Topic: Are off-chain transactions necessary to keep Bitcoin unbroken? (Read 2594 times)

Peter, how does this proof of ownership work. Does it require the wallet to disclose all the addresses that they own so that people can check?

I suggested something like that last year. Apparently, that idea has been around and discussed several times. Bitcoin doesn't work that way, and I get it now. Merging addresses means sending all your coins (gathering all unspent outputs) and sending it all to another address or into one specific address.

Not many people are going to do that. And you can't ask them to. They will do it on their own, but they don't need to for amounts larger than 1 bitcoin-day.

Internal accounting systems, irrespective of the currency, have no need to be on the blockchain anyway.
If 'size' is a worry, then the ability to merge addresses within the same wallet, and to discard addresses and more importantly have a point-in-time-balance would solve the chainsize issue and download time.

He wanted to give future generations something to argue about on Bitcointalk, and figured some archeological blocksize ambiguity was just the ticket.  And if you record his whitepaper onto vinyl and play it backwards, it's also revealed that he planted the Tecaxic-Calixtlahuaca head in Toluca.

32MiB, and the way that limit was implemented suggests it was an accident that it even existed and he hadn't thought through the implications at the time.

Rule of thumb: believe it or not, Satoshi was just a smart guy like you or I, he was far from infallible.

So why did he start it out at 16 MB?

Yet more evidence that Satoshi comes from the future and the 1MB hard limit might actually be an optimal number

And circa 2040 we'll all be proactively soliciting gambling services to please use the blockchain as a notification mechanism.

Don't forget that because Bitcoin is based on cryptography, you can audit that Bitcoin bank and prove they, for instance, hold funds they claim they do, whereas in the real world you just can't get absolute, mathematical proof.

inputs.io, for example, have told me they are planning on implementing proof-of-ownership soon. Essentially that means they will prove to their customers that the funds held by them on their behalf really are backed 100% by coins on the blockchain. Of course, that doesn't stop them from taking the funds, but it means if they do they will be quickly caught. In the future mechanisms can be implemented like fidelity bonds and trusted hardware that make even stealing the money unprofitable - much like Bitcoin itself is designed so that miners have economic incentives to "mine honestly"

FWIW I keep a few BTC worth of "day-to-day" spending money at inputs.io, as well as easywallet, even without any auditing. To me the privacy is worth the risk of the funds getting stolen. (I lost about $100 worth at instawallet)

mind = blown

+1   this will become relevant in the future.

Two years ago, I speculated on the legal ramificiations of running a mining pool -- that is, being the one who selects the coinbase payouts, and in turn, transmits a bunch of bitcoins to a bunch of others.  Solo miners have one level of risk (coinbase payouts), and mining pools have an additional level of risk (coinbase payouts + miner payouts).

I wouldn't be surprised if mining pools in the US required KYC/AML verification.

The best argument can be made for the end-of-line miners.  They do not control the coinbase nor payouts, and the best case may be made for them as providing a computing service, in exchange for bitcoins.

I think this is an important distinction.  While the term miner is casually used if you are a worker for a traditional mining pool you really are a contracted provider of computing power, nothing more.  You provide x units of computing power and in return the pool provides you a contracted reward (based on pools reward method). 

Using the term "miner" to refer to both those creating the coinbase tx (and rest of block structure) and those who merely attempt to find a solution to that problem is vague at best.  This may have implications beyond just network security.  FinCEN's guidance on miners (as illogical as it may be) puts a distinction on the entity "creating" currency units.  A legal argument could be made that Satoshi created all the currency units and miners (true miners, pools, solominers, p2pool members) are merely being rewarded them for block completion.  However even if that argument fails it would seem that pool workers wouldn't be creating currency units regardless.

Practically none of those parties are miners from the perspective of the Bitcoin system: They're people selling computing power to big far away miners in exchange for Bitcoin. They don't participate in the consensus, they don't validate blocks, they don't select transactions. They are miners in a similar sense that AMD is a miner, although they do have the ability to pick which of several masters they serve, they only do so relatively slowly.

Some existing off-chain transactions now:

1. All bitcoin exchanges: mtgox, bitstamp, btc-e, etc.
2. Some gambling websites that allow transfer of coins to other gamblers, chips, tokens, etc. (poker, dice, casinos, etc.)
3. Some online web based wallets: inputs, blockchain?, etc.
4. Investments on bitcoin securities exchanges: bitfunder, btc.co, etc.
5. Shared wallets.
6. TOR hosted hidden services: Silk Road? (I've never used it but I'm guessing you can create accounts that store bitcoins?)

Just to give you an idea.

Also, bitcoin mining, while large percentages are among 3 or 4 big players, there are thousands of little people running USB mini miners, and thousands more running GPU rigs until today. It's as decentralized as it gets.

Off-chain by itself doesn't automatically mean an intermediary or an intermediary with any specific coercion exposure (e.g. it may some quorum system reachable via anonymity networks, or something else entirely).

Though you also have to be careful what you're comparing alternatives to: To the best of my knowledge most Bitcoin (the payment network) users use a webwallet service which doesn't even have SPV security, they use centralized exchanges, they have only about 3500 public listening full nodes in total which meet the DNS seeds standards for good performance/availability, and a majority of hashing power is under the control of approximately three to four people.  Bitcoin decentralization will never be cheaper than it is today, and yet it's arguably not an ideal of decentralization even now, so the trust gap to even trust-based off chain systems may be sadly smaller than you assume— especially if your comparison point is a world where most transactions are on chain and thus the cost of running a full node is much higher.

Also, the problems with intermediary-based systems that Satoshi mentions in the whitepaper aren't just, or even mainly, about not trusting the intermediary. The really big issue - and the reason why payments on the internet still suck - is that the intermediary can be regulated and/or litigated against. Hence:
 

http://bitcoin.org/bitcoin.pdf

See also: CoinWitness for an idea how many kinds of external system to be bound into Bitcoin in a more zero-trust way.

One interesting challenge is— given all these super snazzy external systems (which will exist whether we like them or not!) what will keep demand for blockchain space up high enough that transaction fees are great enough to actually support adequate POW security?

no matter what adaptations we make to bitcoin in the future small transactions will have to be handled off chain and i really dont think there is anything wrong with that at all. one just hopes that ordinary people will always be able to afford to purchase space on the blockchain for larger transactions.

it is also possible that great decentralized (albeit less decentralized than the block chain) trust free (mostly) solutions can be built ontop of the existing infrastructure that can use the blockchain for clearing. see posts about ot federated chaum banks. if these sorts of services come into existence and really work well than perhaps bitcoin could stay at 7tps for ever and this would never negatively impact any of us in any significant way.

I think Petertodd actually had proposed that they actually be equal to the sum of deposits, and have this enforced in software.  Though it's far from clear to me that this is necessary to go that far, esp if the funds are controlled by an N-of-M multisig.

I think a point you're missing here is parties that have a degree of trust are already ubiquitous in the Bitcoin ecosystem, even where they could be trivially avoided— e.g. no one does in-chain escrow, instead they deposit funds to trusted escrow.  ... And also that the overwhelming bulk of transactions are small, the economic impact of a long con talking your daily lunch money for the next month isn't that substantial.  I don't think anyone suggests that offchain systems are a complete replacement for Bitcoin transactions.

Some neat ideas there, but I don't think it really solves the fundamental trust problem:
- A third party who can sign transactions on your behalf can seize your funds.
- If you can't spend without a third party's participation, they can freeze your funds.

That's always true. You can't get around it. Trusted computing/hardware just changes who the third party(ies) is/are to some extent. And just because I know that a service is running a specific piece of code doesn't mean I've audited that code against key leakage and other backdoors disguised as bugs.

Fraud proofs only work against someone who wants to target specific users out of their entire base. It won't work against what we've already seen happening with off-chain services, which is wholesale service shutdown and funds seizure.

Fidelity bonds just increase the cost of setting up a trusted service, but any fraudulent wallet service is already going to be a long con, just to maximize the amount it rakes in. The bonds will realistically always be a tiny fraction of total deposits, and so they don't really change the incentive structure.

I think the popularity of blockchain.info relative to other web wallets demonstrate that, at least to the early adopters, funds that cannot be stolen or frozen are a desired quality.

Global blockchains have bad scalability. It turns out computers are @#$@# fast these days, so bad can take you pretty far.  But fundamentally having to communicate your transactions _with the whole world_  puts upper bounds on the kinds of stuff you can do and how cheap you can do it for. If nothing else, the speed of light putts upper bounds on what you can do which can never be resolved even with infinite bandwidth and infinitely fast computers and infinite storage.

Bitcoin transactions are laudably small (though we'll see how laudably small they are in the future with cryptographic upgrades), indeed. But you know whats smaller than 100 bytes (about the minimum size of a transaction)?  Zero bytes. Zero bytes are infinitely smaller than 100 bytes.  Zero bytes is the amount of data you need to communicate globally for a transaction in a series which can be collapsed externally. Zero is the risk to your privacy of a transaction which is not known to the outside world. Zero is the power of third party agents to censor activity they cannot prove exists. Not all transactions can be made to have zero global impact, but some can, and so some should be.

Off-chain transactions exist today and they will always exist. The only question is how good they are, how well they integrate and interop, and how much we use them. A decentralized global block chain is a tremendous and useful thing, but its strengths necessarily imply some weaknesses.  By using multiple solutions we can have the best of all of them. Not accepting and embracing off-chain solutions means that the one which do exist will be less secure, more centralized, and less interoperable but they will still be widely used.

If you try to force Bitcoin to be good at things it is fundamentally not good at you risk making it bad at everything. You risk introducing centralization which would make Bitcoin worthless to the world. Good engineering solutions tend to be middle of the road compromises, not trying to force one tool onto all cases.