"I think that as a community we should start demanding these services continually prove that they are not fractional reserve. We cannot effectively eliminate the need for trust in these sorts of services, but we can certainly confine the exposure and eliminate a lot of this drama. With Bitcoin it's technically possible to prove an entity controls enough coin to cover its obligations— and even to do so in ways that don't leak other business information, and so we should. But this isn't something specific about MTGox, it's something we should demand from all services holding large amounts of third party Bitcoins. I wouldn't even suggest MTGox should do it first, rather— it sounds like a great move for their competition to differentiate themselves."
Here's the takeaway:
"This would leak the total holdings, and some small amount of data about the number of accounts and distribution of their funds, but far far less than all the account balances. Importantly, though— it could be implemented in a few hundred lines of python."
In case anyone from Coinbase is reading: you have a unique opportunity to be the first webwallet service to implement this, and thereby make the entire bitcoin community instantly fall in love with you. It would also set a minimum standard of quality for webwallet services in general, which would add a lot of value to the bitcoin ecosystem. It seems like this might be a pretty big business opportunity.
This guy seems to be everywhere! He's a prolific Wikipedia contributor (administrator + many thousands of edits), and was also the guy behind the dump of a ton of pre-1923 JSTOR documents to the Pirate Bay, which in part helped pressure JSTOR to un-paywall its old/PD articles (http://arstechnica.com/tech-policy/2011/07/swartz-supporter-...).
First, you announce that you only have 4000 BTC in deposits. Then you build this tree, and at the very bottom layer you add a node with a -1000 balance. You pair that node with your (or a conspirator's) real node holding more than 1000 so that any node above yours (read: everyone else) sees a positive balance at every point in the tree. Everyone can verify they're in the tree, the numbers add up to what you claimed publicly, but you're now successfully running a fractional reserve! And the only way to uncover such a scheme would be to publish all of the balances for every account.
Am I missing something?
Edit for clarity: the node you pair with is your own, so that no real user sees the negative sum.
[ -1000, 1000, 2000, 2000 ]
[ -1000, 1000, 2000, 2000 ]
[ 0, 4000 ]
[ 4000 ]
Case 1: other people withdraw first.
[ -1000, 1000, 0, 0 ]
[ 0, 0 ]
[ 0 ]
Case 2: you withdraw first.
[ -1000, 0, 2000, 2000 ]
[ -1000, 4000 ]
[ 3000 ]
So in theory, as long as there exist users who don't check their Merkle branches, and those users are identifiable, it probably is possible to run a slight fractional reserve undetected. So the protocol is suboptimal. But it's not really "broken". I do wonder if it can be improved though, perhaps with some kind of ZKP protocol.
... And you still don't fix the problem that balances which are unchecked can be diverted.
In the IRC log I posted I went on to suggest that a service could have a rule that _permitted_ them to take your balance if you don't check it periodically— e.g. they could just withdraw it into their own pocket. You could prove you checked it (or that you tried and they wouldn't let you). By doing so you'd actually create a real incentive for people to check, though I suspect boobytrapped balances wouldn't be very welcome.
Regardless— it still confines the extent of fraud that is possible.
In that discussion we applied a merkel-sum tree data-structure— a pet datastructure that I'd previously proposed for making compact proofs of blockchain invalidity in Bitcoin (in order to make a future bitcoin world where no one runs full nodes safe from inflation and theft by miners)— to PT's bank fraud proofing application.
You may find the log interesting: https://people.xiph.org/~greg/bitcoin-wizards-fraud-proof.lo...
Search for "auditable off-chain transactions" and "Merkle-sum-tree"
(I left in a lot of unrelated stuff since it makes the meandering conversation make a bit more sense. Though a lot of this continues a long running dialog about cryptographic-wankery that has been going on for years)
Ultimately these schemes require the use of a jamming free broadcast network of some kind... otherwise they run into the same problems certificate transparency has where you can substitute the commitment on the fly. Fortunately, Bitcoin provides a global consensus mechanism which could be used to directly attach the commitment to the coins being spoken for.
My email is in my profile, and I'm happy to Skype chat with anyone who wants to help.
I'll flesh it out a bit better tomorrow.
While systems like that have many applications— and should be used where they can, they aren't a replacement for large scale markets like MTGox or for ultra-low-cost instant payment systems.
What happens as businesses (overstock, etc) start accepting bitcoin? Will bitcoin never be able to handle to volume of an amazon or walmart?
You also must make sure that all customers are seeing the same root, and that you can't do funny business like constantly update it to swap out which customers you're robbing. (e.g. it should be a daily or weekly updated thing).
As for the negative values, I wasn't thinking of robbing anyone, but just pretending you are solvent when really you're not. I'm not sure I see what you mean by "swap out which customers you're robbing", could you expand?
Though it could be a good way for new/small exchanges to differentiate themselves and gain trust of the community, which could force larger and larger exchanges to do the same until it's common practice (as mentioned has happened with provably-fair gambling sites)
Banks can still make loans simply by offering certificates of deposit. This is the above-board way of loaning out people's money -- you make it absolutely clear that taking it out early has a cost, because the money is locked up in (hopefully) profitable ventures.
Would that be less profitable for the banks? Not really -- they would just adjust their prices to compensate, by charging fees on idle money that's instantly redeemable.
And if you let a secondary market for CDs flower, customers can still get good liquidity. Just in a way that's better subject to market discipline.
I have no idea whether this is a good idea or if it would work as a business.
Fractional Reserve banks enable you to have your money and be loaned out at the same time(thereby stretching the money supply like an elastic rubber band).
Full Reserve banks ONLY loan out money which was specifically deposited to them for the purposes of being able to be loaned out.
You do realize that modern finance depends on this notion?
For example, Banks need no more than 10% of a loan as cash on hand.
Modern finance also causes some very serious societal problems, in my opinion.
I've been using http://coinmkt.com
I regrettably used MtGox.com. I'm kicking myself now.
I've tried coinmkt but I don't like it. Their fees aren't great their deposit and withdrawal methods are limited and there are fees on deposits and withdrawals at least there were when I gave it a try.
I'd say Bitstamp has a very good track record, and what's wrong with Slovenia? It's probably about on the level of the Czech Republic in terms of economic freedom, development, level of corruption (relatively low), output, business practices, etc. Would doing business with a Czech company make you nervous?
In business culture, Slovenia looks toward Germany more than toward the former Eastern Block (of which it was never a part).
I mean, Bitstamp's owners are public people. I feel pretty confident that they're not going to run off with their depositors money. Is there something else that you're concerned about?
But I agree, if you want to just buy coins, Coinbase is a good start. And Kraken is looking very good, too, particularly if you're a serious trader (that's who they appear to target).
If you quickly transfer in, exchange, and transfer out you don't need quite as much trust.
Anyway, best bet is to use several exchanges to take advantage of arbitrage opportunities and to distribute the risk.
You could use it to show that USD obligations jive with third party audits, insurance, or accounts in a bank if you could get the bank to produce signed attestations... though the trust isn't eliminated there, just shuffled around.
Why is this? Seriously, that alone could prevent so much fraud and misuse of funds. Every public company could have a digitally-signed bank balance, updated in real time.
already pleading it to brazilian exchanges.