The Roots of Bitcoin
Before most people had even heard of the Internet, cryptographer David Chaum was concerned with online privacy. In his 1982 paper “Blind signatures for untraceable payments”, Chaum introduced an innovative“blind signatures”—an anonymous payment system on the Internet. Much like cash allows remaining anonymous in physical world financial transactions, blind signatures introduced anonymity to electronic transactions, hence the name eCash.
In 1989 Chaum founded a company called DigiCash, with eCash as its flagship product. Interest in digital money and payment systems was already significant at that time. In 1995, eCash was licensed to the Mark Twain Bank. In 1996, Deutsche Bank and Credit Suisse went on board. Later also Norske Bank and Bank Austria followed. The banks were experimenting but didn't really push the technology.
“It was hard to get enough merchants to accept it so that you could get enough consumers to use it, or vice versa”, Chaum told Forbes in 1999, after DigiCash filed for bankruptcy. This observation highlights the significance of the network effect for popularizing a new financial system.
Today coin-mixing services use blind signatures, unlike Bitcoin. From a design perspective, Bitcoin and eCash have little in common. eCash was centralized around DigiCash. Banks were necessary for account balances and transaction confirmations. eCash provided privacy but was not as censorship-resistant as Bitcoin. Although eCash didn’t get traction, it paved the way for future iterations of electronic money, as the first electronic cash system.
Adam Back, a British cryptographer, focused his postdoctoral efforts on fighting spam online. In 1997, a 26-year-old Back submitted his Hashcash proposal to The Cypherpunks mailing list. In his message described a stamp equivalent for emails called a “partial hash collision-based postage scheme”:
Hashing takes any data and turns it into a hexadecimal number of predetermined length. The fact that cryptographic hashes can be verified instantly, but add an overhead to generate, was the basis of making spam computationally too expensive to send. Adding a hashing stamp to a single email was unnoticeable for a normal user. But hashing millions of spam emails, made the operation so expensive computationally that impossible to perform in any reasonable period of time.
Back elaborated on his proposal in the Hashcash white paper, five years later. Today, we call the technology underlying Hashcash, proof-of-work. The obvious downside of Back's solution was that hashes could not be re-used, so in Money terms, they could not be re-spent.
Over the years we got used to digital abundance on the Internet, where every resource can be easily copied. Proof-of-work introduced digital scarcity that doesn’t rely on a central authority. Scarcity, being a prerequisite for money, is achieved by tying digital resources to computing power limited by the laws of physics.
Bitcoin security is tied to proof-of-work, which makes an attack on the network extremely expensive. It’s a simple method, easy to understand. Good luck understanding the security behind the proof-of-stake consensus protocol.
Wei Dai, an anonymous cryptographer, early noticed the problem with money systems using a central ledger, that it allows governments to control the flow of money through regulation, and proposed two alternative solutions.
One solution was that instead of a central authority controlling the ledger, all participants keep separate copies of the same ledger. After each transaction, everyone updates their records. Thesedecentralized ledgers contain public cryptographic keys with associated amounts. Such an approach prevents any single entity from blocking a transaction. A decentralized ledger is fundamental to Bitcoin design, introduced 10 years later by Satoshi Nakamoto.
Dai considered the first b-money solution as impractical, “because it makes heavy use of a synchronous and unjammable anonymous broadcast channel”, he explained. The first b-money proposal didn’t solve the double-spending problem.
In the second solution, Dai proposed that not everyone maintains a version of the ledger. Instead, we have two types of users: regular and servers, and only the servers would maintain the ledgers. When users want to verify the transaction, they verify it against a random subset of these servers. Dai proposed that “each server is required to deposit a certain amount of money in a special account to be used as potential fines or rewards for proof of misconduct”. The second b-money proposal resembles what we call today aproof-of-stake.
B-money significantly differed from Bitcoin in monetary policy. Part of Dai’s vision for b-money was a stable coin value, coupled with a theoretical basket of goods. The process of issuing new coins was based on computational proof-of-work related to the value of the basket of goods. The first person to produce a proof-of-work indicating the basket value would be credited new b-money.
Bitcoin monetary policy is simple. To bring coins into circulation, it initially issued 50 new bitcoins per block, a number which has been already halved twice and currently dropped to 6.25 BTC. This number will continue to decrease over time with every 210.000 blocks – until the year 2130 – when the total amount of bitcoin issued will reach 21 million.
B-money was never implemented, and Dai acknowledged that “b-money wasn't a complete practical design yet”. He didn't expect b-money to take off in a big way and saw b-money functioning next to the fiat financial system:
Nick Szabo is a computer scientist, cryptographer, and legal scholar, especially known for introducing the concept of “smart contracts” in his article for Extropy magazine. His writings are strongly inspired by economist Friedrich Hayek and introduce smart contracts as building blocks for digital markets. In smart contracts, advanced cryptography eliminates the need for trusted third parties.
Next to digital contracts, Nick Szabo also explored digital Money, as Internet money was a Holy Grail for Cypherpunks.
Clearly noticing the problem, Szabo wanted his creation to be both digital and scarce—a digital gold.
Szabo first came up with Bit Gold in 1998 and fully described his idea in 2005. Bit Gold was based on a proof-of-work mechanism introduced by Adam Back in Hashcash.
To track the ownership of digital assets, Szabo proposed a digital ownership registry, inspired by Hayek. The ownership was to be tracked by dedicated servers, similar to Wei Dai’s second b-money proposal. Instead of Dai’s proof-of-stake mechanism, Szabo proposed a “Byzantine Quorum System”, known from security-critical systems. For such a system to operate correctly, the majority of connected computers need to operate correctly.
In 2008 Szabo asked on his blog if anybody want to help implement his proposal. Nobody responded (publicly) to his question, and the initial proposal of Bit Gold was never implemented. Bit Gold served as a key inspiration for Satoshi Nakamoto, who published the Bitcoin white paper later that same year.
While Bit Gold depended on third parties for its servers and timestamp services, Bitcoin solves this problem entirely by proof-of-work serving as an award system and a consensus mechanism in one: the hash chain with the most proof-of-work is considered the valid version of history. Moreover, Bitcoin has a fixed inflation schedule, which is a much simplified monetary model compared to what Szabo proposed.
Reusable Proofs of Work
In the 1980s, after graduating from the California Institute of Technology, Hal Finey was part of the techno-libertarian movement called Extropians. Members of this group drew inspiration from Austrian economists and libertarian authors and embraced futuristic technologies as tools to propel humanity toward the next evolutionary stage.
Finney was an early adopter and enthusiast of the Web, who saw not only the possibilities but also the risks associated with open online communication and transactions, as being a possible threat to human freedom. In his vision, it was inevitable for Money to go digital.
The internet obviously needed digital money. When Finney discovered that David Chaum is already working on eCash he explained the project in Extropy, the magazine at the heart of the Extropians movement.
As a founding member of The Cypherpunks group, Hal Finney had the opportunity to review many of the early digital cash protocols. In Adam Back’s Hashcash proposal for an anti-spam system, each proof-of-work uniquely corresponded to a specific email, which meant that a Hashcash recipient couldn’t re-spend the same proof-of-work elsewhere. The lack of proof-of-work reusability was a potential waste of scarce energy from Finney’s perspective.
In 2004, Finney proposed a digital currency system called Reusable Proofs of Work (RPOW), which was a simplified version of Bit Gold and used Hashcash’s proof-of-work for currency generation.
Szabo and Dai didn’t implement their proposals, but Finney built a prototype. In his implementation, tokens representing a single proof of work could circulate indefinitely as a reusable proof of work. The obvious downside of his implementation was that it required trust in the operator of the RPOW server (verifying if the coins weren’t double spent), which could not only be censored but also taken down, rendering the circulating tokens useless. Finney didn’t want the users to trust the operator of the RPOW server, even if it was himself.
Where Szabo and Dai attempted to solve the inflation problem with layers of added complexity, Finney just accepted the inflation. This simplified design might have contributed to the project never taking off. Without financial incentive, there was no reason to hold RPOW tokens in the first place, so the project faced the chicken-egg problem and didn’t build the networking effect.
In October 2008, Satoshi Nakamoto announced Bitcoin through The Cypherpunks mailing list. Bitcoin was based on Hashcash’s proof-of-work mechanism, but unlike RPOW, it didn’t depend on any central server. The Cypherpunks didn’t give Bitcoin much attention, as they early noticed that:
- transactions weren’t instant,
- adversaries with a lot of computing power could overpower the system, and
- the solution didn’t appear to be very scalable.
Even with those clear limitations, Bitcoin seemed to Finney very promising. He especially liked “the idea of basing security on the assumption that the CPU power of honest participants outweighs that of the attacker. […] I also do think that there is potential value in a form of unforgeable token whose production rate is predictable and can't be influenced by corrupt parties”. RPOW tokens were losing value over time, and Bitcoin solved a big problem. Contemplating Bitcoin, Finney wrote:
Finney noticed that the tokens could have value. Even if just speculative value at first. When Bitcoin launched, in early 2009, Finney was one of the first miners on the network, and he became the first person in the world to receive a Bitcoin transaction, from Satoshi Nakamoto himself.
The oldest roots of Bitcoin track back to the late 1980s. All those early digital money projects weren’t failures – there were lessons, that Satoshi Nakamoto learned from. Bitcoin is a technological equilibrium that becomes only stronger with time.
- "The Genesis Files: How David Chaum's eCash Spawned a Cypherpunk Dream" by Aaron van Vidrum, The Bitcoin Magazine, April 24, 2018
- "The Genesis Files: Hashcash or How Adam Back Designed Bitcoin's Motor Block" by Aaron van Vidrum, The Bitcoin Magazine, June 4, 2018
- "The Genesis Files: If Bitcoin Had the First Draft, Wei Dai's B-Money Was It" by Aaron van Vidrum, The Bitcoin Magazine, June 14, 2018
- "The Genesis Files: With Bit Gold, Szabo Was Inches Away From Inventing Bitcoin" by Aaron van Vidrum, The Bitcoin Magazine, July 12, 2018
- "The Genesis Files: How Hal Finney's Quest For Digital Cash Led to RPOW (and More)" by Aaron van Vidrum, The Bitcoin Magazine, August 28, 2020