Bitcoin - I’ve been working on a new electronic cash system that’s fully peer-to-peer, with no trusted third party. The main properties: Double-spending is prevented with a peer-to-peer network. No mint or other trusted parties. Participants can be anonymous. New coins are made from Hashcash style proof-of-work. The proof-of-work for new coin generation also powers the network to prevent double-spending.
—Satoshi Nakamoto’s announcement of Bitcoin, The Cryptography and Cryptography Policy Mailing List, November 1, 2008
With this message, an anonymous person or group posting under the name Satoshi Nakamoto started the revolution known to the public as Bitcoin.
When the Internet first came into the public’s consciousness, people instantly began wondering how Internet commerce would be handled. A lot of people could see the potential of selling goods through the Internet, since—as I noted earlier—systems that enabled home shopping through computer terminals had been around since the 1970s. The problem was that there wasn’t a system that made transactions on the Internet secure.
If you wanted to buy something from someone, you had to send them your credit card number through email, and hope that they wouldn’t overcharge you and that the email would not be intercepted or compromised. This situation was not ideal—and without established, legitimate companies doing business online, the thought of handing out your credit card information to an anonymous individual on the Internet was seen as naïve at best and insane at worst.
Even before Internet usage became widespread, people were already working on a solution to this problem. A common proposal was to create a currency for the Internet that could operate separately from the fiat (or government-issued currency) world. Bitcoin was not the first attempt to create such a currency. Several other digital currencies were attempted before Satoshi Nakamoto published the Bitcoin white paper in 2008.
The primary goal of all digital currencies, including Bitcoin, is to make the transaction safe. There isn’t much point to a digital currency if it can be replicated or spent in two places at once or anything else that would enable someone to spend more than they legitimately own. In order for a digital currency to function, people need to have faith in its value, and they won’t if it has security flaws.
This concern can only be alleviated if there is some level of accountability for the participants. Something has to make sure that each user isn’t acting maliciously. Not in a Big Brother sense with some entity looking over our transactions, but simply in that the network needs to make sure every account has the value it is trying to spend.
David Chaum created the first somewhat successful Internet-powered currency: Digicash. Chaum was an early Internet pioneer and had written about the electronic cash concept in 1983, years before the first web browser was released to the public. There were three features that Chaum saw as critical to an electronic cash system and they would eventually be incorporated into Digicash. In his 1983 paper “Blind Signatures for Untraceable Payments,” published in Advances in Cryptology: Proceedings of Crypto 82, he laid out what he saw as the core requirements of an electronic cash system:
1) Inability of third parties to determine payee, time, or amount of payments made by an individual
2) Ability of individuals to provide proof of payment or determine the identity of the payee under exceptional circumstances
3) Ability to stop use of payments media-reported as stolen
What is missing from these core requirements is the concept of decentralization. Indeed, Bitcoin would become the first electronic cash system that relies on a decentralized system rather than a centralized one. Digicash, Chaum’s invention, relied heavily on centralized structures.
The blinded signature function Chaum wrote about in 1983 worked as follows. A user would request a digital token, basically a string of code with a unique identifier that would be redeemable at a bank for some predetermined value. The bank would digitally hand the token to the user, who would attach a blind serial number (or signature) to it that the bank would not see. The bank would then sign the token without seeing what the serial number was. The user would then reveal the serial number before sending it to a merchant. The merchant would take the token to the bank that issued it, which would have a ledger of all claimed serial numbers.
Unfortunately, this process could not reliably prevent the dreaded double-spend attack. A user could, in theory, spend a token at one merchant and then spend that same token at another. If the user could get away with the item he or she purchased before the merchant was able to send the token to the bank and find out whether it was on their ledger, the user would have successfully spent that coin twice.
When the company Digicash went live in 1990 and launched Chaum’s “ecash,” the proposed solution to this potential problem was to eliminate the anonymity of the payee if that payee was acting maliciously. The user would send personal information to the bank, which would then be encrypted and attached to the token. The merchant would be unable to see the information but if a token were spent twice, the second token would become slightly different. The bank could use that information to unmask the double-spending user. One flaw of this system was the payee’s vulnerability. In cases of a hacked account or a fraudulently acting bank, a completely innocent party could not only have their money stolen but also suffer the public shame of being accused of stealing.
Since it was not distributed and David Chaum was publicly known, Digicash had no choice but to operate within the boundaries set by the legal system. Making ecash traceable was essential in gaining the support and approval of governments and banks. There were concerns about blackmail, money laundering, and terrorism funding, so Digicash had to make its ecash work in a way that would allow for the removal of anonymity in certain circumstances.
The idea that any third party with authority could strip anonymity away is sacrilegious in the Bitcoin community today. But Chaum should be cut some slack—it was a different time. Anonymity was secondary to making sure Digicash’s ecash worked at all. And it would not be able to work without support from banks and governments, who wanted some recourse in case of criminal activity.
Digicash and its ecash lasted a while but never caught on, though it did come close multiple times. According to reports, it was close to signing deals with Citibank, Visa, and Microsoft. It has even been said Microsoft was offering $180 million to put Digicash into Windows 98, but I could not find any reliable sources to confirm this. In the end, those deals fell through, due more to business failings than technical ones.
Whatever the reason, Digicash’s ecash never took off. Not enough merchants accepted it, not enough banks utilized it, and as encryption methods started allowing people to conduct business online with credit cards, consumers didn’t see much use for it. Digicash toiled in obscurity, remaining stagnant and overconfident in the superiority of its technology to all others. The Internet, meanwhile, went ahead and grew up without it. By the time Digicash had filed for bankruptcy and was liquidated in 1998, ecommerce had become big business and web wallets similar to PayPal were well on their way to prominence.
After the failure of Digicash, not much happened in the cryptocurrency space. Instead, services like PayPal arose, giving users the ability to send money to each other without having to interact directly with a bank. They still had to go through PayPal, but that process seemed less intrusive and PayPal made it easy. You didn’t have to write down a long string of random digits to record the bank’s routing and account numbers; you just needed an email address. And you didn’t need to expose personal details to other parties. The emergence of PayPal was crucial, because even though the number of companies you could trust with your credit card information online was expanding, it was already apparent that smaller vendors would remain a force on the Internet, especially through rapidly growing services like eBay.
There were a few other cryptocurrency attempts, however, the most prominent of which was E-gold. E-gold was a digital currency backed by—you guessed it—gold. The company held actual gold bullion that backed its digital currency. It was started in 1995 by a former oncologist named Douglas Jackson; it breathed its last in 2009. Before Bitcoin, E-gold was undoubtedly the Internet’s most successful currency, but it all depended on Jackson. When he pleaded guilty to money laundering and running an unlicensed money-transmitting business, the currency was dead. He tried to revive it after getting released from house arrest by falling in line with regulations, but by that time it was too late.
A Wired article from 2009 describes Jackson’s vision for the currency:
As Jackson envisioned it, E-gold was a private, international currency that would circulate independent of government controls, and stand impervious to the market’s highs and lows. Brimming with evangelical enthusiasm, Jackson proclaimed it a cure for the modern monetary system’s ills and described it at one point as “an epochal change in human destiny” and “probably the greatest benefit to humanity that’s ever been thought of.”
This doesn’t sound all that different from what Bitcoin enthusiasts say about their currency. Indeed, the crowd that was first attracted to E-gold was quite similar to the people who first adopted Bitcoin: gold bugs, libertarians, privacy advocates and, yes, criminals.
E-gold was mentioned in a 2005 article in the New York Times about online criminals selling stolen credit cards. According to the article, they were using E-gold as their preferred method of payment because of its global reach and anonymous accounts. By this time, E-gold had become the second-largest online payment service, second only to the rapidly growing PayPal.
It wasn’t just card thieves who were attracted to E-gold. Ponzi schemes were common with E-gold. Jackson worked with authorities and complied with government requests for information on user accounts—as it turned out, E-gold was not very anonymous if Jackson wanted to reveal a user’s identity. But the Secret Service, which was investigating the stolen credit card numbers, decided not to work with Jackson and sought to bring E-gold into the regulated space along with the likes of MoneyGram and Western Union. Jackson, meanwhile, didn’t think his company should be subject to those kinds of regulations.
The government thought otherwise and he was charged with conspiracy to operate an unlicensed money-transmitting service and conspiracy to commit money laundering. And that was the end of E-gold.
It was at this time that a little upstart technology was emerging on the scene: Bitcoin. Before Bitcoin could be created, though, there were a few issues that needed solving. In 2008, months before Nakamoto would publish his white paper describing Bitcoin, Nick Szabo had proposed something quite similar, which he called bit gold. Bit gold was never actually created. Instead, it was a proposal that incorporated nearly all of Bitcoin’s major characteristics. This similarity, it should be noted, is why Nick Szabo is one of a handful of credible candidates as the real identity of Satoshi Nakamoto.
Unlike E-gold, Digicash and the other early attempts at electronic cash, bit gold would have been decentralized. It would have had a time-stamped public ledger and a limited hard set quantity. The problem that no one had been able to solve with a decentralized ledger is called the Byzantine Generals problem. I find its traditional explanation to be unnecessarily complex.
The problem boils down to this: a network in which information has to be propagated by its participants relies on the honesty of these participants. If they are not honest, incorrect information could be propagated through the network by honest actors who had been fed incorrect information by the dishonest ones.
Proof-of-work, pioneered by Nick Szabo and perfected by Nakamoto, addresses this problem. Every transaction is time-stamped and includes a hash of the transaction before it, which, again, includes a timestamp and a hash of the transaction before it. Therefore, if a malicious actor wanted to propagate a new chain, he or she would have to go back in the ledger to the transaction they wanted changed and then remove the subsequent transactions and recalculate all the work that happened after that point.
Otherwise, the hash of each subsequent transaction would not match mathematically. So if that malicious party wanted to catch up to the legitimate chain, he or she would have to be faster at mathematical equations than the group of people working on the legitimate chain together.
In real-world terms, this means a miner trying to issue a false blockchain and have it accepted would have to have more computational power than the miners working on the legitimate chain. In order to remain secure, there needs to be more computational power working on the legitimate blockchain than there are malicious actors working on any single false chain. This is where something called the theoretical “51% attack” comes in, which I explain below.
The one problem with the bit gold solution was that it would have used the number of participants rather than the amount of computational power behind a ledger to determine its validity. This would have made any currency based on the bit gold proposal vulnerable to a so-called Sybil attack, in which a malicious actor could make multiple pseudonyms and then use all of them to propagate a modified ledger.
Bitcoin, instead, relies on how much computational power is put behind the ledger, meaning it is only vulnerable to a 51% attack, in which a malicious actor would have to be responsible for more than 51% of the network’s hashing power in order to propagate an incorrect ledger. Putting together this kind of computational power is a virtual impossibility and would cost hundreds of millions of dollars. In addition, the hashing power on the network is growing all of the time, making a 51% attack less likely as the network grows.
Despite this one relatively minor difference, Nick Szabo’s bit gold is sometimes called the genesis point for Bitcoin. In his original 2005 blog post, Szabo did not mention anonymity but he did mention two ideas that are now considered the main tenets of Bitcoin’s economic philosophy: decentralization and resistance to inflation. The post starts and finishes with these ideas:
A long time ago I hit upon the idea of bit gold. The problem, in a nutshell, is that our money currently depends on trust in a third party for its value. As many inflationary and hyperinflationary episodes during the 20th century demonstrated, this is not an ideal state of affairs. [ … ] In summary, all money mankind has ever used has been insecure in one way or another. This insecurity has been manifested in a wide variety of ways, from counterfeiting to theft, but the most pernicious of which has probably been inflation. Bit gold may provide us with a money of unprecedented security from these dangers.
In fact, while he did not use the actual term “bit gold” in his previous non-mailing list writings, Szabo did get close to the concept even before 2005. In 1999, he posted about the “God Protocol,” a concept that borrowed heavily from Wei Dai’s B-money proposal. This was offered by Dai on the Cypherpunk mailing list in 1998. It suggested using hashcash—a system that prevents email spam by requiring extra computational power to be used to send emails, making spam too expensive—to create rarity in cryptocurrencies, one of the most important features used in Bitcoin today. It is rarity that allows Bitcoin to have a supply-and-demand dynamic.
The God Protocol was a proposal to replace a third-party central server with an automated virtual third party. It used early concepts of cloud computing and, had it been implemented, would have likely become a proto-version of today’s autonomous corporation—a digital corporation that can function with little or no human input—which many people imagine is next in Bitcoin. The God Protocol was intended as a solution for smart contracts—another concept later revived by Bitcoin. Szabo writes in his blog:
[Network security theorists] have developed protocols that create virtual machines between two or more parties. Multi-party secure computation allows any number of parties to share a computation, each learning only what can be inferred from their own input and the output of the computation. These virtual machines have the exciting property that each party’s input is held in strict confidence from the other parties. The program and the output are shared by the parties.
For example, we could run a spreadsheet across the Internet on this virtual computer. We would agree on a set of formulas and set up the virtual computer with these formulas. Each participant would have their own input cells, which remain blank on the other participants’ computers. The participants share output cell(s). Each participant inputs their own private data into their input cells. Alice could only learn as much about the other participants’ input cells as she could infer from her own inputs and outputs.
You can see how that concept could have evolved into something not unlike the blockchain. When you add the cryptography of PGP, Digicash’s tokens and the B-money concept of using the CPU computational power to create scarcity, you start to see something approaching a cryptocurrency similar to Bitcoin.
It wasn’t until Nick Szabo’s bit gold post that all those ideas were brought together. But there were still some issues. The aforementioned potential Sybil attack had not been addressed, nor had anyone conceived of the idea of putting the “unforgeable chain” (as Szabo called it) onto every client’s (or at least, enough clients’) individual computer. Instead, he envisioned “several different timestamp services,” perhaps automated as described in the God Protocol, and there was no mention of a pure peer-to-peer system.
Overall, there wasn’t a lot of progress in the cryptocurrency space from the mid-1990s to the mid-2000s. This lack of progress is not unreasonable. There simply weren’t a lot of people working on it at the time. Many saw it as a pipe dream, having been let down by Digicash or E-gold. Others thought that a currency couldn’t survive unless it was backed by a commodity like gold or silver. Still others feared that any attempt would be met with strong government resistance.
They weren’t wrong about that last point. E-Gold was eventually shut down by the US government. Digicash was not, but consumer demand never kept up with its lofty goals and the issues related to its centralized aspects made it unattractive to many cryptographers as a concept—so even if it could have been revived, very few people were working on it.
On November 1, 2008, the cryptocurrency/electronic cash movement was reborn with Bitcoin. It was initially met with skepticism. The Bitcoin community is far from unified today and that was the case from the get-go. Satoshi Nakamoto, whoever he, she, or they are, did a great job calmly replying to each question and criticism.
I do not want to get too deep into speculation about Satoshi Nakamoto’s real identity, because it has been written about ad nauseam already. No conclusions have been reached and the mystery will likely persist until and unless Nakamoto reveals himself. And even then, I presume the debate will continue in some corners of the web.
The prime suspects include Hal Finney, a cryptographer who was influential in applying the idea of reusable proof-of-work to emoney, which was cited in Szabo’s bit gold proposal. He was also the recipient of the first-ever Bitcoin transaction. The aforementioned Wei Dai was still involved in cryptography after the B-money proposal and so is a prime suspect. There is, of course, the long-held theory that Satoshi Nakamoto is/was Nick Szabo, who wrote publicly about concepts very similar to Bitcoin. There is also David Chaum, who certainly had the necessary experience and perhaps wanted to show the world that electronic cash was viable. Adam Back invented hashcash and commented on the B-money proposal when it was first proposed in the Cypherpunk mailing list, so he can’t be ruled out either.
A man named Dorian Prentice Satoshi Nakamoto, who was living in a small house in California, was once “outed” as the real Satoshi Nakamoto by Newsweek in a highly controversial cover story. When the article came out, Satoshi Nakamoto’s email came back to life, only to post on the Bitcoin developer mailing list that he was “not Dorian Nakamoto.” It wasn’t digitally signed, however, so the email was likely from someone with Nakamoto’s email account and not Nakamoto him/her/themselves.
All of the popular candidates have denied being the real Satoshi Nakamoto.
Of the main suspects, I think Szabo is the most likely candidate and Dorian Nakamoto is the least likely. But I believe it is more likely that Nakamoto is some sort of combination of Szabo, Finney, Dai, and Adam Back. I’m not saying they are the creators of Bitcoin, only that those individuals were the ones most active in working toward something akin to Bitcoin and had the tools to do it. It is just as possible, however, that it wasn’t any one of them, as there were numerous anonymous people posting on the Cypherpunk mailing list at the time and a few of them expressed an interest.
The identity of Nakamoto pales in significance to the fact that the Bitcoin white paper was published. Not long after the 2008 post, Bitcoin was launched. Nakamoto already had the code ready and claimed that he had worked on it for two years prior to the release of the white paper.
On January 3, 2009, the genesis block (i.e., the first block in a blockchain) of Bitcoin was established. On January 9, v0.1 of Bitcoin was released through the cryptography mailing list. On January 12, the first transaction took place between Satoshi Nakamoto and Hal Finney, and the Bitcoin revolution was underway.
There were a few more milestones that are worth mentioning. On October 5, 2009, the first exchange rate for Bitcoin was established by the New Liberty Standard website based on the cost of electricity it took to create a bitcoin during the mining process with the “difficulty level” at that time. (The difficulty level refers to how hard it is for a computer to solve the computations that run Bitcoin; more on this in the mining chapter.) One dollar equaled 1,309.03 bitcoins (BTC) so that each bitcoin equaled approximately $0.00076, according to their algorithm. Some Bitcoin users objected, saying that the price was too high.
On May 22, 2010, the first public exchange of Bitcoin for a physical good occurred in what has affectionately been named “pizza day” in the Bitcoin community. BitcoinTalk user laszlo sent 10,000 BTC to user jercos, who used his credit card to have approximately $25 worth of pizza delivered to laszlo.
In July 2010, the soon-to-be-infamous Mt. Gox exchange was launched, giving users a central place to buy and sell bitcoins quickly, eventually leading to a massive price increase to $0.06 per bitcoin.
Less than a year later, on February 9, 2011, Bitcoin reached parity with the US dollar, causing multiple media outlets to report on the new currency and bringing in a tidal wave of new users.
On July 26, 2011, a bar in Berlin called Room77, which advertises “warm beer, cold women, and fast food made slowly,” started accepting Bitcoin, which it continues to do to this day. By March 2013, the price of a bitcoin had reached $100 and Bitcoin had a market cap of more than $1 billion. No one was sure of Bitcoin’s future at this point but most enthusiasts were fairly confident it was not going away anytime soon.
Eventually, the price skyrocketed again. Unfortunately, this event coincided with the infamous Mt. Gox failure—more on this in a later chapter—which brought the price down once again. Since that time, Bitcoin has been more stable than it was during the Mt. Gox era, but it also declined steadily until late 2015 when a consistent rise in Bitcoin’s price began. The price briefly dipped under $200 in early January 2015 but has since rebounded, holding at around $220 to $250 for months before suddenly skyrocketing to more than $450 in early November 2015. The current rally will undoubtedly have passed by the time you read this book but as I write, everyone is wondering if this might be the next massive jump.
But if Bitcoin’s history can tell us anything, it is that it can function at any price level. People are invested in Bitcoin and they are going to see that it is used in the future, even if only by tiny niche economies that the likes of PayPal and Apple Pay are unable to touch. That idea won’t please investors; they want Bitcoin to be used by everyone, everywhere.
That could happen. It seems almost inevitable that Bitcoin or some sort of blockchain technology will be used to modernize the financial world, but it could also go the opposite way and only be used by the people who absolutely need it. In that case, the price may never reach the lofty predictions of the Bitcoin faithful. However, the technology itself will go on; it is just as easy to send a bitcoin worth a dollar as it is to send one worth $1,000. In either case, the technology will be up to the task. It has proven to be extremely versatile and there are very few reasons to think this will change.
