I haven’t written any Bitcoin-related articles for a long time. Before, I was busy with graduation, but recently, after graduating, I’ve actually become much less busy. On the one hand, I’ve been lazy; my efficiency has been low lately, and I’m in the process of getting myself back on track. I have a dozen accumulated articles that will have to be written out one by one. On the other hand, there really isn’t all that much more to say about Bitcoin. The knowledge that needed popularizing and the basic questions that needed answering have already been covered, so I haven’t had much desire to write anything new. As for the dazzling rise and fall of all the so-called “second-generation coins,” I have absolutely no interest either. If I were to criticize them, people would say I don’t understand what I’m talking about and am just talking nonsense; and I can’t be bothered to dig into them, so let it be. Friends who donate money, please fend for yourselves. In addition, lately I’ve been reading some materials on the history of money, the philosophy of money, economic thought, and related topics, and I’m preparing to make some discussions, though they may not necessarily have anything to do with Bitcoin.
Still, in order to get into the mood, I feel I can first write two short pieces. There isn’t much originality here; it’s nothing more than old knowledge that can be found at random through a search. But what others say often doesn’t quite suit one’s mind anyway—either they say it in a way that is too technical, or they simply don’t get to the point. So I might as well reorganize it in my own words; that probably has some value too.
http://www.yibite.com/blog-23803-520.html
Speaking of why people trust Bitcoin, many old hands will simply answer with two words: mathematics. Many of them come from a geek background and are concise and to the point; there are very few who are as long-winded as I am. But being too brief can also mislead people: if one understands Bitcoin as being as reliable as 1+1=2, that would probably be a misunderstanding.
First, when people say they “trust math,” they mean only that, in terms of Bitcoin’s security mechanism, what we trust is mathematics. But as for Bitcoin’s value, mathematics of course can guarantee nothing for us. Mathematics can only guarantee that one bitcoin is one bitcoin; as for how many yuan it is worth or how many jin of rice it can buy, that depends on the actual market environment. So in my second Bitcoin article, I already mentioned that Bitcoin relies on three things: “market, history, and mathematics.” The market determines people’s demand for money; history determines Bitcoin’s advantage over later rival coins; and mathematics ensures Bitcoin’s security.
Among these three pillars, if one had to say which is the most fragile, it would actually be this “mathematics.” For the mathematics here is not the arithmetic rule 1+1=2, which has been tested over a long period of time, but rather the “cryptography” developed only in the twentieth century. That is why the Bitcoin family is also called “cryptocurrency”: because its decentralized security mechanism is built entirely on the basis of cryptography.
The most central breakthrough in modern cryptography is “asymmetric encryption.” Put simply, encryption and decryption use two different passwords. This is what Bitcoin’s “public key—private key” system is: everyone can use the public key to encrypt a message, but only the owner of the private key can decrypt it.
It is precisely this asymmetric encryption that makes a decentralized accounting system possible. A centralized system may not need cryptographic technology. For example, if I want to prove that I own this money, all I need is to possess a password, and if that password is also held by the accounting center, then by showing the accounting center this password that belongs only to me, the accounting center knows that I am entitled to spend the corresponding sum of money. In other words, in a centralized system, because I only need to confirm my identity to a single center, I just need to share a set of passwords with the accounting center and never let them leak.
But in a decentralized system, things are not so simple. I am not confirming my identity to a single center; I am publicizing my identity to the entire network, because there is no single node that is an absolute authority, so identity verification must be a public act. Yet the password I hold for proving my identity obviously cannot be made public to everyone at the same time; otherwise anyone could impersonate me.
So we need a mechanism that allows me to publicize my identity without revealing my private password. That is to say, although others do not know the password I possess, they must be able to know that I really do possess that password.
This is where asymmetric encryption comes into play. Others can use the public key to encrypt and “pose a problem,” and only the person who possesses the corresponding private key can solve that problem. So as long as I solve that problem, others can be sure that I am indeed the person who possesses the private key. Bitcoin’s transfer works through this mechanism. Every transaction is in fact a process of decryption and re-encryption: A once sent 1 coin to B; now B wants to send 1 coin to C, so he must first unlock the problem A posed to B, proving that he is B, and at the same time pose a problem to C, which only the person who can prove he is C can solve.
In this process, everyone across the entire network is participating in verification, and only when B proves, through decryption, that he is B will his newly initiated transaction be propagated and confirmed by the whole network. Clearly, this verification process likewise requires “asymmetry”: that is, ordinary people may not be able to solve the problem, but if someone does solve it, then everyone can verify whether that solution is correct.
This “asymmetry,” or rather “irreversibility,” which serves as the cornerstone of cryptography, is not very difficult to understand. In fact, we all remember that when doing math problems in school, many questions required us to rack our brains to find the solution, but if we already knew the answer and then substituted it back to check, that was very easy.
For example, factoring large integers into primes is slow to do, but if you are given several prime numbers and asked to multiply them together, that is much faster. This is a classic asymmetric algorithm: solving the answer takes far longer than verifying the answer. As long as one finds an algorithm with this kind of asymmetry, one can design an asymmetric encryption mechanism. In fact, the cryptographic algorithm based on the integer factorization problem is the basic principle of RSA, the encryption algorithm with the greatest impact. Bitcoin, however, is based on the elliptic curve discrete logarithm problem. There is no need to go into the specific details, but basically the feature is the same: asymmetry between solving and verifying.
But is this asymmetry absolutely reliable? The answer is no. For instance, the reason we feel that solving a certain problem is much slower than verifying its answer may simply be that we have not yet found the right method. Once we discover the trick, perhaps computing it will be faster than verifying it. A primary school student who has just learned addition may feel that subtraction is much harder than addition, but that is not a property of subtraction itself; it is merely that people have not mastered the trick. So is it possible that the asymmetric algorithms on which these asymmetric encryption schemes are based are also just difficult because we have not yet found the trick?
Unfortunately, that is indeed the case. What we can be sure of is only that we have “not yet” found the trick, but it is hard to prove that no one will ever find the trick. In fact, the SHA-0 and SHA-1 algorithms have already been “broken,” meaning that some tricks for “fudging the answer” have been found, and these encryption algorithms are no longer reliable.
So, how reliable is the encryption algorithm on which Bitcoin is based? The answer is that Satoshi Nakamoto chose what was essentially the most reliable encryption algorithm on the market. Nevertheless, there is no way for us to prove once and for all that these algorithms are absolutely reliable.
In fact, even if we have not yet found the trick, that does not mean we have no way at all to solve the problem. Since, once we know the answer, we can verify it very quickly, we at least have one method of solving it, namely brute force. So-called asymmetry and irreversibility refer only to asymmetry in computational time, not to an absolute distinction between solvable and unsolvable. But does brute force necessarily take longer than verifying an answer? Perhaps it is only that we have not yet mastered the trick to brute force?
This actually involves the first of the seven “Millennium Math Problems”: P (deterministic polynomial-time algorithms) versus NP (nondeterministic polynomial-time algorithms). Is NP equal to P? Put simply, can solving an uncertain problem—one that requires some guessing in certain places—be as fast as a problem whose answer can be confirmed simply by following procedures step by step?
Since this is a problem on the level of an “unsolved mystery,” naturally we have not found the answer yet. That is, we can neither prove that nondeterministic problems are necessarily slower to solve, nor can we prove that there is a way to solve them at a comparable speed.
But what if NP = P were actually proven? Then almost all asymmetric encryption, including the RSA algorithm and the algorithms related to Bitcoin, would collapse almost entirely.
Seen this way, the whole of cryptography seems to be built on an extremely fragile foundation: while praying that specific algorithms have no loopholes, one must also pray that NP = P is never proven. But mathematics is, after all, this elusive. We cannot even prove the consistency of arithmetic systems; we can only believe that they are consistent. And just as the continuum hypothesis has been proven undecidable, the fate of NP problems may well be the same. It is quite possible that we will never find a way to make NP = P, yet never be able to prove NP ≠ P.
In addition, even if no “trick” can be found in mathematics, there may still be a breakthrough in physics, namely quantum computers. The principle of quantum computers is to perform parallel computation through quantum effects. Many people should have heard of “Schrödinger’s cat,” meaning that in a quantum state, the cat may be neither alive nor dead, but in some marvelous superposition state. And under such a “superposition state,” parallel computation may proceed simultaneously. For example, a problem that would originally require two cats each to spend one minute solving might be completed in one minute by that single cat in a quantum superposition state, because in the quantum state it is no longer “one” cat. But as simple as this miraculous thing sounds, it is extraordinarily difficult to realize in practice. At present, although technology continues to advance, the capability of quantum computing has not entered a trajectory of exponential growth. In the foreseeable future, it is still hard to replace classical computers, and each quantum computer can only be optimized for specific problems; it cannot be used universally for any form of parallel computation. Of course, if there were suddenly some technological breakthrough and quantum computers made a leap forward, then would it be possible? We certainly cannot rule out these possibilities.
So we cannot expect the mathematical foundation of Bitcoin to be absolutely watertight. Security is always relative. If we cannot prove that stepping out the door today means we will not be hit by a meteorite, does that mean we should not go out at all?
In fact, rather than saying that we are always seeking guarantees of safety, it is better to say that we are always avoiding danger. If there were a madman waving a cleaver inside the house, then even if hail were falling outside, I would still rather run outside. Choosing what to rely on is always some kind of relative trade-off. When we choose Bitcoin, we are avoiding the will of the centralized ruler; we believe that cold numbers are always more reliable than hypocritical human hearts. It is that simple.
Translated from the Chinese original with AI assistance. The original text is authoritative.
Leave a Reply