Pages:
Author

Topic: A proposed solution to adjust for lost Bitcoins: wallet 'heartbeats' - page 7. (Read 12206 times)

kjj
legendary
Activity: 1302
Merit: 1026
The ratio for dollars is zero right now.
True, but there is only one entity that could dump a quantity that is many times the current number of dollars in circulation, and they do have an interest in not doing something too drastic.

In the case of Bitcoins, as the ratio goes towards zero, the number of entities that could dump an amount many times Bitcoin's perceived circulation onto the market will be unknown, and their motivations will be unknown.

If history is any guide, they have every incentive to do this, just not all in the one day.  The value of each and every fiat currency not currently in use ended up at zero.  Actually, a lot of metal currencies ended up turning into fiat currencies through debasement, and then end up at zero.

Did you see the image I posted?  It wasn't caused by some unknown entity, it was caused by the entity in control of that currency.  And it wasn't for unknown motivations, it was caused by a desire to spend money that the entity did not have, a motivation common to everyone.

For further amusement, I chuckle that you find the system-preservation motive sufficient when applied to a type of entity with a 100% track record for destroying currencies, but reject (or at least ignore) the same motive when applied to an entity with enough coins to ensure that he and his family live like kings for all eternity so long as they don't destroy the system that is willing to give them goods and services, essentially for free.
newbie
Activity: 56
Merit: 0
The ratio for dollars is zero right now.
True, but there is only one entity that could dump a quantity that is many times the current number of dollars in circulation, and they do have an interest in not doing something too drastic.

In the case of Bitcoins, as the ratio goes towards zero, the number of entities that could dump an amount many times Bitcoin's perceived circulation onto the market will be unknown, and their motivations will be unknown.
kjj
legendary
Activity: 1302
Merit: 1026
I just realized something.  All of the current money systems in the world today are already more uncertain than bitcoin will ever be.  Bitcoin actually gives us boundaries on the uncertainty which do not exist in the real world.  The amount of bitcoins that might potentially show up on the market tomorrow is strictly limited by powerful mathematics.  The amount of dollars (or whatever) that might potentially show up on the market tomorrow is limited by human discipline.
This isn't really true. Towards the end of Bitcoin's life, the ratio goes towards zero, which means that a near infinite change can occur.

However, if some form of the heartbeat is implemented, then things really are good.

The ratio for dollars is zero right now.
newbie
Activity: 56
Merit: 0
I just realized something.  All of the current money systems in the world today are already more uncertain than bitcoin will ever be.  Bitcoin actually gives us boundaries on the uncertainty which do not exist in the real world.  The amount of bitcoins that might potentially show up on the market tomorrow is strictly limited by powerful mathematics.  The amount of dollars (or whatever) that might potentially show up on the market tomorrow is limited by human discipline.
This isn't really true. Towards the end of Bitcoin's life, the ratio goes towards zero, which means that a near infinite change can occur.

However, if some form of the heartbeat is implemented, then things really are good.
kjj
legendary
Activity: 1302
Merit: 1026
I just realized something.  All of the current money systems in the world today are already more uncertain than bitcoin will ever be.  Bitcoin actually gives us boundaries on the uncertainty which do not exist in the real world.  The amount of bitcoins that might potentially show up on the market tomorrow is strictly limited by powerful mathematics.  The amount of dollars (or whatever) that might potentially show up on the market tomorrow is limited by human discipline.

And we know which one has a better track record.

newbie
Activity: 56
Merit: 0
To everyone,

The issue is increasing uncertainty, which progressively renders Bitcoins an unreliable vehicle for commerce activities and storage of wealth. The reason why is stated in this thread more than once.

It may take near an eternity for that uncertainty to become a real issue, but the mathematics are sound, which calls into question whether a system really needs increasing uncertainty designed into it. The solution is to require Bitcoin holders to connect to the network in some form or another, probably on a timeframe on the order of several years or even decades. This is not unreasonable. We all live with this requirement in regard to bank accounts today anyway, without feeling overly burdened.

It is one thing to accept that a currency may become unsound in the future because of external events. This is reasonable. However, it is questionable that a currency, by its own internal design, should be allowed to become more uncertain over time precisely because of its own internal design.
newbie
Activity: 56
Merit: 0
Try the following: Add 1/1 + 1/2 + 1/4 + 1/8+ 1/16 ...  forever
It is guaranteed that the number you get tomorrow will be greater than or equal to the number you get today, until the end of time, or until you stop adding. Still, if you give me 2 bitcoins today, I will give you the sum that you get in bitcoins anytime. See what I'm trying to say? There will never be a problem. Don't try to fix a system that ain't broken.
I totally don't understand what you're saying, at all. Bitcoin attrition will happen until there are no more Bitcoins. It may take a million years, but it will happen. As loss occurs, uncertainty increases. That is a problem.
newbie
Activity: 48
Merit: 0

It is guaranteed that the number of total number of lost Bitcoins tomorrow will be greater than or equal to the total number of lost Bitcoins today, until the end of time, or until there are no more Bitcoins. There is no point in disputing it. We can argue all day long about what the rate of loss will be, but we'd only be guessing.


Try the following: Add 1/1 + 1/2 + 1/4 + 1/8+ 1/16 ...  forever
It is guaranteed that the number you get tomorrow will be greater than or equal to the number you get today, until the end of time, or until you stop adding. Still, if you give me 2 bitcoins today, I will give you the sum that you get in bitcoins anytime. See what I'm trying to say? There will never be a problem. Don't try to fix a system that ain't broken.
staff
Activity: 4284
Merit: 8808
Clearly, you are stating then that a design decision was made to allow for the loss of coins because the total quantity of coins is unimportant. That is simply an indication that you are not reading what I have written.

It is one thing to design a system that allows for division of coins into ever more granular tokens, and justifying a design decision based on that. That, however, does not address the issue of increasing uncertainty in the system as it evolves.

Please show me in the papers written on the subject where it explicitly states that a design decision was made to allow and encourage increasing uncertainty in the system over time. If you can do that, I will accept that the original designers intended increasing uncertainty over time.

Again, it's not about increasing granularity or increasing deflation, neither of which are issues. It's about increasing uncertainty.

I think this is an excellent point which I missed previously because of all the distraction related to restoring the lost coin and the common misconception that the loss of coin itself is a problem.  I think you undermined your argument in the first post by arguing for more than was strictly necessary to achieve these ends.

To remove the uncertainty you simply need to take the coins out of circulation forever, it's not required that they be remined.  Otherwise you end up with another kind of uncertainty: e.g. say bitcoin manages to deflate to the point where 1 BTC = $1m in todays relative value... and a ton of lost coins miss their long hearbeat and show up mining. So no matter what algorithm you choose for dishing out the expired coin it could end up making mining ludicrously and socially destructively valuable compared to any other occupation. Even if there is a long delay from the point where the coin expires to when it shows up again that just moves around the point at which everything blows up.

In some ways your proposal as stated only removes uncertainty in that it makes sure the pessimal case _always_ happens: that after the currency deflates due to high usage, lost money appears out of the abyss and screws everyone up.

However, I don't think that "heartbeat it" _or lose it forever_  violates any of the system invariants in the way that "keep printing" as proposed explicitly by SgtSpike,  and jon_smark. Nor does it create the possibility of a crazy gold rush appearing randomly in the future. (Heartbeating, incidentally would simply mean forming a new transaction, not an explicit heartbeat event.)

The obvious time to implement this would be at the same time as doing a cryptosystem upgrade, as the first expiration could be timed to adequately prevent a bunch of actually lost coins returning from the grave as ecc keys are cracked.  It would be easily argued for then because people will easily see that the failure to implement it will allow the lost coins to return and blow the economy up.

I would expect the only debate at that point would be over if it should be a one time cutoff or a rolling one.
member
Activity: 115
Merit: 10
I think this proposal has a lot of promise.  I doubt that it would get incorporated into this version of the block chain but maybe a competing chain will pop up with it.

Markets work best when all participants have access to the same information and the more complete the information is, the better markets are at setting an accurate price.  Having coins that could be lost or could be being hoarded adds uncertainty which negativily affects the price.  If one trader knows that a certain set of coins is lost when everyone else thinks they are hoarded he has an advantage in the market.  Letting everyone be certain that lost coins will eventually be recovered makes pricing more accurate in the same way that letting everyone know that there will be at most 21 million bitcoins makes the pricing more accurate.

There are also sound technical reasons to do this.  There is no agreed upon way to switch hashes or encryption keys even though at some point we will need to.  After switching, current clients and miners will still have to be able to process new transactions signed with old keys which means that code will have to be kept around forever.  Code that is old, rarely used and poorly maintained is a prime place for a hacker to look for weaknesses.  If we could say with certainty, after block number XXX there will be no more transactions using old coins we could then remove that code.
newbie
Activity: 56
Merit: 0
And the further out I extrapolate the greater the discrepancy may be, but I can never see a great enough of a discrepancy to be concerned.  Because I mentally always come back to the thought that the market will adjust.
It is guaranteed that the number of total number of lost Bitcoins tomorrow will be greater than or equal to the total number of lost Bitcoins today, until the end of time, or until there are no more Bitcoins. There is no point in disputing it. We can argue all day long about what the rate of loss will be, but we'd only be guessing.

We also have no idea about what the future holds for methods of saving wealth, but let's assume that there will at least be the following places in which your wealth can be stored:

  • Material items: land, gold, products, etc.
  • Currencies
  • Securities

If Bitcoins are successful, then we can assume the following:

  • some individuals will store none of their wealth in them
  • some individuals will store some of their wealth in them
  • some individuals will store most of their wealth in them

Based on the discussion here, it should be clear that the chance of the Bitcoin supply suddenly and rapidly increasing by a huge amount relative to its perceived supply is much greater in the future than it is now. Given that, the repercussions are obvious: if such an event occurred, Bitcoins will be worth much less. In my second bulleted list, it should be obvious which group will be unaffected, and which group will be wiped out.

Given that the third group in the list will be wiped out, logically, they won't exist, if they are prudent. From that, it follows that over time, the notion that Bitcoins are a prudent means of storing wealth will lose traction.
newbie
Activity: 48
Merit: 0
Wow, this flame-infested thread has grown into some stimulating discussion.

My take:

1. (see above) there will likely be no increase in uncertainty beyond a certain point which lies way above 10m coins IMHO).

2. the degradation of hashes is a very nice idea that will probably strengthen the first point.

3. this makes it unlikely that building any specific "reclaiming" into the protocol will be necessery or desirable. nor would it make the protocol any more "beautiful" or safe, because added complexity leads to unforeseen and mostly undesirable consequences as a rule.

4. still, why don't you start a new coin with this measure in place? because, even if 1-3 were invalid, adding this rule would still violate the trust of everyone invested in (the idea of) bitcoin-as-it-is.
newbie
Activity: 18
Merit: 2
[...]

Yes. But I would say that the third bullet need not be just one wallet. Collectively, the unknowns becomes greater over time, and that leads to the fourth bullet.

It seems to me that a well designed system would attempt to maintain as relatively constant over time the dynamics of the system. By that, I mean, behavior. I am in no way implying that the valuations should be constant, only that, collectively, valuations made today, or at any point in the future, no matter how far, are made with information that is relatively uniform in quantity. Granted, some noise and fluctuation in the quantity of information is expected. But the system should not be designed with the built in guarantee that uncertainty will increase over time.

The idea is interesting, but I'm not convinced that the uncertainty will ever be large enough to overcome the system.

My reasoning is this. Lets take a thought experiment where someone suddenly appears in the near future with 11 million coins. What would the impact be? Well if he does nothing with it, then there is no impact. If he attempts to sell all of it, inflation occurs and the prices of items will rise as more currency floods the market. If an attempt to flood the market occurs then the currency will spread around until an equilibrium is restored. What happened the other day with mtgox was an aberration of an immature market place. Rapid fluctuations should have placed a freeze on the market so that a reason for the change could be determined. I can only imagine a future where bitcoins are more common that there will be far greater regulation in exchanges and market places over what goes on.

And the further out I extrapolate the greater the discrepancy may be, but I can never see a great enough of a discrepancy to be concerned.  Because I mentally always come back to the thought that the market will adjust.



legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
Here is another aspect to consider.

[...]

So, unless we reach a total dead end in cryptanalysis, old coins will gradually become recoverable.  This is unlikely to cause problems for genuine savers, because they will be able to spend their way into the new hashing systems as they become available.  But coins that are really and truly lost today will gradually gain new life, as the effort required to recover the keys to them decreases relative to the value of the coins lost.

Again, this assumes that future progress in cryptography and cryptanalysis follows more or less the same progression that it has so far.  It could turn out that SHA256 really has no weaknesses that allow anything but a total brute force attack.  But that doesn't seem likely, and we have plenty of time to figure it out.

This is a really great point.  All that someone would need to do to recover lost bitcoins is to have a computer fast enough and/or cyptography good enough to figure out what public key hashes to a bitcoin address, and then what the corresponding private key is for a public key.  While this might not be possible now, maybe it will be in the distant future, and then anybody who didn't re-send their bitcoins to themselves using the better cryptographic methods of the future will simply have their bitcoins taken from them.

So maybe this problem solves itself eventually, although I still wonder how long it will be before SHA256 is easy to hack.  My guess is 40 years or more.


[/quote... and by that time we will need a new block chain anyway so the problem of limited quantity is no longer an issue.
bji
member
Activity: 112
Merit: 10
Here is another aspect to consider.

[...]

So, unless we reach a total dead end in cryptanalysis, old coins will gradually become recoverable.  This is unlikely to cause problems for genuine savers, because they will be able to spend their way into the new hashing systems as they become available.  But coins that are really and truly lost today will gradually gain new life, as the effort required to recover the keys to them decreases relative to the value of the coins lost.

Again, this assumes that future progress in cryptography and cryptanalysis follows more or less the same progression that it has so far.  It could turn out that SHA256 really has no weaknesses that allow anything but a total brute force attack.  But that doesn't seem likely, and we have plenty of time to figure it out.

This is a really great point.  All that someone would need to do to recover lost bitcoins is to have a computer fast enough and/or cyptography good enough to figure out what public key hashes to a bitcoin address, and then what the corresponding private key is for a public key.  While this might not be possible now, maybe it will be in the distant future, and then anybody who didn't re-send their bitcoins to themselves using the better cryptographic methods of the future will simply have their bitcoins taken from them.

So maybe this problem solves itself eventually, although I still wonder how long it will be before SHA256 is easy to hack.  My guess is 40 years or more.

newbie
Activity: 56
Merit: 0
Your assumptions are:
  • Eventually all bitcoins will be lost
  • That the uncertainty in the amount of bitcoins that are available will effect the price.
  • The reason it will effect the price is that there is a potential of an unknown wallet created back in the dawn of time that will be discovered that, after all this time, will be large enough to dramatically shift the market.
  • And that trade will halt because of this potential uncertainty which will only increase with time.

am i closer?
Yes. But I would say that the third bullet need not be just one wallet. Collectively, the unknowns becomes greater over time, and that leads to the fourth bullet.

It seems to me that a well designed system would attempt to maintain as relatively constant over time the dynamics of the system. By that, I mean, behavior. I am in no way implying that the valuations should be constant, only that, collectively, valuations made today, or at any point in the future, no matter how far, are made with information that is relatively uniform in quantity. Granted, some noise and fluctuation in the quantity of information is expected. But the system should not be designed with the built in guarantee that uncertainty will increase over time.
kjj
legendary
Activity: 1302
Merit: 1026
Here is another aspect to consider.

Over time, people tend to find ways to break, or at least reduce, the security of hashing functions.  We understand this, and the bitcoin community is capable of replacing the hashing functions used in the bitcoin system.  This will probably need to be done every decade or two until the end of time.

Cryptographers are very conservative, and they have a tendency to declare a hash "completely broken" long before any real attacks are possible in the field.  Typically, the lag time is several years, because attacks are first found against crippled variations of the hashes actually in use, and then extended until they reach the production version.

Protecting the blockchain is easy enough to do in this environment.  An extension is proposed to allow the next great hashing function to be used, starting with some block a year into the future, and the community will agree because the change is in their own interest.  The appropriate block arrives after roughly a year, and the network accepts the newfangled hash as genuine.  Past blocks are still secure, even though the hash used on them is now weak, or even broken, because their information is included in the new hashes.

Transactions are likewise also safe, since the hash of the Merkle tree will be updated at the same time.

But, what about keys in wallets?

The only way to replace them is to send them out onto the network with a transaction that uses the new hashing system.  Old ones can't simply be updated, because they contain scripts that permanently embed the hashing function in use when they were created.  They must be spent between the time that a new hash becomes available to the scripting system and the time that the old hash becomes breakable in practice.

Realistically, this interval will be decades, or more likely centuries.  But, I think that this compares favorably with the time needed to lose enough bitcoins to matter, assuming that they matter at all, which is far from demonstrated.

So, unless we reach a total dead end in cryptanalysis, old coins will gradually become recoverable.  This is unlikely to cause problems for genuine savers, because they will be able to spend their way into the new hashing systems as they become available.  But coins that are really and truly lost today will gradually gain new life, as the effort required to recover the keys to them decreases relative to the value of the coins lost.

Again, this assumes that future progress in cryptography and cryptanalysis follows more or less the same progression that it has so far.  It could turn out that SHA256 really has no weaknesses that allow anything but a total brute force attack.  But that doesn't seem likely, and we have plenty of time to figure it out.
bji
member
Activity: 112
Merit: 10

That's why I said that the 20 year rule sound like a great idea to me.  But I can certainly also agree that it comes at a cost - people have to be aware of it and work around it or lose their bitcoins eventually, and also the rule would have to be propogated out into the network (but we'd have 20 years to do that!) - and I can understand the argument that that cost is not worth it for the very small benefit that it brings.


Maybe it would be better as a 100 year rule?  If the goal is to prevent the eventual degredation of the bitcoin market due to lost coins, but people are worried about people losing their savings because they didn't re-up their transaction every 20 years, what about making it 100?  Then on the geologic timescales where this problem matters, the solution is still there, but received bitcoins during any one person's lifetime will not be lost due to this rule (any inheriters of the bitcoins will simply have to transfer them to their own account, which they would probably do anyway).  Of course when people start living significantly longer than 100 years ...
sr. member
Activity: 312
Merit: 250
I like this idea, because I would like to know what coins are lost vs. hoarded and it would compress the block chain slightly.  I dislike this idea for every other reason.
bji
member
Activity: 112
Merit: 10
Because when the ratio is near zero, the number of Bitcoins in circulation is small. It is so small, that some discovered dormant wallet can be huge by comparison, which can have a drastic effect on the wealth of all current users of Bitcoins. There is no way to know what might happen, but it is certain that it could happen. Because it is certain that there is extreme uncertainty when the ratio is near zero, there is little inclination to put faith in Bitcoins.

But conversely, when the ratio is much larger than one, as it is now and as it is in the beginning stages of any protocol that does not allow reclaiming of inactive wallets, then we operate with the knowledge that most coins are not lost, and thus can be put into circulation.

This is not difficult, but it is important to understand.

Shit.  I had a whole reply typed out, but the stupid forums limits the posting rate, and I managed to lose it while going back to try again.

The short version is that I now understand your point.

But I don't necessarily agree that instability is inevitable.  Holders of unusually large wallets from days past will have an incentive not to crash the system.  And as coins are actually lost, the increase in value of the remaining coins will give an incentive for people to recover coins that aren't actually lost, but merely hiding, keeping the ratio of "thought lost" to "actually lost" at a reasonably low level.

So, yes, over time, the loss of coins could cause uncertainty, which could cause instability.  But I don't think that those are inevitable.

Hey I think we're coming to a consensus here!

It all comes down to whether or not you believe that increasing uncertainty over time about the total number of bitcoins in circulation is going to be significant enough to warrant anything being designed into the protocol to fix it.  I do agree with you that in all likelihood, the uncertainty will not be significant during our lifetime, or even our grandchildren's lifetimes, so maybe it's not something worth worry about at all.

On the other hand, I find it intellecually satisfying to have rules built into the system to create the perfect knowledge that there are never any lost bitcoins, only hoarded ones.  And it would give me satisfaction to know that whatever problems that I haven't even thought of yet that would be caused by the increasing uncertainty of lost bitcoins, are not something I have to worry about at all because there is no such problem.

That's why I said that the 20 year rule sound like a great idea to me.  But I can certainly also agree that it comes at a cost - people have to be aware of it and work around it or lose their bitcoins eventually, and also the rule would have to be propogated out into the network (but we'd have 20 years to do that!) - and I can understand the argument that that cost is not worth it for the very small benefit that it brings.
Pages:
Jump to: