A topic of significant interest to me is:

Given the properties of Bitcoin, what types of human social structures are most effective for dealing with it? Will existing ones be adapted in some way, or will new ones emerge?

The term "Bitcoin" as used in this article means "Bitcoin and/or whatever successor cryptocurrency eventually displaces it, whether this decade or next century, as well as any other cryptocurrency that is of interest".

I explored this topic in a previous article: The Establishment of a Cryptocurrency Guild.

Quick summary: I think that the most effective way for people to organise themselves to deal with cryptocurrency is the guild. In the Bitcoin domain, the most valuable item other than Bitcoin is trustworthy skilled time, and the guild is the organisational structure that allows humans to exchange and evaluate this time most efficiently.

The first problem I encountered with Bitcoin was "How does it work?". Reading the whitepaper gives a decent overview, but nailing down the details is rather difficult. [0]

The second problem I faced was "How can it be stored securely?". I ended up writing my own cold-storage solution. [1]

The third problem was "How should a group be organised for working in the Bitcoin domain?", which eventually led me to the idea of a guild.

My current problem is "What sort of approach is best suited for storing bitcoin for other people?".

Originally, I was determined that each individual should hold their bitcoin themselves, and I built my cold-storage solution with that in mind. It uses cheap, portable hardware (a Raspberry Pi Model B+), and a single programming language (Python 2.7), which is supplied with the default operating system for the hardware and is fairly debuggable.

I view Bitcoin as digital gold, and thought it best to never take responsibility for storing gold for other people. What if you lose it in a fire, or someone robs you? How can this loss ever be made good? What if your client doesn't believe that you were robbed, and instead decides that you yourself have stolen the gold from him?

Further, the properties of Bitcoin encourage this every-man-is-his-own-bank approach.

1) It is controlled by private keys, which are strings of letters and numbers.

Example Bitcoin private key (64 hex characters, 32 bytes):


Example Bitcoin address (34 characters):


A picture of a private key is just as useful as the actual private key, so it can be stolen using a camera, unlike gold. The theft can remain unknown until the thief uses the private key to make and broadcast a valid transaction.

If you share a private key with a second person, you cannot prevent them sharing it with a third person without your knowledge. Additionally, a third person can steal the private key from either you or the second person, transfer the bitcoin out of the address, and both you and the second person may suspect each other of theft.

Therefore, it makes sense that each person should create their own private keys and never show them to anyone else.

2) Bitcoin doesn't weigh very much.

If stored in a single address written in a notebook, a million dollars in Bitcoin is as easy to carry as ten dollars. This is not the case with gold or bank notes, which take effort to move and transport.

Given a near-weightless hard currency, it becomes feasible to imagine each man always carrying / controlling / storing his money himself, directly.

3) Bitcoin transactions are irreversible and extraordinarily difficult to trace to a recipient.

The currency mechanisms in the fiat systems allow people to expect (and sometimes receive) compensation for fraud and theft from bank accounts. Transactions can be reversed, or at least the recipient can be identified and prosecuted.

The difficulty of tracking bitcoin after fraud / theft, coupled with the inability to reverse a fraudulent transaction, leads to an inherent suspicion of any third party. For example, a bank (or just one of the bank's employees) could transfer bitcoin from the bank vault to an address that they controlled, then claim that the bank had been robbed by an external agent, and it would be quite difficult to know whether or not this was actually true.

This suspicion has led to the expression "not your keys, not your bitcoin".

4) Various statements in Satoshi's whitepaper emphasise a trustless, every-man-is-his-own-bank approach. This helped to set the initial tone and focus of Bitcoin.
- The title of the paper refers to peer relationships: "Bitcoin: A Peer-to-Peer Electronic Cash System"
- First two sentences in the paper: "Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model."
- Start of the second paragraph: "What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party."
- Start of the conclusion: "We have proposed a system for electronic transactions without relying on trust."



However, with time and practice, I have encountered some problems with the every-man-is-his-own-bank approach:

1) Dealing with Bitcoin is very technically demanding. It has soaked up an enormous amount of my time, firstly to understand its workings, and secondly to build and maintain tools for manipulating it. Should everyone do this? Can everyone do this?

2) There are skilled and competent people (e.g. dentists, carpenters) who nonetheless do not have a spare decade available to learn to use computers to store Bitcoin. It seems unreasonable to say to them "either learn Linux and Bitcoin yourself or rely on online exchanges run by people you don't know".

3) More generally, civilisation is in some sense the division of labour among many people, and the endless effort to manage the social relationships between those people, to reward competence and punish free-riders. [2] Social systems that facilitate exchange of expertise (e.g. dentistry for Bitcoin storage) tend to outcompete ones that don't.

4) If bitcoin is always stored so securely and secretly that in general it cannot be recovered after its holder's death, it becomes difficult to organise large-scale economic activity. Suppose someone starts a mainly Bitcoin-based company in which he is the sole treasurer. He is successful and the company becomes large and important, with many other companies structuring their business processes and activity around its needs. He dies, all access to the main treasury is lost with him, his company grinds to a halt, his staff must seek new employment, and the other companies lose any credit they advanced to his company, plus a major income stream on which they depended, plus their investment in organising their activity around it. Because of the credit risk of a single death, sensible Bitcoin holders will attempt to reduce their risk exposure to any other single Bitcoin holder i.e. they will avoid engaging in complex large-scale economic activity. This suggests a future in which most complex economic activity still takes place within fiat currency systems, simply because they handle death more robustly. People might still hold some portion of their personal savings in the Bitcoin currency system, but will choose to form companies in a fiat currency system.

5) Bitcoin's properties (its portability, its transaction irreversibility, the difficulty of tracing it) make it an attractive target for armed robbery. A single Bitcoin holder, if he is known (and only a little activity is required to make someone a known holder), should take account of the possibility that some other humans will form a group with the intent to rob him. Most solutions to this problem involve forming a group to protect every member's holdings i.e. collective security i.e. not every-man-is-his-own-bank.



Pressing for the every-man-is-his-own-bank approach now strikes me as advocating that men should live like tigers.

Tigers live solitary lives. Their individual capabilities are great enough, within their ecological niche, to allow them to master their environment and sustain themselves. They have little need of others of their own kind, except for mating, and occasional socialization. Their conflicts are generally one-to-one, and rare.

Humans are not tigers. They are individually weak, without much natural armament (at least as compared to tigers), and usually incapable of sustaining themselves if they are on their own. They live in groups, of varying size, because in this way they each have a much better chance of coping with the local environment. [3] Their conflicts can involve any number of participants on any number of sides, are constant, and of varying intensity. A secondary effect occurs: For humans, "the group" (or "the social world") becomes just as much a part of the environment as the savannah, or winter, or predators. [4]

I am interested in whether a particular approach is desirable, but much more so in whether it is effective, resilient, and feasible. [5] Men do not live like tigers and never have. Acting on the basis that they should (or can be made to) is not an effective use of my time and energy.



So, let us assume that some (most?) individuals will not store their bitcoin themselves, but will instead rely on someone else to do so for them. Effectively, someone will have to act as a bank. Relevant article: James Sullivan on the nature of banks.

My problem can therefore be reformulated into: "Under what conditions can a Bitcoin bank exist and function?"

This is a close cousin to "Under what conditions can a gold bank exist and function?". [6]

No existing institution really has the requisite level of trustworthiness. The financial promises that are kept today (e.g. that your bank balance doesn't change randomly) are only kept because of the endless creation of new money (or new debt) to hide the losses and fraud.



Currently, as far as I can tell, the Bitcoin storage situation is as follows:

1) A few people use a cold-storage solution, and store the majority of their bitcoin offline. Almost everyone in this group believes that Bitcoin stands a fair chance of continuing to behave like a digital gold (else why make the effort?).

2) Rather more people use a local client program (perhaps the original bitcoind, or a version of it) on an online computer. The private keys are under their control, but are at risk of being stolen via remote access through the network connection. This is a reasonable middle ground, in terms of risk vs expenditure vs the chance that Bitcoin breaks in some way.

3) The vast majority of people simply rely on a Bitcoin exchange company to store it for them. They hold human promises, instead of mathematical / game-theoretic ones.

If they are competent, Bitcoin exchange companies fall into category 1, and store most of their holdings offline. [7] Many of their customers still view cryptocurrencies as "play money", only really want to gamble, and are uninterested in learning how to store it themselves. The exchanges tend to offer storage as a necessary but boring side benefit. Periodically, one of the more poorly-managed exchanges goes bust, and the customers complain to anyone who will listen.

The answer to the question "What sort of Bitcoin bank can exist when the majority of customers are interested in the short-term, rather than in the long-term?" is... exactly the situation we have now.



Let's consider some possible futures, in which this situation changes a bit. Let's say that a significant proportion of customers become interested in the medium-to-long-term, and the security of their Bitcoin deposits becomes their primary concern.



Scenario 1: Bitcoin exchanges grow into official banks.

Bitcoin exchanges compete to make themselves as trustworthy as possible. They publish their storage procedures, have stringent standards for their employees' reputation and character, are audited by notable third parties, supply custom / verified hardware and software for accessing accounts, and charge a storage fee e.g. 1% per year. They hire bookkeepers and counter-bookkeepers, accountants and counter-accountants. They become banks that offer exchange services, rather than exchanges that offer banking services.

They cooperate with the local laws and pay the local taxes. Perhaps the local government offers them a special tax rate to incentivise them to stay. They report the names and balances of their account holders to the local government for tax calculation purposes. The local government supplies security (i.e. armed guards) for the bank, or allows the bank to hire its own.

The primary goal of the bank becomes to assure the security of the deposits of the local government and its rulers, thereby purchasing their own security from that government, and to offer this same security to the local notables / businessmen, without helping these notables to evade their taxes to the local government.

Necessary condition: A sufficient proportion of the local rulers perceive one or more of the following points to be the case: a) Bitcoin is a useful store of value for weathering economic distress, b) holding Bitcoin represents an opportunity for economic growth relative to the rest of the world, or c) the local businessmen really want this bank to exist.

A local government will also be more interested in supporting / permitting a Bitcoin bank if it is relatively weak compared to other governments, and is looking for any competitive advantage against them, and understands that Bitcoin could provide such an advantage e.g. secure international payments that bypass the US dollar system.



Scenario 2: Covert banks emerge from existing networks.

Various groups of people, who already work with each other, have strong networks of relationships built up over a long time, trust each other (perhaps not perfectly, but sufficiently), choose some of their number to store and guard the Bitcoin holdings of the whole group.

Over time, the normal procedures of a bank emerge through practice: Armed security, reputation tracking, withdrawal / deposit procedures, storage fees, bookkeeping systems, etc. The difference between this and Scenario 1 is that in this case the bank is explicitly focused on evading payment of any taxes to the local government.

These banks will necessarily be more limited in size, because they must remain covert. They will be more selective about their customers, and are unlikely to accept very many people from outside their known / trusted group. They cannot become too large without attracting the attention of the local government.



Scenario 3: A covert bank supports a breakaway government and becomes an official bank.

Eventually, a covert group + bank in Scenario 2 may expand economically and strategically to the point where they can mount an effort to become the local government. Something very much like this has already occurred in Mexico, where multiple drug cartels exercise governmental authority over sections of the country. At this point, the bank moves from Scenario 2 to Scenario 1, becomes an official bank that works closely with the local government, and... pays taxes. Notably, however, when a new government emerges, it often offers a much lower tax rate, partly to incentivise people to support it, and partly because it no longer needs as many taxes (its rulers do not have to pay as many entrenched vested interests, its notables tend to be more economically dynamic and entrepreneurial rather than bureaucratic, and it is more decentralised i.e. problems are handled locally rather than by the central government).






Ok, assuming that Bitcoin banks will exist, how will they manage the private keys?



Approach 1: Centralised

All keys are kept by the bank, in one or a few locations. They should be handled only within a windowless room, due to the risk of theft-by-camera. They might be stored in a safe, in a dedicated offline computer, or in a book. They might be disguised in some way (e.g. two books are used, each of which stores half of each key).

All critical staff are chosen primarily for loyalty / trustworthiness / character, and secondarily for skill. No one is left alone with the keys, ever.

Ideally, non-critical staff would not know how or where the keys are stored.

Alternatively: The location of the keys is not secret, but there are so many layers of protection and people that trying to get there is very difficult / dangerous for an unauthorised person.

Problems:
- The bank customers are exposed to these risks: Fire / flood / etc (i.e. any disaster that might destroy all the copies of the keys), theft or incompentence by bank staff, an attack by a government on the bank, untimely / accidental death of critical bank staff.

Let's expand on the risk to customers of the death of bank staff members. If there are relatively few bank staff, and the key locations (and/or the method of reassembly of the keys from their disguised forms) are secret, and all critical staff die in an accident, all holdings may be lost. Example scenario: A plane crash.

Advantages: All the management headache and technical difficulties of dealing with Bitcoin are handled by the bank. The customer does not have to think about it (or run the risk of his own incompetence / inexperience causing him to lose his bitcoin).

Note: Customer accounts may be mixed (held in multiple addresses along with other customers' deposits) or separate (each customer's holdings are held in a dedicated address). Advantage of separate = A customer can audit his bank account (its balance and transactions) via the Bitcoin blockchain. Advantage of mixed = A customer's holdings are less potentially discernible by a third party via the Bitcoin blockchain.



Approach 2: Decentralised.

The bank acts as a backup to customers who wish to retain primary control over their keys.

The bank stores all the keys as in approach 1. Customer accounts are not mixed - Each customer's bitcoin is held in a dedicated address. The customer holds his own key(s), possibly in a disguised manner (e.g. in two halves, each half backed up in several locations).

Rather than personally maintain a toolchain for creating transactions, the customer may prefer to rely on the bank to provide this service. Perhaps transactions should be made only when the holder is physically present.

Problems:
- The customer is exposed to the same risks as in approach 1.
- The bank is exposed to these additional risks:
-- a) Someone might steal the private key(s) from the customer's storage locations and take the bitcoin. Should the bank offer to insure the customer against the risk of this event? (Can the bank afford to?)
-- b) Someone might attack the customer and force them to reveal the storage locations and take the bitcoin.
-- c) The customer might transfer the bitcoin to a new address and claim that (a) or (b) had occurred. It would be difficult for the bank to determine the truth of the claim. This would matter if the bank offered insurance.
-- d) (a) might occur, but the customer might believe (or prefer to believe) that the bank has stolen his bitcoin.
- The customer is exposed to this additional risk:
-- The bank might steal the bitcoin from his account, and claim that (a) had occurred.

Advantages: In the event of some catastrophe (e.g. fire / flood / plane crash) destroying the bank, the customer can still retrieve his bitcoin.



A bank might offer both approach 1 and approach 2 as services, but charge a higher fee for approach 2, in order to compensate for the extra risk to which the bank is exposed. A customer might choose to hold some of his bitcoin in approach 1, some in approach 2, and some solely in his own possession.



Let's examine the utility of P2SH multisignature transactions.

P2SH addresses sacrifice some long-term security (see Notes on the security of P2SH multisignature addresses). However, following discussions with several people and some careful thought, I have become persuaded that while in theory they are less secure, attacking them in practice would be quite difficult.

P2SH addresses can be configured to require signatures from multiple private keys for any transaction. For example, a particular P2SH address might require signatures from at least 3 out of 5 specific keys.

Essentially, this makes a valid transaction require a committee vote instead of a unilateral action by one person.

In general, both the number of keys required and the total number of keys should be odd, so that there is never the possibility of a tie in the vote.

How can this be used in a bank?



Strategy 1: Any bank transaction requires 3 out of 5 critical staff members to sign it. Each critical staff member keeps their own key and doesn't share it with anyone else. Keys are never in the same room.

Advantages:
- Death of a single staff member is less of an issue.
- Much harder for a single staff member to steal from the bank.
- The successful theft of a single key by an external actor is much less consequential. The money can be moved to a new 3-out-of-5 P2SH address, and each staff member reissued with a corresponding new private key.

This strategy can also be used with multiple bank branches, not just staff members. Example: A withdrawal transaction must be signed by 3 out of 5 bank branches, and each branch is in a different country. Advantage: The bank is much less liable to pressure from a local government.



Strategy 2: Any transaction out of a bank account (e.g. withdrawal or payment or gift) requires 2 out of 3 signatures, where one key is held by the customer, one key is held by the bank, and one is held by another party e.g. lawyer / notary / auditor.

Advantages:
- The customer is protected against any internal problems (theft, death, etc) in the bank.
- The risk of attack / theft for all parties is much less, because it can be publicised that these tactics will be ineffective.
- The death of any party (or, equivalently, the physical loss of any party's keys) is not catastrophic. The bitcoin can be recovered.
- It is more difficult for the bank or the customer to steal the bitcoin and claim that an external actor was responsible. (Each would have to claim that at least two thefts were carried out.)

Problems:
- Each party is of course at risk of malicious collusion by the other two against them.
- The customer is of course exposed to the risk of catastrophe (deaths etc) falling on both counter-parties at approximately the same time, in which case the bitcoin might not be recoverable.
- All parties are exposed to the risk of reversal of the Bitcoin soft fork underlying the validity of P2SH addresses.



Strategy 3: Any bank transaction requires 3 out of 5 signatures, where the bank holds 3 keys (each in a separate branch) and the customer holds 2 in separate locations.

Advantages:
- The customer is protected against theft of his keys by an external actor. He can request a recovery from the bank.
- The customer is protected against theft of his bitcoin by a bank staff member. Three bank branches would have to cooperate in order to accomplish the theft.
- The bank must sign any transaction, and is therefore protected against the risk of the customer "stealing the bitcoin from himself" and claiming that the theft was performed by an external actor.



Other strategies are of course possible.



So: I can see that P2SH multisignature addresses could be a rather useful component of a banking system.

Before relying on them, however, I'd want to carefully map out the conditions under which the soft fork might be reversed, and whether I would have any warning, and what sort of emergency "move all the bank holdings to standard P2PKH addresses" plan would be needed.



Well, I've sketched out the necessary structure of a Bitcoin bank, and many of the possible variants, to my satisfaction.



In closing, I'd like to include a couple excerpts from the paper "The Bitcoin Reformation" by Tuur Demeester [8], which describe a historical example of a hard-money-based bank emerging on the periphery of the existing geopolitical system.

[Page 8]

DEPOSIT BANKING: FULL RESERVE, STRICT PROTOCOLS

In 1609 in the Netherlands, merchants and city officials collaborated to found the Amsterdam Wisselbank (AWB). It served two main purposes. First, to guard the gold and silver wealth carried by the many hundreds of merchant refugees from the Southern Netherlands and other territories. Second, it would issue internationally trusted, florin-denominated bank money and bills of exchange.

The level of security of the AWB at the time was unparalleled in the world. It was located in Amsterdam, a city protected by the Dutch Waterline, which formed a moat over 50 miles long. The bank's vault and operations were located at the town's most central and visible location: city hall. And the bank's organizational structure reflected a strong desire to be uncompromising in its fiduciary duties. The AWB counted four commissioners, and it was prohibited for the physical office to ever be staffed alone. The commissioners supervised four bookkeepers, four counter-bookkeepers, three receivers and a precious metal assayer. To prevent fraud, each of the bookkeepers was only responsible for a designated task. [9] The VOC trading company, arguably the most powerful economic entity of its day, was an AWB account holder and it only made payments through the Wisselbank. [10]

Despite a somewhat blemished track record as a full reserve bank, the reputation of the AWB was unparallelled in the 17th century, and its stability and reliability played a key role in the prosperity of the Dutch Republic. As late as 1820, Adam Smith in The Wealth of Nations praised the money of the Wisselbank for "its intrinsic superiority to currency". The AWB was not cheap: it charged a 1% annual storage fee for gold coin, as well as opening fees, transaction fees, and a 1.5% withdrawal fee. Overall, the advantages of the AWB's bank money were such that its banknotes carried an agio - they traded at a premium versus the actual gold and physical coins they were backed by.


[...]


[Page 16]

The combination of religious and commercial tolerance on the one hand, and a defensible territory surrounded by water on the other, proved to be a recipe for success, and for the next 200 years, the Netherlands and England are at the forefront of economic innovation and growth.