A review of the features of decentralized crypto-currencies from a privacy perspective. Do Bitcoin, Litecoin, and other crypto-coin systems truly have the potential to become ubiquitous digital cash, and what would be some of the implications if they did?
Note: this article will not attempt to explain what Bitcoin is or how it works. Please see bitcoin.org if you are looking for such information. It is written for those already familiar with Bitcoin and so-called alt-coins.
A New Paradigm?
Bitcoin has now been in the public domain for nearly five years. While it's true that only when the new becomes the old do thoughts and actions reveal their importance, it cannot be disputed that Satoshi's whitepaper and working prototype have exerted a profound influence on developments in the field of electronic currency and payment systems. Today we see VCs from Fred Wilson to the Winklevoss brothers falling over one another to get positioned in the space. Startups have no difficulty getting funding, even if they restrict themselves to accepting only bitcoin payments. Mastercoin reputedly earned its founders a 20x bump in 90 days, and rumor has it that Ethereum already has pledges of between US $30 and $100 million before its venture funding offering has even begun. Even too-big-to-jail banks like Wells Fargo are asking themselves "What is our Bitcoin strategy?" Financial regulators, U.S. senators, and various government supremacists in other quarters are asking the same question.
In the midst of all of this hype and scrambling hyperactivity, it seems like a good time to zoom out and take a look at Bitcoin from a wider perspective, as a step in the ongoing evolution of payment systems in general, particularly with regard to the prospects for increasing or decreasing financial privacy. I freely admit to a clear situational bias in this area, in that I perceive privacy in financial transactions to be a right, to be necessary, and as a social good; while I perceive government surveillance of monetary transactions to be a tyrannical overreach, and an unalloyed evil equal to anything disclosed by Edward Snowden. In the supposed "new civil war" emerging in the online currency space (it isn't new, nor did it begin with Bitcoin), let there be no doubt about the author falling squarely into the "ultra-libertarian" camp. With this caveat, let's proceed to examine some aspects of the protocol that underpins Bitcoin and its alt-coin derivatives.
Defects of a Decentralized Protocol
Among crypto-coin enthusiasts it's generally taken as an article of religious faith that decentralized = good while centralized = bad. Even if this simplistic canard is entirely true, a decentralized issuance and clearing protocol inherently possesses a few structural defects. Among these are:
- To process any transaction you must process all transactions.
- The transaction ledger must be public.
- The clearing mechanism limits speed and throughput.
- Consensus reality replaces objective reality.
Let us examine each of these topics in turn.
While any transaction processor such as a bank or a credit card company processes many transactions on behalf of its customers, it would be a natural assumption that a wallet client belonging to an individual customer would need to process (or even get to see) only those transactions which relate to that particular customer. However with a block chain currency this is not the case. Since there exists no centralized authority which clears transactions, every active client must receive a copy of every transaction. While the overwhelming probability is that some mining guild with a tremendous amount of hashing power will claim the confirmation fee offered by a payer, even clients that are not engaged in mining at all must nevertheless download the entire block chain, from the Genesis block to the present moment, before they can perform a spend of so much as a Satoshi (0.00000001 BTC).
Think about that for a moment. This is essentially saying that in order to make a payment in a block chain currency, you must first have knowledge of every payment that has ever been made using that currency. This is fundamentally insane. Already the initial download of the Bitcoin block chain takes the better part of a day on typical desktop or laptop computers, and (owing to size) is completely beyond the storage capabilities of most smartphones (for now). This explains the widespread practice of storing one's bitcoins on a server in the cloud and then using a thin client (usually in a browser) to access them. (Which in turn explains the prevalence of hacks directed against such servers.) While storage, processing power, and bandwidth will continue to improve in accordance with Moore's Law, we still have to ask:
- How big would the block chain become if Bitcoin really were a commonly used currency, instead of a relative curiosity used mainly as a vehicle for speculation and niche market applications like online gambling or the Silk Road?
- What is the sense in a decentralized, trust-free system if in order to use it you have to centralize the coins and trust somebody else to store and transmit them?
The answers are obvious. If Bitcoin actually stood in the place of, say the US dollar (which some evangelists actually expect BTC to kill off), the block chain would become so enormous, and transactions would occur so rapidly, that only mega-mining conglomerates with millions of dollars of installed hardware would be capable of modulating the data. Everyone else would perforce be on a thin client accessing pooled coins stored in accounts managed by those large providers. End user accounts would be "managed" according to rules and policies dictated by providers, or by the authorities in their operating jurisdiction(s). Thus we see that the "decentralized" currency leads inexorably to effective centralization just as soon as the proliferation of transactions goes nuclear.
The Zero Privacy Alternative
Because a block chain currency needs to distribute its public ledger, transactional privacy is impossible by definition. Pseudonymity is possible, but not anonymity. And your pseudonym (wallet hash) only remains so to the extent that it is never associated with your real identity by any other means — ever! In the world of commercial activity, there are certainly instances where recording transactions publicly is desirable, indeed essential: deeds of trust to real property, mortgages, liens, vehicle titles, etc. But to force every transaction to be published, with absolutely no mechanism for opting out, seems a trifle excessive — to put it mildly.
It is often asserted that Bitcoin constitutes a form of digital cash, or is closely akin to one. This is however a very strained analogy. When you walk into a store and place physical cash on the counter, the checker rings up your sale and hands you your purchase and a receipt. The receipt typically shows the name and address of the store, the time and date, a list of what you purchased, and the total paid. Nobody but you and the store know about the purchase. But if you pay with bitcoins, everyone else in the store also gets a copy of your receipt (albeit without the notations detailing what you bought). Not only that, but everyone who has ever shopped in that store with bitcoins gets a copy, and everyone who ever will shop there with bitcoins likewise gets a copy. Yet this is supposed to be a "private" payment mechanism, beloved of privacy advocates and crypto-anarchists?
Any payment vehicle which lays claim to being "digital cash" needs to implement the most salient characteristics of actual physical cash: that it is anonymous, fungible, and untraceable. One $20 bill is the same as another, and there's no direct way to tell who's wallet or cash register it's been in previously. Block chain currencies do not meet this basic criteria, unless "off-chain" transactions are used. While coin laundries serve to address the symptom, adjustments to the Bitcoin protocol have been proposed to address the cause, such as Zerocoin, and even at least one entire Bitcoin 2.0 protocol.
These suggestions have generally not been well received. Indeed, the majority in the Bitcoin community today, and especially those in control of firms in which large amounts of money have been invested, seem to be of the opinion that anything to do with anonymity hurts Bitcoin's image, and thus privacy concerns should be placed firmly in the rear-view mirror. Many seem to feel that regulation and taxation of crypto-currencies will mysteriously confer "legitimacy" upon them. The recent (29th Jan.) dismissive comments of Barry Silbert, of Bitcoin Investment Trust, are typical:
"There are certainly a handful of folks that are hardcore libertarians (some anarchists) that believe that bitcoin should be completely unregulated, but I believe they are in the minority and, as a percentage of bitcoin believers, is shrinking very quickly. I respect their viewpoint, but unfortunately, don’t see how there [sic] vision is viable in today’s society."
In rebuttal I can only say that there's way more than a handful of folks who care about privacy, and that I don't see how a currency taken over by state-worshiping compliance drones and made fully transparent is going to do anything to improve the lot of the 99%, or contribute anything to the development of a freer global economy. The existing financial system constitutes a grotesque hybrid of the Milgram experiments together with Stockholm Syndrome, and rebooting it onto crypto-currencies will not improve matters.
Speed Limit 7 TPS, Do Not Pass Go Without Collecting 6 Confirmations
Due to the hard-coded limit on the size of a block, coupled with the approximate 10 minute interval between new blocks being mined, there is an effective limit to the number of concurrent transactions which the Bitcoin network can process. This has been calculated at roughly seven transactions per second (TPS). This refers to sustained throughput naturally; momentary burst rates could be higher. By comparison, Lady Visa and Master Card claim to be able to handle hundreds of thousands per second, perhaps even a million. This is likely an exaggeration, but in any event it clearly beats the hell out of Bitcoin's capacity of roughly 600k payments per day, despite the fact that the total computational power associated with the Bitcoin network is undoubtedly much greater than the credit card companies' at this point. So we have to ask:
- What would happen if Bitcoin really did replace plastic cards as the way the world shops?
The only way that this could work is if most of the transactions were, again, done off the block chain. This suggests centralization of payments through large processors, which were then netted out via end-of-day settlements among the off-chain processors. In this model, actual payments on the block chain would resemble the armored cars shuttling net settlements in gold between bullion banks in Zurich. Which should lead us to wonder:
- What good is a distributed block chain, if in order to use it for a large number of transactions, it has to become concentrated and essentially ceases to be distributed?
Again we see wide usage of Bitcoin leading to a situation where the touted benefits of the system have to be negated in order to service demand. It has been predicted that if Bitcoin is going to survive, it will do so only as a transparent, much more expensive payment mechanism operated by large financial institutions. Unfortunately this is not just a fantasy dreamed up by bankers and state-facing lawyers. The implications of the protocol itself point toward this destination.
A related issue is the need for confirmations. Again because there is no central clearing mechanism, in order to prevent double-spending one has to await confirmations by miners. Somewhere between two and six confirmations are generally deemed sufficient. (Only one is not, because it could conceivably be faked by an attacker.) At one block every 10 minutes, this requires roughly 20-60 minutes. During this time the payment is in clearance limbo. The idea that this kind of delay before a merchant can verify a customer's payment is somehow acceptable is completely absurd. (Imagine taking an hour to use a credit or debit card!) The "solution" widely adopted is for the merchant to utilize a payment gateway service such as Coinbase or BitPay to process the customer's incoming bitcoin spend. The merchant gets provisional credit as soon as the payment is seen, and the gateway handles the confirmation processing in the background. If anything goes awry later, the processor simply charges the transaction back to the merchant. This resembles the way credit card charges are authorized first and actually settled between banks a day or two later. (It also potentially converts an irreversible spend into a "soft" or reversible one.)
This however is a kludge that works around the underlying problem with a decentralized clearing mechanism — by effectively centralizing it around some number of merchant service providers. Any "naked" merchant not hooked up to one of these companies still has to either wait it out or trust their customer. Note that for point-of-sale merchants without merchant accounts who deal in cash, this is not a problem — cash is easy to trust. By this measure also, Bitcoin fails to qualify as a digital form of cash, simply because it isn't truly instant.
Another problem endemic to the protocol is that when a payment is outstanding (unconfirmed) in a particular block, all of the coins which are part of that same block are temporarily log-jammed behind the confirmation of the open transaction. Bitcoins were originally mined in blocks of 50, then 25, then 12.5, and so on, with block size changes pre-determined by the calendar. As Bitcoin becomes more widely used, and especially given that many coins (including entire blocks) do not circulate actively due to hoarding or lost wallets, it is inevitable that multiple concurrent transactions will ever more frequently occur involving coins, or fragments of coins, which are part of the same block. These transactions have to be settled (confirmed) serially rather than in parallel. In effect this means that the 7 TPS figure is a best-case value, which assumes that spends are being made in independent blocks that do not depend on one another. Coinbase handles this issue through clever tradecraft, by dividing its stored coins into separate input and output pools, so that for example one merchant's incoming payment will not tie up another client's withdrawal request.
This kind of solution again points us in the direction of centralized processors handling all or most of the transactions, probably off-chain wherever possible. Basically, the success of Bitcoin as a global payment system will necessarily subvert its "decentralized" nature down the road. Nothing like getting mugged by your own success. That which is decentralized succeeds only by becoming centralized. Or as Andre Gide famously put it, "It is better to be hated for what you are, than to be loved for what you are not."
Reality Is What We Say It Is!
In the universe of payment systems, the atoms of reality are coins and payments. Assertion: wallet A transferred X coins to wallet B. True or false? One would logically expect that reason and evidence (or inputs and algorithms) would provide us with our answer, with repeatable results. In the world of block chain currencies, however, objective reality does not truly exist!
Instead, reality is determined by consensus agreement. (Sounds kinda like government, doesn't it?) If 50%+ of the hashing power on the network says that a payment took place, then it did. If the majority says it didn't, then it didn't. At that point what anybody else really did or did not do ceases to matter. This is the essence of the dreaded "51% attack." The Bitcoin protocol has a certain distinctly communitarian socialist or populist flavor to it, and from its earliest days was eagerly marketed as an antidote to central banking. As in lo, the People were now creating money, not the Man. Goodness knows the evils of central banking are legion. But this is not a philosophical excuse for implementing the tyranny of the majority instead, especially when absolutely no rights are reserved for the minority.
So far there has never been a "51% attack" on Bitcoin, or even (to my knowledge) on any alt-coins. There have been at least two occasions when mining pools have broken the 40% mark and caused some consternation. (You can view the current stats here.) This consternation evoked solemn pledges not to push over the threshold, on the grounds that it would be bad for the Bitcoin community as a whole. While that may be true, it wouldn't necessarily be bad for the mining conglomerate which achieved the breakthrough — provided it could sustain its majority. That might not be too hard, considering that miners in other pools could then face an immediate choice: join the majority and continue making money, or else discover that none of their newly mined blocks or confirmations would wind up on the longest (i.e. definitive) fork of the block chain, except by grace of the majority pool. This implies that if the 51% group wanted to play hardball, everybody else's revenue could go to zero overnight. Join us or you're out! All the way out.
But surely, nobody working in the space would ever want to do something like that, right? Maybe not, but what happens when somebody with motive, unlimited money and very limited conscience, buys their way into a pool, or forms their own, and then deploys some immense quantity of ASIC mining hardware overnight? Like a consortium of big banks, for example? Any too-big-to-fail/jail bank could borrow a $billion at no interest, if that's what it takes, order mining rigs from a defense contractor who would keep the order secret, and muscle their way in anywhere and anytime they like. Given the current tenor of the industry, most people and companies active in the space would probably welcome the big boys into the game, figuring that this demonstrated Bitcoin had truly arrived. Of course they might live to regret the size of the camel whose nose they let poke into the tent, but by then it would be too late. Bitcoin would indeed be operated and controlled by large financial institutions.
Perhaps this will never occur (hopefully not), but it's the sort of danger one faces when group consensus is allowed to dictate reality. By analogy, once morality consists solely of obedience to the law, then all that is necessary to destroy morality completely is for corrupt leaders to gain control of the law. The truly corrupt are of course those most likely to attempt such a feat. Which is why I consider it at least possible that the most corrupt in the modern financial arena (commercial banks and large established payment systems) will make an attempt to gain control of Bitcoin, or perhaps a suitable alt-coin, or else foster their own alt-coin variant which will operate with complete government sanction. That "Govcoin" would feature no privacy at all, naturally, while dealing in all other crypto-currencies would be made illegal.
Am I being a cynic? Perhaps. But the savings and loan industry got stomped on in the '80s, when it was cutting too deeply into the commercial banks' mortgage business. The offshore banking industry got stomped on in the '90s. The digital gold industry got stomped on in the '00s. It certainly wouldn't surprise me if some big guns went after crypto-currencies in the '10s. And while Bitcoin might be the hardest of those nuts to crack, it already has quite a lot of name recognition, which has to make capture look much more attractive than replacement.
In any event, I find it curious that more people are not philosophically offended by a currency protocol which denies independent reality. Even Stefan Molyneux, an actual rationalist philosopher who's a big supporter of Bitcoin, hasn't explicitly addressed this issue.
Bitcoin continues to grow and evolve, and we need to remember that technically speaking it's still in beta test. So perhaps ongoing problems like transaction malleability and conflicted transactions ought not to surprise us. What seems to me greater cause for concern are the ways in which the very success of Bitcoin, in attracting users, investment, media attention, innovation, and creative talent, is actually working against its value as an agorist tool for freer markets. Some of this is due to the fact that Bitcoin is trying to be both a currency and a payment system, under the same roof as it were, when these are two logically separate functions that should never be conflated. Some of it is due to the statist bent of many of the recent converts and investors. (The last Bitcoin conference I attended seemed to be about half geeks, and half lawyers and VCs.) Unfortunately, some of it is also due to defects inherent in the decentralized nature of the protocol, which ironically result in the network needing to be centralized in certain ways in order to function adequately.
These centralizing changes, since they appear more or less inevitable, can exert force either in a pro-privacy or an anti-privacy direction. While it's clear which direction anything that big business or big government wants will push, off-chain transactions can also be used to increase user privacy. This is what we're all about with Silent Bitcoin here at SilentVault.