BitcoinTalk
Major Meltdown

View Satoshi only

External link

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem Wink ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.
What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem Wink ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

That is an interesting idea.  But, how would the wealth be transfered to a new system and what would be the exchange rate?  Perhaps this could be combined with an insurance plan that had a predetermined and guaranteed payout written in the policy?
But, how would the wealth be transfered to a new system and what would be the exchange rate?

Wealth would not have to be transferred per say.  Rather, a new, cryptographically sound system would be adopted, and previous owners would be given new currency in proportion to their old balance of BC.  The exchange rate would be determined solely by the market's usage of the new currency. 

Imagine a verified public registry that voluntarily ties BC addresses to email addresses (by signing your email address with your private key for the BC address).  If BC failed, the new system would take a certain historical block from BC at a fraudless time.  Then, supposing again that 21 million units of new currency were being generated, and that 80% of the old BC currency had been registered, then each time a node generates a block for the new currency they would get to keep 20% of some number of new currency while every registered address would receive some tiny share of the other 80% in proportion to their registered BC at their registered email address.  When all new currency generation is done, the owners of the 80% of registered BC money will have 80% of the new money, while the lost 20% is reissued.

I would bet that if BC had seen widespread adoption, and if many people had registered their addresses, then the new currency would be readily accepted because so many people would be getting it for free and in their "fair" amount.

Perhaps this could be combined with an insurance plan that had a predetermined and guaranteed payout written in the policy?

That's another interesting idea.  Basically, some individual could choose to setup their own insurance company for BC where people pay a certain percentage of their protected BC amount.  This company would then keep a registry similar to that above, but only for its clients (It's necessary to verify that clients have the BC amount they claim). Instead of issuing new currency in case of catastrophic failure, they could simply issue USD's.  Again, the biggest challenge would be setting clear terms for when payout would occur and which block would be treated as the truth.  Perhaps they could pay out from the last block issued before a mathematical proof of the system's unsoundness was offered?
It is strange that is has taken such a long time to create a digital fiat currency. And who
says that Bitcoin is the one and only digital currency that will exist in the future?
Right now, if there is a flaw in the bitcoin algorithm the people dealing with it will lose their trust
in the currency and the bitcoins will lose their value. If there are several digital currencies in the future
you will just sell your bitcoins and buy more secure (or more useful)  digital coins instead. I think that there will be a tendency to swap from one digital money system to another, once people see an advantage of a new system. Like an evolutionary process.
I find it funny that some people still cling to the idea that there has to be some kind of "agency" that regulates the economy.  I mean when you don't want your old money anymore you just .. eh .. sell it?
You are not forced by anyone to use bitcoins, right? And nobody can stop you from using another digital
currency.  So the best way to keep your wealth is to invest in different assets - as always in life.
Max,

Your comments make total sense, as long as there is time to switch over to the new currency when a threat looms.  This is pretty reasonable.  For example, people might start to find some small flaws with SHA-256, and so people would have time to buy into the new currency before the whole system unravels.

However, supposing somebody found a major flaw while BC was in widespread usage, that person could commit a lot of fraud without people even realizing immediately.  In this case, it might be valuable to have some kind of registry, because people might want to buy into a new currency that does include some distribution in proportion to formerly registered wealth (game theoretically, only the wealthier registered 50% would prefer this currency, but that's the topic of another discussion).

Now, it seems like a pretty good solution would be for everyone to hold a diversity of digital currencies, which are backed by a diversity of cryptographic methods.  However, this solution has many costs of its own, since the marketplace would need to support many currencies.  Among other things, it would be absolutely necessary to have many competing, cheap exchanges.

Max,

Your comments make total sense, as long as there is time to switch over to the new currency when a threat looms.  This is pretty reasonable.  For example, people might start to find some small flaws with SHA-256, and so people would have time to buy into the new currency before the whole system unravels.

However, supposing somebody found a major flaw while BC was in widespread usage, that person could commit a lot of fraud without people even realizing immediately.  In this case, it might be valuable to have some kind of registry, because people might want to buy into a new currency that does include some distribution in proportion to formerly registered wealth (game theoretically, only the wealthier registered 50% would prefer this currency, but that's the topic of another discussion).

Now, it seems like a pretty good solution would be for everyone to hold a diversity of digital currencies, which are backed by a diversity of cryptographic methods.  However, this solution has many costs of its own, since the marketplace would need to support many currencies.  Among other things, it would be absolutely necessary to have many competing, cheap exchanges.



Any monetary system with a central registering authority is headed for failure imo.
No not a centralized registry.  There's no "agency" controlling it.  It's just something that users would agree to, just like every other rule of BC.  Deentralized and public, just like BC does transactions.
Amal,  I admit: I got you wrong!
I am just afraid that digital currencies will not stay legal for long because the government has not control over it. (The day they make it illegal, you should open a bottle of champagne, because that's the sign that bitcoin is a success.)
So at that point, they will also shut down your registry. And all the people who gave their address to that agency will get into trouble.

If there is a major flaw discovered in Bitcoin and there is no sufficient time to swap to a different system, I assume there is nothing you can do about a loss of your wealth.

Still, let's suppose YOU have discovered a way to produce an unlimited amount of coins. Your goal would be to profit from that secret AS LONG AS POSSIBLE. So even people that have the power to cheat wouldn't want a collapse of the digital fiat currency. And before the collapse of the old currency they would change their fake money for a better currency. But I am afraid that also goes for the so called "real" money. But.. somebody who has the brains to fool the algorithm of the digital currency at least gets a reward for his genius. In our paper fiat money system in the contrary, people who have access to the "printing press" of the government / central bank get rewarded for being just plain assholes.
Here's an answer to a similar question about how to recover from a major meltdown.
https://www.bitcoin.org/smf/index.php?topic=191.msg1585#msg1585

If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.

If the hash breakdown came gradually, we could transition to a new hash in an orderly way.  The software would be programmed to start using a new hash after a certain block number.  Everyone would have to upgrade by that time.  The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.
Satoshi,

That would indeed be a solution if SHA was broken (certainly the more likely meltdown), because we could still recognize valid money owners by their signature (their private key would still be secure).

However, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless.
If you're worried about elliptic curve cryptography being broken, then don't store any significant wealth in Bitcoin.   Just like if you're worried about your (real, physical) wallet being stolen don't hold more cash than you need to get through a couple of days of purchases.

By the way: I think an economical method for separating gold atoms from seawater will be found before elliptic curve cryptography is broken (and I think both are unlikely in the next 25 years).
However, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless.
True, if it happened suddenly.  If it happens gradually, we can still transition to something stronger.  When you run the upgraded software for the first time, it would re-sign all your money with the new stronger signature algorithm.  (by creating a transaction sending the money to yourself with the stronger sig)