However, checkpointing is only a secondary protocol that is not capable of standing on its own as the basis for a coin. Checkpointing is merely a secondary validation of a primary security model. Thus his conclusion, which essentially seems to say that we should throw out the Bitcoin and keep the checkpointing, is false and unworkable.
Checkpointing can be separated from the proof-of-work chains. You can just make the developers publish a checkpoint at 10 minute intervals. If the devs are to be trusted, then you lose no security. And if the devs are not to be trusted, you shouldn't accept any kind of checkpoints from them, even after 10 months, because they could easily rewrite history regardless of how much proof of work was accomplished in the real chain. So on it's face, the argument is sound.
The real failure of Ben is that he does not allows for different convergence times of complementary algorithms. Proof of work is a fast convergence algorithm that gives you some assurance against double spend in a few minutes. Community vetted checkpoints are a slow convergence algorithm which gives a stronger assurance; but it could take days or weeks until the treachery of the checkpointer is demonstrated and the community agrees to trust another dev/implementation/checkpoint provider. So by using both mechanisms you get the best of both worlds.
Another failure related to point 1 I've identified at the time, and posted a comment on his site:
The Bitcoin eligible voters are not the majority of computing power in existence because computing power is not a fungible, homogeneous substance. You can easily see a 10^4 performance ratio on specialized versus commodity hardware (ASIC vs CPU), so that the Bitcoin network becomes impervious to attack if it makes up only 0.01% of the computing power of the world as expressed in transistors*Hz. Rather, Bitcoin, like most other currencies in the world, is up against any adversary more financially powerful than its backers (the miners). So if you are willing to invest more than the compounded mining profit, you can take the majority vote and influence consensus, by expanding the computing power of the world in the form of efficient mining machines.
Its pretty clear that rewriting the history is not equivalent with stealing everybodys money, rather it means destroying the system and making the coins worthless, so the likely attackers will not be profit-motivated by any definition of profit expressed in bitcoins. We could talk about governments, banks, competing currencies, lulz etc. Its only a matter of speculation if an attacker likely to act in such a manner exists. Furthermore, as the network expands the window of opportunity closes to exclude small scale lulz-motivated attackers, and allow only governments or large corporations. The hashing power of the network already surpasses what could be accomplished by ~10 million commodity PCs, excluding even the largest botnets as worthy attackers.
Comment by BubbleBoy 6 Jul 2011 @ 15:39