Getting started

I’ve decided to start a blog about my adventure with Bitcoins. I’m currently working on a master thesis set out to create a Bitcoin application and analyse the security of the network, so expect a number of posts about the technical details on the subject. Hope you all will find it interesting.

How did it all start?

Where did my adventure with Bitcoins start? As far as I remember, it went like this:

At the time I was a student of first semester of MSc course in Artificial Intelligence and Software Engineering. I was taking a boring lab at the moment, Modelling and Analysis of Informatic Systems. I googled around for some info on the PSN hack, came across the LulzSec Twitter account, and I saw this message:

I thought that it was intriguing that there was some way to send such a small amount of money to someone, and then I started looking around for what those “BitCoins” are. Soon after I was hooked on the concept of creating your own money. The book of value of Bitcoins was only starting, so like many people I was doing my calculations and looking into getting some hardware. Did manage to mine and sell some part of a coin before the value stated going down, but at any rate, I didn’t get rich;).

By that time I learned a bit more and knew that if I wanted to earn anything in the long run I had to get into making my own mining pool, rather than mining. The costs of getting a decent mining rig was too much for a student, and the ratios between how much it costs to mine coins and how much they are worth didn’t calculate. I decided to incorporate it all into my master thesis, but since the summer break has already started, it was hard to get in contact with anyone form the university and ask them to be my supervisor…

The humble begginings

Over the course of the summer I got further into the topic of Bitcoin. I joined the forum, read some materials here and there, but didn’t want to get too much into working on anything until I got the topic of my master thesis. I did, however, manage to overload my wife’s computer while mining and playing Terraria at the same time. She wasn’t too pleased to say the least and had to go with her first thing in the morning to get a replacement for that. Next time I’ll know not to try installing a shiny, new high-powered graphic card into a slightly old PC.

In September I started to work on some code, trying to understand better how Bitcoin works. I managed to create my little online calculator (, and started working on implementing some Bitcoin-related packages. The amount of information available to the raw workings of Bitcoin wasn’t too great, so I had to dig up all the information I could from places like the forum, the wiki, and of course, the Stack Exchange. Discovering that last website was really an interesting experience. It was the first time I stumbled across any of the Stack Exchanges and I found this to be a very valuable tool for a lot of things. Not to mention that it really helped me to learn a lot about Bitcoin and give back to the community (now if I could grind some more reputation…;) ).

But then first hurdles appeared on the road. I guess this is what you get when trying to implement a new concept with some new technology. As it turned out Golang didn’t have an implementation of secp256k1 (the ECDSA curve used by Bitcoin), Google App Engine did not want to communicate in any other way than through HTTP, and understanding how to implement the Bitcoin Script was too much for me.

Luckily I was able to work on two Bitcoin sub-projects at once (a Block Explorer and a Pool), which allowed me to take a brake from one and start on the other if things became too hard at times. Too bad starting programming the Pool it turned out that Golang didn’t have HTTP JSON RPC implemented…

On Bitcoin redlists

So recently Mike Hearn proposed an idea of “redlisting” Bitcoins. Here is the gist of what is being proposed:

Consider an output that is involved with some kind of crime, like a theft or extortion. A “redlist” is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here’s how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet.

Pondering this issue for awhile, I am reaching a few reactions and points for and against this issue.

First of all, it touches on one of rather important ideas of money – fungibility. In essence, implementing this system as proposed would constantly be reminding people that despite all money being equal, some money would be more equal than other. Money needs to be fungible to make payments fast, cheap and predictable. If it isn’t, then we start creating a market for trading bitcoins for bitcoins, euros for euros and so forth. On a more personal level, trying to keep track of money in one’s wallet and trading tainted coins for clean coins would be too much of a hassle.

Second problem raised by this concept is how one would track the taint. Bitcoin constantly mixes coins from multiple outputs. There are no singular Bitcoin bills one can track, bitcoins are more like cheques that spend whatever amount one wishes from the money one has. This would create transactions that are 95% tainted, 47% clean, or just contain 1% of “pizza coins”. The problem gets more complicated when we take into consideration transaction fees. Does a block that accept a 1BTC tainted along with their 25BTC newly minted money makes that coinbase transaction 1/26 tainted? Would miners want to get reimbursed for receiving those tainted coins?

Third problem I can think of is whether with the redlist one would be entitled to the sweat of one’s brow? If someone provided a service in good will and got paid all in tainted coins for a coffee they sold, would they be forced to give that money to whoever it was stolen from? What would happen if a coin got redlisted only after we have received the money? Would everyone have to keep track of everyone they are doing business with them to let the authorities follow the breadcrumb trail back to the original criminal? All of those questions don’t have a clear answer if you want to respect the rights of the original owner of the stolen money as well as the rights of a business person earning their living and the rights of every Bitcoin user to the high pseudonymity offered by the Network.

The fourth is the issue of who would be entrusted to keep track of the redlist? If it is controlled by an individual or a single corporation, they are open to manipulation, threat, or government muscling their power. If there is no single redlist, there might not be consensus as to which coins are tainted and which are clean.

Overall, keeping a redlist is a slippery slope. Here is how things could progress:

  1. You start with informing people of coins that were used for crime
  2. People start discriminating against tainted coins
  3. Someone from the US government would have the bright idea of redlisting coins that passed through wallets of “terrorist organizations”, so say Wikileaks gets redlisted
  4. People that don’t know better can’t tell a difference between coins redlisted for crimes and ones redlisted by politicians for “war on terror”, so they discriminate against them both.
  5. Term “terrorist” or whatever is the flavour of the month gets extended to more and more organizations that are inconvenient for the US – Anonymous, some foreign journalists that report on war crimes, government of a country that is “at war” with US or “harbouring terrorists”, etc.
  6. Soon the redlist becomes a political tool – we start discriminating against the grey area. Say some place does research on human embryos or human cloning in a country where that is legal, but since some western country thinks that their law trumps over regional law, they start redlisting their addresses.
  7. Transactions and addresses are started to be added to it indiscriminately because some government agency says they are tied to this or that crime. Whoever is keeping the redlist can’t say no since they have some order from the agency, and they can’t tell anyone why they are adding those since they have a gag order.
  8. Soon you start having a currency controlled by the political powers of one country that houses whoever is making the redlist since they can muscle their way into controlling it.

HOWEVER! There is also a flip side of the coin, be it digital or not.

If anyone wanted to track coin taint, nobody can stop them anyway. With Bitcoin, every transaction is on the record forever. You can track your pizza taint until the end of time. This also means that any government agency can use this information against you if they know your addresses.

Going away from the negative things, if the redlist was implemented well, it could be a good tool for stopping bitcoin theft. The proposed idea is an indiscriminate bomb, but consider this approach:

  • Anyone can report a theft of their coins to the proper authority – police and the like. Same as credit card theft.
  • Them reporting a theft officially (not through some forum rant), means that they are accountable in case they are lying. This would deter any wannabe free loaders that want to spent money other people entrusted to them. Again, same as credit card theft.
  • If the proper authorities acknowledge the claim, they can ask for voluntary information to track the thieve, or can obtain a warrant to audit any Bitcoin business operating in their jurisdiction for the record of their transactions. A proper business would be required to keep that information anyway – especially the Exchanges.
  • If the authorities come across evidence that a given person has been paid with tainted coins, they can ask them if they know who they got the money from, or with a warrant request that information. It is in everyone’s best interest to help fight the criminals.
  • However, unlike say, buying stolen merchandise, one should not be required to forfeit the tainted coins (unless they are connected to the criminal and so forth). If one provided a service in good will, they are entitled to their money, unless whatever those coins paid for is returned to them – similar to returns in stores or whatever. This ensures that merchants do not discriminate against money from one source or another.
  • If the original criminal is caught, they should be handled like any other criminal.
This approach does not make the redlists binding and indiscriminate, but instead keeps them as a normal tool in fighting crime. Of course anyone would be able to keep a redlist of their own and it is likely that police from various countries might operate together to find trails of crime, but it all happens in a regulated space of the law. Common users should not see the redlists by default – the last thing we need is someone who is oblivious to how Bitcoin works trying to be a vigilante for “justice”.

So to sum all up – the current proposal of the redlist is akin to many US attempts to “combat terrorism” through indiscriminate surveillance of everyone. This approach is unacceptable. However, Bitcoin will need a way to combat coin theft, so a regulated and limited approach to redlisting should be developed, but nothing more.

1 2 3 20