Been following this paper and the press resulting from it with interest...
And yet, am I incorrect in thinking the central thrust of the study is incorrect for the simple fact that most change goes to new addresses which are, by definition, unspent? This means that at any time, most coins will sit in "unspent" accounts, thereby appearing as though they are savings, when in reality they are just sitting there until they are spent normally.
Am I missing something or is this an absurd fatal flaw in their reasoning?
I believe you are correct, but I don't think it matters much. They say 60% of coins haven't moved in 3 months; those can safely be considered some kind of savings. So the actual amount of savings would be somewhere between 60% and 78%.
FWIW, I contacted them saying this (trimming opening and closing words):
1. The paper does not mention the concept of "change" (
https://en.bitcoin.it/wiki/Change), and some of the comments imply the authors do not recognize its role in the transaction graph. When outputs are spent in a transaction they must be spent entirely; if there is more value in the output than the amount one wishes to send, if he wants to keep the rest he must send it to an address of his, known as a change address. The widely used clients use a newly generated address for change as an anonymity feature; but for the typical user it is not a deliberate attempt to do anything, it is just what happens by default. This clearly explains the "long chains" behavior.
2. The paper seems to conflate the blockchain, a database replicated on every node on the network by broadcasting blocks to peers on the network, and individual efforts to make the data easily accessible, such as blockexplorer.com and blockchain.info. The blockchain itself does not of course have HTML pages or what can be considered "hyperlinks". It may be the case that scraping those public service sites is easier than parsing the arcane database format of the blockchain, but this needs to be specified explicitly, otherwise the focus on HTML looks bizarre.
3. It is generally accepted that currency amounts in Bitcoin aren't capitalized, just like "dollar" isn't. The creator of Bitcoin is Satoshi, but the smallest Bitcoin denomination is a satoshi; I can have bitcoins or send 3.7 bitcoins, and the value of a bitcoin is $12; this happens in the Bitcoin system following the Bitcoin protocol with Bitcoin software, and Bitcoin is invaluable. This mistake occurs several times in the paper.
4. You state that 7M bitcoins are in savings account, but it is not completely clear what you characterize as such. It looks like an address which has never sent coins is considered savings; that is a poor characterization, for if everyone follows the guideline of not reusing addresses, 100% of coins at all times will be in address which have never sent, regardless of how widely bitcoins are circulated. A better candidate would be an address which has never sent
and has received some coins as early as, say, 2 months ago.
5. The infamous statement that "A very important feature of the Bitcoin network is that a transaction involving multiple sending addresses can only be carried out by the common owner of all those addresses".
a. You mention quoting an official policy to that effect. I would like to ask for a reference, as I know of no such policy and cannot imagine one.
b. Technically, for an input to be valid its script needs to be satisfied, usually by providing a signature for the transaction which matches the public key referenced by the input. Regardless of any current implementation details, the signatures can be independent, there is no need for the owners to be one or to share their keys.
c. The Bitcoin protocol supports more than just "moving coins from point A to point B" transactions. A glimpse of some of the potential applications can be seen at
https://en.bitcoin.it/wiki/Contracts. Some of them crucially rely on this ability to have multiple owners constructing a transaction together. In this sense, it actually is a very important feature of the Bitcoin network that multiple inputs do
not need to share an owner.
d. In fact, one such application is p2p mixing, of the kind I discussed at
https://bitcointalksearch.org/topic/using-mixing-transactions-to-improve-anonymity-54266. These intentionally make it harder to use the transaction graph to deanonymize users.
e. In practice, most transactions on the network are simple transactions where multiple outputs of the same owner are merged, and advanced applications are not in wide use (if at all). Deducing that co-used addresses have a mutual owner is a reasonable assumption to make; but it is an assumption, it needs to be specified explicitly, and references to it being necessitated should be removed. Furthermore, this assumption - and any analysis dependent on it - will become increasingly less reasonable as advanced application find wider use.
