Virtual currency

Thanks to my new job, the rate of Stubborn Mule posts has declined somewhat over the last few weeks (to say nothing of Mule Bites podcasts!). Still, my commute has allowed me to catch up on my podcast listening and a particularly interesting one was the recent Security Now episode about the “virtual currency” Bitcoin. Here is how Bitcoin is described on their website:

Bitcoin is a peer-to-peer digital currency. Peer-to-peer (P2P) means that there is no central authority to issue new money or keep track of transactions. Instead, these tasks are managed collectively by the nodes of the network.

Given that e-commerce is already widespread on the internet, what exactly is new about this idea of a virtual currency? The key to this question is understanding the difference between money in the form of “currency” (notes and coins) and money in the form of balances in your bank account. Currency is essentially anonymous. If I hand you a $10 note, we don’t need anyone to facilitate the transaction and you can take that $10 and spend it with no further reference to me or anyone other else. To move $10 from my bank account to yours is quite different. Before we could even start, we both had to provide extensive identification to our respective banks to open bank accounts. Then, you would have to provide me with enough account information for me to instruct my bank to transfer money from my account to yours. Both banks would retain records of the transfer for a long period of time and, if the transaction was rather bigger than $10, the chances are that there may even be requirements for our banks to notify a government agency in case we were engaged in money laundering. Even if I paid you using a credit card, the information exchange would be much the same.

The Bitcoin virtual currency aims to mimic some of the essential characteristics of currency while allowing transactions to be conducted online. To do so, it makes very creative use of a powerful encryption technology known as “public key cryptography”.

Public key encryption involves encrypting data in a rather unusual way: one key is used to encode the data and a different key is used to decode the data. This is in contrast to “symmetric key encryption” in which the same key is used for both encoding and decoding data. To appreciate the difference, consider a less electronic scenario. I want to exchange messages with you using a locked box and ensure no-one else can open it. If we already have identical keys to the one padlock there is no problem. I simply pop my message in the box, pop on the padlock and post it to you. When you receive the box, you can use your key to open the box, read the message, reply and pop the same padlock on the box before sending it back. But what do we do if we don’t both have keys to the one padlock? There is a tricky solution. I put the message in the box, secure it with my padlock and send it to you. Once you get it, although you cannot open my lock, you add your own padlock to the box and return it to me. Once I get it back, I unlock my own lock and send the box back. You can then open your lock and read my message. While in transit, no-one can open the box. It’s certainly an elaborate protocol and, of course, I’m ignoring crowbars and the like, but it gives a rough analogy* for how public key encryption works.

When it comes to data encryption, both users will create a “key pair”. One key they keep to themselves (this is known as the “private key”) and one key they can share with the world (the “public key”). I can then let you (and indeed the whole world) know what my public key is. When I want to send you a message, I encrypt it using your public key and send it to you. The only way to decode it is using your private key, which only you have. Even though everyone can find out what your public key is, only you can decode the message. When you want to send a message back to me, you encode it using my public key. So, anyone who knows my public key can send me a message for my eyes only. As a side benefit, public key encryption can also provide authentication. If you send me a message encrypted using my public key, I would ideally like to confirm that it really came from you not someone else (after all, everyone knows my public key). To deal with this, you can also send a copy of the same message encoded using your private key. Once I have decoded your message with my private key, I can also decode the second message using your public key. If the two messages are the same, I know that whoever sent me the encoded message also had access to your private key, so I can be reasonably sure it was you. In practice, authentication works a little bit differently to this, using a “hash” of the original message (otherwise anyone could decode the secret message using your public key). This authentication process is known as “digital signing”.

All of that may seem like a bit of a diversion, but public key cryptography is at the heart of the Bitcoin idea. Essentially, a Bitcoin is a blob of data and if I want to give you one of my Bitcoins, I add your public key to the blob and then sign it using my private key. This means that anyone who has access to my public key (i.e. the whole world) can confirm that I intended to pass the coin onto you. As a result, Bitcoins have their entire transaction history embedded in them! To decide who “owns” a Bitcoin, we just need to look at the last public key in the transaction chain. Whoever owns that key, owns the Bitcoin.

“How is that anonymous?” I hear you ask. Since “keys” are just strings of data themselves, there is no reason you have to advertise the fact that, say “6ab54765f65” is your public key. While the whole world can see that the owner of “6ab54765f65” owns a number of Bitcoins, that does not mean that anyone has to know your secret identity.

The other important feature of Bitcoins is that there is no centralised coordinator of the Bitcoin records. There is no bank keeping the records. The Bitcoin algorithm is public and information about Bitcoin transaction histories is shared across a peer-to-peer network which allows anyone to independently verify Bitcoin transactions.

It’s a fascinating idea and I don’t know if it will take off. It is only in beta, but there are a number of websites that have begun accepting Bitcoins for payment, as well as sites which will trade Bitcoins for “real” money. I will be watching with interest.

* It really is quite rough, only showing that a secure exchange without key exchanges is possible. Other features, such as authentication and the key asymmetry (either key can lock and then the other key unlocks) are not captured.

Possibly Related Posts (automatically generated):

20 thoughts on “Virtual currency

  1. Stubborn Mule Post author

    Ramanan: it’s not anyone’s liability. In this respect it’s more like gold than like credit money. One thing I didn’t mention in the post is that it has been designed to make creation of new Bitcoins difficult and slow (a bit like digging up gold). Not one promises to accept a Bitcoin but if enough people decide to accept it that could create a positive feedback loop making it more widely accepted.

  2. Magpie

    Stubborn,

    As Ramanan, I’m a bit confused how Bitcoin works.

    However, after watching the video linked by Notorious, I’d venture the following guess:

    Imagine Anthony makes shirts for a living (yes, I have a fixation with shirts!). He publicly commits himself to accept Bitcoins as payment for his shirts.

    Ben wants to buy shirts from Anthony; lucky him, he’s got some Bitcoins already (how he got them is not the point here). So he pays Anthony with Bitcoins, which Anthony uses to buy fabric, buttons and such, from other merchants, also publicy commited to accept Bitcoins as payment.

    Now, let’s see how Ben actually gets Bitcoins. He could buy some (that’s why there is an exchange rate $:Bitcoins, as suggested in the Bitcoin video). Or, I guess, he could mow Chuck’s lawn, accepting Bitcoins as payment.

    Notorious’ video describes a software (Ripple) that apparently matches debts among virtual currency users, so by a combination of creating debits and credits among people who already know and trust each other, they could extend credit to people outside their immediate network. (So, I guess one doesn’t need to commit publicly to accept their virtual currency from everybody, but only from a group of people one already knows and trusts).

    (I’m extrapolating from the Ripple video to Bitcoin. If I’m mistaken, feel free to correct me!)

    But there’s a couple of things that I don’t understand: who pays for the software and hardware required to run these systems and where do they get the money (virtual currency or otherwise) from?

    And are there any safeguards regarding the operation of the system? Say, if I had a large amount of Bitcoins, can I be sure the people running the system (or some hackers) couldn’t simply grab it?

  3. Robert Tillsley

    Also if the exchange rate is pegged to US dollars will that reduce its appeal for non-us domestic transactions? Will governments squash it as a money laundering nightmare?
    The value in gaming a financial system that doesn’t have monitoring would be high. And personally I don’t see how you could make it a lot of effort to produce one to avoid inflation when you are talking in electronic terms. Essentially you’d have to make it more computer processing power intensive in dollar terms than the value of what you get out generating the currency if it was self produced or you’d be reliant on an official source who you hope doesn’t over produce and inflate it. So with processing power increasing substantially the currency might devalue very rapidly.

  4. Magpie

    Actually, after Robert Tillsley’s comment, it struck me that there could be tax considerations as well: does one pay any taxes (from which jurisdiction?) in Bitcoins or in one’s local currency?

  5. Stubborn Mule Post author

    Magpie the Ripple system is actually quite different to Bitcoin. As you say, Ripple is based on IOUs, so it is really just a form of credit money (the oldest form of money!), while Bitcoin is effectively a form of commodity money. So, where does it come from? That’s one of a number of details I didn’t cover in the post.

    With the Bitcoin software, you can actually generate new Bitcoins, but it’s not easy. Each new Bitcoin comes into existence as somebody’s Bitcoin software solves a difficult mathematical problem. There is also a built in limiting system: the rate at which new Bitcoins are generated across the whole network is tracked and if it speeds up, the mathematical problems get harder! You can think of the people whose computers are grinding away generating Bitcoins as gold-miners. Mining is certainly one way to get gold, but another way is to provide goods or services to someone who pays you in gold. There is also an upper bound on the total number of Bitcoins that can be generated, after which the only way you can get more yourself is through trade. Personally, I don’t think the upper bound is a good idea (it’s likely to create deflation over time), but someone else could always introduce a new, unbounded currency…as long as they get people to accept it!

    What about security? That’s where the power of public key cryptography comes in. Everyone in the Bitcoin network has a copy of every Bitcoin ever created (which doesn’t take up much space in these days of large capacity hard drives), but you only “own” a bit coin if the last transaction in the Bitcoin’s transaction history is tagged with your public key. Thus, only the possessor of your private key can prove ownership and transfer the Bitcoin to someone else. As long as you keep your private key secure, your Bitcoins are safe. Lose your private key and you lose all your Bitcoins! Think of the private key as the key to your personal safe.

    Robert as for conversion to US dollars, you are right to say that having a fixed exchange rate would be problematic. In fact, the Bitcoin floats freely against the US dollar (and every other real currency). At the moment, a Bitcoin happens to be close to $1 in value, but it moves aroung.

    Magpie interesting question about tax…not sure about that one. Does anyone know what the tax treatment of barter would be? It could be a relevant parallel.

  6. Zebra

    Perhaps a bit off-topic but I recall in the hey day of the first dot com boom (back when we still used terms like “Information Super Highway” and “email” before “mail” meant “email” by default) there was something called “beanz” which was meant to be an internet currency. I remember seeing a bus going past with “beanz” on it so they clearly had some vc funding to waste on advertising. Beanz went the way of boo.com (sorry http://www.boo.com) but it was meant to be a way that websites could give away “beanz” that could be spent at other websites, something like that. It seems like an idea ahead of its time. I “googled” it recently and nothing came up. Maybe I imagined it?

  7. Zebra

    Now googling “beenz” I find the wikepedia entry very amusing. Especially them being visiting by UK FSA worried about “the bank of beenz” motto. Thoz were the dayz.

  8. Dan

    Magpie’s point on tax is spot on. Particularly given the current brouhaha (not every day you get to use that word) on the application of Australia’s GST to online offshore purchases.

    The salient example is Bartercard whose original value proposition was enabling small businesses to avoid the government ticket clippers. Until of course the ATO caught up with them. (Even their Wikipedia entry is now more than half about tax: http://en.wikipedia.org/wiki/Bartercard).

    Basically it seems that governments will allow all sorts of exotic plants to grow outside the walled garden, but once they start to infect the local crops, or worse, gardeners inside the wall start to leave — the walls are simply shifted further out.

    And every country has their own walled garden. So if you want to avoid them you end up having to try to grow plants on a disbanded WW2 sea fort: http://en.wikipedia.org/wiki/Principality_of_Sealand

  9. Dan

    The Planet Money podcast is well worth listening to.

    The point made at the end – as to why they will fade out, and why national currencies will prevail (as they always have) – was quite salient, and one which was missed in the discussion above – namely, the importance of legal sanction to a currency. Nobody can refuse to accept Australian dollars in Oz (or greenbacks in the States). as long as acceptance of bitcoins remains optional, then they will inevitably fade into insignificance – even if a few people like them.

  10. Pingback: Bitcoin revisited

  11. Pingback: Bitcoin: what is it good for?

  12. Stubborn Mule Post author

    @Dan: you are prescient. There is an article in the AFR today about Bitcoin in which the ATO makes the connection to Bartercard:

    CPA Australia head of policy Paul Drum said that the ATO should be equipped to tackle the risks posed by the new, “almost fictitious”, currency, as it was akin to others it had dealt with in the past. That included the Bartercard popular a decade ago. “It’s interesting, it’s a novelty, but it’s really just a new medium of exchange and similar to any kind of currency, it just doesn’t have the imprimatur of a nation,” Mr Drum said.

Leave a Reply