On a related note, ever heard of the bubble theory of money? The theory goes, that good money is essentially a bubble that can't be popped easily. People compare Bitcoin to the tulip mania, but that is a wrong analogy, given that tulips can be cultivated by anyone to any degree -- whereas Bitcoins are capped by design.
Tulip mania involved surprisingly few tulips! The primary instrument being traded was what we would now call a tulip futures contract. It seems like a silly thing, but we currently favor units of sovereign debt (or, if you prefer, units of the future ability of the government to tax its citizens).
People say that too, but the amount of crap alt-coins demonstrate just how far ahead of the curve Bitcoin is, and by the network effect it is the one that really matters.
Litecoin is good for getting in and out of Bitcoin w/o staying in cash, when you suspect sudden movements in Bitcoin.
Remember Ripple? Mindshare keeps falling on that one.
Nothing stops anyone from making their own personal variant of Bitcoin, however. Or 10 of those variants. Or a million. In other words, the limit applies only within a single system, and there is no limit on the number of such systems.
"convincing enough people that the variant coins are worth something is hard. Very hard."
Somehow, people managed to be convinced that Bitcoin was worth something back in 2009. What makes the current situation different? Whatever convinced people that Bitcoin had any value in the first place might convince people that some new alternative you started this morning has some value.
Obviously an altcoin would have to be as much better than Bitcoin (in the ways people care about) as Bitcoin was better than the preceding stuff. A system that is decentralized and doesn't require mining could have this property.
"does this process not bootstrap the bitcoins into having some initial value?"
No, because nowhere in that explanation is there any mention of demand for the mined bitcoins. If nobody were willing to accept a Bitcoin payment, the cost of Bitcoin mining would be irrelevant because the value of Bitcoin would be zero.
1. Bitcoin has good utility value as a currency. You can transfer it to anywhere on the planet, it's decentralized and has a monetary base cap. Tulips are de-cetnralized at best, but are otherwise quite a bad currency.
2. The tulip mania lasted only one season. It went up, peaked and then crashed. Bitcoin is closing it's fifth season and it had several major dips of which it came out stronger than it was before. Absolutely no similarity here.
3. This is getting old. Come up with something new please, will ya?
Rock solid? A system that requires vast and increasing amounts of the world's energy to be devoted to it just to achieve a vague notion of security? A system that can be attacked in polynomial time (but let's just say that is not a problem; after all, we never defined security in a way to preclude such things!)? That is your definition of "rock solid?"
>requires vast and increasing amounts of the world's energy
"Vast" is hyperbole, IMHO. It might in fact on net conserve energy, by, e.g., reducing the need to haul cash around in armored vehicles and the need for things like bank buildings. It takes a lot of energy to build and operate buildings.
For Bitcoin to be secure, you always need more energy to be devoted to honest mining than is devoted to an attack -- and that ignores the energy spent securing Bitcoin wallets (which is fine to ignore, as it is tiny by comparison). In the limit, half the energy output of the entire planet would have to be devoted to Bitcoin for it to remain secure, though I doubt that any economy could sustain such a situation.
By comparison maintaining security for paper money requires substantially less energy than attacking paper money, even if you include the energy devoted to fighting theft (the analog of the energy devoted to securing individual Bitcoin wallets). The energy spent on counterfeiting detection is far lower than the energy needed to counterfeit modern paper money, and Chaum showed the world how to create digital cash that is even more secure against counterfeiting, with security against double spending, and that allows for anonymous transactions, while still requiring far less energy to be spent on security than would be needed to attack the system.
So no, there is no hyperbole here. Bitcoin is a very inefficient system. It might work in practice, but that does not make it efficient, nor does it even make it an improvement over what we have now. The only think Bitcoin has going for it is that there is no obvious central authority (I say no obvious central authority because in practice, the Bitcoin developers have as much power over the currency as a central bank -- they can e.g. cause a block chain fork at any time, as they accidentally did a few months ago).
In the classical economy spirit one could expect that the mining power supply and demand will be optimized by the invisible hand of the market. It seems to me too that there might be less costs and negative externalities implicitly bound to bitcoin operation as compared to paper money.
You keep dismissing the incentives that Bitcoin gives, which should also be considering part of its security. The only rational attacker that could have an interest and resources to stop Bitcoin is a nation-state. But even then, another nation-state could jump in and protect it. We can't know what will happen until it happens. The field that you want to use to model everything is too narrow for Bitcoin.
"You keep dismissing the incentives that Bitcoin gives, which should also be considering part of its security"
We do not speak of "incentives" in other contexts. When we talk about encryption, we do not spend our time pondering the "incentives" for not attacking our cryptosystems -- we create encryption systems that cannot be feasibly attacked regardless of what motivates the attacker. When we talk about secure multiparty computation, we do not talk about what might motivate the attacker, we only talk about how to prevent attacks.
There are historical counterexamples to the idea that we can analyze a cryptosystem's security in terms of the attacker's "incentives." A famous and well-known example is the German Enigma cipher from WWII. After the war, German cryptographers were captured and interrogated (the TICOM operation), and one of the things they revealed was that they knew that Enigma could be attacked, but did not believe that it would be worth the effort. Even the assumption that the attacker will act rationally is bad -- we should be secure against irrational attackers too.
"We can't know what will happen until it happens"
We can, however, design systems that maintain their security properties regardless of what happens (at least under standard cryptographic hardness assumptions, though sometimes we can even get information theoretic security). ElGamal encryption is secure against any polynomial-time chosen-plaintext attack -- provably so. The GMR signature system is secure against any polynomial-time adaptive chosen-message attack. For a very strange construction that illustrates how we can defend against attack strategies we cannot even imagine, consider this work on non-malleable commitments (the construction is on page 13; it is very strange, but the strangeness is key to the security proof, or in other words there are possible attack methods that nobody is aware of that the construction prevents):
"The field that you want to use to model everything is too narrow for Bitcoin."
Yes, things are very easy when you have no clearly-specified goals, requirements, or constraints. How can there be any technical criticism of Bitcoin if this sort of response is considered valid? Anything anyone says is wrong with Bitcoin could always be dismissed as being "too narrow."
> we should be secure against irrational attackers too
Right, of course it would be better to have something indestructible. But so far it's "good enough" (passes the reviews of its individual components, has resisted for years as a system, but wouldn't resist an irrational attacker). And I much rather have this than the previous system, which is insecure by design (ie: your funds can and are systematically stolen through inflation and other means). Maybe you live in a very good country, where you don't have to worry about such issues (or you live in a regular country but are just not conscious about it?). But most of the world (including myself) doesn't, so Bitcoin is welcome as is.
Perhaps so, but what I was originally replying to was a claim that Bitcoin was rock solid. There is an enormous difference between "good enough" and "rock solid."
"I much rather have this than the previous system, which is insecure by design (ie: your funds can and are systematically stolen through inflation and other means)."
Perhaps so, but as I have noted elsewhere, Bitcoin is not a fiat currency killer. Most businesses that claim to accept Bitcoin payments are actually accepting fiat currency payments. Most adults still need to pay their taxes. There are strong incentives to issue loans in the currency that the courts deal in i.e. fiat currency.
Basically, think of it this way: if Bitcoin exchanges were to disappear right now, what would happen to Bitcoin? What reason is there to think that Bitcoin will ever reach a point where it is not utterly dependent on the existence of exchanges? When even people who want to adopt Bitcoin are only doing so with the help of services that automatically exchange Bitcoin payments for fiat currency, why should we believe that we can ever live in a world where Bitcoin stands on its own two feet?
Finally, let's assume that there is an economic theory that supports a system like Bitcoin i.e. a currency that has no central authority and no intrinsic value. That theory should motivate a security definition. As a point of reference, consider Chartalism (a key part of modern monetary theory), which basically explains why fiat currency works (in a nutshell: the government issues the money and requires you to return some amount later on via taxes), and a key security definition used in the academic work on digital cash (in a nutshell: you have security if it is infeasible to deposit more money with the bank than was withdrawn [this can be stated more formally]). Note the very clear connection: the central authority issues the currency and decides its validity when it is "deposited."
So, to bring things full circle, I give you this challenge: present an economic theory to explain systems like Bitcoin, and use that theory to motivate a security definition that Bitcoin can be tested against (or better yet, proved to meet).
> Basically, think of it this way: if Bitcoin exchanges were to disappear right now, what would happen to Bitcoin?
If Bitcoin doesn't replace all currencies (I don't expect it to do that anyway), it can be used as digital gold (in fact I think you can expect higher price increases from this use case, than from every day transactions). Currently I would love to be able to save in gold, but I can't for many reasons. My government banned it, so I can no longer buy it in a trusted bank (if such thing exists). I can't buy it from other individuals like me, because it's difficult to divide, so you can never get the amount you wanted. You can't import it from other countries because you can't hide it from customs. You can't buy it in the black market either, because they will sell you golden bars filled with tungsten. And all this is for buying. When you want to sell it you will have similar problems. Bitcoin fixes all this, and you don't really need exchanges for this. In fact I never used one (international wires are banned).
Let me think about the security definition. I don't promise you anything, but I'll give it a try when my mind is clear.
> A system that requires vast and increasing amounts of the world's energy to be devoted to it just to achieve a vague notion of security?
Consider the current system of government fiat and credit: the US dollar requires vast armies and navies, the vast and expanding Federal Reserve apparatus with its system of member/franchised banks, employees of the IRS, the US Treasury, the Secret Service (I'm redundant, I know). Millions of people are dedicated to propping up the "full faith and credit".
I'd be surprised if the energy required to keep billions of ASICs humming is more than the energy required to keep millions of people humming.
Further, the fractional reserve system is far from rock solid. It appears to be solid, until a tipping point of confidence is reached, at which point it falls like a house of cards. It's the definition of a con game.
"Consider the current system of government fiat and credit: the US dollar requires vast armies and navies, the vast and expanding Federal Reserve apparatus with its system of member/franchised banks, employees of the IRS, the US Treasury, the Secret Service (I'm redundant, I know). Millions of people are dedicated to propping up the "full faith and credit"."
Let's set aside the issue of whether or not the military is needed for the dollar to remain valuable and speak strictly about security here. You have mentioned no less than three security goals:
1. Preventing counterfeiting
2. Enforcing tax payments
3. Preventing theft
Now, let's see what happens with Bitcoin:
1. Counterfeiting is replaced with double spending, and you need at least as much energy to be devoted to fighting this as would be needed for an attack.
2. Bitcoin does nothing to reduce the energy needed to enforce tax payments, it just shifts the goalposts slightly.
3. Wallet theft is a real problem, and Bitcoin itself does nothing to combat it; you still need to devote energy to securing your wallet, no different than depositing money in a bank.
In other words, two of the three security goals that you mentioned are not addressed in any meaningful way by Bitcoin, and the one that is addressed still winds up requiring far more energy than is needed for fiat currency. Even if paper money turns out to be too inefficient, Chaum's research in the 80s and 90s showed the world how to create digital cash that simultaneously allows for anonymous payments, prevents double spending, and requires substantially less work to secure than it does to attack (exponentially so, in fact). The difference, of course, is that Chaum's designs all called for a central bank in the system, which you already need with fiat currency.
"I'd be surprised if the energy required to keep billions of ASICs humming is more than the energy required to keep millions of people humming."
The problem is that the number of ASICs that need to be powered on will increase as the attempts to attack Bitcoin increase, until eventually half the energy output of the planet is being devoted to ASICs. That is not the situation with fiat currency, as noted above.
"Further, the fractional reserve system is far from rock solid. It appears to be solid, until a tipping point of confidence is reached, at which point it falls like a house of cards. It's the definition of a con game."
Except that the "confidence" is not in the banking system, but in the legal system that supports it. Fiat currency's value stems from tax laws, debt laws, torts, and so forth, and when people talk about "confidence in the government" what they really mean is "confidence in the government's ability to enforce the law." If you truly lack such confidence, try this: stop paying your taxes. As long as people believe that failure to pay their taxes will result in losing their property and freedom, people will continue to demand payment with fiat currency -- the only currency they can use to pay their taxes. Likewise with people who have to repay loans (you would be insane to issue a loan in a currency that courts do not deal in), people who have been ordered by courts to make certain payments (again, this will be in whatever currency the courts deal in), people who must pay parking tickets, etc., etc., etc.
The vast majority of businesses that "accept Bitcoin" are actually accepting fiat currency payments, via a service that exchanges Bitcoin for fiat currency, and only because that allows them to accept electronic payments with lower transaction fees compared to the alternatives. That is how pervasive the "house of cards" is.
In other words, there is no particular technical or legal feature of Bitcoin to differentiate it from another system. Bitcoin just happens to be the most popular and receive the most press.
If you cannot identify a particular, distinguishing feature of Bitcoin that accounts for its popularity, why should we believe that this is not a bubble?
I could make teddit.com, a reddit clone by copy & pasting their entire git repository at https://github.com/reddit/reddit. But I doubt anyone would use it, because of network effects. The same thing applies to bitcoin.
Your point is undermined by the fact that reddit hasn't lived up to its hype (and I believe its estimated valuation has gone down lately). Myspace was supposed to be worth hundreds of millions of dollars a few years ago. A large current userbase does not a stable value make.
That's like saying "what differentiates Facebook from other social networks? It just happens to be the most popular. What is stopping someone from creating a better social network, resulting in a migration away from Facebook?"
Can you identify a particular, distinguishing feature of Facebook that accounts for its popularity? You can, but many modern day competitors have most of the same features, plus additional ones. Everything that they do is pretty easy to replicate.
Both Bitcoin and Facebook may be outcompeted some day in the future, but that doesn't make them bubbles.
1) People with investment in hashing power tend to hash on bitcoin
2) If another coin were to come along (as they do, ask me about Terracoin) the speculators would find it.
3) The coin would be vulnerable to attack from those speculators who control even a tiny fraction of the hashes of Bitcoin.
I'm not just talking about double-spend, I mean someone (or several someones) with a large amount of hash power (say, each individually much smaller than 51% of total) coming along to service the network for a short while, driving up the difficulty, and getting away with a lot of coins while actually processing transactions for a comparatively short amount of time.
TRC, as a network with usually several terrahashes[2] hashing constantly, had to implement some controls[4] to prevent this kind of attack.
When the coin is more profitable to hash, the speculators find out, they bring their hashes, and it drives the difficulty up.
When the difficulty goes up, a slog ensues (the per-hash temporary advantage of mining Terracoin dries up) as the speculators take their hashes elsewhere and the remaining sloggers have only to hope that they can provide enough TRC at low cost[3] such that there is never an advantage to speculators, and thus the network can experience organic growth bringing in more permanent hashes from those who support its development.
The controls only limit the mobility of the difficulty (it can't shift up by 4x or down to 0.25x of the last retarget)
So when the slog is particularly bad (high difficulty), or when the hashing hordes are particularly voracious (low difficulty compared to coin price)... instead, it can increase to 1.25x or decrease to 0.75x -- you have to watch the network pretty close to see when people are getting over on profitability, but when they do you can still feel it for days.
The effect of not being the largest network seems to be that your difficulty goes up and down, not always just up up up. It's hard to find long-term difficulty reporting.[1]
Of course when bitcoin spenders are willing to wait up to 10 minutes for blocks, and Terracoin targets 2 minute blocks, even "network's running slow" seems pretty fast in relative terms, as long as it's not uncontrolled adjustment.
They must be doing something right, they're still/currently the most profitable Alt-SHA256 coin, even if the share prices have taken a serious dump.[5]
PPC has better features than BTC, but people haven't heard of it yet[1]. That said, BTC may win by being "good enough" and having a strong network effect.
