Adam B. Levine (AL) - Host Andreas M. Antonopoulos (AA) Co-host Stephanie Murphy (SM) Co-host
The following program is for informational purposes only. Cryptocurrency is a new science so do your homework before putting money on the line.
Today is February 18 th 2014. Welcome to Episode 85 of Lets Talk Bitcoin, a twice weekly show about the ideas, people and projects building the digital economy and the future of money.
My name is Adam B. Levine and Im the editor-in-chief at the LTB network and today, its all about MtGox, one of the earliest, longest running, and for many years, the biggest exchange in the world of Bitcoin thats had another of its yearly panics. Theres a lot of ground to cover here so were going to jump right in. *0:43+
________________________________________________
AL: For todays episode of Lets Talk Bitcoin, were actually going to reintroduce ourselves. Lets Talk Bitcoin is a show about the ideas, people and projects building the digital economy and the future of money. Thats kind of a fancy way of saying that we think that cryptocurrency is a fundamentally game-changing technology and that Bitcoin is kind of at the forefront of that. My name is Adam B. Levine and Im the editor-in-chief of Lets Talk Bitcoin and Im one of the hosts on the show. *1:10+
SM: Im Stephanie Murphy. Im a radio host and a voiceover artist and a former research biochemist. Ive been using Bitcoin since 2011. Im really excited about Bitcoin because I think it helps bring human freedom to the world. [1:25]
AA: Hi, Im Andreas Antonopoulos. I am a security expert and specialize in distributed systems. Ive been working in that field for almost two decades now and Bitcoin is something that has captured my imagination and has become my main passion, my main focus and my work for the last two years. [1:47]
AL: For the last nine months or so, I guess its probably closer to ten months now since 25 th
April, weve been doing this show twice a week and not always with everybody on the show but the point has been to have the high level conversation that people who are interested in cryptocurrencies and interested in the future thats being created here, to have those conversations and to really talk about the things that might be more complicated than a new user could come to terms with easily but, for people who have been in the space for a while, these are really the important things that we need to talk about. Is MtGox finally on its last legs? Is this latest problem that theyve had, which resulted in the freezing of both fiat currency withdrawals and Bitcoin withdrawals is this finally the straw that breaks the camels back and leads to the demise of MtGox? *2:36+
SM: Just to be clear, there was a separate problem that prevented them from processing dollar withdrawals, which they really havent been very transparent about but what they do say is that its a regulatory issue or a banking problem which is why they cant get fiat money to their customers when they try to withdraw it from the exchange. The Bitcoin withdrawal processing problem was new just this week and actually, by all indications, they werent too transparent about it until people started complaining very loudly. There was one guy who actually protested and flew to MtGox headquarters in Tokyo and just waited for some of the higher-ups at the company to come to work so he could talk to them and posted about it on Reddit. Really funny but its not funny if you have bitcoins or fiat stuck in the exchange and you cant get them out and youre probably kind of freaking out. *3:26+
AA: I dont really think this is a different problem though. Its the same problem. Its the same problem for the USD withdrawals, its the same problem for the Bitcoin withdrawals, its the same problem for the denial of service and latency problems back in April, its the same problems before that, its the same problems during the denial of service attack. The problem is clownish and incompetent management from the top, a sloppy development process for the software development, incompetent communication that is rare and usually self-serving and intended to shift the blame elsewhere, defensive and again, this is the same problem. The problem is clownish and incompetent management from the top that has persisted after three years without any discernible improvement in the quality of people hired or the management quality to actually treat customers who have serious money in this exchange respectfully, honestly and directly and to admit issues when they occur, clarify whats being done to fix them, fix them quickly and this causes these cycles where people dont trust Gox because Gox doesnt tell us what theyre doing. When they do say something, its self-serving, defensive and aims to deflect the blame and that creates paranoia so customers think Oh my god, maybe the money isnt really there and maybe thats why theyre saying this. That starts a panic and a run on the bank and weve seen this unfold five times and every single time, its been the same basic mistakes made again and again and again. Guess what? You can fix the software and you can fix the latency problems and you can fix the DDOS problems but you cant fix incompetent management. You cant until the people who are in management figure out that theres a difference between being a visionary pioneer, and all kudos and applause to them for being that, and actually running a business in a professional and consistent manner which theyre clearly unable to do. You cant fix that. *5:46+
AL: I dont necessarily disagree with you on this and I certainly agree that MtGox has had plenty of opportunities to fix this but I also have had conversations with people who actually work with Gox, or who work for Gox, and the thought there is that theyre kind of trapped in an impossible situation. In the past, theyve sort of said this, theyve said Well, were victims of our own success. Thats one part of it but the other part is that they do have to interface with real world partners who, a lot of times, like for example, if they complain about their bank and the bank is the only one that will work with them in Japan, then the bank just slows down. It actually can make the problem worse by talking about it. If you were in that same situation Andreas, and just having difficulty scaling, what is the game plan? Do you just pack up or do you just keep hiring people because theyve done that? [6:31]
AA: I think the most important thing is to be honest, direct and prolific in the communications and consistent in the communications. I think thats been the biggest failing. Its the circling of the wagons and going quiet at a time when problems will inevitably come out and that going quiet then leads to panic and paranoia about what the root cause is because, in all of these cases, the main problem has been a lack of communication, or communication that is weaselly instead of being direct and again, seeks to deflect blame instead of admitting problems. Problems are going to happen; of course theyre going to happen, especially in these large, rapidly scaling Bitcoin businesses. Were all having problems all the time. This is a very difficult, competitive, very rapidly escalating market and its difficult to manage a business in this environment but its not the problems, its how you deal with them and whether you deal with them in an open manner, thats respectful towards your customers and they will forgive the problems as long as you communicate clearly with them and youre direct and honest. They will not forgive and will continuously lose trust if you repeatedly avoid communicating, or communicating in a way thats more about deflecting blame than clarifying the situation. I dont blame Gox for incorrectly implementing transaction hashes. I blame Gox for a press release that then attempted to throw Bitcoin under the bus in order to pretend that somehow this wasnt their implementation problem. [8:12]
SM: Explain what that was, for people who arent caught up with that. *8:16+
AL: Actually, lets back up for a second here. The whole problem here is called transaction malleability, right? Lets actually take a step back and talk about that and then, Id also like to talk about the US dollar problems theyve had in the past too. *8:28+
AA: Lets talk about transaction malleability. Ill try with an analogy, I think, which... its obviously not 100% accurate like no analogy is but it may help clarify the issue. If you show up at a department store with a receipt for a pair of shoes and you want a refund, the department store is not going to trust that receipt. Theyre going to look at the receipt, theyre going to crosscheck it against their own internal records and the reason theyre going to do that is because, a lot of the time, people go and buy $20 pair of shoes and theyll come back the next day for a refund with a photoshopped receipt which shows it was $200 pair of shoes. If your customer service employees are not properly trained and they dont check against the records, theyre going to give out $200 in refunds to get a product back that you only paid $20 for. Or, a customer will show up at one department store branch and get a refund and then drive a few miles down the road and go to another branch and get another refund and then drive a few miles down the road to another branch and get another refund, all with photoshopped or photocopied receipts. The issue here is that the receipt itself is not authoritative. The receipt can be tampered with and it can be tampered with very creatively. You can add digits to the amount, you can photocopy it, you can make different copies for different items and you can fake the item. You could do that with delivery receipts from shipping companies, you could pretend that something that should have been delivered hasnt been delivered by creating a fake tracking request that doesnt match the internal companys tracking request. What companies in the real world do is they establish security procedures. What they do is they try to verify the information that you present against an authoritative record. In Bitcoin, transactions are fingerprinted with a hash but until that transaction is confirmed into the blockchain, until its embedded in a block and backed by proof-of-work computation, its not authoritative. Its just like a paper receipt that the customer brings into a customer service department for a refund. You cant trust it. It may look like your store receipt but someone could easily have created a duplicate. Until you can verify that against the authoritative ledger, and in Bitcoin the authoritative ledger is the blockchain, the decentralized asset ledger backed by proof-of- work computation and trusted because of proof-of-work computation. Transaction fingerprints are authoritative only once that transaction has been confirmed and before that, they are malleable. The reason they are malleable is because the transaction itself is not a fixed record. Its not simply a three line receipt where you say From A to B, amount X. Thats not how Bitcoin transactions work. Within the Bitcoin transaction, you have the spending of previous outputs from a previous transaction and then you have a scriptable language that creates an encumbrance for the next recipient. Essentially, it ties a value to a specific public key through the use of a scripting language and that scripting language is evaluated as an equation. As long as that equation validates, thats a valid transaction that will get relayed but there are infinite ways that you can write that equation and there are infinite ways that you can express the previous inputs such that each one of these variations will still be the same inputs, the same outputs and the same amounts but theyll be subtly different, enough to create a different fingerprint. Let me give you another analogy. In the Bitcoin network, if you try to spend 2 Bitcoin, or if you try to spend 02 Bitcoin, or if you try to spend 002.00 Bitcoin, the network will evaluate all of that as 2 bitcoins. Thats called padding and you can do that with both positive and negative numbers, you can add zeros to the beginning or the end of the number in such a way that they wont change the way that the transaction is validated. To change the way the transaction is validated, you would have to change every single Bitcoin node to validate transactions differently and youd also have to make the system much less flexible. Youd have to force it into a fixed structure which then makes it impossible to innovate. The same thing for the recipient of the transaction thats expressed as a script which, if youve seen in the script section of Blockchain.info or another block explorer youll see it as OP DUP OP Hash 160 Check Verify Check Signature and this little script, basically, says Heres a public key, heres the function that you need to evaluate to confirm the person presenting this for redemption has the correct public key. Its an equation and you can write an equation different ways. Think of an equation which is 4+5=9. The important thing is that it validates as 9, but you can write it as 4+5, you can write it as 4+4+1, you can write it as 182, you can write it as square root of 81. All of those will evaluate to 9; all of those are valid. All of those are fundamentally different in appearance and will result in a different signature. Transaction malleability is, basically, the fact that we have a scripting language in a variable length encoded transaction that is flexible enough to express a very broad variety of transaction times and to be extensible. Thats critical to having a system that can allow innovation without having to change every single client every single time. Instead, you just have the rules by which things are evaluated. The problem with that means that until that transaction is essentially photocopied, stamped and embedded into the blockchain, in an immutable fashion, its fingerprint can be changed or others can be created that are identical in every way, except for the fingerprint. This is something weve known since 2011. This is something that was published on the wiki, which ironically is owned by the MtGox owner, in January 2013. This is something that was specifically identified as a weakness in MtGoxs implementation about four months ago. There were several posts, both by core developers and others, writing how a bot could be created to inject malleable records that would fool anyone who relied on transaction hashes in order to do withdrawal verification and that this particular attack could be used against MtGoxs specific implementation to defraud them of money. They were, not just warned that this was a problem, they were warned that this was a problem that their implementation was vulnerable to and that could result in them getting defrauded. They ignored those warnings and then, when it happened, they turned around and blamed Bitcoin for not fixing transaction malleability which cant be fixed because its not a bug. It is an inherent characteristic of the fact that we have a variable length transaction scripting language at the core of Bitcoin. Thats not fixable. We dont want to fix that because that is how you get flexibility in the protocol. Its relying on that hash before its confirmed thats the problem. Thats exactly what Gox was doing. In fact, now we see that in lesser ways, in ways that had nothing to do with withdrawals but had to do with basic accounting, several other implementations also relied on that. They werent as vulnerable. They werent as exploited but they were disrupted. This went from being an edge case to a common practice and then a flood. Everyone who had bugs was affected and all of the bugs are now getting exposed by this. [17:04]
_______________________________________________
ADVERT:
This is Chris Joseph bringing you news on Nxt, the first true second generation cryptocurrency for February 18 th 2014. More and more software clients are appearing for Nxt. Aside from the basic NRS client that is installed with the server, we now have a new open sourced web-based client, a native Mac client, .Nxt and Nxt Solaris for Windows and two cross platform clients called ClientNxt and Offspring. Several of these clients also support the decentralized exchange which is still being tested on a test net. All of these clients were created by members of the Nxt community and you can find all of them at www.Nxtclient.org. For more information, head to www.Nxtcrypto.org or www.MyNxt.org and stay tuned for more news on Nxt in the next Lets Talk Bitcoin broadcast.
_______________________________________________
AL: Lets talk about what actually happened at MtGox with regards to this how that actually happened, how people were attacking. Correct me if Im wrong here Andreas but I understand that that was a really good explanation, by the way, of the technical side of this. I believe, in practice, how this happened was that people would submit withdrawal requests from MtGox, trying to take out Bitcoin and then, essentially, would have miner units or colluding miner units that would be watching for transactions coming in to those addresses that they were withdrawing from and as soon as it would see that transaction broadcast by MtGox on the network, it would essentially reprocess it and put out another version, a bad version, that would compete for spreading all across the network. If the good one spread across the network, the correct one for MtGox, then theres no real way that MtGox would have even been able to tell that an attack was attempted but if the bad version won, then the person then goes back to MtGox and says See, this transaction didnt happen, send me money again. Is that it? [19:08]
AA: Pretty much, although I doubt there were colluding miners. You dont really need colluding miners in this particular case. What you need is, you need to watch MtGox and their attempt to propagate a transaction for which your address is a recipient and then, as quickly as possible, not only duplicate and modify that but then propagate the modified version through many, many, many more nodes much faster than Gox is propagating. You can do that by prepositioning connections to many, many more nodes. Its not necessary to be connected to as many nodes as possible because it doesnt matter which of the two gets confirmed first, if what youre checking is that the inputs are spent or not and youre checking after confirmation into the block because you cant modify anything other than the signature. You dont really need to be fully connected and you dont need to have a race to propagate because weve let it all settle out through the mining process and block confirmation. In this case, because there was a faulty implementation, there was an advantage to propagating transactions faster for the attacker and so, therefore, all they had to do was set up nodes in such a way as to over-communicate and over-connect to the network so they could propagate much faster, probably propagating at too many of the mining pools as quickly as possible. As a result, in some cases, they won the race; they got the modified transaction in, then they show up back at Gox and they say Look, the hash you gave me as a receipt, which you think is authoritative, has not gone through. At that point, Gox should say Well, lets check the block and see if the inputs are spent and find that the inputs have been spent and say Well no, a transaction did go through, it just has a different signature but here it is, it was spent and it was sent to your account. Instead, they accepted the lack of a tracking number as proof of non-withdrawal and then reissued the withdrawals. [21:11]
AL: Again, this gets back to that analogy you used at the beginning which is go in with a photocopied receipt and they had zero way to check if it was a real receipt or a bad receipt and so, because they dont want to lose any more face, they just refund it because what are they going to do, not refund it? [21:23]
AA: Essentially, at that point, they need to check that receipt and make sure that the other branch of the same department store hasnt already cashed it in. *21:30+
AL: Theres no way for them to do that in their current system? [21:32]
AA: There is a way to do it but their code didnt and worse, it also processed the repeat withdrawals automatically. In fact, if it didnt see the hash of the transaction be confirmed after a while, it would simply automate a second attempt because occasionally, transactions dont go through for whatever reason so they would reissue it. Theres another implementation flaw there because before reissuing a transaction, or trying to cancel a transaction, ever in the Bitcoin network, the best practice is to initiate a purposeful and self- initiated double-spend where basically, what you do is you say Im going to propagate first a transaction that definitively spends those inputs, just in case, even though it seems like it hasnt gone through. In the time it took since I looked and since I sent the new one, maybe it does go through, maybe the state of the network changes. What Im going to do is force reconciliation. The way you force reconciliation is you issue a double-spend against the original transaction and then you wait until that double-spend goes through. Essentially, what you do is you spend those outputs, that youre not sure whether the transaction went through or not. You spend those outputs deliberately to one of your own addresses. Once thats embedded in the blockchain and those outputs are spent, that cannot be undone, so you use the blockchain by injecting a transaction thats a purposeful double-spend to create a reconciliation; to force a spending of those outputs so that the other transaction cannot go through once the double-spend you sent is being confirmed and then you can be assured that that transaction cannot go through. Then it is cancelled. Its cancelled because you inserted an authoritative one that cancelled it; that supersedes it. Thats the correct best practice. Instead, in this particular case, they reissued these and not just depending on the fact that they couldnt see the hash out there but also not checking the inputs and also, finally, not doing the forced double-spend that would guarantee that those inputs could not be spent in the intervening time - three different implementation shortcuts, back to back, all automated and giving very, very easy opportunity to be defrauded. [23:46]
AL: I have no idea how to do a forced double-spend. Im not convinced I ever need to know that. Is this something that an average user or even an advanced user would want to or would need to know? Is it just something for institutions like MtGox? [23:58]
AA: This is something that a wallet does automatically if its trying to cancel a transaction and its something that a large scale wallet management system or a key management system like an exchange has to do because an exchange thats issuing hundreds and hundreds of transactions, will occasionally see some of them not propagate correctly. You cant just say Well, if I havent seen it in one block, then its not going through. What if it goes through in two blocks and, in the meantime, you assume that moneys there but then it goes through? You cant just say Well, let me wait until it doesnt go through because there is no statute of limitations. It could go through a day later. Someone could keep it aside and then rebroadcast it later and make it go through. There is no time limit on it, right? Wallet formed transaction, once propagated, can go through even if it didnt go through the first time. What you have to do is you have to force the issue and the way you force the issue is, essentially, spending the money to yourself. For a simple user, what that means is if you send something to somewhere and it doesnt go through, and then you would then try to send the same amount to one of your own addresses and that would consume the same input and if that goes through, then you are guaranteed that the other transaction cant later be replayed. Most wallets handle this automatically. [25:09]
SM: Do you put a larger transaction fee on the transaction to consume the inputs? [25:14]
AA: Thats a great question. Exactly. You can do that so you can increase the transaction fee to ensure that your transaction is prioritized before the one that you want to cancel so that your forced double-spend is prioritized at a higher priority. You could do that. In fact, you can even pre-create a transaction, kind of like a Hail Mary transaction. Lets say you have an amount in a wallet and you want to make sure that no one can steal that amount from that wallet, from specific outputs in a specific (income reduced specific) address. You can create a transaction with a high fee that spends that to an address that youve never used before, thats yours and then you can just keep that on standby and essentially, have a script that watches the network and if, at any point, you see an unauthorized spend, which means that someone stole your keys, you can make a last ditch effort to very rapidly propagate your double-spend and hope it beats it into the blockchain and then spends your transaction back to you before the transaction that is stealing your money spends it elsewhere. Really, the ultimate arbiter of truth is confirmed transactions in blocks on the trusted decentralized ledger. That is the authoritative ledger. Getting a transaction into that ledger is not a time-bound function, so if you want to ensure that a transaction is not going into that ledger, you have to create a competing transaction that precludes it from going into the ledger by forcing a double-spend. [26:41]
SM: Obviously, other exchanges have had the problem of getting big and having to deal with that and Im curious if we could point out some examples of exchanges that have handled it well with good communication to their customers because I cant really think of any off the top of my head but maybe its because they were so smooth about handling their problems that I just didnt even realize they were having problems. *27:03+
AA: As far as we know, at this time, Coinbase has not suspended withdrawals. I made one today. It went through in two seconds and therefore, their implementation is correct. Their system is quite obviously not being confused by transaction malleability bots injecting a flood of these, though we know their implementation is correct because this flood is affecting everyone and so if they are able to swim against this flood, that means they implemented it correctly in the first place or they fixed it before anybody noticed anything was going on. I didnt see any of the ways at all or hear of any. [27:35]
SM: Right. Its effectively been testing everybody with this flood of transaction malleability attacks. [27:40]
AA: Oh its a stress test. I think its important to realize the difference between what happened to Gox and what happened to the other exchanges. Ill go back to my department store and the photocopied receipts. Someone finds a department store thats sloppy in its refund procedures and they go in and they basically start robbing them, start defrauding them out of money until, after a week of doing this, (and maybe they tell some friends so they go and do it as well) the cash till at that department store branch runs out and they notice theres a problem because they cant reconcile at the end of the week. They immediately go out and they announce that the receipt printing company is at fault (laughing) by making their receipts impossible to photocopy and then they go into a frantic effort to retrain all their employees so they dont fall for that fraud again but, the very next day when that hits the news, people show up with shoeboxes full of receipts by the tens of thousands at every department store across the city trying to pull off the same scam. Thats the bot flood. If you work in one of these department stores, even if you think youve got your policy and process down pat and that your system is fine, you still have a line out the door of these fraudulent boxfuls of fake photocopied receipts that are flooding your system. Now, you need to take extra care and do everything slowly because you know people are actively trying to exploit it, so you scrutinize every receipt much harder and now, thats delaying all of the legitimate customers that are in line. At some point, these other stores say We think weve got it OK and in some cases we dont because our account system is getting confused but were not giving out refunds. Dont worry, were not losing money. Were just getting our accounting system confused or our staff are getting confused or whatever, so were going to shut down refunds for a few days and thats going to affect legitimate customers because they cant get their withdrawals either. Were going to retrain everyone and come back and continue processing. No money is lost, nothing is wrong. The flood will continue until gradually it recedes because its ineffective and its a nuisance and, as Ive said publicly, by this time next week, all of the exchanges will have correct implementations. The reason for that is because they dont have a choice. [30:03]
AL: Exactly. It forces the issue like nothing else. [30:06]
AA: Exactly and this is the beauty of it. What is the ultimate conclusion of this exercise? Lets see what happens. One exchange got impacted a bit harder and they issued withdrawals and probably got defrauded, however, I think I should make it clear I have no indication or even any reason to think that MtGox has solvency problems because they only keep a small, tiny percentage of their funds on reserve for paying for withdrawals. It would very quickly become apparent if that was being drained, that was unusual and it wouldnt touch their reserve funds. This is not a solvency problem. MtGox did not get robbed for all the money they have because thats not possible to happen. They have, at least, that many procedures in place to avoid it. They probably took a small hit but, at the same time, I think what happens next was rather interesting. This became a widespread attack, it started hitting everyone and the industry came together in a very collaborative fashion. I was on IRC channels and phone calls and Skype calls and exchanging encrypted messages with exchange operators, with core developers, with members of the team from Blockchain.info, even exchanges that werent affected, merchant payment processors that werent affect companies like Blockchain.info that werent affected, were all pitching in, were all getting their best and brightest to jump in and help out and figure out what the problem is, help with development implementation details, explain, ask, clarify, whatever. The entire industry came together and, very quickly, put out consistent, clear and honest communications, press releases that revealed the issue but explained exactly what its impact was and then everybody worked together to solve the problem and help all of the exchanges get back on their feet as quickly as possible so they could resume withdrawals. Now, a week later, were going to have a system thats more robust. A characteristic of an anti-fragile system is that when it is tested under stress, it not only is resilient but it actually increases in resilience by making that previous attack obsolete. Thats exactly what weve seen. Weve seen strength in community, weve seen collaboration, weve seen some of the emergency response protocols and contact numbers go into effect that had been established from previous issues, we saw an industry coming together and we saw a problem being resolved without any funds getting lost, without the blockchains trust basis being violated, without the core network protocol being damaged in any way and with only a slight delay, which was quite literally a denial of service. It denied service to those customers who legitimately needed withdrawals and it probably will cost them a few days. After all of that has shaken loose, were going to have a stronger network. I think thats a great message to go forward with. [33:11]
AL: I think that the resilience of the network and the continued growth that weve seen... every time we have one of these stresses, like you said, it really just further reinforces that there really isnt anything yet thats hit us that the concept and the community cant absorb and then react to in pretty quick fashion. One of the things thats specific about this transaction malleability problem is that it deals with pre-first confirmation transactions. Transactions that have not been included in any block and are just propagating through the network. This reminded me of something that I saw a couple of days ago. One of my favorite wallets on the Android platform is called Mycelium and its from a company out of Germany, or it might be Austria Andreas Petersson of the Bitcoin Report is involved with them. They rolled out a LocalBitcoins type feature for their Android app a couple of days ago. One of the things that it includes in it is a feature called Transaction Confidence Graphs. Basically, what these do is it tracks how the transaction spreads through the network because the Mycelium network is pretty well connected in just like an exchange is because you want to be able to propagate messages quickly and its efficient to do that. You can also learn things from it. Basically, they have a graph that goes from 0% confidence up to 100% confidence in about 30 seconds, most of the time. Even though you dont have that first confirmation, the fact that the transaction has already propagated throughout the network, makes it very, very, very likely that that is the transaction that will be propagated instead of anything thats racing against it. Do you think that that actually helps? Clearly, it wouldnt have helped in this situation because it was just about a competing transaction. [34:48]
AA: No, it will have helped in this situation too because youre not just worried about a competing transaction specifically, youre worried about a competing transaction that double-spends those funds to a different destination. Transaction malleability doesnt allow you to do that. It allows you to fake a transaction that looks different but is, in fact, the same, whereas the issue of double-spend youre trying to prevent, is a transaction that looks the same but is, in fact, different. If I pay for my coffee and get a receipt for that and the competing transaction is also paying for my coffee but getting a different number receipt from that, as long as nobody is looking at the receipt numbers, it doesnt really matter because the coffee got paid for. What youre looking for is if I pay for my coffee and, at the same time, I pay for something else to a different destination address and then try to compete, or to race that transaction out so that my coffee never gets paid. If you see propagation of the original transaction, then you dont need to worry too much about that, especially for something like a coffee because the chance then of another one, competing one, going out is pretty low. In this case of transaction malleability, the two competing transactions both pay for the cup of coffee. The only difference is they have a different receipt number and that only confuses systems that are looking at the receipt number as something meaningful. [36:13]
AL: This actually would have helped then? What do you think of tools like this and what do you think of the idea that you actually can have some level of variable certainty (certainty with big air quotes around it), by using this type of tracking propagation, even pre the first block inclusion? [36:29]
AA: Thats one of the great misunderstandings in Bitcoin - this idea that in order for a transaction to be valid in the Bitcoin network, it must be confirmed after 10 minutes or worse, it must be confirmed 6 times after 60 minutes, as if 6 is a magic number. Really what this is is a risk reward ratio its a risk probability issue. A single transaction that is properly signed, well formed and has the necessary fees, once propagated, has a very high chance of being included in the next block, no matter what happens. If you dont see any other transactions racing against it to double-spend it, which you can also track, you can not only track the confidence of this one going in but you could also track for other transactions competing to spend the same outputs. That gives you a lot of confidence even before anything is confirmed because if you understand... part of Bitcoin is not only knowing that miners will include these transactions but knowing that a good transaction, a well formed transaction will be included because you understand how the miners process the transactions. That is sufficient for a cup of coffee propagation, which takes seconds, in 8- 10 seconds youve got sufficient propagation. In fact, if you just look at the transactions and see that the outputs havent been spent and the signature is good, you can sell a cup of coffee based on that because you can propagate that transaction successfully and it is extremely unlikely that someone will be able to double-spend that and its not worth doing for a cup of coffee. Its no more risky than someone doing a dine and dash, picking up the cup of coffee from the counter and running out the store before you realize that their credit card authorization just bounced. Thats why you can buy a cup of coffee without signing your credit card slip because its a risk merchants are willing to take. Would you sell a Lamborghini based on that risk? Probably not. [38:36]
_________________________________________________
ADVERT:
KryptoKit is the worlds first Chrome browser Bitcoin wallet. Its the easiest, fastest Bitcoin wallet payment system with a simple one click install, it takes just seconds to get your wallet set up and because KryptoKit finds the address and payment for you, theres no more fussing around or tab switching. KryptoKit is more than just a wallet. It comes with a pre- loaded PGP encrypted social network, newsfeeds from Reddit and Google and up to date charts from exchanges. Finally, KryptoKit directory allows you to make two click payments with any of the BitPay merchants. Once you install KryptoKit, you wont need anything else. For more information, or to download KryptoKit, visit www.KryptoKit.com. [39:23]
ADVERT:
Would you like to buy Bitcoin? Cash Into Coins provides the fastest, easiest and safest way to buy Bitcoin in the United States. Simply place an order online, deposit cash at any supported bank and relax. Cash Into Coins will verify your deposit and send out your Bitcoin within 24 hours. Join tens of thousands of people who have purchased from Cash Into Coins. What are you waiting for? Buy your Bitcoin today. Go to www.cashintocoins.com. [40:02]
_______________________________________________
AA: There is no such thing as a confirmed 100% transaction. Its only a matter of degrees. One confirmation makes it much, much more certain, two confirmations is enough to sell a high-priced item, three is enough because the probability of three blocks being rolled back in a fork is miniscule. You can see, for example, that a one block fork happens perhaps a couple of times a day but certainly several times a week. A two block fork happens extremely rarely. A three block fork is almost unheard of and by the time you get to six blocks, what that says is that the probability of that being unwound is so low that you could settle enormous transactions on it. It keeps going. The genesis block has 280,000 confirmations and the probability of someone providing enough proof-of-work difficulty computation to unroll the genesis block is inversely proportionate to that amount of difficulty. Essentially, there is no such thing as fully confirmed, theres only more, and more, and more, and more certainty as time goes by and as more proof-of-work and more difficulty is piled on top. As a retailer, as someone who is doing transactions in Bitcoin, what you have to decide is what is the value of the item I am selling? How soon after sale is that item going to be delivered at which point my commitment to selling it has happened and I cant not ship it? Therefore, how much risk am I willing to take? Then, you calculate how many confirmations that means and for a cup of coffee its zero, for a computer it might be two, or a flat screen TV or maybe three at most because youre not going to ship it in twenty minutes. No one has that shipping down so fast, or at least almost no one. You can take the small risk that it wont be double-spent by looking at the network. By the time you reach six confirmations, you could probably buy an aircraft carrier, if youre worried about it. *42:11+
AL: Thats been what weve had to this point but I think that this tool adds an extra layer in there where you dont necessarily have to make that choice about not trusting... not waiting for the first confirmation because youre OK if you potentially lose $5. It seems like this... weve never had a layer of tools before but now its like the layer of tools... it used to go from zero transactions or from one transaction at the minimum level of This is actually probably going to happen up to, like you said, 280,000 confirmations. With each confirmation you add, it gets exponentially harder to undo whats come before, right? [42:46]
AA: Exactly. This is not a new tool. For example, Blockchain.info has had a feature for tracking the propagating of transactions across the network probably more than a year and a half or two years. Ive seen it before. Before confirmation and tracking the propagation across all the nodes in the network, you can interrogate them and see what propagation is happening. A lot of systems do that. A lot of systems use propagation as a proxy to eventual confirmation, which means that it gives them a degree of certainty that as long as you see the good transaction propagating and you dont see a bad transaction propagating, then you assume that eventual confirmation will happen because you know how the miners operate and you know how their algorithm will include transactions into the queue. You can even track which position in the queue it is. You can see how high priority the transaction has based on understanding how transactions are selected to be put into a block. [43:45]
AL: We got way off course here and I really appreciate this conversation. Thank you Andreas for explaining all of that to us. That was really interesting. Tying this back into MtGox we actually did this maybe five or six months ago and asked if anybody was using MtGox, at this point, because it was one of my first exchanges and, six months ago, I said No, I wasnt using it and that remains true now. Are either of you guys... its such a pariah, as far as Im concerned. *44:09+
SM: No, its been over a year since Ive used MtGox. *44:12+
AA: Hell no. [44:13]
SM: I dont know why anyone still uses them actually. *44:16+
AL: It has name recognition. That really does seem like thats it. Once you get started in a field like this, momentum takes you a long way. [44:22]
AA: Exactly. The name recognition continuously works in two ways. The first one is the noobies get directed to MtGox because thats the exchange that many people know. Worse, it creates these ridiculous headlines where you have these idiot journalists who cant tell the difference between MtGox, the centralized single point of failure exchange with less than 20% of the volume of transactions and Bitcoin, the decentralized resilient network. They post these headlines like Bitcoin withdrawals halted, price plummets. Well, no. MtGox withdrawals have halted, MtGox price plummets, volume weighted average price doesnt plummet and the rest of us are going on with our lives. You get these incredibly bad misunderstandings where people conflate MtGox with Bitcoin and thats very damaging to the reputation. Not only does Gox benefit from being associated with Bitcoin and getting the new customers but then, it also damages the reputation of Bitcoin by being associated with Bitcoin. [45:26]
AL: In six months, you said that they were 20% of volume right now. What do we think? 10%, 5%, gone completely or are they going to come back? [45:35]
SM: 0% I think. [45:37]
AA: Im not that optimistic. I think probably in a month or so, theyre going to figure out how to implement this stuff. One of the issues they have is their software development methodology is sloppy so its going to take them a while to implement this. Weve seen that theyre generally slow in implementation. Theyre probably going to take longer than the other exchanges but I expect that maybe two, three, four weeks from now, theyre going to figure out how to do withdrawals again. People are going to realize they are solvent, theyre going to release their Bitcoin in one big run but eventually, theyre going to get more comfortable again, noobies are going to flood in and Gox is going to continue to exist a year from now. [46:12]
SM: They stopped processing fiat withdrawals or am I wrong about that? [46:17]
AA: For dollars. [46:18]
SM: Yeah, for dollars. Are they just not getting US customers? It still seems like people in the US are... [46:26]
AA: No, no. I think theyre not getting traders, or day traders but if you wire dollars into Gox and convert it into Bitcoin and withdraw the Bitcoin, it works fine. If your primary goal is to do buy and hold, rather than day trade Bitcoin, you dont really need to withdraw fiat. Its still used as an on-ramp. It cant be used as an off-ramp for Bitcoin but it can be used as an on-ramp. As an on-ramp, because of its location in Japan and because its not subject to some of the same restrictions you see here, I would say its still going to be used and its still going to be a valuable tool. I just know that the problem doesnt get solved. They may fix the Bitcoin withdrawal issues but they will not fix the incompetent management and communications issues. As soon as this is fixed and noobies flood in again, get ready for the next Goxing because its going to happen again. Fortunately, each time they Gox us, it has less and less impact on Bitcoin because they have less and less volume to disrupt. Thats the good news. Gox isnt going anywhere, I dont think. *47:31+
SM: Were going to summon George Bush and say Gox me once, shame on you. Gox me twice... well you cant Gox me again... (laughter) [47:40]
AA: Apparently, you can Gox people at least five times because those who fail to learn the lessons of history will be taught them again and again, until they do. [47:51]
AL: Thats really it. Its the lessons of history and how we have to learn all these things. You look at a situation like we have with MtGox and in the normal financial environment, if thats where we were, this would have been a complete crisis that wouldnt have really had a good resolution or it might have resulted in a bail-out under some circumstances. Here, the problem just shakes itself out. Its scary for a little bit but, youre right, I barely even registered this one. Last year, when Gox had a problem, I was legitimately concerned and this time, it just doesnt matter that much. *48:22+
AA: If you look at the price fluctuation and again, instead of taking the idiot journalist perspective of looking at the lowest volume exchange as an arbiter of price, if you do price discovery on the average volume weighted average across exchanges, Gox caused a short panic which then recovered and now were below where we were a week and a half ago but the price has stabilized again in the mid-600s and I would expect, gradually, as the other exchanges come back online and start processing withdrawals, the story will be once again the same, despite all the naysayers, despite all the proclamations of the doom and imminent death and already happened death of Bitcoin, somehow Bitcoin survives. As Bitcoin survives, people turn around and look at that and go Huh, maybe we need to look into this Bitcoin thing because it seems to survive a lot. Maybe they have the right message. It is the honeybadger of money. [49:27]
AL: One of the interesting market-based solutions that I saw come out in the last couple of days to deal with this trauma at MtGox is, the price of Bitcoin has plummeted there. Its plummeted at MtGox specifically and thats interesting because a couple of weeks ago, a couple of months ago, MtGox for the longest time has maintained a pretty substantial premium just because its been so difficult to get dollars out. Therefore, the dollars are worth less which means you have to pay more but now that situation has flipped. Its interesting to see, I believe his name is Josh Jones (let me double check that), yeah, Josh Jones, who is the founder of Dreamhost, the Los Angeles Bitcoin meet-up, Chunkhost and a bunch of other things, basically, repurposed one of his exchange websites, that he apparently had been working on for a while, to be a Bitcoin to Bitcoin exchange, except in this case, its MtGox Bitcoin to real Bitcoin. You can transfer Bitcoin within the MtGox system, you just cant transfer it out of the MtGox system. People who want to get cheap Bitcoin and believe that MtGox isnt insolvent and it will get solved, can buy Bitcoin for $450 right now, compared to $650 on other exchanges. [50:40]
SM: Thats brilliant. *50:41+
AL: They still have to bear that risk. Absolutely, I love this because it lets people swap out of positions that theyre scared about and theyre happy about it because Hey, I got some of my money back and now I dont have to worry about it anymore and speculators get to go in and do this. What do you guys think about this? [50:53]
SM: Yeah, its a great way to actually... it almost reminds me of one of those markets where people bet on whos going to win elections and things like that, or the outcome of different events and the price of a Gox Bitcoin really reflects peoples confidence that theyre eventually going to come through. I just think its really an interesting mechanism of market-based price discovery. [51:14]
AA: The bottom line is that price plummets is just another way of saying great discount. If you have confidence that this will, even if you have some confidence, that this will eventually resolve itself, then that discount represents the risk premium based on Gox Bitcoin, as a risk discount that others are willing to offer in order to get out of that situation, those less confident. I love the fact that not only... the original idea is brilliant in having one buyer willing to trade is interesting enough but creating a full exchange that allows others to take the same risk premium decision and get discounted Bitcoin, thereby converting that risk eventually into quite an extraordinary reward. If this does resolve itself and these people are able to (and honestly, I think it will and I probably should be trading a bit of this)... if this does resolve itself, these people are going to get a tremendous discount on their Bitcoin and that risk is going to translate into a very nice reward. What it shows, among other things, is fungibility because these Bitcoins are fungible, you can essentially... when Gox creates two different classes of Bitcoin, one which has a risk discount and one the open blockchain traded one which doesnt have a risk discount, then those become two different asset classes that people can trade between, with different risk characteristics. Thats brilliant! *52:46+
_________________________________________
CREDITS:
Thanks for listening to Episode 85 of Lets Talk Bitcoin.
The Problem with MtGox was produced by Adam B. Levine and featured Andreas M. Antonopoulos, Stephanie Murphy and Adam B. Levine Music was provided for this episode by Jared Rubens and General Fuzz
Questions or comments? Email adam@letstalkbitcoin.com.
[53:10]
_________________________________________
AL: Lets Talk Bitcoin is transforming into the LTB Network over the next few months and, as part of that transition, were adding many new shows to cover the world of cryptocurrency from a different perspective or a very specific part of this growing and vibrant community. From Paul Boyers Mad Money Machine, to Bitcoins And Gravy, to The Sex & Science Hour youll get them all on the same LTB podcast feed as always, without changing a thing. That said, weve expanded from two hours per week to six hours per week and next month, it will be even more. You can now subscribe to just your favorites at www.letstalkbitcoin.com. Click the shows button for all full subscription options. Of course, please rate the shows. However you listen, whether on Stitcher, iTunes or somewhere else entirely, your reviews help others find our show. Thanks for listening. [53:58]