Category Archives: bitcoin

TweetStorm: Slow bitcoin Core Development is a Good Thing

Originally Tweeted on July 2, 2014

1/ another @pmarca tweetstorm #bitcoin slow bitcoin core development is a good thing

2/ #bitcoin software changes to the bitcoin core protocol should be made slowly

3/ #bitcoin it is not possible to truly test the security of software until it is used and attacked

4/ #bitcoin security of bitcoin core is paramount the software is the new “bank in your pocket (@gavinandresen)”

5/ #bitcoin if you are running a company that uses the bitcoin core protocol you should pay (something/somehow) to support it

6/ #bitcoin joining the #bitcoinfoundation indirectly supports payment of bitcoin core developers, a good thing

7/ #bitcoin recent effort to replace #bitcoinfoundation is misguided but the funding is a good thing http://bitcoinmagazine.com/14678/bitcoin-millionaire-announces-winner-100k-bounty/

8/ #bitcoin however lack of funding of core developers is a problem and significant risk to the Bitcoin ecosystem

9/ #bitcoin any effort to increase funding of core developers is a good thing

10/ #endtweetstorm #bitcoin www.bitcoininplainenglish.com

11/ #reallytheendtweetstorm ;-) http://bitcoinmagazine.com/author/sandy-ressler/

 

TweetStorm: Bitcoin IS and IS NOT like cash

Originally tweeted on June 30, 2014

1/ Trying a @pmarca tweetstorm; Bitcoin IS and IS NOT like cash

2/ #bitcoinislikecash If you give your bitcoin to someone it’s gone and you can’t get it back

3/ #bitcoinisnotlikecash You can (and should!!) backup your bitcoin

4/ #bitcoinislikecash If you lose your bitcoin you’re out of luck it’s gone

5/ #bitcoinislikecash You can give your bitcoin to someone without revealing your identity

6/ #bitcoinisnotlikecash When you spend your bitcoin a record of the transaction goes into a public ledger

7/ #bitcoinislikecash Cash is printed on worthless paper but people give it value, bitcoin is in worthless data but ppl give it value

8/ #bitcoinisnotlikecash you can backup your bitcoin electronically or on physical media like paper

 

 

Bitcoin Payment Protocol Explained

What do you do with bitcoin? Why, you spend it of course! Or more precisely you pay for something or some service using it. The specific process to pay using bitcoin is called the Bitcoin Payment Protocol and it is codified in a document called BIP70.  A BIP is a Bitcoin Improvement Proposal and is one of the mechanisms used by the Bitcoin “core developers” to improve Bitcoin.  There are all sorts of BIPS on lots of great topics but let’s not get diverted. Go to: https://github.com/bitcoin/bips/  and check them out yourself.

Now back to BIP70 the payment protocol. The description is at: https://github.com/bitcoin/bips/blob/master/bip-0070.mediawiki and is the basis for the technical content  of this article.  The abstract of the payment protocol states:

This BIP describes a protocol for communication between a merchant and their customer, enabling both a better customer experience and better security against man-in-the-middle attacks on the payment process.

Note that a man-in-the-middle (sometimes abbreviated MITM) attack is when a customer connects to a merchant, and it turns out that the customer is not really talking to the merchant. Rather the customer is talking to a man sitting in between (in the middle) the customer and the merchant. This “man” can see all of the traffic going between the customer and the vendor and is thus able to get the user names, passwords and credit card info and all that sort of personal stuff, by imitating the vendor.  With a good imitation the customer will likely be non the wiser. MITM attacks are insidious and technologies (such as the BIP70 payment protocol) to prevent them are important.

Let’s break down the concept of a payment protocol.  First, a “payment” is the transfer of value from one individual to another. Second, a “protocol” is a specific process or sequence of messages that must take place in a particular order. As part of the process certain “conditions” might need to be validated for the process to run to successful completion. Sometimes a condition is not met and the process aborts or returns an error message, but the protocol itself should be able to handle all of these conditions, making it a “robust” protocol.

A payment protocol is a sequence of messages between the customer and the vendor, in a particular order, with an expected set of responses, or acknowledgements that are part of the messages.  Let’s look at a particular set of messages that I will call the “passing in the hallway protocol” (PITHP). If you work in a building and happen to pass by colleagues, it might go something like:

1.Sandy says:  Hey Sharon, how’s it going?

2. Sharon says: Hi Sandy, fine fine, and you?

3. Sandy says: “same old, same old”

and we’re done, exciting ayee?

That simple “passing in the hallway protocol” was a sequence of messages passed from one person to another in an expected order. Of course things might not go as expected in which case additional condition handling messages might be needed.

1. Sandy says: “Hey Judy, how’s it going?”

2. Judy says: “Hi Sandy, did you get me that status report yet?”

3. Sandy says: “Yes, I sent it yesterday, but let me check, damn email is acting up”

4. Judy says: “I need it by close of business today.”

5. Sandy says: “No prob. I’ll resend it.”

The code that implements the protocol must deal with all the various types of exceptions and conditions that can happen. ALL of them.

There is very informative illustration in BIP70:

Protocol_Sequence

 

Note that the customer sends messages to the merchant, however two other entities come into play. First the bitcoin wallet application itself, and the bitcoin network. You read the illustration from top to bottom which denotes the specific sequence  of messages.  The diagram however does not specify all of the possible options that the code must handle. For example, if the merchant server does not respond with a “PaymentRequest” message then the customer must do something such as repeat the “pay now?” message or abort the whole transaction.

Let’s walk through the diagram in plain english:

The customer clicks on a “pay now” button which sends a message to the merchant server. The merchant server requests a payment from the wallet application (belonging to the customer).  The wallet application asks the customer, “are you sure you want to authorize this payment?” To which the customer clicks, “OK”, sending a message to the wallet application. The wallet sends the payment to the merchant and possibly at the same time it initiates a transaction to the Bitcoin network. The Bitcoin network does it’s transaction thing causing the merchant to receive bitcoin. The merchant server acknowledges the payment sending a message to the wallet, and finally (optionally) the wallet sends a message back to the customer.

A very thorough, yet quite understandable, explanation of the details of the payment protocol was authored by Mike Hearn and is available at:  https://bitcointalk.org/index.php?topic=300809.0   There are a LOT more details to the payment protocol I would simply suggest keeping in mind that point of the protocol as stated in the BIP070 abstract, is to make for a better and more secure customer experience. As more wallets and merchants provide more compete support for the payment protocol we will all benefit.

 

 

Bitcoin Micropayments, Say What?

The two big pieces of Bitcoin are the currency and the network.  The Bitcoin network enables electronic payments, not such a big deal really, there are lots of payment systems. However the Bitcoin network let’s you transfer money (bitcoins) in an incredibly efficient manner, and one which is not dependent on any central control or central point of failure.  Each financial transaction is cheap, really really cheap.

One logical extension of this efficient, inexpensive financial transaction network is the ability to create extremely small transactions. It is reasonable and feasible to create electronic payments that are worth less then a penny.  This is actually a BIG DEAL! It means, for example that a wifi network could be created that let’s you connect stay online for a few minutes and you just pay for that miniscule amount of time.

In a wonderful video  “Bitcoin Fireside chat with Marc Andreessen and Balaji Srinivasan“,  the two VCs discuss micropayments (and a lot of other stuff) a bit and point out classic use cases. First bitcoin could have solved the email spam problem by charging a tiny amount to send an email which would quickly bankrupt the spammers and have no effect on normal users. Secondly using bitcoin micropayments to allow for payment of articles on websites (like this one!), where you just pay 5 cents or 25 cents. The efficiency of the Bitcoin payment network allows such transactions whereas the overhead of other payment systems make such payments prohibitive.

So when is this all going to become a reality? Not too quick however code to enable micropayments is being actively developed by core bitcoin developers (see Jeff Garzik’s https://github.com/jgarzik/mcp for the more technical adventurous).  Additionally there is a much more thourough discussion of micropayments on the bitcoin wiki at: https://en.bitcoin.it/wiki/Contracts#Example_7:_Rapidly-adjusted_.28micro.29payments_to_a_pre-determined_party

 

Bitcoin just keeps getting  more and more interestinger ;-)

What is a Bitcoin address, and what does it mean to sign it?

Short Answer: A Bitcoin address is a unique number that “holds” bitcoin currency. You use the address to  receive and send bitcoins.

Medium Sized Answer:  A Bitcoin address is the public key half of the public-private key pair that enables the validation of ownership of that address.  WHOAH there, what in tarnation  does that mean??

Bitcoin addresses are created as part of a key generation process that creates a pair of keys. They are a matched set, where one is public and the other is private.  When you “sign” a bitcoin address you are running the public and private keys through an algorithm that checks to see that those keys belong together.  Usually signing is talked about in the context of a message. Someone sends you a signed message and you can verify that the message came from the genuine person.  You can verify the message because it was signed with their private key and you  matcht it to their public key.  When sending bitcoins the signed message is a portion of the bitcoin transaction and you do not explicitly see the message it is just part of the transaction. This let’s you validate the ownership of the address. The transaction (the transfer of value) was signed with the owner’s private key and you check that it’s valid using their public key.

A little diversion – public key cryptography is a really cool technology developed in the mid 1970′s. The amazing thing about public-private key pairs is that everyone can know the public key and the owner of the private key can prove that he is the owner of the message sent with the associated public key. For more information on PKI (Public Key Infrastructure) upon which much of bitcoin’s security is based see Mike Hearn’s (a core bitcoin developer) great description of many issues in “Why you think the PKI sucks…but can’t do any better“.

A Longer Story: Let look at the sequence of actions to create and then use the key pairs.  First we need to generate the key pair, which will result in two keys the public and private keys. The Bitcoin address is actually a form of the public key (it’s a hash of the public key). From the Bitcoin protocol specification at: https://en.bitcoin.it/wiki/Protocol_specification#Signatures

A bitcoin address is in fact the hash of a ECDSA public key

Since anyone can know the public key and really the Bitcoin address is the public key,  it’s perfectly OK to give out the Bitcoin address. So now we have a Bitcoin address, what’s next?

Let’s say that I want to get paid for something, say writing this article! I can advertise a Bitcoin address, and since you are all so thrilled to read this, you have an overwhelming urge to send me some coins. You would open up your Bitcoin wallet enter my address as the address to send bitcoins to; click send; and I would happily receive some bitcoins.  Recall that I and only I have the private key matching the public key (address) which enables me to be the only person that could spend the bitcoins I just received.

If you wanted to double check that I was actually the owner of the address before you sent me coins you could ask that I send a signed message associated with  address proving it’s mine. I could create a message and sign the address. You would then take the message I sent, and put it into your wallet along with my address to prove that I am the “owner” of the address. Bitcoin wallets usually contain this message signing and verification  functionality.

An address is used to “hold” bitcoins, however the concept of an address holding bitcoins or that you are the “owner” of a Bitcoin address is a misnomer. Recall that the address is one half of a public-private key pair. The reason you “own” an address and have control over the coins associated with that address is simply that you also know the other half of the public-private key pair, the private key.  If someone else learns the private key to an address then that person has just as much control and “ownership” over the address, as you. In other words that person can spend your bitcoins.  The solution is quite simple, make sure you and only you control the public keys to your bitcoin addresses. From a practical point of view this means that you create a good, not easy to guess, Bitcoin wallet password, and/or keep it in a safe place. Some excellent security practices are outlined at the Bitcoin Foundation’s site at: https://bitcoin.org/en/secure-your-wallet.

Since Bitcoin addresses are one of the cornerstones to using Bitcoin, it is instructive to play around with addresses to get a better understanding of just what exactly a Bitcoin address is all about. A particularly good website to play around with is bitaddress.org.  After generating a new Bitcoin address play around with the various options and observe the public and private keys it generates. Just don’t go putting real bitcoins into an address while also displaying the private key. Keep the private key private!

 

I Sign, You Sign, We All Sign, Multi-signature Explained

Everyone is concerned about the security of their bitcoins, and we are constantly reading stories of one or another persons getting their bitcoins stolen. (Of course following bitcoin best practices should reduce your changes of being victimized. Advice such as described at: http://bitcoinsecurity101.com/getting-started/ is a good start.) One big step forward in the improvement of bitcoin security is a little known, rarely used feature called “multi-signature”. The bitcoin core reference libraries support multi-signature capabilities and I expect to see a significant uptake in the usage of this important feature. Let’s explain, what multi-signature is all about.

Just like the name implies a multi-signature transaction requires more then one signature. Let’s say that Bella has some bitcoins and needs to pay Murray. In a regular bitcoin transaction Bella will simply use her wallet to enter one of Murray’s bitcoin addresses and “send” the bitcoin. Murray would see the new bitcoin in his wallet and that’s the end of the story. In a multi-signature transaction Bella would still be sending bitcoin to Murray, however in order for Murray to actually receive the bitcoin, a third party, Gail, would also have to sign the transaction. Note that this requirement for a third party, an arbitrator, also greatly improves the security of the bitcoins in your wallet. Even if a nasty party, found the private key for Bella, he still couldn’t spend the bitcoin without also knowing Gail’s private key, a much less likely event.

By the way a multi-signature address always begins with the number 3, and looks like: 34CRZpt8j81rgh9QhzuBepqPi4cBQSjhjr. This lets you quickly visually scan the address and verify that it is indeed a multi-signature transaction.

There is a good, more technical article, about multi-signature on BitcoinMagazine at: Multisig: The Future of Bitcoin by Vitalik Buterin. Multi-signature wallet capabilities are just beginning to fill the Bitcoin ecosystem and we can look forward to many new innovative wallets that will make the creation and usage of multi-signature transactions simple. There are a few multi-signature capable wallets, such as BitGo, Bitrated and the core reference Bitcoin-QT. Usage of multi-signature is still new and somewhat novel, so beware. However multi-signature transactions promises to greatly improve the security of Bitcoin and I’m very much looking forward to lots of user friendly implementations.

You’ve Got bitcoin, Now What?

So you’ve created a wallet. You set up an account at an exchange, or a service such as CoinBase.com, or you even to met someone in person via localbitcoins.com. Last but not least you actually bought some bitcoins! Congratulations! Now what?

There are a few things you can do.

Sit on the bitcoins in the hope that they will escalate in value and we can all become gazillionaires. If I see another prediction that each bitcoin will be worth 10 or 100,000 dollars I’m going to pull the few remaining hairs out of my head. No one has a clue what bitcoins will be worth in the future. However it is a fact that many if not most bitcoins in existence are simply sitting in addresses and have never been spent. Speculating on their potential increase in value is perfectly reasonable. Of course they could just as easily fall in value, thus the term “speculation”.

Rather then simply sitting on your coin, one fascinating thing you can do is to loan your bitcoin via a number of peer 2 peer lending services. Since bitcoin exists within a totally decentralized infrastructure, you don’t have to get anyones permission to loan bitcoin to someone else. There are a number of peer 2 peer lending services. In particular I’d suggest checking out BTCjam.com. You look at requests for loans, the interest rate they will pay you and the time period for the loan. Pay attention to the detail of the people requesting loans and the suggestions from the site on how to reduce your risk. Overall it’s a very cool way to try to earn money from your bitcoins and help some folks out at the same time.

You can sell your bitcoin, via a service such as localbitcoins.com and try to make some profit by selling for more then you paid. Of course feel free to sell for less but that usually won’t last too long.

Last but not least, you can buy stuff! Yes you can actually buy good and services. The biggest “store” that accepts bitcoin directly is Overstock.com. It’s great fun and just cool to go to Overstock and click on paying with bitcoin. The transactions are as fast as using a credit card, you get a confirmation, just like using a credit card and everything is smooth. I can’t say that as a consumer there is any great benefit to using bitcoin versus a credit card, but if you like the idea of denying that extra little fee to a big bad bank (and doesn’t that put a smile on your face) then bitcoin it. Another cool way of buying lots of different things is via the “Gyft” service. Gyft is a company that let’s you buy other companies gift cards. However you can pay for your Gyft card via bitcoin! So if you want a giftcard from CVS, or Zappos or Sephora you can simply put money into your Gyft account and even better use an app on your phone to buy products with the supported gift cards. And you can pay for it all with bitcoin. Very snazzy!

There are more and more places that accept bitcoin. Naturally there are web sites that keep track of this such as SpendBitcoins. Now you have no excuse to not buy bitcoin and do things with it, so go forth and consume.

My Virgin Bitcoin Spending Experiences

Well I’ve been “into” bitcoin for nearly a year and like most people I’ve simply been hoarding my coin. It’s time to start spending! I recently had the opportunity to register for Bitcoin2014 (come join me! http://bitcoin2014.com/) in Amsterdam and naturally since the option of paying via bitcoin was available I had to try it. I had never actually bought anything with bitcoin before so I was in virgin territory. The process was surprisingly simple, straightforward and painless, partially due to good web design and partially due to luck.

The bitcoin portion was run handled by bitpay and when I clicked to pay a “bitcoin:” URL was created and executed by starting up my wallet (a Multibit wallet) that happened to be on the computer I was using to register. Multibit asked for my wallet password (very reassuring) the payment was made and all was right with the world. No long delay it all worked fine.

A day or two later I decided to purchase a “Verso Card” (https://versocards.com) which is a cool hardware gadget about the size of a credit card that you can use as a cold storage wallet but with the convenience of an online wallet because you link it to an app on your phone. (I haven’t received it yet so can’t tell you if it works well or not.) Anyway I went through the usual purchase process and at the end it printed a bitcoin address and said please pay first before clicking button. So I had to manually go into my wallet put in the address and then wait for like 10-15 minutes for the transaction to be confirmed until I hit the button on the Verso card page. This is totally unreasonable for normal purchases. If I had hit the button the page said they would not mail the card, so I was warned but this is not a “ready for prime time” way of conducting business. I don’t know what the difference is between the bitpay managed purchase which happened instantly, and the Verso card purchase, both of which used my same bitcoin wallet. So that part will remain a mystery until I investigate some more.

Last but not least, I’ve been reading about Overstock.com accepting bitcoin. I had never purchased anything from Overstock but I headed over to give it a whirl. I created an account in like 30 seconds…surfed to buy some piece of clothing. Place it into my shopping cart. Clicked the pay with bitcoin button, and the transaction was very smoothly handeled by coinbase (which I had previously setup to handle the bitcoin URL transactions, rather then use my wallet).

Overstock.com purchase confirmation
Overstock.com purchase confirmation

The system asked for my 2 factor Coinbase authentication (also reassuring). I authenticated, and it was all done fast! Back to Overstock with a “Your Order Was Successful” message! Hey you know what the bitcoin thing might have legs. I also received a confirmation from Coinbase that was also reassuring.
Coinbase Confirmation
Coinbase Confirmation

All in all, it was an interesting set of spending experiences. I have no doubt the growing pains of using bitcoins for real purchases will be smoothed out and is in fact rapidly getting smoothed out. Just keep your eyes open for some bumps in the road but start shopping!

Libertarian, Anarchists…NOT

Marc Andreesen recently made a twitter (@pmarca) post:

“The idea that most computer/Internet people now are raving anti-government libertarian anarchists is simply wrong. A false caricature.”

That really struck me. I encounter a lot of political views in my bitcoin (virtual travels) and while there are quite a few libertarians and a few anti-government types they are by no means the whole community. Speaking for myself, I’m not a libertarian, and I actually work for the government (no not one of those spooky agencies just a science agency)!

Bitcoin has a tremendous number of fascinating technical capabilities and being a geek, that is actually the driving force for my interest. The fact that it has some value for some “social good” is gravy and wonderful but it happens to not be what is driving me. I admire those people for whom Bitcoin is seen as the solution to a lot of the world’s problems. Let’s get rid of the libertarian, anarchist myth, and move on.

What’s this Bitcoin Public Ledger thing?

One of innovations to come out of Bitcoin is the notion that every financial transaction that happens is recorded in a distributed public ledger. This ledger is called the “block chain”. Every bitcoin transaction that occurs, or has ever occurred, is recorded on the block chain. In addition the block chain is distributed by Bitcoin “nodes”. Nodes talk to each other (peer 2 peer) and that’s how the block chain is communicated throughout the bitcoin network (that will have to be another post). When you run a full bitcoin client on your computer, you become a node.

Collections of transactions are grouped together into “blocks”. And blocks are placed one after another into a long “chain” of blocks, thus the name “block chain”. If you try to alter a block then the cryptographic computations which make valid transactions would not work indicating that a block has been altered. Thus we are ensured that all the transactions are correct. As a new block is placed onto the chain a new computation is created (a hash) that depends on all previous blocks. This is why the blocks are chained together.

Since the block chain is available to everyone, anyone can check that a transaction has actually happened. Just like a regular financial ledger you can check the entire history of bitcoin transactions by looking in the block chain. The validity of transactions is ensured by the distributed network of bitcoin nodes and the cryptography used ensures that all copies of the block chain are valid. Purty cool ayeee!