Original URL: http://www.theregister.co.uk/2013/05/23/bitcoin_spam_byzantine_generals/

Spam and the Byzantine Empire: How Bitcoin tech REALLY works

Everything you wanted to know but were afraid to ask

By Ken Tindell

Posted in Security, 23rd May 2013 09:03 GMT

Analysis Why does Bitcoin work? Fraudsters should have left it in cinders years ago, and might have done, if it wasn’t for two things: spam and the Byzantine Empire.

A Bitcoin is basically an entry in a ledger that is distributed across a network of computers. Bitcoins are transferred between parties by noting the transaction in the ledger. This might sound just like any other banking system except there’s a crucial difference: no one is in charge of the ledger.

It’s held across a network of computers and anyone can add their computer to the network when they wish - or leave when they wish. This may seem crazy, and an easy way for fraudsters to join the network and get their computer to update the ledger to give themselves new Bitcoins.

In 1997, a British cryptographer called Adam Back proposed an anti-spam approach called Hashcash. The basic idea was to make an email message contain proof that a computationally difficult problem, specific to the contents of the message, had been solved. Any email that didn’t contain this proof would be discarded by the recipient’s email server.

Ordinary users of email wouldn’t be inconvenienced because the amount of work for one email message would be tolerable, but spammers would be deterred because it would add up to a huge amount of money, in the form of the huge electricity bill run up by all the computers they’d need to buy to solve the mathematical problems.

In the end it didn’t work out as an anti-spam technique partly because spammers today use botnets, which are vast armies of hijacked computers. But the idea behind Hashcash was picked up and used for Bitcoin.

Coining it ... how does Bitcoin stack up against national currencies?

The nitty-gritty detail of the crypto-currency

The basic idea behind Bitcoin is that blocks of transactions are chained together, each new block of transactions referring to the previous one. A block is validated by having a value computed for it that matches the hash signature of the block, with the difficulty of the matching calibrated automatically by the network. As members of the network get faster (using faster computers or entirely new generations of hardware engineered specifically for the task), the computation gets more difficult. It is designed to always take about ten minutes to match the hash.

A block cannot be altered without once again performing the computation and adding the proof-of-work to it. But crucially, this must then also be repeated for the block that was chained to it (since the proof of work for that block now will not match). It is a little like trying to alter a company’s accounts from a few years back: the balance sheet and profit-and-loss statements won’t tally forward properly, so each subsequent year will have to be changed too.

Stopping the fraudsters in their tracks

Historian William Lecky wrote in 1869 of the Byzantine Empire: “The universal verdict of history is that it constitutes, without a single exception, the most thoroughly base and despicable form that civilization has yet assumed.” Harsh, certainly. Byzantine has become a byword for treachery – and it is the basis for a classic problem in computer science: the Byzantine Generals Problem.

This challenge involves working out how to reach a valid consensus among a set of military generals when some of them are traitors and will send fraudulent messages. This is exactly the problem Bitcoins must face on the internet. The solution to the problem is voting. The Bitcoin network maintains the integrity of its ledger by the loyal members collectively outvoting traitors.

If a traitor computer tries to alter a transaction (undoing a payment to take back the money, for example) then it must also alter the transactions in blocks that came after. But because of the Hashcash approach this is computationally challenging and painfully slow, and by the time it has done this more blocks will have been chained by the rest of the network.

Thus, it is futile for a fraudster to compete with the rest of the Bitcoin network unless he can outpace it.

The wretched hive of scum and villainy on the internet generally cannot nobble the currency: even if they amassed a huge botnet of a million hijacked Windows machines it would be unlikely to exceed 6TH/s (trillion hash operations per second) yet the Bitcoin network is currently running at 58TH/s. Furthermore the performance of the Bitcoin network is set to grow quickly as dedicated chips (ASICs in other words) in Bitcoin mining rigs push PCs into obsolescence – and these rigs do not run Windows. There remains a risk that a well-funded organization (perhaps governmental) could amass the dedicated computing power required to swamp the Bitcoin network.

Defending against this risk is one of the motivations of engineers such as Yifu Guo at Avalon to get ASICs widely adopted.

Can you keep a secret? Bitcoin doesn't

Transactions between Bitcoin parties are not secret: they are publicly broadcast to the Bitcoin network and collectively stored in the ledger. The default Bitcoin software has a mechanism to trim out this ledger to save on the storage space, but there is no reason that a member of the network must necessarily perform the trimming (indeed it is easy to imagine why some economists and governmental organizations would like to keep such data).

Although Bitcoin parties have identities (or, rather, a Bitcoin wallet has an identity) there is nothing inherent in the Bitcoin system that requires them to be tied to a real person (indeed, many people have more than one Bitcoin wallet).

But when Bitcoins interact with the wider financial world (such as being exchanged for real money through a Bitcoin bureau de change such as Mt. Gox) then a Bitcoin wallet can be attached to a real-world person (where these exchanges follow Know Your Customer regulations). By performing analysis on the patterns of transactions it becomes possible in some cases to trace what real people are doing.

Paper money ... Unlike national currencies, Bitcoin can't
be manipulated by governments, yet

The Bitcoin ecosystem today is not very sophisticated: there is no borrowing or lending, no ability to short, and not that much spending (most people are hoarding Bitcoins). This lack of sophistication means that there is nothing to dampen Bitcoin volatility as sentiment seesaws.

When the Bitcoin-US dollar exchange rate falls or rises by a third within a day it’s impossible for a merchant to set prices in BTC (Bitcoins) unless he has such huge margins he can absorb the risk.

'The volatility also undermines Bitcoins as a store of value'

A merchant cannot even compute a BTC price for each customer as they buy: a Bitcoin transaction is normally only treated as confirmed after six blocks have been chained on and in this hour-long wait for confirmation from the Bitcoin network the BTC/USD price could have moved hugely. The volatility also undermines Bitcoins as a store of value: placing one’s savings out of the reach of Eurocratic haircuts one day only to find that the value of one’s savings fell by a third the next day would be annoying.

Because the basic Bitcoin system lacks financial sophistication people are seeking more sophisticated services (where Bitcoins can be kept in a cloud-hosted wallet or where transactions can be run without delays).

They then become vulnerable to the same wretched hive of scum and villainy that Bitcoin was designed to counter in the first place: BTC transfer service Bitinstant had a digital break-in last month, currency exchange Bitfloor suffered a major heist last year and mega-exchange Mt Gox has several times come under denial-of-service attacks leading to huge delays in exchanging Bitcoins for other currencies. All this undermines the network effects that are necessary for a new currency to work as money.

Addressing these issues by changing the Bitcoin system itself (eg, changing the cap on the Bitcoin money base) would be difficult. It could only be altered if the operators of the vast majority of the computing in the Bitcoin network accepted a new version of the protocol. But establishing a consensus would likely be as difficult as establishing a consensus among the world’s economists.

A better way to address Bitcoin’s shortcomings is to introduce sophistication into the ecosystem. If genuine banking were introduced it would provide lending and deposits and support more sophisticated financial products and even market makers. That could address some of the problems of volatility and deflation not least through the creation of broad money.

Bitcoin certainly isn’t perfect. Its problems stem from the inflexibility in the money supply: it has no banking system that allows broad money (that's money not just in wallets but in deposits and savings accounts, etc), and the narrow money (the actual BTC) is created by a very simple algorithm.

On the other hand, the inherent "flexibility" of a currency can be exploited and abused by political leaders, which explains the popularity of the Euro in Greece et al.

The Bitcoin network is a hard store of value compared to the "proper" currencies in countries where feckless politicians steal from the people by devaluation. Maybe a smarter Bitcoin could be envisaged where coins are minted based on a demand immune to human manipulation. Perhaps even a robot "central bank" (being the ledger itself) that runs purely algorithmically. But that’s for Bitcoin 2.0 ®

Ken Tindell is a technologist who has a doctorate in real-time systems, founded an automotive embedded systems company, has been the CTO of a digital TV startup, and is on the board of a two-factor authentication company. His current interests include real-time databases, video streaming, ultra-low latency trading systems and NLP. He has no interest in neurolinguistic programming.