Cryptography Mailing List

Bitcoin v0.1 released

From: Satoshi Nakamoto#014994

Bitcoin v0.1 released

Announcing the first release of Bitcoin, a new electronic cash
system that uses a peer-to-peer network to prevent double-spending.
It's completely decentralized with no server or central authority.

See bitcoin.org for screenshots.

Download link:
http://downloads.sourceforge.net/bitcoin/bitcoin-0.1.0.rar

Windows only for now. Open source C++ code is included.

- Unpack the files into a directory
- Run BITCOIN.EXE
- It automatically connects to other nodes

If you can keep a node running that accepts incoming connections,
you'll really be helping the network a lot. Port 8333 on your
firewall needs to be open to receive incoming connections.

The software is still alpha and experimental. There's no guarantee
the system's state won't have to be restarted at some point if it
becomes necessary, although I've done everything I can to build in
extensibility and versioning.

You can get coins by getting someone to send you some, or turn on
Options->Generate Coins to run a node and generate blocks. I made
the proof-of-work difficulty ridiculously easy to start with, so
for a little while in the beginning a typical PC will be able to
generate coins in just a few hours. It'll get a lot harder when
competition makes the automatic adjustment drive up the difficulty.
Generated coins must wait 120 blocks to mature before they can be
spent.

There are two ways to send money. If the recipient is online, you
can enter their IP address and it will connect, get a new public
key and send the transaction with comments. If the recipient is
not online, it is possible to send to their Bitcoin address, which
is a hash of their public key that they give you. They'll receive
the transaction the next time they connect and get the block it's
in. This method has the disadvantage that no comment information
is sent, and a bit of privacy may be lost if the address is used
multiple times, but it is a useful alternative if both users can't
be online at the same time or the recipient can't receive incoming
connections.

Total circulation will be 21,000,000 coins. It'll be distributed
to network nodes when they make blocks, with the amount cut in half
every 4 years.

first 4 years: 10,500,000 coins
next 4 years: 5,250,000 coins
next 4 years: 2,625,000 coins
next 4 years: 1,312,500 coins
etc...

When that runs out, the system can support transaction fees if
needed. It's based on open market competition, and there will
probably always be nodes willing to process transactions for free.

Satoshi Nakamoto


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

From: Hal Finney#015004

Bitcoin v0.1 released

Replying to:>>014994
Satoshi Nakamoto writes:
> Announcing the first release of Bitcoin, a new electronic cash
> system that uses a peer-to-peer network to prevent double-spending.
> It's completely decentralized with no server or central authority.
>
> See bitcoin.org for screenshots.
>
> Download link:
> http://downloads.sourceforge.net/bitcoin/bitcoin-0.1.0.rar

Congratulations to Satoshi on this first alpha release. I am looking
forward to trying it out.

> Total circulation will be 21,000,000 coins. It'll be distributed
> to network nodes when they make blocks, with the amount cut in half
> every 4 years.
>
> first 4 years: 10,500,000 coins
> next 4 years: 5,250,000 coins
> next 4 years: 2,625,000 coins
> next 4 years: 1,312,500 coins
> etc...

It's interesting that the system can be configured to only allow a
certain maximum number of coins ever to be generated. I guess the
idea is that the amount of work needed to generate a new coin will
become more difficult as time goes on.

One immediate problem with any new currency is how to value it. Even
ignoring the practical problem that virtually no one will accept it
at first, there is still a difficulty in coming up with a reasonable
argument in favor of a particular non-zero value for the coins.

As an amusing thought experiment, imagine that Bitcoin is successful and
becomes the dominant payment system in use throughout the world. Then the
total value of the currency should be equal to the total value of all
the wealth in the world. Current estimates of total worldwide household
wealth that I have found range from $100 trillion to $300 trillion. With
20 million coins, that gives each coin a value of about $10 million.

So the possibility of generating coins today with a few cents of compute
time may be quite a good bet, with a payoff of something like 100 million
to 1! Even if the odds of Bitcoin succeeding to this degree are slim,
are they really 100 million to one against? Something to think about...

Hal

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

From: Satoshi Nakamoto#015014

Bitcoin v0.1 released

Replying to:>>014994
> Dustin D. Trammell wrote:
> > Satoshi Nakamoto wrote:
> > You know, I think there were a lot more people interested in the 90's,
> > but after more than a decade of failed Trusted Third Party based systems
> > (Digicash, etc), they see it as a lost cause. I hope they can make the
> > distinction that this is the first time I know of that we're trying a
> > non-trust-based system.
>
> Yea, that was the primary feature that caught my eye. The real trick
> will be to get people to actually value the BitCoins so that they become
> currency.

I would be surprised if 10 years from now we're not using
electronic currency in some way, now that we know a way to do it
that won't inevitably get dumbed down when the trusted third party
gets cold feet.

It could get started in a narrow niche like reward points,
donation tokens, currency for a game or micropayments for adult
sites. Initially it can be used in proof-of-work applications
for services that could almost be free but not quite.

It can already be used for pay-to-send e-mail. The send dialog is
resizeable and you can enter as long of a message as you like.
It's sent directly when it connects. The recipient doubleclicks
on the transaction to see the full message. If someone famous is
getting more e-mail than they can read, but would still like to
have a way for fans to contact them, they could set up Bitcoin and
give out the IP address on their website. "Send X bitcoins to my
priority hotline at this IP and I'll read the message personally."

Subscription sites that need some extra proof-of-work for their
free trial so it doesn't cannibalize subscriptions could charge
bitcoins for the trial.

It might make sense just to get some in case it catches on. If
enough people think the same way, that becomes a self fulfilling
prophecy. Once it gets bootstrapped, there are so many
applications if you could effortlessly pay a few cents to a
website as easily as dropping coins in a vending machine.

Satoshi Nakamoto
http://www.bitcoin.org


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

From: Jonathan Thornburg#015016

Bitcoin v0.1 released

Replying to:>>015004
On Sat, 17 Jan 2009, Satoshi Nakamoto wrote:
[[various possible uses of Bitcoin et al]]
> Once it gets bootstrapped, there are so many
> applications if you could effortlessly pay a few cents to a
> website as easily as dropping coins in a vending machine.

In the modern world, no major government wants to allow untracable
international financial transactions above some fairly modest size
thresholds. (The usual catch-phrases are things like "laundering
drug money", "tax evasion", and/or "financing terrorist groups".)
To this end, electronic financial transactions are currently monitored
by various governments & their agencies, and any but the smallest of
transactions now come with various ID requirements for the humans
on each end.

But if each machine in a million-node botnet sends 10 cents to a
randomly chosen machine in another botnet on the other side of the
world, you've just moved $100K, in a way that seems very hard to
trace. To me, this means that no major government is likely to allow
Bitcoin in its present form to operate on a large scale.

I also worry about other "domestic" ways nasty people could exploit
a widespread Bitcoin deployment:
* Spammer botnets could burn through pay-per-send email filters
trivially (as usual, the costs would fall on people other than the
botnet herders & spammers).
* If each machine in a botnet sends 1 cent to a herder, that can add
up to a significant amount of money. In other words, Bitcoin would
make botnet herding and the assorted malware industry even more
profitable than it already is.

Is there something obvious I've missed? Is there a clever aspect of
the design which prevents botnets from exploiting the system? Is there
a way for every major government to monitor all Bitcoin transactions
to watch for botnet-to-botnet sending?

--
-- From: "Jonathan Thornburg [remove -animal to reply]"
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

From: Hal Finney#015036

Bitcoin v0.1 released

Jonathan Thornburg writes:
> In the modern world, no major government wants to allow untracable
> international financial transactions above some fairly modest size
> thresholds. (The usual catch-phrases are things like "laundering
> drug money", "tax evasion", and/or "financing terrorist groups".)
> To this end, electronic financial transactions are currently monitored
> by various governments & their agencies, and any but the smallest of
> transactions now come with various ID requirements for the humans
> on each end.
>
> But if each machine in a million-node botnet sends 10 cents to a
> randomly chosen machine in another botnet on the other side of the
> world, you've just moved $100K, in a way that seems very hard to
> trace. To me, this means that no major government is likely to allow
> Bitcoin in its present form to operate on a large scale.

Certainly a valid point, and one which has been widely discussed in
the debates over the years about electronic cash. Bitcoin has a couple
of things going for it: one is that it is distributed, with no single
point of failure, no "mint", no company with officers that can be
subpoenaed and arrested and shut down. It is more like a P2P network,
and as we have seen, despite degrees of at least governmental distaste,
those are still around.

Bitcoin could also conceivably operate in a less anonymous mode, with
transfers being linked to individuals, rather than single-use keys. It
would still be useful to have a large scale, decentralized electronic
payment system.

It also might be possible to refactor and restructure Bitcoin to separate
out the key new idea, a decentralized, global, irreversible transaction
database. Such a functionality might be useful for other purposes. Once
it exists, using it to record monetary transfers would be a sort of side
effect and might be harder to shut down.

> I also worry about other "domestic" ways nasty people could exploit
> a widespread Bitcoin deployment:
> * Spammer botnets could burn through pay-per-send email filters
> trivially (as usual, the costs would fall on people other than the
> botnet herders & spammers).
> * If each machine in a botnet sends 1 cent to a herder, that can add
> up to a significant amount of money. In other words, Bitcoin would
> make botnet herding and the assorted malware industry even more
> profitable than it already is.

It's important to understand that the proof-of-work (POW) aspect of
Bitcoin is primarily oriented around ensuring the soundness of the
historical transaction database. Each Bitcoin data block records a set
of transactions, and includes a hash collision. Subsequent data blocks
have their own transactions, their own collisions, and also chain to
all earlier hashes. The result is that once a block is "buried" under
enough new blocks, it is essentially certain (given the threat model,
namely that attackers cannot muster more than X% of the compute power
of legitimate node operators) that old transactions can't be reversed.

Creating new coins is indeed currently also being done by POW, but I
think that is seen as a temporary expedient, and in fact the current
software phases that out over several years. Hence worries about botnets
being able to manufacture large quantities of POW tokens are only a
temporary concern, in the context of Bitcoin.

There have been a number of discussions in the past about POW tokens as
anti spam measures, given the botnet threat. References are available from
"Proof-of-work system" on Wikipedia. Analyses have yielded mixed results,
depending on the assumptions and system design.

If POW tokens do become useful, and especially if they become money,
machines will no longer sit idle. Users will expect their computers to
be earning them money (assuming the reward is greater than the cost to
operate). A computer whose earnings are being stolen by a botnet will
be more noticeable to its owner than is the case today, hence we might
expect that in that world, users will work harder to maintain their
computers and clean them of botnet infestations.

Countermeasures by botnet operators would include moderating their take,
perhaps only stealing 10% of the productive capacity of invaded computers,
so that their owners would be unlikely to notice. This kind of thinking
quickly degenerates into unreliable speculation, but it points out the
difficulties of analyzing the full ramifications of a world where POW
tokens are valuble.

Hal Finney

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

From: Bill Frantz#015038

Bitcoin v0.1 released

Replying to:>>015036
hal at finney.org ("Hal Finney") on Saturday, January 24, 2009 wrote:

>Countermeasures by botnet operators would include moderating their take,
>perhaps only stealing 10% of the productive capacity of invaded computers,
>so that their owners would be unlikely to notice. This kind of thinking
>quickly degenerates into unreliable speculation, but it points out the
>difficulties of analyzing the full ramifications of a world where POW
>tokens are valuble.

Some people tell me that the 0wned machines are among the most secure on
the network because botnet operators work hard to keep others from
compromising "their" machines. I could see the operators moving toward
being legitimate security firms, protecting computers against compromise in
exchange for some of the proof of work (POW) money.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz | When it comes to the world | Periwinkle
(408)356-8506 | around us, is there any choice | 16345 Englewood Ave
www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos, CA 95032

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

From: dan at geer.org#015040

Bitcoin v0.1 released

Replying to:>>015038

Bill Frantz writes:
-+-----------------
| Some people tell me that the 0wned machines are among the most
| secure on the network because botnet operators work hard to
| keep others from compromising "their" machines. I could see the
| operators moving toward being legitimate security firms,
| protecting computers against compromise in exchange for some of
| the proof of work (POW) money.


I'm one of those people. Quoting from my speech of 1/20:

> Virus attacks have, of course, become rarer over time, which is
> to say that where infectious agents once ruled, today it is
> parasites. Parasites have no reason to kill their hosts -- on
> the contrary they want their hosts to survive well enough to
> feed the parasite. A parasite will generally not care to be all
> that visible, either. The difference between parasitism and
> symbiosis can be a close call in some settings, and of the folks
> who famously bragged of being able to take the Internet down in
> twenty minutes, one has said that a computer may be better
> managed once it is in a botnet than before since the bot-master
> will be serious about closing the machine up tight against
> further penetration and similarly serious about patch
> management. Therefore, since one can then say that both the
> machine's nominal owner and the bot master are mutually helped,
> what we see is evolution from parasite to symbiont in action.
> According to Margulis and Sagan, "Life did not take over the
> globe by combat, but by networking." On this basis and others,
> bot-nets are a life form.

Rest of text upon request. Incidentally, I *highly* recommend
Daniel Suarez's _Daemon_; trust me as to its relevance. Try
this for a non-fiction taste:

http://fora.tv/2008/08/08/Daniel_Suarez_Daemon_Bot-Mediated_Reality


--dan

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

From: Satoshi Nakamoto#015041

Bitcoin v0.1 released

Replying to:>>015036
Hal Finney wrote:
> > * Spammer botnets could burn through pay-per-send email filters
> > trivially
> If POW tokens do become useful, and especially if they become money,
> machines will no longer sit idle. Users will expect their computers to
> be earning them money (assuming the reward is greater than the cost to
> operate). A computer whose earnings are being stolen by a botnet will
> be more noticeable to its owner than is the case today, hence we might
> expect that in that world, users will work harder to maintain their
> computers and clean them of botnet infestations.

Another factor that would mitigate spam if POW tokens have value:
there would be a profit motive for people to set up massive
quantities of fake e-mail accounts to harvest POW tokens from
spam. They'd essentially be reverse-spamming the spammers with
automated mailboxes that collect their POW and don't read the
message. The ratio of fake mailboxes to real people could become
too high for spam to be cost effective.

The process has the potential to establish the POW token's value
in the first place, since spammers that don't have a botnet could
buy tokens from harvesters. While the buying back would
temporarily let more spam through, it would only hasten the
self-defeating cycle leading to too many harvesters exploiting the
spammers.

Interestingly, one of the e-gold systems already has a form of
spam called "dusting". Spammers send a tiny amount of gold dust
in order to put a spam message in the transaction's comment field.
If the system let users configure the minimum payment they're
willing to receive, or at least the minimum that can have a
message with it, users could set how much they're willing to get
paid to receive spam.

Satoshi Nakamoto


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com