Join 3,512 readers in helping fund MetaFilter (Hide)


BitCoin with Multi-signature Transactions
June 13, 2012 5:29 AM   Subscribe

BitCoin appears to be gaining a measure of stability, at least temporarily, through anger at banks, paypal, visa, etc., the activities of currency traders, and increased activity, as well as the promise of multi-signature transactions.

There is some non-technical advocacy for multisignature transactions in Gavin Andresen's BIP 16 / 17 in layman's terms, and more technical detail in Amir "genjix" Taaki's The Truth behind BIP 16 and 17.

"I want more secure wallets. There's unanimous agreement among developers that the easiest, fastest way to get there is with multi-signature transactions—bitcoins that require approval from more than one person or device to spend." - Gavin Andresen
posted by jeffburdges (42 comments total) 8 users marked this as a favorite

 
BitCoin has suffered lots of setbacks in the past months due to non-serious platform providers and their shocking lack of security. As a digital asset that's anonymous and therefore extremly difficult to trace, BitCoin is a criminal's wet dream and Bitcoin fraud is already a problem. There are already root kits custom made to steal BitCoin wallets (which are basically .dat files on your computer).

I don't have anything against BitCoin, just wanted to give another perspective and dispute that it could be regarded as a stable system (for now).
posted by Foci for Analysis at 5:46 AM on June 13, 2012 [3 favorites]


I'll pass. I don't want everyone I do business with to know everyone else I've ever done business with.
posted by DU at 5:48 AM on June 13, 2012 [3 favorites]


As a digital asset that's anonymous and therefore extremly difficult to trace...

The real problem is exactly the opposite. If I were more suspicious, I'd be tempted to believe that "hard to trace" idea was planted by someone who wanted to to trace bitcoin transactions.
posted by DU at 5:49 AM on June 13, 2012


Hmm, I don't think privacy is the same thing as transparency. All your transaction data is totally public, yes, but the transactions aren't connected to you as a person, which makes it anonymous.
posted by Foci for Analysis at 5:54 AM on June 13, 2012


...the transactions aren't connected to you as a person, which makes it anonymous.

From my link:
As an example, if Alice sends 123.45 BTC to Bob, the network creates a public record that allows anyone to see that 123.45 has been sent from one address to another. However, unless Alice or Bob make their ownership of these addresses publicly known, it is difficult for anyone else to connect the transaction with them. However, if someone connects an address to a user at any point they could follow back a series of transactions as each participant likely knows who paid them...
posted by DU at 6:00 AM on June 13, 2012


Gavin Andresen argues in his BitCoin Faucet Hacked post that multi-signature transactions are needed precisely because many Bitcoin activities don't warrant expensive secure hosting services, but should warrant a multi-signature infrastructure, including the Faucet itself, Foci for Analysis. Isn't quite as trivial to build an application that gains real security through multiple signatures while still using insecure hosting though.
posted by jeffburdges at 6:01 AM on June 13, 2012


I'd agree with DU that BitCoins' anonymity comes from mostly from police incompetence and laziness, maybe safe bets, but still.. BitCoin is not formally an "anonymous digital currency" in the sense of the Lucre library used in Open Transactions.
posted by jeffburdges at 6:08 AM on June 13, 2012


If you're fleeing the Euro to Bitcoin, you deserve to eat catfood for the rest of your life.
posted by gertzedek at 6:42 AM on June 13, 2012 [3 favorites]


I'll pass. I don't want everyone I do business with to know everyone else I've ever done business with.

As I understand it you can create a new "wallet" for each transaction.
posted by alby at 6:57 AM on June 13, 2012


On the issue of anonymity, don't you need to use a credit card at some point to buy BTC? If you aren't mining them yourself, that is.
posted by alby at 6:59 AM on June 13, 2012


BITCoin continues to peak and trough as waves of suckers cycle through the the cycle from adoption to disillusionment. Meanwhile the scammers behind this thing just keep selling their horde out when the price peaks and mining it back up during the valleys.
posted by humanfont at 7:00 AM on June 13, 2012 [2 favorites]


As I understand it you can create a new "wallet" for each transaction.

I don't think you need to create a new wallet, just a new address. And I'm pretty sure that by default, Bitcoin generates a new one for each transaction. The only time when you'd have the same address used multiple times would be when (e.g.) you want to post it publicly somewhere, for people to send payments to.

That said, I'm not a fan of Bitcoin; I think the implementation is sloppy. Punting on wallet security (basically: "not our problem, that's a user / client side issue") is unforgivably bad design.
posted by Kadin2048 at 7:17 AM on June 13, 2012


I'm surprised at how Bitcoin has stabilized at about 5 USD even while volume has increased significantly. MtGox, the biggest exchange, is trading roughly 300,000 USD every day. That's a real market. humanfont's snarky comment is wrong, in fact BTC is not really peaking and troughing muchsince about January 2012.

The multi-signature stuff is interesting. Bitcoin has had a series of disasters with the wallet companies screwing up, some extra security in the transaction mechanism will help. Although it will only make the lack of privacy worse.

Are there any significant, legal goods or services I can buy with Bitcoin? I'm not interested in one-off gimmick transactions at the coffee shop. Nor am I interested in trades in illegal narcotics or services like a botnet. Can I buy $10,000 worth of something useful and legal with Bitcoin now? (I think the black market is interesting, but it'd be a shame if Bitcoin was relegated to being the new currency for criminals.)
posted by Nelson at 7:24 AM on June 13, 2012 [1 favorite]


The other thing that adds to the anonymity is the easy of laundry for virtual currency. Like you can send your coins through a series of new recyclers a bunch of times on either side of of any actual transactions that you make.

It helps if some of these addresses are ones that do actual business, just like with real money laundry of course. And then you need to trust those people.

I feel like this whole thing is a really nice way to need to rebuild all of the exisiting financial structures, but this time fast, and without a bunch of foresight, and all based around cash!

On preview, I had no idea so much money was getting exchanged... I second the question... what can I actually buy with bitcoin?
posted by jonbro at 7:26 AM on June 13, 2012


Punting on wallet security (basically: "not our problem, that's a user / client side issue") is unforgivably bad design.

To be fair, paper currency and coin do the exact same thing.
posted by eriko at 7:28 AM on June 13, 2012 [2 favorites]


Are there any significant, legal goods or services I can buy with Bitcon?

This. Even though I'd not shy away from illegal goods for any reason other than I don't want them, I'm still a bit behind (hehe) the curve regarding the potential uses of the currency.

It seems like, essentially, I could buy coin, perform a transaction, and be done with the whole mess all in one moment, so no risk of a plummeting value or anything, just the usual risk of buying something off the internet... right?
posted by RolandOfEld at 7:29 AM on June 13, 2012


Being the elitist bastard I am, I was flying business class to an island country the other day. I happened to notice the person in front of me browsing a document about selling "developing countries" on BitCoin. I did not realize there were people out there marketing it.

Seems to me like yet another way to exploit people.
posted by wierdo at 7:34 AM on June 13, 2012 [3 favorites]


On the issue of anonymity, don't you need to use a credit card at some point to buy BTC?

There are services of varying degrees of sketchiness that don't require a credit card or other identity-tied money source.
posted by scalefree at 7:50 AM on June 13, 2012


The impact of bitcoin on availability/pricing on certain ATI/AMD GPUs (including used hardware) has been interesting.

I've thought about setting up a mining cluster in the existing server room a family member's commercial office space, as the electrical is included in the lease.
posted by snuffleupagus at 8:10 AM on June 13, 2012


The only thing I've seen that I have an interest in buying w/Bitcoins is boardgames from nestorgames.
posted by symbioid at 8:45 AM on June 13, 2012 [1 favorite]


There are members of an old school of thought that would call the lack of bitcoin payable services an opportunity, but where can one hope to find a capitalist these days?
posted by CautionToTheWind at 11:01 AM on June 13, 2012


To be fair, paper currency and coin do the exact same thing.

Kinda, but not really. Part of the benefit of being a participant in a centrally-managed currency is usually a level of police protection from theft or fraud. Bitcoin takes great pains to avoid central authority... but that means no one's necessarily got your back if you get robbed.*

Realizing that, it's somewhat negligent of Bitcoin tool developers to advocate the platform when they provide such flimsy default security, and then just handwave about the fact that most users won't upgrade their protections beyond that level.

* This is a downfall that many Bitcoin developers don't seem to respect about anonymous decentralized currency; the margin for error and abuse is zero. If you get robbed, (1) no one can help you, (2) even if they could, who would pay them to do so?
posted by Riki tiki at 11:31 AM on June 13, 2012 [1 favorite]


where can one hope to find a capitalist these days?

Running a business that gets paid in a legitimate currency like dollars or euros or renminbi.
posted by Nelson at 11:57 AM on June 13, 2012


where can one hope to find a capitalist these days?

Running a business that gets paid in a legitimate currency like dollars or euros or renminbi.


Yeah all those people on the Silkroad just giving away drugs, amirite?
posted by CautionToTheWind at 12:28 PM on June 13, 2012 [1 favorite]


No, the capitalists on Silk Road are drug dealers getting paid in Bitcoin. As near as I can tell, anyone getting paid anything significant in Bitcoin is doing something black market or illegal. Hence my use of the phrase "legitimate currency" to exclude Bitcoin. I think Bitcoin is neat too, but it's not clear what problem it solves other than as a black market currency. Which is admittedly useful to some segment of the world, particularly on the Internet, but it's also kind of disappointing.

Speaking of Silk Road, is it still operating? Is there any credible estimate of the amount of trade on it? I tried silkroadvb5piz3r.tor2web.org and didn't get anywhere. But I'm no good at Tor.
posted by Nelson at 1:27 PM on June 13, 2012


I never visited the silk road website so I can't tell you much about status/history or new URLs. Like you, I know drugs are traded for bitcoin there.

I don't know how being used in illegal trade makes bitcoin ilegitimate. 500€ banknotes are also mostly used in the illegal trade, and you don't see them being called ilegitimate.

What does bitcoin solve? I'd say that the enforcement of the rules of bitcoin is done by math rather than law and law enforcement. If the math turns out wrong, as in bad cryptography, then it is useless and will be replaced by a better version, like other cryptographic works. But if it works, in as much as the attacks stay as difficult in the future as they are now, then the easiest way to explain it is that we will have a currency enforced by god/the universe/math.

Expecting bitcoin to provide protection against theft is ridiculous, however. If i steal your 50€ bank note and run away, does it jump out of my hand and fly back to your wallet? Well neither will bitcoins.

My position on bitcoin is one of curiosity. At first I was doubtful, but then I have seen so much bullshit astroturfed on the Internet that it is obvious this is a threat to someone who would like to limit my currency options, meaning my freedom. The enemy of my enemy might not be my friend, but he is damm useful.
posted by CautionToTheWind at 1:51 PM on June 13, 2012


At first I was doubtful, but then I have seen so much bullshit astroturfed on the Internet that it is obvious this is a threat to someone who would like to limit my currency options, meaning my freedom.

What? The only astroturfing I've seen is when bitcoins first started gaining notice and libertarians were harping on it as the glorious end to the evils of government fiat currency. What happened was someone figured out how to scam this well-intentioned but naive group prone to believe ridiculous things as long as you slap "liberty" on it.
posted by Sangermaine at 2:18 PM on June 13, 2012 [1 favorite]


Exactly. Stuff like equating bitcoin with a scam as a premise is exactly the kind of bullshit I was talking about.
posted by CautionToTheWind at 2:25 PM on June 13, 2012


There has been lots of hype and lots of scorn on the Internet around BitCoin. Nobody who actually has anything to do with fiscal policy thinks it's anything other than a weird sideshow. The idea that anti-BitCoiners are shills for currency regulators or governments or big banking is just way off. Most of the anti-BitCoin stuff I've seen came from Internet humor sites like Something Awful and Cracked.
posted by Sidhedevil at 3:01 PM on June 13, 2012


I don't know who they are shills for, and certainly not all of them are. But you can easily see it on slashdot. The posting of a bitcoin story, the immediate propagandish posts (low technical content, very strong negative opinion) and their immediate 5 positive moderations, even on technical wrong posts that would have trouble getting promoted otherwise. If, like me, you read slashdot at +5 trolls, you will see the moderation-censored comments pointing this out. Not even Bill Gates sacrificing children at a Windows-running altar gets that kind of response on slashdot.

Something Awful and Cracked are small fish for technical matters.
posted by CautionToTheWind at 3:14 PM on June 13, 2012


Here's an interesting post from a BitCoin enthusiasts' forum.

You don't have to be a tech maven to see that this whole thing is amateur hour--Bitcoinica was doing security betas while running live with people's actual accounts--which is why the comedy websites are the best places to follow this stuff for now.

If anyone who know what they're doing gets into the business of BitCoin banking or exchange, the picture might shift, but right now it's no more a currency than is Canadian Tire money.
posted by Sidhedevil at 3:32 PM on June 13, 2012 [1 favorite]


Something Awful and Cracked are small fish for technical matters.
Yeah. They do have a kind of what I guess you would call consistency of message, though.
posted by This, of course, alludes to you at 4:23 PM on June 13, 2012


Stuff like equating bitcoin with a scam as a premise is exactly the kind of bullshit I was talking about.

It is quite reasonable to conclude that bitcoin is a scam. It may not be a correct conclusion in your opinion, but it is not a fringe view. The vehemence of and emotional context of the denials that it might be a scam by the true believers is very similar to Scientologists rejecting the idea that their religion might be a cult or scam.
posted by humanfont at 5:18 PM on June 13, 2012


It's interesting that multi-signature transactions should degrade the anonymity overall, sounds like bad news for Silk Road. lol

I'd imagine the bitcoin merchants advertising in their marketplace threads mostly run legit too operations but just hate PayPal. I suppose that /r/girlsgonebitcoin or stripcoin.com, etc. might violate local laws, but basically I'd consider girls doing that "legitimate bitcoin merchants". Anyone here even know Silk Road's .onion? I thought not.

I'd therefore argue that legitimate BitCoin merchants exist, even vastly outnumbering the illegal ones. I'd expect that most vaguely serious ones simply hate paypal, while others like the low barrier to entry.

posted by jeffburdges at 5:21 PM on June 13, 2012


also I have been told that current drug laws are bad, so isn't anything that helps circumnavigate them good? I dunno, I'm prob too dumb to understand what's really up
posted by This, of course, alludes to you at 6:12 PM on June 13, 2012


Nobody who actually has anything to do with fiscal policy thinks it's anything other than a weird sideshow.

FBI report on Bitcoin

FinCen (US Dept. of Treasury) says it's "aware" of Bitcoin.
posted by snuffleupagus at 6:24 PM on June 13, 2012


The real problem is exactly the opposite. If I were more suspicious, I'd be tempted to believe that "hard to trace" idea was planted by someone who wanted to to trace bitcoin transactions.
Bitcoin isn't designed to be totally anonymous by default. But tracing a bitcoin ID is difficult. You either need to get the person with the account to tell you it belongs to them (i.e. by buying something from them) or else you need to find someone who already knows (like an exchange, such as MtGox). But, if you never use an exchange then there will be no way to ever link a bitcoin address to a person.

Another important thing to remember is that you can have as many 'accounts' (or addresses) as you want.

So you pay Bob with address A, and Mary with address B, then Marry has no way of knowing you paid Bob and vice versa. But, if you pay with the same address, then they might know.
I'm surprised at how Bitcoin has stabilized at about 5 USD even while volume has increased significantly. MtGox, the biggest exchange, is trading roughly 300,000 USD every day. That's a real market. humanfont's snarky comment is wrong, in fact BTC is not really peaking and troughing muchsince about January 2012.
Yup, the price has been completely stable for months. In fact the price has been so stable that you can't even day trade with it on MtGox, because the daily flux is lower then MtGox's commission. I haven't used the bitcoins I mined for anything at all.

The last time we had a thread a bunch of haters who didn't understand the technology were calling it a ponzi scheme that would assuredly crash or whatever - but that hasn't happened. Instead, the price has been completely stable, even though more bitcoins are being mined every day.

My guess is that it's mainly people who just don't like libertarians, they see libertarian types liking bitcoin, and so they immediately chose not to like it.
It is quite reasonable to conclude that bitcoin is a scam. It may not be a correct conclusion in your opinion, but it is not a fringe view
Lol. You could just as easily say "It is quite reasonable to conclude that Obama was born in Kenya. It might not be correct but it isn't a fringe view". Or "It is quite reasonable to conclude Saddam was behind 9/11 ..." Or bush, for that matter. Lots of people believe those things.

Since when is "I minority of people who don't even understand the situation believe X" a valid reason to think X might be true?
The vehemence of and emotional context of the denials that it might be a scam by the true believers is very similar to Scientologists rejecting the idea that their religion might be a cult or scam.
The vehemence and emotion of people who insist it's a scam is pretty bizarre too, given there is zero evidence that the currency itself is a scam. Obviously there were a lot of idiots involved in the periphery of the currency, but that has nothing to do with the underlying soundness of the system itself. No doubt, during the California gold rush there were probably tons and tons of scams and theft and everything else. But that didn't mean the gold itself was fake.

The main problem is that there is no explanation of how bitcoin could even be a scam. Typically, a scam involves hidden information. The scammer knows something and the person being scammed does not. But with bitcoin, all the information is public.

Part of it is that bitcoin wasn't ever really meant to be an 'investment', certainly not anything with any kind of guarantee. It was meant as a kind of decentralized transactional system. The "value" of the bitcoin came from the fact that, if you wanted to use the transaction system, you need coins. So, if the system has users, then the coins will have some value. If not, then they won't.

The basic argument is something like "If you buy them, then the only way you can get money is to sell them to someone else" But the same thing is true of gold, silver, any other commodity. And just like with gold, silver, steel, oil, etc there is only a 1:1 gain. You buy 1 bitcoin, then later on you sell one bitcoin. The price can go up and down, and lately it's been really stable.

So what is the scam? How do the scammers make money?
posted by delmoi at 6:29 PM on June 13, 2012 [2 favorites]


@delmoi

But Bitcoin is uncool though! Haven't you noticed how uncool it is?
posted by This, of course, alludes to you at 6:58 PM on June 13, 2012


Current proposed implementations P2SH transactions (BIP 16/17) are not a good solution with regards to multi-signature transactions. It's a serve reduction in the cryptographic security of bitcoin as a protocol.

Non-P2SH transactions (nearly all current bitcoin transactions) send money in a very particular way. Sending money is actually a misnomer, when you send someone money on bitcoin, you are broadcasting onto a global ledger that the other party has the right to a set amount of currency (this right is visible as a right to transfer ownership of to another). Functionally, owning 5 bitcoins is like owning the right to transfer 5 bitcoins to someone else.

The way P2SH works is completely different. It is saying: anyone can spend this money if the hash output equals these spending rules that I will broadcast later. The spending rules then get read and processed at a later date, in most instances those spending rules broadcasted in the future are nearly identical to the Non-P2SH transactions and checked in the same way (i.e. whether that transaction has the correct signature).

The reason this sucks is it's solving the problem the wrong way and is opening the protocol up to very specific classes of attacks. I used to be suspicious of the way bitcoin addresses were formatted -- I was wrong. Bitcoin is fucking brilliant in terms of its security. The way bitcoin works is that every time you send payment, any remainders get sent back in a new address. The reason this is done is to protect against cryptographic attacks. Bitcoin uses TWO classes of cryptography, in THREE different algorithms when securing addresses. Bitcoin uses ECDSA for keysigning and both SHA256 and RIPEMD160 for hashing. A bitcoin address is described as RIPEMD160(SHA256(ECDSA-PUBKEY)). Why is this important? We've known that MD5 chosen prefix attacks are a problem for a while. We now know as of this month from Flame that it is actively being exploited by governments. RIPEMD and SHA2 are the same classes of algorithms and it's not unreasonable to suspect that they may also be vulnerable to collisions and chosen prefix attacks can be conducted as well.

Why is this attack only viable for P2SH? Because if you conduct a chosen prefix collision for P2SH, you can steal and destroy bitcoins. Just do a chosen prefix attack to send the coin to your address and, and boom, you've now stolen coins. If you're willing to destroy the coins by sending it to a non-existent address, it might be possible to do it with plausible deniability as well. Of course, this is a non-trivial attack, but if Flame can happen, this isn't too unlikely to the point where one can dismiss this as impossible.

The current most common method of sending bitcoins protects against this. Why? If you do a hash collision, it won't work, because you only have a collision of the ECDSA public key. You don't have the private key. It requires breaking all 3 cryptographic algorithms. P2SH only requires breaking two (in the same class of algorithms, cryptographic hashing). This the obvious reason why bitcoin encourages you to only use the address once. Once you broadcast your public key by spending it, you no longer have this security benefit -- if ECDSA is broken your bitcoins can be stolen. If you have never spent bitcoins on an address, it requires breaking all three. This is a VERY important security feature and is clearly the reason why a bitcoin address is defined as a RIPMD hash of an SHA256 has of a ECDSA public key. I've made a mistake in understanding the genius of bitcoin in this past, I used to assume that using RIPEMD weakened the security, but no, the way current bitcoin addresses work is very strong.

The correct way to implement it is a hashed concatenation of addresses. Payouts should be described in such a way like "Signer must have 1 of 2 signatures from the 160-bit-hash of TWO addresses ..." or "MULTISIG 1 of 2 RIPEMD(SHA256(ECDSA_ADDRESS1 + ECDSA_ADDRESS2 concatenated))". This is a protocol-breaking move, but the bitcoin maintainers have been perfectly willing to make protocol breaking moves in the past. I don't understand why this isn't done as well. I do agree that long addresses are not reasonable long-term, but it's another possible stop-gap. They can use P2SH for the next couple years then migrate after a set date in the future if they believe this to be an immediate crisis, but they refuse to. Multisig is very important, but it's just as important to get it right in the long-run.
posted by amuseDetachment at 11:17 PM on June 13, 2012 [3 favorites]


You don't have to be a tech maven to see that this whole thing is amateur hour--Bitcoinica was doing security betas while running live with people's actual accounts--which is why the comedy websites are the best places to follow this stuff for now.

Apparently you have to be a tech maven to know that there is a difference between bitcoin and some websites that trade bitcoin. These websites that have been hacked, or accidentally deleted (!!!) are indeed amateur hour, I agree with you 100% there. Everyone can have security incidents or technical failures, but the kind of incidents and failures that have happened to some bitcoin websites are unthinkable.

But that has nothing to do with the bitcoin protocol. You don't need the exchanges. They were supposed to be a convinience, that's all.

I audited an international bank's security systems last year. The whole transaction history of the institution was obtained in the penetration test. Every single transfer, payment, etc, with full names and even the optional description you can write on a transaction, which are often more informative than the rest of the data. Does that make the national currencies that bank traded in less reliable?
posted by CautionToTheWind at 1:59 AM on June 14, 2012


I have been dabbling with bitcoin the last few months, it has been interesting.

I have had zero issues with the basic client (except having to re-download the blockchain after the 0.62 upgrade), but there are lot of half arsed, me-too or broken bitcoin related websites out there.

It's still a bit tech oriented for general takeup, but I hope some of the ideas in it, at least, get adopted in some more widespread internet trade system that will replace messes like paypal, etc.

I was able to donate to wikileaks and buy some internet hosting with my bitcoins, stuff like that it is eminently suited for.

This is the kind of stuff bitcoin could avoid, maybe?
http://www.ritholtz.com/blog/2012/06/ml-implode-gets-wikileaks-treatment-as-wells-fargo-freezes-closes-business-account/
posted by zog at 3:41 AM on June 14, 2012 [1 favorite]


delmoi, et al, how is the guy marketing BitCoin to banks and casas de cambio supposed to make his money? IME, people marketing alternative means of exchange are almost always exploiting hidden information. I simply don't know enough about the supposed business model to say.
posted by wierdo at 7:02 AM on June 22, 2012


« Older Cats: fluffy balls of love or evil manipulative ba...  |  Here's a list of new top-level... Newer »


This thread has been archived and is closed to new comments