This is a surprisingly good analysis that strengthens the argument that a Government agency created Bitcoin (Much like what Paul Graham suggested)<p>The main point is the same one that PG brought up, that the transaction graph is very easy to follow and if the gatekeepers are compromised then most of transactions become transparent.<p>A novel point they make is that some group (probably the creators of Bitcoin) control 25% of the money supply. I have not read the paper yet so cannot comment but I was under the impression 95% of Satoshi's coins have never moved since being mined. (If he does control them at all) Of course if they do control 25% of all the circulated Bitcoins this would forever stunt its growth as that actor would always be far too powerful.<p>Whilst I do not believe a Government created Bitcoin I welcome these articles that counter my own views. This also re-emphasizes the work that needs to go into coinjoin or zerocoin implementations as soon as possible. Also we need to seriously fix the 7 tx/sec limit.
<i>Bitcoin is at least one order of magnitude more complex than Tarsnap, or the crypto used in v1 of the Amazon AWS API. We should have seen far more bugs of varying severities if it was a one man band.</i><p>Is there any actual analysis to support the claim that it is an order of magnitude more complex than AWS crypto or Tarsnap?<p>There have been numerous vulnerabilities in the software implementation[1], and there has been (arguably) at least two bug in the algorithm[2][3].<p>I'd note that both the AWS & Tarsnap problems were implementation bugs, not algorithmic problems. That is a much better record than both the Bittorrent implementation and algorithmic record.<p>That's impressive, but doesn't seem superhuman.<p>Bittorrent (which was the work of one person AFAIK), for example has had no real algorithmic changes to the core protocol since it was released[4], and it is <i>much</i> more widely used than Bitcoin. (Yes, I know about trackerless .torrents, but that's more the discovery mechanism than the core transport algorithm).<p>[1] <a href="https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures" rel="nofollow">https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposu...</a><p>[2] <a href="http://sourceforge.net/p/bitcoin/mailman/message/25954806/" rel="nofollow">http://sourceforge.net/p/bitcoin/mailman/message/25954806/</a>, <a href="https://bitcointalk.org/index.php?topic=822.msg9503#msg9503" rel="nofollow">https://bitcointalk.org/index.php?topic=822.msg9503#msg9503</a><p>[3] <a href="http://en.wikipedia.org/wiki/Bitcoin#The_fork_of_March_2013" rel="nofollow">http://en.wikipedia.org/wiki/Bitcoin#The_fork_of_March_2013</a><p>[4] <a href="http://bittorrent.org/beps/bep_0003.html" rel="nofollow">http://bittorrent.org/beps/bep_0003.html</a> (note the change history are all clarifications)
I've always found Satoshi's choice of email address interesting. Gmx.com didn't launch until 2008, the same year Satoshi published his Bitcoin paper.<p>GMX is a German company and the @gmx.de email address is highly popular in here, especially since Gmail was late to the party (legal action over 'gmail'). Web.de and Yahoo are the two other big players.<p>GMX uses geo-location to direct users to specific GMX TLDs. To use the .com you would need to use Tor or a VPN. Without using some kind of geo-anonymising tool, I am stuck with a GMX.de account.<p>Why choose GMX.com? Did he/she read about GMX launching in the US as he was looking for a new email account provider specifically to be used for Bitcoin correspondence? Was he/she based in Germany, knew of GMX and in using Tor or a VPN from Germany exited in the US and got a GMX.com account?<p>It doesn't mean anything in itself, but I always thought the choice of gmx.com was a curious one.
I don't believe it is a honeypot, just a fundamental limitation for a distributed protocol.<p>This is why I think in the long run a true blinded-signature form of ecash is essential. Handle distribution by having millions+ of issuers, independent, and then meta-currencies and realtime exchanges, just like real life, not a single distributed currency.<p>I also think trusted computing is an essential component to safely handling money which is fully anonymous, irrevocable, and for meaningful amounts, which is why I've been working on that kind of stuff for a while. Sadly we're still a few years off from practical currency-handling trusted computing, and probably a decade from practical general-purpose trusted computing, but once people can genuinely trust their devices to not be subverted, things will be vastly more awesome.<p>Zerocoin remains an option, but it is complex (I like simple), and difficult to implement. I didn't even think it was possible until Matt Green et al published; blinded signatures, on the other hand, are awesome, but fairly straightforward.
The main counterargument to this is that the bitcoin technology is so unusually clever and its success such an incredible fluke anyway that you'd have to assume the government to have an almost god-like intelligence and foresight to pull this off.
I'll point out why I don't find this a credible hypothesis.<p>I imagine someone highly-placed in the NSA speaking to their superiors:<p>"Yes, we have built this alternative form of money. It can be used almost-anonymously for the purchase of drugs or for online gambling, for the funding of terrorists and anything else that people want to hide from the government. It will allow users to skirt money-laundering laws and avoid payment of income and sales taxes. But because of our ubiquitous surveillance, we think we can (probably) track anyone using it... well, MOST people using it."<p>"It is a completely innovative idea -- few in the world have even had idle speculation about the idea of a currency like this and no one is currently working on building such a thing. Yes, it will probably spur development of similar crypto-currencies."<p>"So, Mr. Director, can we have permission to release this into the wild?"<p>I cannot imagine someone in charge saying, "Yes: release it."
I think this is just as unlikely as the idea that Facebook is a law enforcement honeypot to track terrorists' social graphs. Your arguments sound somewhat plausible now, but back in 2009 bitcoin was just a cypherpunk's toy and no one had any idea how big it was going to become.<p>I would argue that a conventional internet currency (like egold or liberty reserve) would make a far better honeypot (easier to track, shutdown at any time, cybercriminals were used to currencies like that)
Well, it's factually inaccurate from the very first paragraph. Bitcoin has had several end-of-the-world vulnerabilities found and corrected.<p>e.g.<p>OP_RETURN bug (let anyone spend anyone elses coin)<p>Value overflow bug (let anyone produce billions of bitcoin)<p>Block merkle tree hash practically vulnerable to second preimage attacks (allowed anyone to select and kill arbitrary blocks, and thus rewrite the consensus)<p>Plus a mountain of smaller design bugs and more conventional software crashes issues.<p>The overall design is highly idiosyncratic in many ways. Novel integer serializations, random byte endianess.
It makes more sense once you realize things like Tor were created specifically for the USG intelligence community[1]. Bitcoin could, for example, be used to trade money between drug traffickers and the CIA, whilst allowing DEA to track the funds around the world. Fun!<p>[1] <a href="http://www.networkworld.com/community/blog/no-conspiracy-theory-needed-tor-created-us-go" rel="nofollow">http://www.networkworld.com/community/blog/no-conspiracy-the...</a>
> If one individual cryptographer had written Bitcoin, it would contain far more idiosyncracies than it does, not just in the cryptosystem design but also in the C++ code itself.<p>Well, it's not that uncommon for a single person to write a very secure and minimal software that really works. Look at almost anything produced by DJB.
There is nothing you don't know <i>about</i> Bitcoin - everything is public and open source. However, you may not know who <i>uses</i> Bitcoin and how.<p>Whether Bitcoin is or is not a natsec honeypoint can not affect any of Bitcoin properties, therefore this question is meaningless.
This is a brilliant troll that makes me reassess bitcoin. Exactly what good security is. Because "it can't be, right?" I don't buy it, but we're going to have to debunk this carefully!
> Bitcoin is, by design, highly vulnerable to network analysis<p>Maybe it's time Zerocoin (by Matthew Green's students) got implemented into Bitcoin:<p><a href="http://blog.cryptographyengineering.com/2013/04/zerocoin-making-bitcoin-anonymous.html" rel="nofollow">http://blog.cryptographyengineering.com/2013/04/zerocoin-mak...</a>
> <i>"Bitcoin was apparently designed by good cryptographers and peer-reviewed before it was released"</i><p>I think this understates the effect of outliers. If you consider the incredible ability of Srinivasa Ramanujan to, quite literally, dream up ground-breaking theorems, then it becomes a lot more plausable that a single dedicated, <i>highly unusual</i> individual could produce Bitcoin.<p>The same argument applies to OpSec. 99.99% are lacking the means (technologically or, more importantly, mentally) to maintain perfect cover. But it's the 0.01% outlier we're interested in. Comparing to existing cases is, by definition, invalid.
I realise that "evidence" is a term with a broader meaning. However, for most of the points brought up, I fail to see how they support the hypothesis that Bitcoin stems from a natsec background. Things like group efforts and maintaining anonymous identities are not specific for that environment.<p>The Hezbollah reference was irritating and I would that consider a very remote analogy, if at all.<p>Point 6 holds valid for a lot of financial services that allow to transfer monetary value in a non-physical fashion.<p>Nevertheless, all points are probably either interesting knowledge about Bitcoin or valid statements about it.
The article makes some good points, but I don't think goverment involvement is the single most likely explanation for the facts we are able to observe. In my opinion, it is equally likely that Bitcoin is simply an elaborate Ponzi-type scheme.<p>Think about it. A group of people with probable backgrounds in mathematics, cryptography, software development and economy bands together and creatse a new kind of digital currency. They gain control of a large chunk of the total money supply in the beginning when it is easy to do so. Then they wait and hope for widespread adoption. Thanks to combination of the the hard limit on money supply and general mass psychology their currency hugely appreciates in value. They now have a large amount of money in their hands created from nothing but the work they put into creating BTC. All that is left is to cash out at some point. The latter is admittedly difficult to do without it being detected, but that doesn't mean that it won't happen at some point.
Well, we know that bitcoin was developed by <i>someone</i>, and that they've managed to keep their identity(s) secret. The smaller the group, the easier it is to keep secrets. It's likely that if the NSA was behind it, or knows who is, then that would have come out in the Snowden leaks.
I genuinely hope it <i>IS</i> a honeypot.<p>I am attracted to BitCoin-as-a-currency by it's near-zero-transaction-cost property.<p>I am attracted to the technology (for peer-to-peer trading), by it's potential to disrupt traditional asset classes.<p>I am rather disinterested in the privacy/secrecy aspect of the technology.<p>Indeed, I would quite like to see ALL financial transactions made public; as that would greatly assist the fight against corruption, and many many many forms of wrongdoing.
It was I, N Bourbaki, working with Francis Bacon, William Shakespeare, Grothendiek, and the sender of dreams, from our aecret Atlantis undersea fortress.