Clarifications and corrections from a computer scientist

[Note: I recently received some feedback on The Anatomy from Jorge Stolfi concerning a few of the passages in the introductory chapter.  Below, reprinted with his permission, are some of his comments and corrections that readers may find helpful and more clarifying than what I originally published.]

In the introduction you say:

Property is a legally recognized right, a relation between actors, with respect to control rights over given contestable, rivalrous resources.14 And with public-private key encryption, individuals can control a specific integer value on a specific address within the blockchain. This “dry” code effectively removes middlemen and valueless transaction costs all while preserving the integrity of the ledger.15 In less metaphysical terms, if the protocol is a cryptocurrency’s “law,” and possession is “ownership,” possession of a private key corresponding to set of transaction (tx) outputs is what constitutes possession.16 In other words, ownership is conflated with possession in the eyes of the Bitcoin protocol.17

I don’t think that the Bitcoin protocol did (or could do) that; property and possession remain quite distinct in its realm, although property is often very difficult to enforce.

As you say, possession is the physical ability to control and use the thing, while property is the legal right to do so. The state decides whether something is your property, and when it passes to someone else. Taking possession of a thing without the state’s agreement — i.e., without becoming its proprietor — constitutes “theft”. In that case the state is supposed to use its power to restore the thing to your possession, and possibly punish the thief.

“Ownership”, “owner”, “own” are sometimes used for possession, but usually they refer to property. I will use them with the latter sense only.

Knowing the private key to a blockchain address gives possession of the bitcoins stored there, but not ownership. The general rules of property still apply: to become owner, you must create some coins with materials, equipment and labor that you own, discover some that have no owner, or receive them from their previous owner, with his agreement; all with many other conditions and exclusions, taxes, etc.. Thus the notions of property and possession are quite distinct even for bitcoin.

The US government has acted on this distinction already, e.g. by seizing the Silk Road bitcoins, prosecuting Trendon Shavers for “misappropriating” bitcoins of clients with his Ponzi scheme, and accusing Butterfly Labs of pocketing bitcoins that they mined using customer equipment.

All crypto assets are essentially bearer assets. To own it is to possess the key.

Even with bearer assets the notions of property and possession are distinct; one can be prosecuted for the theft (taking posession) of bearer bonds or cash that are someone else’s property. Bitcoin, like cash, only makes it more difficult to prove to the state that a theft occurred, and to catch the thief; but that does not mean that property has been reduced to possession.

In the early years of bitcoin, one could perhaps have believed that bitcoins would be outside the scope of the concept of property — like inventions and songs used to be, until the recent transformation of copyright and patents into “intellectual property”. However, even before the legal cases above, Mt GOX and many other cases made the community recognize the concept of “bitcoin theft” — and therefore the notion of property distinct from possession.

The shift from bearer, to registered, to dematerialized, and back to bearer assets is like civilization going full circle, as the institution of property evolved from legal right (possession of property) to the registered form (technical ability to control) that predominates in developed countries today.

I don’t think that the shift from material to dematerialized assets implied the weakening of the concept of property. On the contrary, dematerialized assets became possible only after society invented the concept of property. In fact, dematerialized assets are simply the rights of property of other things, as recorded in some “official” registry recognized by the state, and only as long as those records are changed in ways admitted by the state.

Private blockchain keys are like the keys to a car, in the sense that the person who has the keys in hand can take possession of the car. But the keys do not define the property of the car, which is determined by car documents and records issued and kept by the state.

Complementing the analogy: the blockchain protocol is therefore not the analog of the car ownership documents and records, but more like the door lock mechanism: a blind device that will only give possession of the car to whoever has the proper key, and thus usually makes theft more difficult; but it does not define property. In fact, the door lock sometimes may even hamper the restitution of the car to its rightful owner. And replacement of the door lock (analog of moving bitcoins to another address), by the owner or by a thieff, has no effect on the car’s ownership.

A bit further down from that section:

by building a blockchain tree (called a “parent”) [ … ] These blockchain trees are simultaneously built and elongated by each machine based on previously known validated trees, an ever growing blockchain.

There may be some confusion here perhaps. A Merkle tree is a very general concept: it is a set of data records (or “blocks”), where each record contains, among other information, a cryptographic signature of the contents of some other record, its “parent”. These signatures tie the records in such a way that, if one wants to change the contents of one record, one must recompute all the signatures contained in all the records that are downstream of it. It is called a “tree” because a record may be the parent of two or more other records, thus a fork of the tree.

The Bitcoin blockchain is a special case of a Merkle tree. It forks only “accidentally”, and when it does one of the branches of the fork is usually very short, quickly dies, and becomes completely irrelevant. Thus it is a basically a linear chain (a Merkle chain) or records, rather than a bushy tree.

There have been proposals to change the Bitcoin protocol to use a “bushy” Merkle tree instead of a linear chain. That would make some operations much faster and less wasteful of bandwidth and memory. However, there is so much software out there which depends on the current structure, that such a radical change is highly unlikely to be implemented.

Bushy Merkle trees have been proposed also for other uses, e.g. as a way for exchanges and similar places to demonstrate that they have all the bitcoins that they are supposed to have. But those uses are not part of the Bitcoin protocol.

The blockchain only forks when (1) some bug is found in the protocol, that requires discarding all blocks since the first bad block, and replacing them with a new set of blocks, starting at that point, re-processing all transactions again if possible. Or, (2) when two miners succeed in mining the block N+1 nearly at the same time, and each broadcasts his version of that block without seeing (or acknowledging) the other. Then all the miners may choose either version as the parent for their block N+2. Thus the two branches may grow independently for a while, but at some point one of them will get defintely longer, and then all miners will have to continue extending that branch. At that point the shortest branch will become irrelevant and the blockchain will again become a linear chain.

So, maybe you want to avoid mentioning Merkle trees at this point, and pretend that the blockchain is just a chain that grows orderly, one block at a time. Those accidental branchings are relevant later, for the discussion of double spending and other possible faults/attacks.

Further down:

By January 2014, the computational power of the network reached 200 petaflops, roughly 800 times the collective power of the top 500 supercomputers on the globe.25

Perhaps it would be better to say something like:

“The proof-of-work computation essentially consists of performing a large number of relatively expensive operations, called ‘hashes’. The computing power of the Bitcoin network (or of any Bitcoin mining equipment) is therefore measured in ‘hashes per second’ (H/s). By January 2014, the computational power of the network reached 200 petahashes (200’000 trillion hashes) per second. By comparison, the top 500 supercomputers in the world could perform only about 120 trillion floating-point operations per second (teraflops).”

This too is somewhat garbled:

To prevent forging or double-spending by a rogue mining system, these systems are continually communicating with each other over the internet and whichever machine has the longest tree of blocks is considered the valid one through pre-defined “consensus.” That is to say, all mining machines have or will obtain (through peer-to-peer communication) a copy of the longest chain and any other shorter chain is ignored as invalid and thus discarded

I would just write something like:

“The computers that comprise the Bitcoin network are constantly communicating in peer-to-peer fashion, sharing their known versions of the blockchain and checking each other’s work. The nodes strive to reach a consensus — which is defined as the longest version of the blockchain where each block contains only valid transactions and the correct signature of the previous block. Any side branches that are not part of the longest chain are ignored (and their blocks are called ‘orphans’).

As of this writing, the height of the longest chain has just over 311,000 blocks.

Rather: “As of this writing, the length (or, in bitcoin jargon, the ‘height’) of the consensus chain was over 311,000 blocks.

Leave a Reply

Your email address will not be published. Required fields are marked *