Posts Tagged ‘ Multisig transactions ’

Why it is possible for cryptocurrencies to gain and sustain value

This text is in large part based on the arguments from the NPR article for why gold historically has become the standard currency, “A Chemist Explains Why Gold Beat Out Lithium, Osmium, Einsteinium”, and on my own comparison between the valuable properties of gold and the equivalent properties of Bitcoin and other cryptocurrencies.


So why DID gold win thousands of years ago over other forms of money and stay popular until now?

There’s a few basic properties which is necessary for something to useful as money: It is easy to store, easy to move, it is easy to accurately divide in parts, it doesn’t corrode and isn’t otherwise fragile or deteriorate over time and it isn’t dangerous to handle. Those are the basic physical properties, and without those nobody will want to use it.

And for the economic properties: It is scarce (unlike sand and practically all relevant metal alloys), it is hard to forge (or else you’ll get counterfeits everywhere) and supply is reasonably predictable and don’t increase too fast (something which is scarce on a global scale but doubles every month isn’t useful as money, and something you don’t know the supply of is too uncertain). Another important property is fungibility, that the majority of samples of it is similar enough to be interchangable – which gold fulfills since it is an atom that allows you to purify a sample of the metal by melting it and clearing out the unwanted elements, leaving you with pure gold which always will be the same (without fungibility every sample needs to be valued independently, which is a major PITA).

And since gold has fulfilled all those requirements better than the alternatives (as an example, it is more scarce and corrodes much less than silver), it has become highly valuable. You can with relative ease melt it into whatever shape and size you want, divide it in chunks of arbitary size and store it safely for centuries without it going bad. And you could fairly easily verify that the gold indeed is real gold. So when people wanted to make trades with each other for valuable items, gold was one of the simplest options because there’s always somebody willing to accept it. All the other options were lacking in one or more of these properties compared to gold.

So how does cryptocurrencies like Bitcoin compare?

The comparison is quite straightforward: Scarcity is guaranteed by the blockchain (ledger of transactions) and the accompanying rules which all miners and Bitcoin wallets obey (anybody breaking the rules will be detected and ignored!), the rules of Bitcoin guarantee a maximum of just below 21 million coins and there’s no way around it. You can trivially confirm if the “coins” somebody claims to have is real by looking at the blockchain to see if the referenced transaction is there or not, and if it has been moved away or not. And fungibility is provided as well since on the blockchain all “coins” are essentially equivalent, they are all a form of “statement” in the ledger/database which the blockchain is (“X coins belongs to address Y”). The divisibility goes down to 8 decimals, making for a total of 2,099,999,997,690,000 subunits (that’s two thousand trillion) and more decimals can be added if necessary.

To pay with gold you need to make sure it already is divided in parts with equal value to what you’re buying. No such need with Bitcoin, the software takes care of it automatically. Verifying that the gold is real is much harder than to verify Bitcoins. Bitcoins are far more lightweight – you just need to store the private keys that your addresses are connected to (using public key cryptography) and that can be done on paper, which means storage is far easier by a huge margin once you reach larger values. Like gold, Bitcoins which you hold don’t deteriorate over time. The supply for Bitcoin is highly predictable, scarcity is certain, similar to gold (it is actually far less certain for gold, with the potential for asteroid mining in the future).

Using a Bitcoin wallet is simple. Some of the most common ones are Electrum or Bitcoin Core on computers, Mycelium and Schildbach’s Bitcoin Wallet on Android, and Breadwallet on iOS. None of them need any registration of any kind to use and they can all verify that the “coins” sent to you is real with no extra work required on your part. To send a transaction all you need is an internet connection. Making transactions takes merely seconds, and you can send money globally without a problem. Receiving coins is equally simple, just install one of those wallets and start it, and give the sender the address which your wallet just automatically generated – you don’t even need to be online when recieving! That’s all you have to do, and the wallet tells you when the “coins” is yours to spend. The “coins” will stay there forever if you don’t touch them, and with the high divisibility of Bitcoin you can easily send exactly the sum you want (one thousandth of a dollar? no problem!). No third party needs to be involved, neither part needs to trust the other anymore than they normally would if it were a cash payment or if gold was used to pay.

So then we have established that Bitcoin can match the properties which enabled gold to gain and sustain value, but why would it gain value in the first place? Why do people want start to use it, where is the demand coming from?

I have already mentioned some of the first reasons above – it can be used globally without any need for shipping anything around, it is easier to verify and it is easier to store. But that’s not all, far from it. Thanks to the combination of the blockchain and proof-of-work mining, Bitcoin had the ability to introduce a bunch of new features which are unparalleled – Bitcoin has a scripting language, making it programmable money! It is the first truly decentralized cryptocurrency, all the predecessors relied on central servers and was under the control of a third party.

Can you imagine being able to program a piece of gold to teleport back into your vault if the seller didn’t fulfill the terms you agreed to? With Bitcoin you can do something with just that effect that using 2-of-2 multisignature escrow. Can you imagine being able to securely ensure that something like 3 of 5, or 7 of 10 (or any other combination of numbers you like), people on the board of a company MUST sign all transactions that spend money from the reserves of the company, as if a bar of gold would refuse to move unless enough board members agreed? With Bitcoin you can achieve just that using m-of-n multisignature transactions. Can you imagine being able to prevent a sum of money to be spent before a certain date, as if you could make a bar of gold refuse to move until a given day? With Bitcoin you can do that using timelock transactions. And that’s just the beginning!

So not only does Bitcoin match the properties of gold which enabled it to gain and sustain value, it also provides entirely new and unmatched incentives to use it. If you are involved in just about anything where you want to enforce a certain set of rules on how the money can be spent, Bitcoin can make your life much simpler. If Bitcoin is the best option available to achieve a goal, then there also exists demand for it. And when there’s both demand and a limited supply, it gains value and will have a market price.

What about altcoins (“alternative coins”, other blockchain based cryptocurrencies), why wouldn’t one of them replace Bitcoin? That answer could fill an entire book, but the short answer is that because of the network effect most people will want to use the most popular cryptocurrency, a spot that Bitcoin holds and has held since shortly after its release.

Cryptocurrencies become exponentially more useful the more people that accepts it. It’s the same reason for why there’s usually just a few social networks that’s big at a time, being considered the place to go for discussions and organizing events, and so on. It is the same reason for why the phone networks of most countries are compatible and interconnected. Bitcoin was both first out and good enough to make sure that any competitor needs to be substantially better to be able to beat it. Any competitor would need features that Bitcoin is unable to replicate, but since Bitcoin fundamentally is a computer protocol implemented in software it can also be updated to replicate any features of a competitor before that competitor would gain momentum. So the probability that an altcoin would overtake Bitcoin is very slim, and any software developer capable of creating a better altcoin likely would gain more from working on improving Bitcoin itself instead.

Then there’s the question of how valuable it will become. Since the demand on global markets is inherently unpredictable (you can never be certain that current trends continue), nobody can possibly know for certain. There’s no guarantee it will ever go up from here, because for all we know it might already have found its niche in the market. My personal opinion is that what it offers is so much better than the current options (mainly fiat currencies, also known as state issued paper money) and payment mechanisms (such as credit cards and paypal) that the demand should grow in the future when other people takes a closer look and decide that its features is desirable.

One thing we can know for certain is that it will be interesting to follow its progress in the future, no matter where it goes.

If you have any questions, feel free to ask below. I’ll try my best to answer most questions, anything from questions about the technology to the economic incentives and how to use it.

Bitcoin idea: Temporary notarized wallets – Secure zero-confirmation payments using temporary notarized P2SH multisignature wallets

One of the current problems with Bitcoin in physical commerce (payments in stores) is that due to how it solves the doublespend problem, which other decentralized digital currencies have had major issues with, means that unverified transactions are verified on average every 10 minutes through being included in the blockchain. Before a transaction is included in the blockchain it isn’t yet set in stone, and might not end up verified. That means that for transactions over a few dollars where you want to be able to finish the transaction in just seconds, the seller end up having to accept a transaction that where the buyer has a chance of invalidating your payment through pulling of a doublespend within that timeframe of up to 10 minutes on average, since nothing stops him from creating dozens of more transactions spending the same money up until one of them is included in the blockchain.

To be able to process transactions faster and not have to risk having the payment invalidated through the buyer trying to spend the same money in multiple places, some are relying on “green addresses”, which essentially are centralized services that hold the money of the users for them and imitates banks and credit card companies. They are trusted to not sign multiple transactions trying to spend the same money. This requires that you trust these companies to keep your money secure from hackers, and that they won’t run away with them or put restrictions on how you can use it.

Fortunately that’s a problem that also can be avoided using some of Bitcoin’s lesser known features. Bitcoin already supports multisignature payments (multisig transactions) where the transaction only is valid if for example 2 of 3 chosen people have cryptographically signed the transaction. It also supports something called P2SH addresses. Normal addresses are just hashes of public keys from ECDSA sep256k1 cryptographic keypairs, and spending from a normal address requires creating a valid signature of the transaction using the private key that belongs to the public keys. That proves you have the authority to spend the coins. But P2SH addresses are hashes of scripts (“pay to script hash”), which means that to spend money from them you have to provide an input to the script in question that the script accepts, otherwise it’s invalid and won’t be accepted. One example could be to create a script that accepts payouts only to certain addresses, meaning that you only can issue payments from that P2SH address to those specific predetermined addresses. Another thing you can do is to set time limits, so that the coins can’t be spent until a certain time has passed. You can also do far more advanced things, but I won’t go into that now.

So how would we use P2SH to solve the zero-confirmation problem without trusting others with our money? You can do it by reducing the the “green address” companies to notaries. You can create a P2SH address created from a script that for the next 24 hours ONLY allows you to spend money from it if you AND a trusted notary have signed the transaction. After that period you can always send it back to your regular wallet without a signature from the notary (and this means that your money won’t be lost if the notary suddenly closes shop).

The notaries replaces green addresses, and the only job they have to do is to keep track of what transactions they have signed, and only sign transactions that attempts to spend money that no previous transaction has tried to spend.

Now, within that time frame, the merchants can see that the transactions have been signed by a trusted notary, which means they can be confident that NO OTHER transaction will be signed before the first transaction is set in stone in the blockchain, and thus the doublespend problem is essentially eliminated.

Proving that a notary is malicious is trivial – you only need to keep the transactions sent to you, and if one is invalidated to a doublespend it means that they signed two transactions claiming the same money, and then all you have to do is to show the world the two transactions at once with the two valid signatures from that one notary. From that point on the notary will no longer be trusted, and a subscription service that all merchants and clients use could distribute this proof of malice across the globe in seconds, which makes it nearly impossible for a notary to profit from malice through doublespends.

All a user have to do to create such a P2SH address is to use a wallet client that can create it from a template script, where the user only has to tell the client how much money they want to send to the temporary notarized wallet. If the merchant for some reason would only trust notaries that you haven’t listed in your wallet client, you could simply tell your wallet client to use it through scanning a Qr code as you enter the store (which still means it’s only two simple steps, scan the code and enter a sum of money), which works perfectly fine if you know you’re going to be in there for about 10 minutes or more as the transaction to your temporary notarized wallet likely will be set in stone before you go to pay for the goods. In supermarkets and similiar settings, many merchants could agree on the same list of notaries, so you could create this temporary wallet in advance or right away as you enter the building. And the best of all is that the users aren’t put at significant risk if the notary would be malicious, as the worst they can do is to refuse to sign your transactions for that 24 hour period. You’ll still be able to spend your money as usual afterwards.

The discussion threads on Reddit and Bitcointalk:

Update: There’s a new service that implements a variant of this. is a wallet service that uses multisignature P2SH addresses (based on a deterministic seed for improved privacy), and which offers automatic nLockTime expiration for the multisig requirement for your coins, so that even if the service goes down you can recover your coins. Not exactly what I envisioned, but quite close (I would prefer to have a wallet that allow you to select what notary service to use).

Edited 2015-01-28: This scheme has now been improved upon by others in a version using two chained 2-of-2 multisignature transactions using collateral to assure the risk for the merchant is minimized (although this scheme is currently at risk of transaction malleability that could invalidate the collateral transaction, but hopefully that will be fixed sometime soon).


Edited 2020-11-09: found another related older post, a reference to “time limited transactions”; here Bytecoin describes a transaction that only can be claimed by the recipient until a later time when the block number reaches a certain value, after that the payer can take it back if not yet redeemed.

%d bloggers like this: