Rock solid? A system that requires vast and increasing amounts of the world's energy to be devoted to it just to achieve a vague notion of security? A system that can be attacked in polynomial time (but let's just say that is not a problem; after all, we never defined security in a way to preclude such things!)? That is your definition of "rock solid?"
>requires vast and increasing amounts of the world's energy
"Vast" is hyperbole, IMHO. It might in fact on net conserve energy, by, e.g., reducing the need to haul cash around in armored vehicles and the need for things like bank buildings. It takes a lot of energy to build and operate buildings.
For Bitcoin to be secure, you always need more energy to be devoted to honest mining than is devoted to an attack -- and that ignores the energy spent securing Bitcoin wallets (which is fine to ignore, as it is tiny by comparison). In the limit, half the energy output of the entire planet would have to be devoted to Bitcoin for it to remain secure, though I doubt that any economy could sustain such a situation.
By comparison maintaining security for paper money requires substantially less energy than attacking paper money, even if you include the energy devoted to fighting theft (the analog of the energy devoted to securing individual Bitcoin wallets). The energy spent on counterfeiting detection is far lower than the energy needed to counterfeit modern paper money, and Chaum showed the world how to create digital cash that is even more secure against counterfeiting, with security against double spending, and that allows for anonymous transactions, while still requiring far less energy to be spent on security than would be needed to attack the system.
So no, there is no hyperbole here. Bitcoin is a very inefficient system. It might work in practice, but that does not make it efficient, nor does it even make it an improvement over what we have now. The only think Bitcoin has going for it is that there is no obvious central authority (I say no obvious central authority because in practice, the Bitcoin developers have as much power over the currency as a central bank -- they can e.g. cause a block chain fork at any time, as they accidentally did a few months ago).
In the classical economy spirit one could expect that the mining power supply and demand will be optimized by the invisible hand of the market. It seems to me too that there might be less costs and negative externalities implicitly bound to bitcoin operation as compared to paper money.
You keep dismissing the incentives that Bitcoin gives, which should also be considering part of its security. The only rational attacker that could have an interest and resources to stop Bitcoin is a nation-state. But even then, another nation-state could jump in and protect it. We can't know what will happen until it happens. The field that you want to use to model everything is too narrow for Bitcoin.
"You keep dismissing the incentives that Bitcoin gives, which should also be considering part of its security"
We do not speak of "incentives" in other contexts. When we talk about encryption, we do not spend our time pondering the "incentives" for not attacking our cryptosystems -- we create encryption systems that cannot be feasibly attacked regardless of what motivates the attacker. When we talk about secure multiparty computation, we do not talk about what might motivate the attacker, we only talk about how to prevent attacks.
There are historical counterexamples to the idea that we can analyze a cryptosystem's security in terms of the attacker's "incentives." A famous and well-known example is the German Enigma cipher from WWII. After the war, German cryptographers were captured and interrogated (the TICOM operation), and one of the things they revealed was that they knew that Enigma could be attacked, but did not believe that it would be worth the effort. Even the assumption that the attacker will act rationally is bad -- we should be secure against irrational attackers too.
"We can't know what will happen until it happens"
We can, however, design systems that maintain their security properties regardless of what happens (at least under standard cryptographic hardness assumptions, though sometimes we can even get information theoretic security). ElGamal encryption is secure against any polynomial-time chosen-plaintext attack -- provably so. The GMR signature system is secure against any polynomial-time adaptive chosen-message attack. For a very strange construction that illustrates how we can defend against attack strategies we cannot even imagine, consider this work on non-malleable commitments (the construction is on page 13; it is very strange, but the strangeness is key to the security proof, or in other words there are possible attack methods that nobody is aware of that the construction prevents):
"The field that you want to use to model everything is too narrow for Bitcoin."
Yes, things are very easy when you have no clearly-specified goals, requirements, or constraints. How can there be any technical criticism of Bitcoin if this sort of response is considered valid? Anything anyone says is wrong with Bitcoin could always be dismissed as being "too narrow."
> we should be secure against irrational attackers too
Right, of course it would be better to have something indestructible. But so far it's "good enough" (passes the reviews of its individual components, has resisted for years as a system, but wouldn't resist an irrational attacker). And I much rather have this than the previous system, which is insecure by design (ie: your funds can and are systematically stolen through inflation and other means). Maybe you live in a very good country, where you don't have to worry about such issues (or you live in a regular country but are just not conscious about it?). But most of the world (including myself) doesn't, so Bitcoin is welcome as is.
Perhaps so, but what I was originally replying to was a claim that Bitcoin was rock solid. There is an enormous difference between "good enough" and "rock solid."
"I much rather have this than the previous system, which is insecure by design (ie: your funds can and are systematically stolen through inflation and other means)."
Perhaps so, but as I have noted elsewhere, Bitcoin is not a fiat currency killer. Most businesses that claim to accept Bitcoin payments are actually accepting fiat currency payments. Most adults still need to pay their taxes. There are strong incentives to issue loans in the currency that the courts deal in i.e. fiat currency.
Basically, think of it this way: if Bitcoin exchanges were to disappear right now, what would happen to Bitcoin? What reason is there to think that Bitcoin will ever reach a point where it is not utterly dependent on the existence of exchanges? When even people who want to adopt Bitcoin are only doing so with the help of services that automatically exchange Bitcoin payments for fiat currency, why should we believe that we can ever live in a world where Bitcoin stands on its own two feet?
Finally, let's assume that there is an economic theory that supports a system like Bitcoin i.e. a currency that has no central authority and no intrinsic value. That theory should motivate a security definition. As a point of reference, consider Chartalism (a key part of modern monetary theory), which basically explains why fiat currency works (in a nutshell: the government issues the money and requires you to return some amount later on via taxes), and a key security definition used in the academic work on digital cash (in a nutshell: you have security if it is infeasible to deposit more money with the bank than was withdrawn [this can be stated more formally]). Note the very clear connection: the central authority issues the currency and decides its validity when it is "deposited."
So, to bring things full circle, I give you this challenge: present an economic theory to explain systems like Bitcoin, and use that theory to motivate a security definition that Bitcoin can be tested against (or better yet, proved to meet).
> Basically, think of it this way: if Bitcoin exchanges were to disappear right now, what would happen to Bitcoin?
If Bitcoin doesn't replace all currencies (I don't expect it to do that anyway), it can be used as digital gold (in fact I think you can expect higher price increases from this use case, than from every day transactions). Currently I would love to be able to save in gold, but I can't for many reasons. My government banned it, so I can no longer buy it in a trusted bank (if such thing exists). I can't buy it from other individuals like me, because it's difficult to divide, so you can never get the amount you wanted. You can't import it from other countries because you can't hide it from customs. You can't buy it in the black market either, because they will sell you golden bars filled with tungsten. And all this is for buying. When you want to sell it you will have similar problems. Bitcoin fixes all this, and you don't really need exchanges for this. In fact I never used one (international wires are banned).
Let me think about the security definition. I don't promise you anything, but I'll give it a try when my mind is clear.
> A system that requires vast and increasing amounts of the world's energy to be devoted to it just to achieve a vague notion of security?
Consider the current system of government fiat and credit: the US dollar requires vast armies and navies, the vast and expanding Federal Reserve apparatus with its system of member/franchised banks, employees of the IRS, the US Treasury, the Secret Service (I'm redundant, I know). Millions of people are dedicated to propping up the "full faith and credit".
I'd be surprised if the energy required to keep billions of ASICs humming is more than the energy required to keep millions of people humming.
Further, the fractional reserve system is far from rock solid. It appears to be solid, until a tipping point of confidence is reached, at which point it falls like a house of cards. It's the definition of a con game.
"Consider the current system of government fiat and credit: the US dollar requires vast armies and navies, the vast and expanding Federal Reserve apparatus with its system of member/franchised banks, employees of the IRS, the US Treasury, the Secret Service (I'm redundant, I know). Millions of people are dedicated to propping up the "full faith and credit"."
Let's set aside the issue of whether or not the military is needed for the dollar to remain valuable and speak strictly about security here. You have mentioned no less than three security goals:
1. Preventing counterfeiting
2. Enforcing tax payments
3. Preventing theft
Now, let's see what happens with Bitcoin:
1. Counterfeiting is replaced with double spending, and you need at least as much energy to be devoted to fighting this as would be needed for an attack.
2. Bitcoin does nothing to reduce the energy needed to enforce tax payments, it just shifts the goalposts slightly.
3. Wallet theft is a real problem, and Bitcoin itself does nothing to combat it; you still need to devote energy to securing your wallet, no different than depositing money in a bank.
In other words, two of the three security goals that you mentioned are not addressed in any meaningful way by Bitcoin, and the one that is addressed still winds up requiring far more energy than is needed for fiat currency. Even if paper money turns out to be too inefficient, Chaum's research in the 80s and 90s showed the world how to create digital cash that simultaneously allows for anonymous payments, prevents double spending, and requires substantially less work to secure than it does to attack (exponentially so, in fact). The difference, of course, is that Chaum's designs all called for a central bank in the system, which you already need with fiat currency.
"I'd be surprised if the energy required to keep billions of ASICs humming is more than the energy required to keep millions of people humming."
The problem is that the number of ASICs that need to be powered on will increase as the attempts to attack Bitcoin increase, until eventually half the energy output of the planet is being devoted to ASICs. That is not the situation with fiat currency, as noted above.
"Further, the fractional reserve system is far from rock solid. It appears to be solid, until a tipping point of confidence is reached, at which point it falls like a house of cards. It's the definition of a con game."
Except that the "confidence" is not in the banking system, but in the legal system that supports it. Fiat currency's value stems from tax laws, debt laws, torts, and so forth, and when people talk about "confidence in the government" what they really mean is "confidence in the government's ability to enforce the law." If you truly lack such confidence, try this: stop paying your taxes. As long as people believe that failure to pay their taxes will result in losing their property and freedom, people will continue to demand payment with fiat currency -- the only currency they can use to pay their taxes. Likewise with people who have to repay loans (you would be insane to issue a loan in a currency that courts do not deal in), people who have been ordered by courts to make certain payments (again, this will be in whatever currency the courts deal in), people who must pay parking tickets, etc., etc., etc.
The vast majority of businesses that "accept Bitcoin" are actually accepting fiat currency payments, via a service that exchanges Bitcoin for fiat currency, and only because that allows them to accept electronic payments with lower transaction fees compared to the alternatives. That is how pervasive the "house of cards" is.
