Topic: Who here wants to take a big dump on MtGox? (Read 3165 times)

casascius you are right that part of what makes Bitcoin so powerful is that it completely avoids the concept of backing.  And without backing there is no ability to engage in "fractional reserve banking" (aka stealing the backing).  But this is also one of its greatest weaknesses.  The ability to have a secure internet representation of some real-world thing would be extremely valuable.  For example, today there is a lot of friction moving USD (or other currencies) into and out of (or between) the exchanges.  If there were colored coins representing USD and these were accepted by the exchanges this friction would be 0.  But beyond BTC/USD, friction in lots of markets -- commodities for example would be reduced.

I'm not sure the technical details behind e-gold, but it seems to me like what we would have (with colored coins) would be much stronger since AFAIK bitcoin is the first p2p implementation (i.e. I'm assuming e-gold was not p2p).  So the repository does not need to oversee every exchange.  It simply sells colored coins for USD and redeems them but does no exchanging.  But is this legal or would it be considered to be counterfeiting?  It is essentially creating and printing a virtual USD unless you keep a big wad of printed bills in your safe.  Negotiating that issue would be very tricky, for a non-government agency.

Unfortunately for colored coins, those who are willing to take that risk are generally not those who can be trusted with a big vault of backing value...

This.  Casascius brings up some good points.  I would also add that the eGold management embezzled tens of millions over the course of a decade from the trust.  When the govt seized the assets there was insufficient physical gold to pay the balance of user accounts.  Given that in any reserve system it is improbable that all parties will withdraw at the same times it becomes very easy to engage in this type of fraud.  My gut feeling is if users attempted to withdraw 100% of the funds from Liberty Reserve it would likewise fold.  In BTC4Victory example of legal victory what happens when the trustee and the gold are all gone.  He hopped a seaplane to a non-extradition country with $50M in Gold Bullion.  Or even better he sold the gold locally for Bitcoins and hopped on a plane with this brain wallet. 

The largest advantage of Bitcoin is that it enables commerce without a trusted third party (note you still must trust your counterparty).  Any schemes and constructs which must rely on a trusted third party don't need Bitcoin.  If you trust PayPal to always do the right thing (protect your rights as seller/buyer, always give you immediate access to your funds, never succumb to political pressure, etc) then you don't need Bitcoin.   Chaining Bitcoin to some to some cludgy implicit trust system backed by a corrupt and failing legal system is like buying a Quantum Computer to acts as a space heater.

What you are saying essentially amounts to, "Let's set up an e-Gold in the Cayman Islands and offer anonymous accounts, and track balances on a block chain".  The only novelty here is the location, not the technology.

e-Gold worked until they day they got shut down.  The fact that it worked before they got shut down, much the same way you describe, doesn't mean that the scheme we're talking about will work - it will only work until the day somebody with the power to shut it down does so.  Meanwhile, the point of using colored coins and a block chain is to make it so nobody can shut it down.

If the government of the Cayman Islands decides it's illegal, then they confiscate the gold, declare the contracts unenforceable and void, or both.  On the other hand, if their government tolerates it forever, then great - but then you must ask why bother with the colored coins.  Just do a normal banking ledger database like e-Gold did, and like PayPal and Liberty Reserve do now.  The colored coins are no longer of any revolutionary value, they become just another style of an overly complicated database that uses way more electricity than it needs to.

Casascius, I defer to you on the technical coding/software-engineering/cryptography points.  But, as a lawyer-type-guy, I'm focused on the possible legal viability/enforceability of something along these lines, and I'm inclined to think that the legal/enforcement concerns that you are raising -- while hardly trivial -- can be solved.

I agree that the problem is that we need a "legal framework to enforce," say, the convertibility of a colored bitcoin into the underlying ounce of gold.  But there are multiple different ways to achieve that.  And saying "no legal system recognizes colored coins" doesn't really answer the question, as I'm not even exactly sure what we mean when we talk about a legal system "recognizing" some contractual term defining a condition precedent in an otherwise valid legal contract.

To take our fully-reserved gold bank example, where we create a 1000-satoshi colored coin (or 1000 1-satoshi colored coins), with each colored satoshi entitling the holder to bring it in and redeem it for an ounce of gold from the Cayman Islands vault -- for this whole thing to work, we don't need any new legal rule or body of law (whether enacted by statute or "discovered" by common law judges) specific to Bitcoins or the blockchain or PKI or ECDSA; the trick is to come up with some way of creating a structure such that we can, if you will, map the idea of "if I am the owner of 1 colored satoshi, that entitles me to redeem it for one ounce of gold from your vault" onto a straightforward legally-binding obligation on the entity or person who has possession of the 1000 ounces of gold -- which obligation should be enforceable as a matter of contract law or trust law or whatever.

In other words(*), suppose I set up a Caymans Trust to hold the 1000-ounces of gold, for the benefit of some undefined broad class of beneficiaries, and the terms of the Trust Instrument require the Trustee to remove one ounce of gold from the vault and deliver it to anyone who shows up on his doorstep on the first Friday of the month and does [X]** (where X="delivers a certain item or performs a certain action, well-defined by the terms of the Trust Instrument," which in our case would involve transferring the colored satoshi via the blockchain to a Bitcoin address controlled by the Trustee) --

well, then, if on a particular first Friday of a month, somebody ("Greg Goldbug") in fact *does* show up on the Trustee's doorstep and perform [X], the Trustee had certainly damn well *better* respond by going to vault, withdrawing an ounce of gold, and forking it over to Goldbug.  Because if he doesn't, Goldbug is going to step right off the Trustee's doorstep and walk right down the street to the courthouse where he'll have a slam-dunk legal cause of action against the Trustee for breach of fiduciary duty and violating the terms of the Trust.  (And, as with anything, we can spin the game out further, so if you want to ask "well, so what if you get some wig-wearing magistrate to give you another piece of paper (a "court order") telling me I have to follow the instructions of this first piece of paper (the "Trust Instrument") which I've already made clear I'm not going to follow?" -- well, if it comes to that, when Goldbug ultimately prevails in those legal proceedings, and obtains a judgment issued by one of the members of the bench of Her Majesty's Grand Court of the Cayman Islands directing the Trustee to fork over the ounce of gold consistent with his duty as Trustee, he can go back there with sheriff or constable or bailiff whatever they call such persons empowered to enforce court orders in the Cayman Islands (and if he resists? well, it's turtles *almost* all the way down, until eventually you get to the monopoly on the legitimate use of force at the foundation of the Rule of Law).)

(*This is by way of example -- I don't know for sure that this exact structure works, and it would need vetting by experts in Cayman Islands trust law -- but my strong suspicion is that some kind of offshore trust, whether a Caymans STAR Trust or a British Virgin Islands VISTA trust or something similar, is probably the ideal vehicle for a structure along these lines.)

(**Furthermore: I readily acknowledge there may exist certain [X]'s for which a court might refuse, as a matter of public policy, to honor and enforce the terms of the Trust Indenture, just as there are certain contractual terms which a court might refuse to enforce as a matter of public policy (e.g., you and I can enter into a written contract selling you one of my kidneys for $50,000 -- but good luck getting a judge to enforce it in any court in the United States).  So is there a risk that, say, the U.S. Congress could pass a law "outlawing" Bitcoins and prohibiting U.S. federal and state courts from enforcing, e.g., a contract term calling for payment in Bitcoins? Absolutely.  But in my example above, the U.S. Congress could do whatever it wants, but unless the Legislative Assembly of the Cayman Islands passes a similar law, the Cayman Courts are going to expect Trustees of Caymans Trusts to carry out their fiduciary duty to follow the instructions of the Trust Instrument, and all the foot-stamping and tantrum-throwing in the world by Senator Schumer and the other 534 members of the U.S. Congress isn't going to have any impact on the 1:1 convertability of our colored satoshis into troy ounces of gold in the Cayman Islands (and, by extension, their virtual equivalence-in-value on the blockchain).

The problem I speak of can't be thought of in terms of integers.  It's a sociological problem, not a technical one.  I am absolutely certain that the technical aspects are totally solvable and they are simply not an issue.

Zhou Tong was "encouraged" to be honest, but that didn't do any good.  When big money is involved, something has to make somebody be honest.  

When you use the word "contract", you take for granted that there is some sort of legal framework to enforce it.  That's the problem.  Somebody's unenforceable word is good enough for settling a lunch debt.  For most people, it's hardly good for much bigger than that.  If no legal system recognizes colored coins, they're good enough for a bar tab, but for anything bigger, they are as good as a contract written in Klingon on wet toilet paper.

For example, everyone knows I'm honest with Casascius Coins, but they know that more because they believe in good faith I'll get my ass kicked if I'm not, and not because I'm such a good guy.  The more Casascius Coins there are in circulation, the more their total value tends to infinity, the more people legitimately start to wonder whether that's even good enough.

I suppose it helps that I own a brick and mortar business IRL, but ultimately, the only reason that's valuable is that someone could go after that if I were to perpetrate a scam against bitcoiners... because the legal framework in the state I live allows for that.  Even in spite of that, there's a point where people legitimately wonder if I might ever "Zhou Tong" you all... a major part of the reason why I'm trying so hard to promote 2-factor zero-trust physical bitcoins, so they can be standard for all but the smallest denominations, so the idea can scale past the point where it is no longer reasonable to put so much trust in one guy.

Bitcoinica reminded us that we always have to take into account that people's willingness to voluntarily play by the rules only goes so far and at some point, recourse is an absolute necessity, and this is the very same reason that "the backer is encouraged to be honest" just isn't enough.

Casascius I think you underestimate the colored coin concept.
 
Sure there will be the same counterparty risk when a virtual coin stands in for a physical thing as when a piece of paper does so.  So the key component will be to design the backing such that the backer is encouraged to be honest.  This essentially entails charging a fee for the service.  Either when coins are redeemed or ongoing.  For example, that issuer of colored coins with 1000 oz gold in a vault could issue 1% (of the total currently in circulation) more colored coins per year.  This "load" would be part of the contract, not a hidden scam.  Or a transfer fee: all colored coin transactions must also contain an uncolored bitcoin TX to the issuer's address. 

In this way, a P2P bitcoin/USD exchange could be created with almost no overhead and no worse security then bitcoin itself.  Exchanges can occur between individuals who do not trust each other so long as they both trust the colored coin redeemer.  So the exchange is essentially only holding the backing fiat (or PM).  This therefore requires less trust then today's exchanges which need to hold both your fiat and btc.  And it is of course much more secure because redemptions can happen much less often (and therefore with more security checking) then trades.  There's no "exchange" to hack in to, no database listing everybody's balance (outside of the blockchain).  However, I think there would probably be greater risk (temptation) of the exchanger going fractional... but this risk certainly exists in today's exchanges.

But unfortunately the colored-coin is such an ugly hack into the bitcoin network.  It would be better to add a 64 bit integer denominating the currency type to each txn line (or maybe to each public/private key -- and extend a wallet to handle multiple private keys one per currency type), set bitcoin to be currency type 0, and add some kind of "overlay" network where people can create a new currency.  Hmm... this is making me think out loud.  I wonder if the "currency" type could be itself a public/private key allowing a contract describing the "currency" to be signed and all clients to reject any "genesis" transactions that are not signed by that currencies' private key.

Thanks, Mike. I generally that this is reckless at best, if we're talking about an unsecured equity shares in a company which are being offered by some anonymous or pseudonymous person on an anonymous/pseudonymous exchange.  (See, e.g., "Bitcoin Savings and Trust.")

But, I do think it might be possible to create robust legal structures which would allow for the creation of "virtual securities," which could be traded anonymously/pseudonymously in the way we're envisioning, and with a reasonable amount of comfort that there's real and enforceable underlying value at stake, at least in certain circumstances.

For example, suppose I gather 1000 troy ounces of gold, I store it in a vault in some stable and financially- and legally-sophisticated offshore jurisdiction, like the Cayman Islands, and I transfer ownership of the gold to an irrevocable Cayman Islands Trust which I have set up, the beneficial interest in which shall be represented by 1,000 Trust Units.  Furthermore, in the documents of formation of the trust, I instruct the Trustee that -- in the event that someone shows up at the Trustee's offices in Georgetown, Cayman Islands, during regular business hours on the first Friday of any month, and "presents the Trustee with mathematical proof that such person knows the private key associated with a Bitcoin address which is listed on the then-current official book-entry ownership register" as owning some number of Units of the Trust, that the Trustee will withdraw that same number of troy ounces of gold from the vault and deliver them to that individual, and those Units will be regarded as having been redeemed, and that Bitcoin address will be stricken from the official book-entry ownership register of the Trust.

(To do it rigourously, I would certainly want to have the vault and the trust's books and documentation audited routinely by a reputable international accounting firm, and ensure that I've got adequate controls in place to guard against embezzlement by the Trustee, etc.)

In my thought experiment above, I've made it deliberately somewhat difficult for someone to actually exercise their right to "take physical delivery" of the gold in the vault -- but the point is, if I'm fully satisfied that there really is one ounce of gold sitting in that vault in the Caymans for every outstanding Trust Unit being traded, then there ceases to be any need for me to show up on the first Friday of the month to actually trade in my Unit for an actual ounce of gold: In effect, in that scenario, my virtual ownership of a Trust Unit is literally "as good as gold," and I've basically replicated in virtual form (uniquely-associated with a Bitcoin address, and readily-tradeable to anyone else with a Bitcoin Address for BTC on our online exchange) a fully-collateralized gold-backed banknote issued by a full-reserve bank.  Seems like *that* ought to make the Austrian-School types around here happy... 

I believe this could be done even without multisig - just by using the elliptic curve escrow I have been proposing in the recent past.  I'm working on making simple-to-use software to help everyone visualize it, but I'm not quite done with that.

Whether or not such a thing would be functional would be a completely separate obstacle.  I am convinced that Bitcoin works because "it is what it is" without legal recognition, but that using any sort of crypto coin to represent property rights on some asset other than the crypto coin itself - without a legal framework that explicitly recognizes this as valid - is a flawed proposition.  This objection is for sociological, not technological, reasons.

Anonymous owners can't assert any rights against the issuers of whatever they own without giving up their anonymity, nor can they prove with reasonable certainty that they even own what they say they own to any legal standard of proof.  So in my view, anyone accepting an offer to "anonymously" buy any security is about as dumb as giving their money to a known scammer, other than they might get lucky and get it back, with odds so poor that they'd be far better off at a casino.

Casascius (and others):

I've been thinking about this and some related issues for some time, and would be curious to get your thoughts on something.

<< And, full disclosure, my expertise really lies on the legal/regulatory/finance side of things: I'm not a coder and don't have a sophisticated understanding of how the Bitcoin Protocal works at the microscopic level (same is true for public-key cryptography, SSL, ECDSA, SHA256, deterministic wallets, multisignature transactions, etc.) -- although I think I broadly understand (and admire) the concepts underlying Bitcoin at a very-general conceptual level, and can at least throw around enough terms to pretend I understand more than I really do...  >>


My specific question:  At this point in time, would it be possible to set up an online trading exchange for [some virtual asset or assets], with prices denominated in BTC,

(A) which doesn't require a user to create an actual account with the exchange but instead allows him/her to simply "log on" by providing proof-of-ownership of a Bitcoin Address or Wallet (e.g., you initiate a "session" with the exchange by sending a brief introductory handshake-message signed with the Private Key associated with a Bitcoin Address, which the exchange's software verifies against the Public Key and confirms that the BTC-Address in question actually has a positive BTC balance), and

(B) which also -- by using multisignature transactions -- eliminates the need for the exchange itself to ever take possession of any BTC funds (thereby completely eliminating any risk that the exchange could have some portion of its BTC funds hacked or stolen (even if the exchange operators otherwise take prudent measures like keeping as much as possible in offline cold-storage wallet)), with the exchange literally just operating as a platform to bring together willing sellers and buyers and with "settlement" of the BTC funds actually taking place directly between the parties once a match is made?


I realize that's a mouthful, so to make it more concrete:

Let's imagine that someone sets up a new-and-improved "GLBSE Version 2.0," where users can once again trade "shares" in various listed "companies".

The exchange keeps account of (and makes available online) the definitive book-entry register of who owns what # of shares of each listed company.  But, as far as defining such "who" -- the sole item of identifying information for each shareholder would be a Bitcoin Address (or alternatively perhaps the actual Public Key, or perhaps a Root Public Key for a deterministic wallet?).

The exchange also operates as an online order book, where users enter basic buy/sell limit orders, and which applies a basic matching algorithm to execute matched buy/sell orders.

EXAMPLE: Buyer, Bill, would like to acquire shares of Acme Enterprises. So, Bill goes to the website for the exchange and "logs in."  On the exchange, however, there's no need for Bill to create an account or provide personally identifying information -- rather, his UserID is, in effect, his Bitcoin Address (let's call it "1BILLxyz..."); and a message signed with his private key is, in effect, his password.  (I'm envisioning that this could all happen "under the hood," so that having downloaded a simple piece of client-side software, all Bill actually does is click a button saying "begin a trading session" to get on -- but behind the scenes that begins the process of originating a secure connection via HTTPS, and then transmitting the bitcoin address/public key that Bill wants to trade with, along with the message signed with the private key to prove he controls that address).

So Bill hops onto the website, and establishes a new session using his Bitcoin address 1BILLxyz... with the click of a button.  Now he wants to enter an order to buy 10 shares of Acme Enterprises at 5BTC per share.  We want to make sure that he's good for the 50BTC if/when a willing Seller lifts his bid -- but is there an efficient way for him to provide that certainty, other than simply forking over the 50BTC to the exchange?

[HOW IT'S DONE TODAY: i.e., today, the "conventional" way to do this would be for Bill to send some amount of BTC to an address controlled by the exchange, and (purely as a matter of internal accounting by the exchange operators) Bill would have a BTC-account which would be credited with his BTC balance.  Bill could then enter orders so long as his BTC balance was large enough to cover all of his outstanding buy orders.  (Cancelling an unmatched order would free up that portion of the balance.)

[But, operating this way exposes Bill to counterparty risk with the exchange itself (completely separate and distinct from whatever risk he is quite willingly looking to take in making an investment in the underlying share-issuing company): he has really sent his BTC funds to the exchange, and runs the risk that the exchange simply shuts down, keeps his money, and hops on the next charter flight to Pirateat40's private caribbean island getaway.  Or, equally, he risks that the exchange is run by someone who is ethical but incompetent, and stores the hot wallet in an unencrypted file which someone hacks, and the BTCs are gone.]


So, instead: rather than sending 50 BTC to the exchange, I'm envisioning/wondering whether there's a way for Bill to originate and sign a multisignature transaction, or a series of multisignature transactions, which will in essence fund his account for the duration of his trading session, and which will have the following outcomes:

- if Bill terminates his session with the exchange without placing any buy orders, the exchange automatically signs the transaction sending the BTCs back to Bill.

- if Bill places an order, and the order isn't filled, the amount necessary to fund the order if/when matched just stays hanging around as a partially-signed multisig transaction; and if he terminates his trading session after placing an unfilled order which exceeds the amount of his initial funding transaction, he'll get the overage back immediately when he logs off.  (EX: he logs on and transmits a multisig transaction sending 50BTC from his BTC address, places a buy order for 10 shares of ACME at 4BTC/share (for 40BTC total), which isn't yet matched, and leaves the order outstanding and logs off.  In this situation, Bill should get 10BTC back, while the remaining 40BTC stays in partially-signed-transaction suspense as long as the order remains outstanding on the order book).

- if/when the order is filled by a Seller who owns shares of Acme (lets call her "Sally,"* identified to the exchange only by her BTC address 1SALLYabc...), then two things happen: (1) the exchange signs the multisignature transaction in such a way that the sales proceeds go to Sally's BTC address, and (2) the exchange updates the master ownership registry for Acme Enterprises, to reflect that Sally now owns 10 fewer shares than she used to and Bill owns 10 more shares than he used to, because Sally sold those 10 shares to Bill.

(*And note that, for Sally, looking to sell shares of Acme, the logon process was exactly the same as for Bill, except that if she only wants to sell and not buy then she didn't need to transmit a a partially-signed transaction to the network to fund anything; once she established herself as the real owner of address 1SALLYabc..., the exchange software can see that she owns (say) 35 shares of Acme Enterprises, so she will be permitted to enter sell order(s) for up to 35 shares into the order book.)


It's the above critical "decision-tree" piece which I'm fuzzy about, because I'm not sure whether this is doable with multisignature transactions.  But if it can be done, then it seems to me that this could be huge: nation-states' central banks and securities regulators could jump up and down and scream and shout all they want about AML/KYC and securities fraud and unlicensed money transmission and whatever else they want to -- but other than the software and a data file showing ownership of shares by BTC address, there's nothing for them to go after or seize if they wanted to try to shut it down: there's not even so much as a pool of BTC funds (or any other form of assets, whether fiat money or otherwise) at the exchange, because the BTC funds are really literally traveling straight from share-buyers to share-sellers.  And if they want to go after buyers and sellers of shares on the exchange, well, all they have to go on is a BTC address.

Seems like this might be a useful path forward...?

I'm with casascius. If you want to dump 500 BTC or more, let me know. I can provide gold or cash in person if you are willing to meet in the Zurich area.

Btw: I'm thinking about setting up a BTC ETF (similar to the countless gold ETFs that already exist), thereby making BTC tradable on traditional stock exchanges. That would open the gates for tons of investor's funds.

http://www.bloodygoodhorror.com/bgh/files/reviews/caps/vampires-kiss.jpg

It was an intended pun.

I'm not convinced. Even if some of the demand is latent, there's still a lot of depth. Selling 500 BTC would cause about 0.4% slippage, which is not as bad as the trouble of finding OTC buyers.

Exchanges exist for a reason and that reason isn't going away any time soon.

I though you meant the act of physically excreting excrement all over mt gox.  I was like?  What the hell? Doesn't everyone?

In my opinion, there are MILLIONS of dollars out there that would eagerly wait on the sidelines to scoop up a good deal on BTC, but whose owners wouldn't trust leaving them in an exchange to wait for somebody's dump to happen.  We look at the bids on the MtGox orderbook and pretend this is the true world demand for bitcoins.  LOL is what I think, hence why I am buying up coins.

Those millions of dollars can and will enter the bitcoin economy if people could do their dumps directly to the people waiting to buy them.

The critical elements needed are:
1 - a trusted escrow agent and escrow scheme
2 - a way to pull the trigger (so there is a well-defined and irreversible moment when a deal transitions from not-having-occurred to occurred)
3 - recourse against those who do not fulfill their ends of deals.

I believe the answers to those are:
1 - tools I am providing (escrow tools based on EC multiplication)
2 - using the sending of bitcoins to a signed and published address as a sentinel that a transaction has been executed
3 - having all transactions executed by sending either the bitcoins (if it's a BTC-sell) or an earnest money deposit (if it's a BTC buy) to the escrow address, so the burden is always on the other party to send their fiat as promised or else lose their bitcoins.

I've honestly been waiting for something like this.  I think "currency" exchanges like MtGox are dinosaurs who'll find it hard to survive in the long term as more options for buying and selling Bitcoins become available and speculating on BTC price can be done on general "stock" type exchanges.  MtGox needs to re-invent itself.  It was very necessary to the infant Bitcoin economy, but it's no longer sufficient.

Who here wants to take a big dump on MtGox?

If you'd rather receive a same day US bank wire for your dump, contact me first.  I'm in the mood for buying up coins.  500+ BTC only please.  PGP key is at https://casascius.com/pgp.txt .  I can also pay with gold.