On stolen coins and transaction blacklists

This blog post was originally email, written in response to a reporter's questions, such as:  Why can we not recover or blacklist stolen coins?

As usual, the answer is not "we can" or "we cannot" but very complex, and outside the realm of engineers in my opinion.  Theft of private property, and money in particular, is of course wrong and illegal in most jurisdictions.

First, bitcoin is a global phenomenon.  It is impossible to get 100% agreement on what coins are even considered stolen.

Second, Stolen coins are fundamentally a legal, not technical concept.  That complicates the matter immensely.  Anyone may track any bitcoin transaction via the public blockchain, but the easy part ends there.

Some exchanges and payment processors already refuse to credit payments made with coins from some well known, large thefts.   This is done on an individual, business-by-business basis.

One key difficulty is defining a stolen coin.  It is possible to claim that one's coins were stolen, yet possess the private key that spends those funds.  Even if the victim is indeed an honest victim, the problem becomes one of reviewing and authenticating police reports from jurisdictions around the world, matching those up to bitcoin transactions, deciding on a technical disposition, executing that in software, and finally, gain the community's support to upgrade to your transaction blacklist.

It is not the place of engineers to sort through police reports, and pronounce judgements on each transaction as "good" or "evil".  The act of centrally administering a transaction blacklist is a job no one in the bitcoin community wants.  A transaction blacklist is fundamentally human-driven financial censorship, a concept almost antithetical to bitcoin itself.

Any one person or company administering a transaction blacklist exposes themselves to very real legal risks -- lawsuit if a blacklist mistake costs money -- as well as physical threats such as intimidation and blackmail.

At its most basic level, the bitcoin protocol destroys each coin, when it is spent, and creates brand new coins for the recipient.  Example: sending 1.0 BTC to me might involve destroying coin #1111 (0.5 BTC) and coin #1112 (0.5 BTC), and creating coin #6789 (1.0 BTC).  Thus, beyond a single transaction, you cannot say that a coin is 100% stolen.

From a technical standpoint, you can see that a coin is "related" to a stolen coin, but you cannot know how many innocent people lay in the chain after the theft.  Thief Alice can give a coin to Bob, who doesn't know the coin is stolen.  Bob sends the coin, along with some others, to Charlie.  Charlie sends those coins, along with some others, to David.  Bob, Charlie, and David are all unknowingly holding coins /related/ to a stolen coin, but from a technical standpoint, it is at that point impossible to say which coins should be blacklisted without making subjective, non-technical, human judgements. Businesses and exchanges receiving bitcoins are in the best position to know their customer, and make some sort of judgement about that.



The outside observer looking for stolen coins does not see an Alice, Bob, Charlie or David or any other identity information.  Observers only see coins #1110, #1111 and #1112 being destroyed, and coins #2222 and #3333 being created.

On recovery:

Stolen coins are, by definition, sent to another bitcoin address outside the victim's control.  There are no private keys to recover. The victim's private keys are rendered useless, because the thief's private key controls the stolen coins.

If a person simply loses their private keys, sometimes hard drive forensics may be able to recover the keys from a backup.  Depends on what "lost" means.  Keys are simply encrypted data, which may be recovered (or not) after a data disaster just like any other encrypted data.

Finally, and very important to economists, is http://en.wikipedia.org/wiki/Fungibility   It is important that the value of one bitcoin is the same as the value of another bitcoin. Otherwise it becomes impossible for software and average users to figure out which bitcoins they should hold, and which they should avoid.

Journalists Are The New Terrorists

The detention of David Miranda is only the latest example of a new trend, where journalism is now terrorism, and journalists are pursued as such.

Digital technology and near-real-time global communication has reinforced the maxim Information Wants To Be Free.  For the cost of an Internet connection or cafe visit or $10 flash drive, one may leak an entire Library of Congress worth of digital material onto filesharing networks.  Technology makes sharing so easy that keeping secrets becomes increasingly difficult -- for individuals, companies and governments alike.

These mass-leaks are a brand new type of attack on the nation-state.  Robbs' Brave New War describes asymmetric attacks such as these.  Never before has a nation-state faced the possibility of losing so many secrets to so many adversaries in a single incident.  The famous Pentagon Papers leak is nothing compared to the scale of leaks that current digital technology enables.

What, then, are a nation-state's responses likely to be?

Realpolitik says that "terrorism" opens legal doors that are otherwise closed to law enforcement, making its invocation economically rational and, therefore, likely.  Additional law enforcement tools including but not limited to extended detentions and searches are available, once "terrorism" has been invoked.

Further, given that exposure of state secrets to the world may be seen by rational folks as an attack, a government response that engages the anti-terrorism apparatus is not unexpected.

Traditionally, the leaker is considered the criminal, but the journalist receiving the leaked materials is in the clear, as if passed through a Chinese wall.  Some nations even have shield laws. That tradition is breaking down, as journalists are now as pursued as the leakers, with associated anti-terrorism forces.

Leaks are always an incredibly difficult ethical boundary.  Put simply, leaking has a very real chance of harming Good Guys, and enabling Bad Guys.

Paradoxically, leaks also appear to be necessary to prevent Top Secret America from driving too much policy outside the view of the voting public.

With the logic that leaks are attacks on the state, and therefore terrorism, any journalists associated with leaks are now terrorists.  And who is to say that, next year, Chinese cyberwarfare or US cyberwarfare units will not consider journalists enemy combatants?

If publishing information is terrorism, is it not also warfare?

Update: The UK is defending the seizure by claiming Miranda was “in possession of highly sensitive stolen information that would help terrorism.”

Original SIN

Recorded for posterity.


jgarzik@pum:~/node_modules/libcoin$ node sin-test.js 
{ created: 1376709207,
  priv: 'bc65f94b4142be3c6c0b02b33dab3775a829fc1f60e484e7d4ea64e2f421cdc4',
  pub: '029381bcb36358e58842431981a01742d494970a245c8f5c77874bbbde8fb25a9b',
  sin: 'je9eFspuTC29yhUqGqzEYwWmVTJRS9nWEkA' }

EDIT: or, perhaps, after some shed-painting,


 { created: 1376715876,
   priv: 'db25473a599ad99db89616da536be066ea58825a6cd9b17e90b70b824e0daea6',
   pub: '0346891919f18000be1c9aae381b93870f7dcf807c4f581e2b64dcd547342f70b8',
   sin: 'Tf86BqNWrnyn117U7N7Vc1sAUfKc2esd4z3' },

Bitcoin, free markets, and wanting your ASIC mining hardware now now now

The reddit comments discussing the Avalon status update are particularly amusing, embodying signature American impatience:  "I want something, I want it now, and I will rage at the injustice of instant gratification being delayed."

When it comes to Bitcoin mining, the whole idea of buying something without having any real clue when you'll get it is absurd. It should be like any other computer. Buy it, get it shipped to you within a week. No more bullshit.

Producing a new computer chip requires engineers with highly specialized design skills, and enormous amounts of capital.  $500,000 - $2,000,000 or more.  Any mistakes in the chips cost similarly large sums of money to fix.  Even with a 100% complete design, production may take months.  This is simply not a just-in-time operation.  Further, unexpected month-long delays are common.  Any mistake or change adds weeks to the schedule.

Thus, economics dictates certain realities.  Namely, paying your engineers and paying for chip production.  Possible funding sources:

1. Angel investors (rich people write big checks)
2. IPO (ASICMINER)
3. Pre-orders (BFL, Avalon)
4. KickStarter (company can fail to produce, and nobody gets sued)
5. Bounty

Let's take them one at a time.

1. In 2011-2012, no one stepped forward to write big checks.
2. ASICMINER IPO'd successfully, on an unregistered-securities exchange.  Risky, but it worked.
3. Pre-orders, we will discuss separately, below.
4. KickStarter-like models do not appear to work well for >$1 million projects (statistical anomalies aside).  KickStarter itself is anti-bitcoin.
5. Bounties never amount to anything more than pocket change, for real projects.

Essentially, there were two workable models that the free market has shown will work in 2011-2012:  IPO on unregistered securities market, or pre-orders.

An unregistered securities market clearly appeals to free market libertarians, as the creation of GLBSE and other projects in the bitcoin community demonstrate.  It is also a magnet for scams, as experience has shown (Pirate-related pass-through funds were listed on GLBSE).  Thus, IPO is a risky endeavor, and in 2011-2012 was unlikely to be successful in producing mining chips.

ASICMINER, through the regular exercise of [some levels of] transparency, prevailed in a difficult market.  They raised capital, started operations, and have so far maintained sufficient levels of profitability to continue operations.  ASICMINER survived the collapse of GLBSE, and continues to pay dividends to shareholders, despite the operator "friedcat" remaining anonymous.

Pre-orders are the remaining funding model.  This is another model that is fraught with scams.  Indeed, there have been many copycats who set up a website, promise ASIC hardware, and attempt to collect money.  How to separate these scams from the real operators?  That question is the fundamental problem with pre-orders.

Unfortunately, pre-orders are also the most straightforward way to fund an ASIC project, if you lack IPO or Angel money.

For bitcoin, circa 2011-2012, pre-orders were the most realistic way that a computer chip was going to be produced.  At the time, fewer knew about bitcoin, and it was unknown if bitcoin's price -- then under $5.00/bitcoin -- would support mining hardware.  It was not obvious there would be a profit. 

Butterfly Labs and Avalon took that risk, and succeeded.  Avalon was out the door first, while Butterfly Labs took over 12 months to begin shipping hardware in volume.  Another effort, bASIC, failed, through the operator eventually refunded almost all the pre-order sales money.

Today, mid-2013, bitcoin hardware has been proven to sell.  BFL, Avalon and ASICMINER proved that hardware can be produced, that customer interest exists on the free market.  Several other startups are entering the mining hardware business:  CoinTerra, HashFast, Alydian, KNCminer to name a few.  Existing players are shipping hardware, and working on next-generation designs.

We all want instant gratification.  And customers who pre-order mining hardware have a clear economic incentive to want the mining hardware in their hands ASAP -- every day lost costs money.

But that must be balanced by setting realistic expectations on the mining hardware businesses.  These are all tiny startups, with no existing chip production lines, creating brand new computer chips for an uncertain, volatile bitcoin market whose profitability in future months is unknown.

"buy it, get it shipped within a week" is a realistic expectation for a decades-old computer market that mass-produces PCs.  As the bitcoin mining hardware market matures, we will start to see this too.  Many of the new mining hardware companies are learning from the BFL/Avalon experience, and competing with enhanced pricing and customer service models.

The free market at work.  The bitcoin mining hardware market is what it is, and could not have been accomplished any other way.

Disclosures:  Am a customer of almost all companies mentioned (I try to buy one of each).  Missed out on the ASICMINER IPO, though, as GLBSE was not a platform I wanted to dabble with, for legal reasons.