>As Satoshi's original Bitcoin paper showed, it becomes exponentially >improbable that any attacker controlling less than 50% of the total CPU power >could manufacture a verifiable chain that is longer than the longest one that >is produced collaboratively by the P2P network.
--I'm pretty unfamiliar with bitcoin but I consider this "security guarantee" to be pretty worthless. If I join an e-money scheme, then dammit I do NOT want to be cranking my computer day and night in a a desperate battle to stay secure by expending more cycles than the bad guys. I want to do some computation ONCE whenever I get or pay some money, then stop forever, and I still want permanent security against all the compute power in the universe for the life of the universe. Many cryptographic protocols, including multiparty and voting and e-money protocols, already exist with the level of security I just described (under the usual assumptions, such as integer factoring is way hard). It is quite plausible in a bitcoin scheme with a million participants, that some "bad guy" team will spend an enormous amount of computing 24/7 in parallel trying to break it, while meanwhile the "good guys" do nothing with their computers because they are interested in using their computers for other purposes. Or in turning them off. I consider bitcoin, if this is all the security it has, to be garbage proposed by incompetents. -- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step) and math.temple.edu/~wds/homepage/works.html ---- Election-Methods mailing list - see http://electorama.com/em for list info
