer one as truth and send this one to you peer group.

            Saying that Wallace would have to maintain his chain indefinitely is incorrect.
            To prevent the real transaction A, the one that he wants to get rid of, frombeing added to later blocks in his chain he can make it invalid. To do this he includes a transaction B in the “fake” block he tries to create. This transaction B uses the money transaction A would have used, but gives it to Wallace himself. In Blockchains a piece of “money” is always uniquely defined so you can not spend the same money twice. Spending money gives the receiver new unique money that is not the same as the old money you gave him.

            If Wallace succesfully creates a “fake” block with such a transaction B, giving his money that should have been used for transaction A, and creates a second block following his fake block.
            AND if he does all this before his peer group has heard of a blockchain with the real block plus a new block on top of that.
            Then his peer group will accept Wallaces blockchain with the “fake” block (since it is longest and valid) and will continue mining for this blockchain, in fact helping Wallace spread it accross the world. None of them will add transaction A to any of their blocks since it is in conflict with transaction B (they both spend the same money). Once he has reached more than half the miners with his blockchain version his fork will likely succeed and he will have undone transaction A.

            This is not only unlikely to happen given the processing power Wallace has to compete against to create a longer chain at any point in time to convince his peer group that he is right. It is also monumentally expensive to do AND risks the integrity of the very currency Wallace has just invested so much to get more of. Since Wallace is not a “evil for the sake of being evil” kind of guy game theory says he and most people would rather cooperate with the real blockchain.

            1. Abnaxis says:

              The whole idea behind block chains is that they shouldn’t rely on individual moral compasses and the prevalence of level heads for security, yes?

              Isn’t it easier to just transmit Transaction B and hope the miners pick it up first, instead of trying to forge it? For that matter, if I understand correctly there’s some priority to which transactions get bundled into a block, with preference given to transactions that have a fee attached for the miner? So Wallace could sweeten the pot for whoever helped him with his fraud. Also, if the system works the way you describe what stops someone from flooding the system with fake transactions that have to be sorted through?

              All of this is beside the point that whatever vendor is providing services for bitcoins really should be waiting for the block with the real transaction to be validated before they deliver, right?

              1. Wolf says:

                Correct.

                In the real world a vendor will wait for the transaction to be burried some levels deep in the blockchain before cashing out your purchase.

                By this I mean they will wait for the transaction to be part of a valid block on the chain and then wait longer until that block is followed by some amount of other blocks on the accepted chain (all of these would have to be faked by a fraudster).
                The number of blocks you wait if you want to be safe is determined by the value of the transaction vs an estimate of the cost of single handedly calculating that amount of blocks.

      2. newplan says:

        10 minutes – not 20.

  3. WarlockOfOz says:

    Gotta get me some e-tulips.
    (Blockchain is a technology with immense potential. Any of the various currencies? Not so much.)

    1. Echo Tango says:

      If you’re only talking about proof-of-work crypto-currencies, then I’d agree with you. These systems don’t scale well, and are already having problems keeping up with the number of transactions taking place, while still not being used by the populace at large. However, researchers are trying to fix this scaling problem, and one avenue of research is proof-of-stake algorithms. Instead of burning energy doing computations, you temporarily lock your money while you do the ledger-checking, as proof that you’re going to actually do it properly.[1] Distributed cryptographic currencies might not work out, but I think it’s still a bit early to write them off completely.

      [1] I’m no expert, and this is a large simplification. Here’s a video which explains this reasonably well, and the article that linked it.

      1. John says:

        Until the issue of scaling is solved, crypto-currencies will never be a good substitute for the non-crypto kind. Imagine if Starbucks started accepting Bitcoin. The sheer number of transactions would break the system.

        1. Echo Tango says:

          That’s correct, but sort of obvious. It’s basically like saying, “Until these automobiles are safe, fast, and easy to operate, they’ll never replace horses!” At some point cars stopped being novelties and were widely used. Crypto currencies are still in research / experimental, and aren’t totally useful to the populace at large.

          1. Hector says:

            [Deleted by user. Overly long-winded comparison of crypto to mopeds.]

  4. PPX14 says:

    It’s so disappointing that consumer demand (for cryptocurrency or whatever else) can have such an effect on graphics card prices. It must be happening at some higher level than the retail level? Surely the retailers don’t just jack up the prices?

    I remember considering a 1080ti for £650 about a year ago. Now they’re £800+. At least nVidia hasn’t changed its prices! Somehow in fact their Star Wars Titan Xp is cheaper than previously, by comparison at £999 it suddenly seem like an actual option! (No, I’m going to stick with my 970 until most of the games I play aren’t from the 1995-2010)

    1. BlueHorus says:

      Firstly, why would retailers NOT jack up their prices in this environment?
      An old rule of thumb in capitalism: the best price for a product is the highest you can get away with. (If you’re the seller; of course if you’re the buyer, then it’s the lowest).
      If buyers are willing to pay the higher price…

      Second, demand has increased but supply hasn’t – necessarily – thus prices go up. Sure, companies like Nvidia or ATI could make more graphics cards – or retailers could buy more (probably are) – but that would push prices back down. And cost more on their part.
      As it stands they’re making more money than usual, thanks to outside forces.

      1. Adeon says:

        Also don’t forget supply limitations. Nvidia uses TSMC (a Taiwan based chip foundry) and Samsung to make their GPUs. While both companies have very large fabs there’s a limit to how many wafers they can run for Nvidia given that they both also run a lot of other products (TSMC does a lot of work for pretty much everyone, Samsung has their own products).

        So Nvidia may not be able to easily ramp up production (bringing on a new foundry partner is a long and expensive process).

      2. PPX14 says:

        Yes, it’s just disappointing to see this happen rather than stock just run out at the standard price (as I’m used to (at least the illusion of) in most of my retail purchases). Typically there is sufficient competition to prevent drastic price increases like that – this implies implicit oligopoly / cartel-like behaviour from the graphics card retailers, like Scan.co.uk, despite their having a dedicated and relatively niche customer-base. The product, despite being sold at the shop-front, is behaving more like a stock or commodity based on immediate demand – which is why I wondered if the prices were being raised at a higher level in the supply chain and that was being passed down to the retail level (like if there were a wheat shortage and wholesale prices went up). Maybe the answer to that was ‘obviously, yes!’ :D Or maybe I also expect too much of the retailers.

    2. Agammamon says:

      1. The retailers absolutely jack up the prices on their own – why wouldn’t they? Supply and demand. Demand has gone through the roof, supply can’t be increased fast enough, therefore – with more people chasing a limited amount of a good – prices increase until demand drops back down to meet supply while ensuring that the goods go to the people who most value them (because the people who value them less won’t pay these prices).

      2. Manufacturers are seeing the massive profit margins that retailers are making (well, relative to the past – retail profit margins are still slim) so they’re now selling to the retailers at higher prices trying to capture that profit themselves. This is good as it provides an incentive for manufacturers to increase supply (which they wouldn’t have if they were still only making as much as they were before).

  5. Redingold says:

    I just wanna say, that’s not how asymmetric cryptography works, exactly. Your large prime numbers are not the keys themselves, but rather are used to generate the keys with a bit of maths.

    For completeness, here’s how it actually works:

    Take two large primes, p and q. Call their product n.
    Compute the Carmichael totient function of n, L(n).
    Choose a random integer e that is coprime to L(n).
    Find a number d such that e * d = 1 mod (L(n)), where mod indicates modular arithmetic.

    e and n form your public key and d is your private key.

    Then, if someone wants to encrypt a message for you, they take their message m and compute c = m^e mod n, which they send to you. You then compute c^d mod n, which the maths ensures is equal to m.

    The thing that makes it secure is that it is extremely difficult to work out L(n) if you don’t know what the factors of n are, and it’s extremely difficult to work out the factors of n.

    Edit: it’s convention to use lambda to refer to the Carmichael totient function but apparently your website can’t display that character so I’m using L instead.

    1. Echo Tango says:

      You are technically correct; That’s not how public key crypto works. Note however, that Shamus was explicit in saying that he was making a simplification. The high-level concept, that there’s a public and private key for each person, and complicated math that makes it secure, is still completely correct for all intents and purposes.

      1. Leonardo Herrera says:

        Yeah, it helps to understands the general, but it’s still misleading – keys are just big numbers. Not primes, but big numbers. Or, somewhat long sequences of bits.

        Of course primes play a big role, because prime factorization is expensive as heck.

    2. RJT says:

      Redingold is correct. Your prime numbers are actually not made public (they are trade secrets). Instead, you issue keys and make public a huge number that has only huge prime numbers in its factorization, and the probability is effectively zero that anyone will figure out how to factor it. There is no currently no speedy algorithm for factoring numbers*, and the creation of one would break this type of encryption.

      *There are eternal rumors in math that NSA mathematicians have one. They are the largest non-academic employer of pure mathematicians in the US, but all the math they produce is, sadly, classified.

      1. AndrewCC says:

        Those rumors about NSA’s secret math are like Shamus’s example about trying to fake the blockchain. The NSA would need to employ >50% of the world’s mathematician to be able to, on average, keep ahead of the curve with mathematical theory. Sure they might have lucked out on a method but it will not take long until it’s public thanks to the overwhelming number of public math research.

  6. Dustin says:

    Is there anything to stop a large enough group of people from coordinating to game the system?

    Say you only had 100 miners certifying blocks. Miner 12 goes out and recruits 50 of his fellow miners with promises of riches and glory beyond their wildest dreams. They agree and then he certifies a forged block that says everyone else sends their money to miner 12. Since he has a majority of all the miners working for him, it’s possible his group can certify faster than the legit independent miners. They begin certifying blocks saying miner 12 pays them their cut for helping him.

    If he could get enough blocks added to his chain, would the system automatically accept that as the canonical ledger? Without a central authority to monitor stuff like that and call shenanigans, are there any other checks in place to stop this other than the scale of the system?

    1. Echo Tango says:

      The scale is pretty damn big, which is part of what makes it secure. There’s rumors that there’s groups in China which might be large enough to mess with the system, but that’s from my limited experience / Googling on the subject.

    2. WarlockOfOz says:

      No, there isn’t. Individual miners are unlikely to be an issue. Organisations of all types could be for a variety of motives including but not limited to malice, greed and incompetence.
      Overall my take on bitcoin (etc) aligns closely with that of Charles stross. Since he is a better writer than I am I’ll just link to one of his relevant posts:
      http://www.antipope.org/charlie/blog-static/2017/11/unforseen-consequences-and-tha.html

      1. MichaelG says:

        Heh! Billionaires, neo-nazis and global warming all in one rant. Charlie should turn it into a book.

    3. Stratoshred says:

      Your scenario here is effectively “A majority of people using the system are willing to ignore the rules”. Pretty much any system will fall apart under those conditions.

      1. Echo Tango says:

        ^ this.

    4. Steve C says:

      Is there anything to stop a large enough group of people from coordinating to game the system?

      Not in that way. But can one person manipulate the overall price of bitcoin? Yes.

      The total money supply in bitcoins is actually quite small. A single billionaire, government, investment bank, etc could pump & dump bitcoins relatively easily. It’s the reason why I didn’t buy any back when bitcoin was $30. I’m kind of kicking myself over that now. Except it’s still true. If some person, organization or institution with enough money decided they wanted to manipulate a crypto currency, they could. I still think it’s a real possibility as a form of backroom geo-political maneuver.

      A group did it with silver not too long ago. Silver! That’s actually difficult to pull off and illegal. Silver markets are regulated. Bitcoins are not regulated. If someone can do that with silver, it would a snap for them to do it with Bitcoins. And it wouldn’t be illegal.

      1. Alrenous says:

        However, due to a problem I once saw called the burying the corpse problem, to manipulate BTC requires someone to be sufficiently competent to accumulate and retain enough wealth to do so, but still stupid enough to think they can bury the corpse, or decide they want to blow a cool billion for lulz.

        To buy bitcoin from hodlers requires offering more than they think it’s worth – more than they would pay themselves. Thus, the manipulator can make BTC go up, and this will indeed give them a paper profit as the ones they buy earlier will be priced the same as the last one they buy. However, to realize this profit they need to find someone who will pay even more than they did. Without that, they have to sell back to the hodlers they first bought it from, who don’t think BTC is worth as much as it was bought for.

        1. Richard says:

          It’s far easier than that.

          The price people are willing to pay is significantly affected by rumours of future, uncertain events.

          If you successfully spread a rumour that some worrisome event will shortly happen*, the price drops a very long way.

          Then you buy a load at the cheaper price, the event doesn’t occur and the price goes back up.

          Profit!

          You can of course also spread rumours that some wonderful event is imminent, which doesn’t work as well because it’s human nature to overreact to bad news and underreact to good news.

          As there is very little liquidity (transactions between bitcoin and other currencies), it doesn’t require very many “panic” transactions to have a very large effect.

          * China’s going to ban them, a large bitcoin exchange is facing difficulties… The list is endless.

          1. Alrenous says:

            You don’t need large amounts of money to spread rumours.

            You do need to be able to see through bogus rumours to retain large amounts of money.

            1. Olivier FAURE says:

              Yeah, that.

              If becoming rich by spreading obviously false rumors were easy, everyone would do it. Efficient market hypothesis and all that.

    5. Agammamon says:

      Mainly the scale.

      You would need, as pointed out, (significantly) more than 50% of the computing power being directed at the blockchain to be able to spoof before a legitimate block is added and maintain your spoof – and your spoof needs to be maintained long enough that people forget about the orphaned forks. Potentially forever, probably for several weeks to months.

      And if you’ve got the money and planning capability to pull this off, you’re wasting your time here – you’re not going to make your money back and you’d be better served simply cracking one of the exchanges and stealing from them.

    6. stratigo says:

      There is not and this happens. The primary Bitcoin ‘farmers’ are Chinese based conglomerates that have warehouses worth of servers all mining bitcoins and they do their best to control the rate at which bitcoin is mined with some success

      But what is the real problem behind crypto currencies is that the exchanges lie and commit fraud to inflate the prices of crypto and make it seem like they are holding and transacting vastly more value than they actually are. It shocks me that people buy into nonsense like this, but if you’re really good at commodity trading and willing to put in the time, you can make a fair bit of profit short trading the stuff. Just…. don’t be a person who buys bitcoins with the dream of “In a year I’ll have MILLIONS!”. You probably won’t.

      1. Wolf says:

        The amount of bitcoin mined is controlled by a scaling mechanism in the bitcoin algorithm itself.
        If many more people mine, the speed of block creation goes up and as a result of too fast block creation (less than 10 min) the difficulty of block creation is increased automatically (every 2,016 blocks). Since bitcoin is created at a fixed rate with every block created this means the rate of bitcoin creation over time is “relatively” fixed and not in fact “controlled by chinese farmers”.

        The created bitcoin on the other hand are currently earned mostly by very large and specialized computing centers using vast amounts of power. This IS a real problem that this new technology has not yet overcome.

        Ethereum has made first attempts to bring mining back to the masses, as distributed decision points are necessary for distributed trust. Their algorithm needs more RAM to mine, making the bitcoin server farms ineffcient.
        And this is the reason Ethereum mining uses high end graphics cards, thus impacting the market once server farms made of those started forming…

        1. Bitcoin stratigo says:

          Since the chinese farmers are the ones with the most bitcoin mining machines, they can scale up or down the amount put into mining to change the rate at which bitcoins are mined, thus manipulating the speed at which thy are mined.

          1. Wolf says:

            Every 2016 Blocks (approximately 2 weeks) the Bitcoin algorithm will look at the average time it takes to mine a block and adjust mining difficulty accordingly.
            If blocks are suddenly being power mined one per minute then it will take 2 days until the algorithm adjusts to become 10 times as hard.

            I agree with you that the clustering of resources is a problem and for a stable cryptocurrency this would need to be solved somehow (among other problems like power consumption), but the rate of bitcoin creation is one thing they can not control with this.

    7. Wolf says:

      Game Theory arguments hold together the system here.
      If gaming the system is more expensive than you reward for gaming it and if gaming the system too hard risks breaking it and devalueing your reward. Then we assume that large coordinated attacks on that scale are not going to happen.

    8. Boobah says:

      Sure, it’s theoretically possible. But it’s not something you can do for financial gain; or at least not directly by counterfeiting the blockchain.

      The more valuable the currency, the more worthwhile it is to mine (because the nonce-finder’s fee is set at currency creation and has nothing to do with how much the currency is currently worth), so if the currency is worth ‘counterfeiting’ it’s harder to do so (because a more valuable currency is more lucrative to mine.)

      Worse, if it becomes known that someone is manipulating the currency it loses the one valuable attribute it has and will immediately become worthless.

      Of course, there may be gain in destroying a cryptocurrency, so…

    9. guy says:

      There is not. If a single organization controls over 50% of the mining power they can fake whatever transaction records they want. If they control somewhat under 50% they can try and have it work some reasonably high percentage of the time.

      There incidentally was in fact a point a few years back when a single group controlled over 50% of the mining power.

  7. MichaelG says:

    Bitcoin costs: burn immense amounts of electricity, drive up the cost of graphics hardware. benefits: an erratically priced virtual object which can be stolen/lost with no hope of recovery, that you can use to buy some things with a long wait while transactions clear. Oh, and you can now trust fly-by-night bitcoin dealers instead of banks.

    It is impressive that they’ve created an in-practice-unique object in a world of perfect copying machines. I just don’t see the application.

    1. BlueHorus says:

      I’m assuming that you aren’t part of a criminal organisation or tempted to buy anything illegal.
      Secure yet untraceable transactions have a pretty obvious benefit, to some people…

      1. Alan says:

        One of the “problems” with most (all?) of the current cryptocurrencies is that they’re not untraceable. Being incredibly traceable is part of their very nature. Anyone can track anyone else’s wallet. If someone involved makes a single mistake letting you identify a single transaction, you now know their entire history of payments and receipts. And for a lot of criminal activities, the seller will need the buyer’s address to ship the illicit goods.

        There are games you can play with multiple wallets, but it’s tricky, easy to screw up, and researchers are making good progress on linking tracking them anyway. You can use a tumbler or mixer, which is essentially a money laundering service, but is today, the day you put $50,000 into the mixer, the day that the mixer’s owner decides to cash out and steal all of the money placed into it?

        1. BlueHorus says:

          So it comes down to how easy a person is to connect to their wallet? There’s got to be tricks to hide or obfuscate the connections there.

          But presumably nothing you couldn’t do with a traditional currency. And it might be easier to do.

        2. NoName says:

          There are a few cryptocurrancies that are untraceable. Monero is one of the most well known. Second layer solutions can make bitcoin effectively untraceable as well.

      2. Bitcoin stratigo says:

        Bitcoin did have a seedy start in drugs and child porn, but it has mostly moved past that nasty stuff. Because arrested the people doing it. Because it wasn’t untraceable.

      3. Jeff says:

        If you want to talk about criminals, last I heard they wouldn’t really have anything to do with this.

        As of last year, according to the organized crime LEOs I’ve spoken with, career criminals and syndicates still deal almost exclusively in cash. It’s not really a question of traceable or untraceable transactions, but rather all about control and paranoia.

        1. Daemian Lucifer says:

          Depends on the criminal though.Organized crime,yeah I can see how they would want street cred more than being hidden.But your lone rich guy wanting to get something illegal without it getting back to them would want anonymity over everything else.

        2. BlueHorus says:

          Um, what’s an LEO?
          Is it like a CEO?

          I tried googling it but all I got was horoscopes and pictures of Leonardo Dicaprio.

          1. Hitch says:

            Law Enforcement Officer

            AKA: cop

        3. guy says:

          The ransomware attacks I’ve heard about over the last few years demanded payment in bitcoin, so there’s definitely at least small criminal groups that can make use of it, at least as an intermediary step.

    2. Steve C says:

      Oh it has an application. I’m not convinced it is there yet, but the application is solid. It’s cutting out the middlemen of institutions.

      What if you cannot get an account with a bank? For example a rural entrepreneur in India. Maybe someone who’s not legally allowed to like a woman. Crypocurrency avoids asking anyone else for permission. That’s the application– peer-to-peer transactions.

      Consider something like Paypal. Let’s say your account gets flagged for fraud. Your business is 100% legal, and you’ve done nothing wrong, but it happens for some reason. Your business is done. One gatekeeper says ‘no’ and you’re out of business. That’s what crypocurrency avoids.

      That’s just money though. Blockchains can transfer much more than money. For example, smart contracts, marketable data, immutable records etc.

      Here’s a great Ted talk on it:
      https://pc.tedcdn.com/talk/podcast/2016T/None/DonTapscott_2016T-480p.mp4

      1. Viktor says:

        Except that the institutions will still exist, just in a different form. Banks aren’t a side-effect of us using a fiat currency, banks are simply a way to store money long-term as well as a repository of currency that can be given out in the form of loans for large one-time purchases. Switching away from banks to crypto exchanges doesn’t stop people from needing a large sum of cash to buy a house, it just means that BigMan69 is the one determining if you can get a loan rather than the combo of bank execs and federal regulations(and federal regs are going to be applied to crypto if it takes off, just wait).

    3. Alrenous says:

      Bitcoin is already alleviating suffering for Venezuelans. Rather than allowing hyperinflation to steal all their cash, they’re making the government pay for its own mistakes.

      About the only reason Americans aren’t doing the same thing is that BTC transaction costs are getting kind of ridiculous. Venezuelan inflation < transaction costs < American inflation.

      You know how much BTC is estimated to cost in electricity because it's easy to make a plausible estimate. It's harder to make a plausible estimate of brick, mortar, labour, and electricity of conventional banks. In Venezuela at least, it's definitely higher than BTC.

  8. Fizban says:

    So, I have a question: how are those physical bitcoins/dogecoins/whatever supposed to work? They never made sense to me before and this explanation seems to back that up- there’s nothing you can write down on a “coin,” and multiple people must get the same results independently in order for any of your machine’s work to matter.

    Presumably then it’s first-come and those who follow after get nothing, hence winning the lottery. And the cutesy physical coins are actually keys to individual accounts accredited X value. Am I close?

    1. Adeon says:

      Yep. Basically a physical coin is just a key to a specific wallet. There was an incident a few years back where a TV show was doing a bit about Bitcoins and the presenter bought some physical coin certificates on to show the other hosts. Unfortunately he got them a bit to close to the camera and someone was able to copy down the printed info and steal them.

      The person who stole them offered to give the coins back but the presenter told him to keep them, probably because it made a great ending to the story (keep in mind this is back when bitcoins weren’t worth much).

      EDIT: Found a link: https://www.rt.com/usa/bloomberg-anchor-robbed-bitcoin-747/

    2. Ralph says:

      Yes, every bitcoin is held by a keypair, the public key forms the “account number” (address in bitcoin terminology), you can give this out to people and they can use it to send coins your way.

      The private key is needed to spend bitcoin held by the keypair, as you use it to sign transactions you publish.

      As the network nodes hold the whole blockchain they can calculate the balance of any address by checking its transaction history and then discard any transactions that try and spend bitcoin from addresses they know don’t have enough balance.

      Thus a physical bitcoin is simply something that contains/has a keypair printed on it. But there is no guarantee that keypair has any balance associated with it (though you can send bitcoin to an existing physical thing if you know its address).

  9. Pete_Volmen says:

    I strongly object to the couch cushions gag. I got some Bitcoin when it was like 15 cents a piece. 30 bitcoin, with the means to access on a usb stick. Which I lost. I wish it was in my couch cushions, then I’d be able to find it back.

    As for winning the mining lottery, the chance of getting it right are minute, which is why miners often band together. If five people are working on it, the chance one of them gets it is five times as high as a single person. If any of the five manage to get it right, they share the take between them.

    Shamus, have you looked into Ethereum? Or ripple, but I think Ethereum is more interesting. Alternative uses of blockchain tech are also interesting; blockchains are now used in many non cryptocurrency applications.

    1. Richard says:

      All the existing cryptocurrencies are fundamentally useless as currency , because they are designed to be “deflationary”.

      They’re created at a fixed and ever-decreasing rate. So next year your bitcoin/ethereum/dogecoin will be worth more in USD than it is today.

      So the “best” thing to do with any unit of cryptocurrency is to hoard it. Don’t spend it unless you have to, it’ll be worth far more next year!
      Except if everybody did that, they’d be worth nothing at all.

      So you need to hold on to it for just long enough, but not too long…

      1. Pete_Volmen says:

        Not all cryptocurrencies are deflationary, though admittedly most are. It’s not necessarily a problem either way though. It’s a balance. Too much (abrupt) inflation or deflation is bad, but any currency has to walk that line. Other stuff too, be it gold or plutonium, cocaine, honey, US dollars or helium.

        Currency’s sole purpose isn’t the accumulation of wealth. It’s a medium to allow exchange of goods/services. I still have to buy food/tech/hookers with something. Knowing the value of thing X would rise compared to thing Y might influence what I pay with at a given time, but it’s not nearly the only influential factor in that decision. Besides, inflation/deflation isn’t so much based on how much is in supply, but how much is in supply compared to the demand. As long as those two stay roughly in parity, the value would stay roughly the same.

      2. Bitcoin stratigo says:

        Crypto doesn’t work like that because the actual real market treats them like a commodity and not a currency. A commodity that has no actual use or value beyond speculation. Crypto’s availability can and does effect price, but so does writing a news story about it. Or an exchange being out for fraud. Or your buddy telling you how much he made or lost. Crypto is extremely volitile

  10. BlueHorus says:

    This is the internet. Anyone can be lying about anything at any time.

    Well, so says YOU.

    …yeah, I don’t have very much to add in terms of actual discussion…

  11. ThaneofFife says:

    Shamus, thank you for this. It’s really helpful.

    I wanted to give you a heads-up: I linked this on Reddit’s crypto sub (see: https://www.reddit.com/r/CryptoCurrency/comments/82fq9r/cryptocurrency_and_the_blockchain_what_is_this/). I seriously doubt that it will result in a crush of traffic, but I wanted to let you know just in case. :-)

  12. Grumble says:

    I have a lot of nits to pick here about technical things, but more important is that “cryptocurrencies” aren’t currencies. They’re commodities. Commodities can be used as currencies (see gold) but the most important thing about a good currency is price stability (see why gold isn’t used anymore) and as we’ve seen, Bitcoin doesn’t have that.

    Ok, I have to say something about the asymmetric key thing. Your conclusions are correct: you can authenticate and encrypt and decrypt with a key pair. The beginning part, though, is not. An RSA key (which uses prime factoring as the hard problem) does use large prime numbers, but they’re multiplied together to get the public key. The security rests in the (still unproven!) assumption that factoring large numbers into their constituent primes is a hard problem.

    1. Shamus says:

      Like I said, “Do note that every level of simplification is bound to bruise the truth a little. What I’m going to give is a very rudimentary overview and many, many details have been left out. This will not make you an expert, but I hope I can at least help you understand a couple of basic questions […]”

      Those points would have added complexity and footnotes and digressions while making the whole thing less accessible for the intended reader.

      1. Redingold says:

        To fix it, you could delete the sentence: “Prime numbers.” and tweak these two sentences: “Typically, they’re prime numbers that might be a hundred digits long.” and “You find yourself two very large prime numbers at random and make them your key pair.” so that they read “Typically, they’re numbers that might be a hundred digits long.” and “You find yourself two very large prime numbers at random and use them to make them your key pair.” respectively.

        1. Shamus says:

          Yeah. That’s actually a much better way to handle it. Done.

        2. Grumble says:

          Thanks for translating from nerd to human. That is, after all, the whole point of this kind of post.

    2. Daemian Lucifer says:

      but the most important thing about a good currency is price stability

      Yes,good currency.But even amongst physical currencies there are bad ones that fluctuate wildly during crises,like whats happening in venezuela these days.

      As for it being a commodity,in order to be that thered have to be something tangible that gives bitcoins its value,like food,precious metals,plastics,or whatever.But seeing how the only thing giving bitcoin its value is how well it can be used to trade for other things*,its most definitely a currency.

      *Or,as is more of the case now,how much people are willing to pay to get some bitcoins.

      1. Grumble says:

        I know I’m super late to this, but here we are.

        First, Venezuela’s is not a good currency. Nobody, given the choice, would use it. Unfortunately, some Venezuelans don’t have a choice. Everyone has a choice about bitcoin. Nobody lives in a country where their government requires them to use it. And since it’s not a good currency (as I think you conceded) we shouldn’t pretend that it is.

        I suppose it’s fair to say that bitcoins aren’t commodities, since their only value is as a medium of exchange. I guess you’re right; it’s a fiat currency. It’s a terrible one that nobody should ever use, but it fits the definition.

    3. Joe Cool says:

      Also, the video linked at the beginning of the article is not about asymmetric public/private key encryption, such as RSA. It instead is about symmetric shared private key encryption (a la Diffie-Hellman). Diffie-Hellman only provides a public means for creating a shared private key. It doesn’t create the public/private key pairs that allow for authentication.

      I think you meant to link this Art of the Problem video, which talks about the public/private key encryption used by Bitcoin to authenticate transactions.

  13. Abnaxis says:

    So I had a question, that I answered after thinking for a few minutes, but then unanswered after thinking a few more minutes.

    Namely, how does a fraudulent block not wind up polluting other miners? The system seems like it relies on miners finding a nonce for a block that’s already been solved, but at some point they just accept a block another miner finished and start working from that, right?

    My five minute “well duh” though was “they just keep working when the blocks don’t match.” If I release a block that fraudulently says I got paid 100 coins, and the block the other miners are working on don’t have that transaction, they just keep chugging away, right?

    Except this is in internet. Packets get dropped, and on top of that miners get to choose what transactions they want to bundle into a block if I understand correctly–there are transaction fees for the miners added to some transactions to encourage them to lump the transaction into a block sooner rather than later. So how do we not wind up with a separate chain for each miner at that point?

  14. Grumble says:

    Alright, I can’t contain myself. The way to cheat at bitcoin is to have more than 50% of the network of miners. All you have to do is certify your bogus transaction while it’s parallel to the head of the blockchain. A key feature of bitcoin is that the longest chain is always accepted as valid. So if you can generate 2 new blocks simultaneously on the same point on the block chain, then either get lucky (because someone else chose your fraudulent transaction) or be good (because you generated a third transaction on top of the fraudulent one) and you’ve defrauded the bitcoin using public.

    The reason this works if you control more than 50% of the network is that you have a better than even chance of succeeding at the “be good” part. Fortunately (maybe?) for bitcoin, it’s so valuable that having more than half the mining capacity is infeasible. Unfortunately for the world, all that mining capacity is consuming more electricity than some European countries.

    1. Olivier FAURE says:

      I asked the same question a little higher.

      If my understanding it correct, it works like this:

      – You can’t add a fake payment to the ledger, because you need the private keys of the people involved for that.

      – You can “fake” a non-payment by not adding anything to the ledger, or tricking everyone into accepting a fake ledger where you didn’t pay anything, but this is essentially pointless, because the people you’re trying to fool can just go on the internet, look up the community-accepted ledger, and only give you your shipment of illegal cocaine if your payment is deep enough in the ledger that it would be impossible to make people accept an alternative fake ledger. At that point, your payment is essentially permanent (or at least, as permanent as the decentralized community that runs the ledger).

      1. guy says:

        If someone has more than half the computing power on the network they can overwhelm the rest of the network and replace the accepted blockchain with a fake blockchain they’ve calculated out no matter how deep it is.

  15. Syal says:

    “There is a cap built into the system so that there will never be more than 21 million bitcoins.”

    …Why? Aren’t you limiting the scope of its purchasing power that way?

    1. Adeon says:

      I’m not sure on the why but in answer to the second question no you aren’t limiting the purchasing power.

      Bitcoins are a decimal currency so capping the number doesn’t limit transactions. As the value of 1 Bitcoin goes up people will just start paying with smaller and smaller fractions of a Bitcoin. Say 1 Bitcoin is worth $10K if I want to purchase something for $100 I can pay the person 0.01 Bitcoins.

      The bigger problem with the quantity limit is that the mining finder’s fee Shamus mentioned decreases over time and will eventually cease entirely. When that happens miners will be entirely dependent on tips for their payment so there’s a risk of the mining network dropping below a critical threshold.

      1. Syal says:

        Ah, so the number of bitcoin users can be more than the number of bitcoins. So that’s… meaningless? That statement means nothing?

        I guess it’s just to make it sound exclusive.

        1. Daemian Lucifer says:

          Yes and no.While its true that you can fracture them into tiny pieces,there is a limit to that as well.You cant possess a billionth part of a single bitcoin.So this just increases the number from 21 million bitcoins to a few billion bitcoin pieces(depending on how low the cap gets set ultimately).

        2. Agammamon says:

          It means that unlike fiat currency – or even commodity currencies – you can’t inflate it. That means its a good hedge against governments which like to inflate away debt whenever they can. It takes a huge amount of discipline to keep that from happening.

          For commodity currencies (like, say, gold), a technical breakthrough could allow massively expanded production of that commodity (say you found a way to economically extract gold from seawater – you would, overnight, pretty much render gold about as valuable as iron) causing it to lose its value due to inflation.

          There’s a maximum money supply and it can’t get bigger. Well, at least barring a math breakthrough that would at the same time render all current encryption scheme breakable in seconds – and then we’ll have far greater problems to worry about than all our Bitcoins disappearing (like Anonymous taking control of the world’s nuclear arsenal – followed, promptly, by 500 other different factions taking it from them).

          For physical currencies this is a problem – its not practical to keep minting new, ever smaller, fractional denominations. For a digital currency that’s irrelevant.

          1. Bitcoin stratigo says:

            It isn’t a good hedge though because it’s speculative. If you store your money in crypto you are… well… dumb frankly. Most cryptos have no backing and utility or inherent value. Just… look at the actual price of bitcoin over a long period. And that’s made it nice and ripe for exchanges to cheat the prices up. Which they have done, until they are caught out.

            But, if you bought bitcion in december, you have lost 2/3 of your money.

            1. Agammamon says:

              All investment is speculative. Including investing in traditional currencies, whether fiat or commodity backed.

              Even losing money doesn’t mean its a bad hedge – only that you bought in at the wrong time. Just because something goes wrong doesn’t mean it wasn’t a good idea, just as making a killing doesn’t mean it was a good one.

              However, Bitcoin (and VC’s in general) are so volatile that you’d have to be pretty foolish to consider any better an investment ‘plan’ than buying lottery tickets for sure.

              As for losing a third of your money since December – that’s still a better return than investing in Bolivars.

              1. Grumble says:

                This is a fundamental misunderstanding that you need to not have. Investment is not speculation. Investment is giving your money to someone else in the hopes that they will do something valuable with it. Speculation is stuffing your money in some thing and hoping that it will increase in value faster than other things.

                It’s buying gold vs. buying shares in Apple. One is going to be exactly what it was when you bought it. The other will have spent money on engineers and sales people and manufacturing, and will have made something that others value. If Apple’s run well, its stock will be worth more because the company is inherently more valuable than when you bought the shares.

                The most you can hope for your gold is that someone at some company like Apple will come up with a new use for it that makes demand go up.

                Also, don’t confuse day trading with investing. On short time scales, the market is a random number generator (it’s even been used in lotteries) and day traders are just pulling the lever on the slot machine, hoping that the weights are in their favor.

    2. Chris Robertson says:

      Value is based on the relationship between supply and demand. If there is no limit to supply, there is no floor to demand.

      1. BlueHorus says:

        Is this not (at least in part) the cause of inflation?

        So a government can just print or otherwise create more currency (often has to, for several reasons). And then, say, forgers will ‘create’ even more, which they pass as genuine, etc…
        But creating more money doesn’t always create more value, so every $US created devalues $US in general. Hence why currencies historically lose value over time.

        Thus, by putting a hard limit on the number of Bitcoins in existence, its creators have – in theory – ensured it stays valuable.
        BUT, that leads to deflation and inactivity, as Retsam says below: the incentive for people with Bitcoins is just to sit on them and watch them gain value.
        Maaaaybe someone might sell them, after a bit, at a profit – ideally just before the Bitcoin mining craze dies down, when it’s at maximum value.

        ..Right?
        (Not an economist. Genuinely do want to know!)

        1. Alrenous says:

          The Dutch ran a 100% hard-money economy for over a century without a noticeable halt to spending. Instead they sent wooden trading ships to India, because they could afford to do things like that.

          Inflation is caused by either lowering demand for money, or increasing supply of money. Anything which increases the ratio of money to goods.

          If the central bank doubled the money supply, then (on average) there’s twice as many dollars bidding for the same number of goods. Prices will all double.*

          During a recession, folk stop working, meaning less total stuff gets made. With the same amount of dollars chasing fewer goods, prices go up.

          *(Eventually – there’s lag, and prices increase first where the new money enters the economy, thus producing an exploitable gradient.)

        2. Richard says:

          Yes, in a nutshell.

          The hoarding incentive also causes volatility.

          The price any given person will offer and accept depends on the prices other people have accepted.

          If there are millions of similar transactions per day, then there is a clear consensus on the price and it will be quite stable.

          If there’s only one similar transaction per day, then the price is uncertain. One person desperate to buy will greatly raise the price, while one person desperate to sell will cause it to plummet.

          A lot of this argument also applies to land – housing and similar – and there have been periods of quite volatile house prices.
          Governments try to stabilise land prices by regulation (including fees, deliberately slow), and of course there’s the fact that if you leave a house empty for years it tends to fall down. People do still do that of course, just not often.

        3. Adeon says:

          “Thus, by putting a hard limit on the number of Bitcoins in existence, its creators have – in theory – ensured it stays valuable.”
          Not really. Limiting the supply of something only increases the value if people actually want it. I could print and sign a thousand “Adeon Bucks” and then promise to never create more. Thay’d be very limited but also utterly worthless since no one would want to buy them.

          So even once the limit is reached the value of 1 bitcoin will only increase if the demand for bitcoins increases. If people stop using them and move on to a new cryptocurrency then the value will crash.

          1. BlueHorus says:

            Well, with smart marketing and/or control over supply (which you have), you might be able to convince people that Adeon Bucks are worth – well, basically whatever. Anything’s possible.

            (I’ve Just been reading about diamonds. Wow. Maybe Adeon Bucks could become a woman’s new best friend?)

        4. Agammamon says:

          But creating more money doesn’t always create more value, so every $US created devalues $US in general. Hence why currencies historically lose value over time.

          That devaluation is not inherent in fiat currency. Currencies lose value over time *when the total amount of currency continues to increase*. If the US government destroyed as much old money as it created, the Dollar’s value could remain fairly stable.

          But there are *some* advantages (and disadvantages) to having paper money, being able to increase the money supply during times of prosperity helps keep those wheels greased (as long as you don’t over do it).

          However, with few exceptions, governments like to use the power of the central bank to inflate away debt – and to buy off people in economic downturns. And then you get Zimbabwe/Venezuela.

          This is something that commodity-backed currencies can avoid. The government can’t wave a gun and magic more gold into existence – it needs to be mined which costs money, so you can only increase the supply as long as miners can make a profit. To much gold mined, value drops, not profitable to mine gold anymore, mines close, until the demand for gold (ie, the economy expands sufficiently) drives prices above production costs, mines re-open, gold prices dip again, cycle repeats around a semi-stable level.

    3. Retsam says:

      You aren’t limiting the scope of its purchasing power, but it does mean that it’s a deflationary currency: once Bitcoin hits its cap, as the bitcoin economy grows, the average price per item necessarily drops, which is deflation[1].

      I’m not an economist, but as I understand it, widespread deflation is a bad thing for an economy. Companies are discouraged from spending money (since just holding your money makes it more valuable over time) which means more unemployment, which means less consumer spending, which means more deflation as prices fall in response to less demand.

      [1] “Proof”: the following equation should hold – [total bitcoins] = [average item price in bitcoin] x [number of items priced in bitcoin]. If you increase the last term as an economy grows, and the first term is held constant, then by necessity the middle term “average price per item” must drop, which is deflation.

      Hitting the cap will also discourage bitcoin miners: there will no longer be the inherent bitcoin reward from producing the next block (which is necessary for keeping the system going), instead they’ll have to impose transaction fees, and if those fees aren’t enough to incentivize the cost of mining, that’s bad for the currency.

      1. Alrenous says:

        widespread deflation is a bad thing for an economy

        Conventionally accepted, but false.
        “Since today’s economists (except of course the Austrian School) have abandoned the the apparently unfashionable concept of causality in favor of the reassuringly autistic positivism of pure statistical correlation, it has escaped their attention that when you stop shooting heroin, you feel awful”

        In the steady state, inflation benefits debtors, while deflation benefits savers and lenders. Economically speaking that’s all there is to say about it. Like any economic reality, large changes cause shocks to the system, and shocks cause recessions.

        However, I don’t think punishing the provident in favour of the those who like spending other people’s money is a good idea.

        More importantly, having interest rates far different from the inflation/deflation rate is comically destructive. Trying to suppress interest rates because ‘deflation is bad’ guarantees you a recession.

        1. Viktor says:

          Hey, could you not use “autistic” as an insult?

          1. BlueHorus says:

            is it being used as an insult in this case?
            using ‘autistic’ to describe a close focus on one idea, that ignores other considerations, seems actually quite accurate, to me.

            Also he’s quoting someone else. So it’s not necessarily Alrenous’ view being expressed.

            1. Viktor says:

              The line is clearly designed to be insulting. The author is discussing the modern school of thought and why they think it’s terribly incorrect, and specifically use “autistic” to characterize the modern style when talking about how unrealistic it is. But you’re right, it was a quote, not Alrenous’s original words, so I’ll correct my comment:

              Alrenous, could you avoid quoting ableist bigots? Thanks.

            2. Kathryn says:

              Yes, it is being used as an insult, and as a parent of an autistic child, I’m sick and tired of this crap.

            3. MelTorefas says:

              Definitely being used as an insult. Since he apparently does not care, my conclusion is that I no longer need to read anything he posts.

                1. Shamus says:

                  For anyone looking for a better term than “autistic” when talking about this sort of behavior, may I suggest “Monomania”? It’s more accurate in that it describes the specific undesired behavior rather than a group of people, and it’s also a really cool word. I use monomaniacal to describe EA CEO Andrew Wilson’s obsession with lootboxes, and it does the job without opening up any ableist / mental health debates.

                  I understand the desire to borrow the term “autistic” for this sort of thing (and I understand Alrenous was quoting someone else in this case) because we associate autism with hyper-focus. But “autistic” is used as a slur by some people and so even if you don’t mean it “that way”, it will be taken “that way” and your argument will get sidetracked.

                  Monomania. It’s a groovy word.

                  1. Alrenous says:

                    I’m not willing to stop using it, especially not for that reason.

                    I will bow out instead. Peace.

        2. Retsam says:

          In the steady state, inflation benefits debtors, while deflation benefits savers and lenders. Economically speaking that’s all there is to say about it.

          Yes, deflation benefits savers and lenders. But that’s not “all there is to say about it”, because you can draw some logical conclusions from that fact.

          Deflation benefits savers and lenders, thus companies are incentivized to become savers and spend less money. Companies will do that by, among other things, hiring fewer employees, which means higher unemployment. That means that people, on average have less money to spend, so demand drops.

          At the same time, deflation benefits savers and lenders, so individuals are incentivized to become savers and spend less money. Why buy something today, when I know it’ll be cheaper tomorrow? So demand drops.

          Demand drops, due to both of these factors, and since price is determined by supply and demand, either supply has to drop or price has to drop to match. A drop in supply almost certainly means more unemployment (thus continuing the cycle), and a drop in price means more deflation (thus, also continuing the cycle).

          Again, I’m not an economist, but this all seems like straightforward “X, therefore Y” logic to me. And it’s something that both Keynesian economics and Chicago School economics agree on (so it’s not a “conservatives think X and liberals think Y” issue). Yes, just because most economists believe something doesn’t make it true… but then you haven’t exactly explained why it’s not true, either.

          1. BlueHorus says:

            See, this is why I was scared away from studying economics. Just, so much of it seems like assumptions and speculation about how human beings will react to various forces or situations – and human beings aren’t always that predictable.
            They can (and will!) lie, be wrong, have different views on how to make X happen, spread rumous, believe rumors, refuse to admit or face something, double down in the hopes it’ll get better…(and then sometimes it does!)
            Meanwhile governments might try and change the situation via investment or taxation, deliberately not interfere, enact labour laws that change the economy fundamentally. Hell, sometimes wealthy individuals can change the economy, just by moving large enough sums of money around.
            A thing are only worth what someone’s willing to pay for it, unless of course you can convince them it’s worth more.
            And so forth.

            Add that to the maths required & confusing terminology economists use… and it’s somewhat overwhelming, at least to me.

          2. Alrenous says:

            Trigger warning: dark truths.

            Deflation is the normal sign of a growing economy. If more stuff is made, there’s fewer dollars per unit stuff. Demand measured in dollars stays the same, but supply increases. Prices go down. (Equivalently the price of money goes up.) If your economy is growing and prices are going up, it means someone is printing lots of money.

            Companies will do that by, among other things, hiring fewer employees, which means higher unemployment.

            Companies will be incentivized to sell more, because money is worth more. They will do this by making more stuff, which will require more employees, which means higher employment.

            Or, when we stop using biased just-so stories, it averages out. It must average out, because money is merely a token, trying to reflect an underlying reality. If it takes twenty megajoules, two logs, and eight hours to make a cabinet under inflation, it takes twenty megajoules, two logs, and eight hours to make a cabinet under deflation. This means, regardless of whether your money is inflating or deflating, the number of cabinets – or any actual thing we want money for – stays constant. The wealth remains constant. Prices and interest adjust (if allowed and not price-set) until the cabinet is sold, funding the creation of the next cabinet.

            This price and interest adjustment takes time, which is why a rapid change from inflation to deflation causes unemployment – the prices are now wildly at odds with the underlying reality. Stuff we can afford gets priced unaffordably and stuff we can’t afford gets priced low. Similarly a rapid change from deflation to inflation would cause unemployment.

            (Although if we’re assuming deflation, then it’s almost certainly down to productivity increases, so fewer megajoules or less time, meaning more cabinets under deflation. Whereas inflation can be either money-printing or recession.)

            Why buy something today, when I know it’ll be cheaper tomorrow? So demand drops.

            Yes, this is why nobody ever buys a computer or smartphone. I can’t not snark at this. Or videogames on Steam, which are guaranteed to go on sale. It continues to amaze me that folk buy the idea that prices going down is a bad thing.

            Saving instead of spending isn’t a bad thing either. If demand drops, then prices drop, meaning more folk who actually need the thing, who can’t simply not buy it, can now afford it. Wealth is reallocated from the rich to the poor.

            Since prices are dropping, more potential businesses become profitable. Which increases employment. The businesses demand new inputs, so demand goes up.

            Demand goes down + demand goes up = demand stays the same. Or rather, deflation shifts spending from luxuries to wealth creation.

            Of course…unless there’s a minimum wage. Wages should deflate along with all prices to keep those businesses profitable, but can’t due to the minimum, so they’re not profitable, so they go out of business, which causes unemployment. Less total wealth is made.

            In other words deflation wants to make the rich buy less stuff and thus allocate the stuff to poor folk, but can’t because if it tries the poor folk instead lose their jobs.

            since price is determined by supply and demand, either supply has to drop or price has to drop to match

            It still takes 20 megajoules, two logs, and eight hours to make a cabinet, so prices drop. A fall in prices is what deflation is.

            Growing unemployment causes inflation, not deflation. If one cabinetmaker doesn’t go to work, that’s one less cabinet that day. The supply of dollars doesn’t go anywhere, so the price of cabinets must go up. Etc across the whole economy. Sure that cabinetmaker’s personal demand is gone, but the demand reappears elsewhere, because the dollars they would have been paid don’t vanish.

            I’m going to repeat for emphasis. When the cabinetmaker doesn’t go to work, the money is simply spent on something other than wages – aggregate demand goes nowhere. However, aggregate supply drops by one cabinet. That’s inflation, and recession.

            The cabinetmaker doesn’t go to work when a rapid change in inflation or deflation can’t be matched by an equally rapid change in prices to rebalance supply and demand. This does nothing for aggregate demand but changes the distribution of wealth. The former cabinetmaker is allocated less wealth, the former cabinetmaker employer allocated more wealth. (Well…there’s feedbacks…but it ends up like that.) As a result cabinets per se may not go up in price, but stuff in the employer’s demand schedule will go up. Not to mention folk in cabinet-buying business are allocated less wealth.

            And it’s something that both Keynesian economics and Chicago School economics agree on (so it’s not a “conservatives think X and liberals think Y” issue)

            I think this is a great example of the truncated political spectrum. Keynesians are utterly barking mad, and the Chicagoes are falling down drunk. Whatever wing they’re on, they’re on the same wing. The spectrum doesn’t stop at Chicago, it continues down the long road to sanity.

            (I shouldn’t really say the Keynesians are mad. He who pays the piper. They are doing their job with tremendous competence, but their job is to lie. Their job is to justify whatever the state wanted to do anyway, e.g. deficit spending and therefore inflationary economics.)

            1. Shamus says:

              I’ll be honest: I love reading these sorts of exchanges. (Economics.) And this one is pleasantly civil. But we’re pretty far off-topic from bitcoin and if I let this go on then the next time politics comes up people will accuse me of being unfair for closing down discussion X when I let the Keynes vs. Hayek thing happen.

              So… let’s talk about something else. Thanks.

              1. Daemian Lucifer says:

                So,them credits in mass effect.Do you think those are bitcoin descendants?

                1. BlueHorus says:

                  At a guess: in the first game, there were several different currencies, all backed up by different race-specific banks. For slow, reliable investments you go to the Bank of Asari; less risk-averse investors go with the Salarian Trust, where you might win and you might lose, but whatever happens it’ll happen quickly. And if you’re dumb you go with the bank of Krogan, where everything is guaranteed by stockpiles of irradiated dust on Tuchanka.

                  In the second game, economics is less important, but there’s an exciting mission where you go to a bank to hire a master crypto-criminal with a dark past for your team. His boss doesn’t want him to quit, thought, and releases robo-raptors into the building so you have to shoot your way out.

                  In the third, Cerberus is staging an attack on a bank to steal all the money! So they (naturally) send in armed mooks to run in and shoot everyone in sight. Shepard & co go in to help, but in a surprise twist halfway through the mission, Kai Leng turns up to reveal that the bank was a Cerberus front anyway!
                  Before Shepard can ask why Cerberus bothered to attack in that case, Leng throws him out a window in a cutscene and blows the entire bank up, including the vaults.
                  Staring at the burning ruins, Shepard’s teammates then express grudging respect for Cerberus’ power and strategic brilliance.

              2. Alrenous says:

                Yes, I sort of know, sorry.

                Retsam used the words ‘haven’t explained’ so I had to explain at least once.

                I probably should have simply invited them to ping me on twitter.

  16. RFS-81 says:

    Regarding graphic card prices: As far as I know, for bitcoin, you already need bitcoin-specific hardware instead of GPUs to have any shot at all. The graphic card purchases are driven by the newer Ethereum cryptocurrency, so I hope it won’t be long until the miners arms-race each other up to custom hardware, too. And that there’s only limited appetite for more different cryptocurrencies.

    1. newplan says:

      By design Ethereum can’t be mined with specialized hardware because the computation is memory intensive and crypto is an infinitesimally tiny portion of the memory market.

      This is by choice due to concern that when a cryptocurrency can be mined by specialized hardware then it’s ends up effectively controlled by a single hardware manufacture due to economies of scale in production of the specialized chips.

    2. Bitcoin stratigo says:

      Bitcoin moved off GPUs, yes. But there’s still a bajillion other cryptos out there hoovering them up.

      I want the whole market to just die already in a bursting bubble that is inevitable, but all those bubbles are gonna burst individually most likely.

  17. Crimson Dragoon says:

    I’m not afraid to admit that I am a complete and utter layman in regards to this subject. So while I find this article to be very interesting and informative on how Bitcoin is secure, I’m still a little lost on the basic question, how is Bitcoin a currency in the first place? How do you get it? How can it be used to buy things? How does it have a value and how is that value determined?

    1. RFS-81 says:

      Well, it doesn’t see much use as a currency at the moment, it’s used mostly for speculation.

      But it is/can be a currency just like any other currency: There’s a limited supply, and people collectively act like it is worth something. Money has value because I can go to a store and exchange it for the things I actually want. And a very few stores also accept bitcoin.

      To get it, you can just buy it using another currency, or you can exchange goods and services for bitcoin. Or you* can “mine” it: The people who verify the transactions generate some amount of bitcoin as compensation.

      *Not you in particular; the days when a single individual could do that are over.

      1. Viktor says:

        Keep in mind that it’s not just that people act like the US dollar is worth something. The US dollar(and all other govt currencies) has a defined use. Specifically, you can use a dollar to pay taxes, mail a letter, or to register your car. The fact that everyone in the US will need dollars to get through the year even if they do all of their transactions in gold ingots or pesos or whatever means that there is a certain minimum level of demand that it cannot drop below. That’s something that Bitcoin etc lack, which makes them fundamentally less useful.

        1. Retsam says:

          That’s a good point, on the minimal level of demand, though I have to imagine it’s largely a theoretical point.

          If dollars get to the point where only the government will accept them, then we’ve descended to some lawless dystopia where people are bartering with bottle caps or bullets or lego studs, and it’s going to be a pretty thin comfort that I can still play my taxes in US$.

          1. Viktor says:

            Yes, but the McDonalds down the street will always need to pay their taxes, which means they’ll always need US dollars. There’s no such guarantee with Bitcoin. If someone decides to stop accepting Bitcoin in favor of Pepe Cash, you’re SOL. And if enough places don’t accept a medium of exchange, it’s worthless as a currency. Right now that doesn’t matter, since Bitcoin is in a speculative bubble, but remember back when Bitcoin started and all it was good for was buying drugs and kiddie porn? There’s nothing to stop that from happening again, but every store in the US will always accept dollars.

      2. Bitcoin stratigo says:

        fiat currency is currency because governments are big and powerful. Cryptos aren’t because the people with cryptos can’t send in armed men to detain you when you break some rules they made up

    2. Retsam says:

      So you have to realize that the concept of “currency” is a bit fluid. If enough people think something is valuable and are willing to trade it to other people in exchange for goods and services, it’s a currency.

      Traditionally there are two types of currency: currencies that are based on the inherent value of the good (e.g. gold is a currency because gold is considered inherently valuable, or some post-apocalyptic settings use bullets for this reason) and “fiat money”: money that’s valuable because the government says it is. Canadian dollars are valuable because people believe that other people believe that Canadian dollars are valuable. People trust (and thus, value) CA$ because they trust the Canadian government to be responsible.

      But then you’ve got something like stocks, where the value isn’t set by the government. Stock in Apple is valuable because people believe it to be valuable. This time, it’s not because they trust the government, but because they trust that Apple, as a company, will still hold value. When people lose trust in Apple, the stock price falls.

      Crypto-currency is the same principles. If enough people trust bitcoin, then it’s valuable. The trust, in this case, doesn’t come trust in a government or trust in a company, but instead in trust in the cryptographic algorithms behind it (and, as always, trust that other people will be willing to accept it as currency).

      The value of the currency is however valuable people perceive it to be. That’s fundamentally no different than any other currency, which is why exchange rates between different currencies constantly fluctuate. Though there’s still a ton of uncertainty around Bitcoin (possibly for good reason), so the value of bitcoin fluctuates more than other currencies[1].

      You get it by finding someone willing to give you bitcoin in exchange for a good or service. Or by mining it. You spend it by finding someone willing to give you a good or service in exchange for bitcoin. (That last bit can be the tricky bit. While brick-and-mortar establishments that accept Bitcoin do exist, they’re hardly common)

      [1] Also, there’s a lot of speculation – people who buy and sell bitcoin like stocks – it’s something that’s theoretically possible to do with real currency, but is much rarer, since real currencies are much more stable. And there’s a feedback loop, where the instability causes more speculation, which causes more instability.

      1. Philadelphus says:

        e.g. gold is a currency because gold is considered inherently valuable

        I like to think of something inherently valuable as something that would help keep me alive in a survival situation. Otherwise it’s merely conventionally valuable, in that everyone agrees by convention that it has value.

    3. Alrenous says:

      Like all currencies, BTC’s price is much higher than its value. This can happen because it is strictly scarce; price increases cannot cause more production and therefore bring the price down. It is said to ‘store’ value, because the price you buy it at is likely to be close to the price you can later sell it at. (Or higher, as in known BTC history.)
      The price levitation basically comes from the fact that humans want to buy things in the future. This demand cannot be literally instantiated in a product, so the demand alights on things which can support the ‘value store’ dynamic, such as physically limited stuff like gold, legally limited stuff like dollars, or algorithmically limited stuff like BTC.

      1. Bitcoin stratigo says:

        Bitcoin is not a currency

  18. rabs says:

    Nice article, I’ve read quite a few on that subject and I think yours is among the top overall introductions.

    The IEEE Spectrum did a special report (collection of articles) on that subject named “blockchain world”.

    I especially liked the one about the mining centers in China. They use custom hardware, so at least they don’t waste our precious GPU. https://spectrum.ieee.org/computing/networks/why-the-biggest-bitcoin-mines-are-in-china

  19. baud says:

    It was a great explanation. Thank you!

  20. Decius says:

    One thing is that if quantum computing or other dark sufficiently advanced technology ever solves crypto, all of Bitcoin becomes useless instantly.

    1. guy says:

      Yes, but if we break crypto on a fundamental level madness will reign, secrets will cease to exist, and we’ll probably have to give up on electronic banking, so it’s really not worth worrying over.

      1. Daemian Lucifer says:

        Not to mention that quantum computing is not some magic wand that can do anything.Just how regular computers are good at some things but really bad at others,so are quantum computers*.We will simply** replace current algorithms with new ones.

        *And this is disregarding their cost,which should eventually go down to acceptable levels.
        **Relatively speaking.A world wide switch will be a slow,costly thing.Which is far from simple.

  21. The Snide Sniper says:

    So… Does the Bitcoin community (or the broader cryptocurrency community) use the word “nonce” for something other than what other cryptography applications use it for?

    In other applications, particularly secure communication, “nonce” means “data added to the plaintext to prevent a ciphertext from being reused”. For example, if Ava tells Bob that her password is “hash(password)”, we don’t want Ciri to be able to overhear it and tell Bob “hash(password)” to get in. This can be fixed by having Bob tell Ava a piece of data (eg. “1”) to add to her password. Then e.g. “hash(password + 1)” will let Ava in, and Bob changes the nonce so it can’t be re-used. If Ciri tries to gain access, she can parrot “hash(password + ‘1’)”, but not the “hash(password + ‘2’)” that Bob was looking for.

    The concept you described is closer to a cryptographic CRC code than to a nonce. That said, it’s entirely possible that the Bitcoin community adopted the word “nonce” for that concept, despite the word already being in use.

    1. Abnaxis says:

      Is there a difference between a “salt” and a “nonce”?

      1. Daemian Lucifer says:

        Salt is used multiple times,nonce is used once.

        1. The Snide Sniper says:

          In particular:

          Salts might be constant, used only to prevent short passwords from being easily guessed based on their hash values.

          Salts might depend on the website. For example, this site might store “hash(‘password’ + ‘shamusyoung.com’)”. This ensures that the stored password is not the same between any two sites, even if the user always uses the same text as their password. If someone found “hash(‘password’ + ‘shamusyoung.com’)”, it wouldn’t help them log into e.g. reddit.com, because reddit.com would expect “hash(‘password’ + ‘reddit.com’)”.

          Finally, nonces are decided (and sent out by the server) once per login attempt. This ensures that the transmitted password is never the same twice, despite the user always using the same text as their password.

    2. Retsam says:

      Doesn’t this imply that both Bob and Ava know the password in plaintext, and isn’t that generally considered bad practice? Since the only way that Bob can verify that what Ava sent is “hash(password + ‘1’)” is to run the same hash himself?

      Or by “hash” did you mean “encrypt with Bob’s public key”? I could see why a nonce would be handy in that case.

      1. The Snide Sniper says:

        The explanation was simplified to make it easier to grasp. It is bad form for Bob (a server) to know the plaintext of the password.

        That’s actually a separate issue, however.

        Instead of sending “password”, Ava can send “hash(“password” + “server name”)”. This ensures that the (hashed) password that Ava sends does not reveal her password to Bob (who might store it poorly), and that the password changes based on the server name. This serves both as a salt, which prevents short passwords from being easily-guessed, and a measure to prevent password reuse (if one server is hacked, the passwords for that server are known, but not for any other server). What Bob stores is the password that Bob accepts. Someone hacking Bob will find only a salted hash, which is unique to the Ava-Bob connection.

        If you want, you can think of that as a “once-per-server nonce”.

        More commonly, nonces are used and updated once per session, with the intent of preventing someone who overhears a password (or hash of a password) from being able to get in by repeating it. Without nonces, if “asdbg1oa136sfh4613kl” lets Ava in, then “asdbg1oa136sfh4613kl” lets Ciri in too.

        Note that one can use a fully encrypted channel instead (using public key cryptography to secure the process of selecting a private key). In this method, random selection of the shared private key effectively acts as a nonce, preventing parroting from being effective.

        P.S. By “hash”, I mean “apply a cryptographic hash function”. That is, turn data into a fixed-length number, in such a way that the original is effectively unable to be retrieved. This is useful for comparing whether two things are (almost certainly) identical without revealing what things are being compared.

        1. Droid says:

          I think what Retsam meant was that there is no way he (or I) can see for the server to verify hash(password + session_number). Of course there are functions that let you manipulate the result in a way that mimicks a certain change in argument, so that you can be sure that g(f(x)) is the same as f(x + y), but aren’t hash functions specifically supposed to not be usable in this way?

          1. The Snide Sniper says:

            The server sends the session_number to the client, to ensure it’s a known quantity. At this point, both server and client know both password and session_number. Both of them also know what hash function will be used.

            Client sends hash(password + session_number). Server checks it against hash(password + session_number).

            It doesn’t matter what function (in the mathematical sense) you use. f(x + y) = f(x + y), no matter what x and y happen to be. Because hash functions are functions, an identical input (identical password and session number) will result in the two hashed inputs comparing equal.

            To put it another way, if you hear the same full name twice, it’s probably referring to the same person. That is, the odds of it not being the case are slim enough to ignore, so an atom-by-atom comparison is not necessary.

            1. Droid says:

              Ah, so the server DOES know the password, and not only hash(password), in this case.

              1. The Snide Sniper says:

                I think the confusion is stemming from there being multiple “passwords” in play. In past posts, I’ve been referring to the shared client/server password. In best practices, the password shared by the client and server is not the same as the password that the user types in. It’s also not the same as the session password, which incorporates a nonce.

                Password that the user types: user_text
                Password that the client and server both know: hash(user_text + salt)
                Password that the session uses: hash(hash(user_text + salt) + nonce)

                With enough care, you can avoid storing the user-supplied password text. It is, however, a separate issue from that of a cryptographic nonce.

  22. Kian says:

    I think the failure of Bitcoin (and most other cryptocurrences) is apparent in the fact that Bitcoin trading sites don’t use the blockchain in the first place. Because it’s not fast enough. Instead, people that want to trade pool their bitcoins in a wallet handled by an intermediary, give their money to the intermediary, and trade on the intermediary’s site, where the transactions are only certified by the trading site’s server. Which then clears the transactions and puts the bitcoins back in the corresponding wallets, unless they steal it all out get hacked.

    So despite operating on a currency whose main selling point is supposed to be a distributed trust store, they’re willing to put their trust on any half baked site that promises them a chance to win big.

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply

Your email address will not be published. Required fields are marked *