Bitmaster logo

The Roots of Bitcoin

Bitcoin is not the first Internet money – it’s the first digital money that works. The fact that Bitcoin is running non-stop for 14 years is the result of over 30 years of prior research. Let’s analyze the roots of this most reliable financial network.

eCash

Before most people had even heard of the Internet, cryptographer David Chaum was concerned with online privacy. In his 1982 paper Blind signatures for untraceable payments”, Chaum introduced an innovative“blind signatures”—an anonymous payment system on the Internet. Much like cash allows remaining anonymous in physical world financial transactions, blind signatures introduced anonymity to electronic transactions, hence the name eCash.

“You can pay for access to a database, buy software or a newsletter by email, play a computer game over the net, receive $5 owed you by a friend, or just order a pizza. The possibilities are truly unlimited.”
– David Chaum describing eCash at the first CERN conference in 1994

In 1989 Chaum founded a company called DigiCash, with eCash as its flagship product. Interest in digital money and payment systems was already significant at that time. In 1995, eCash was licensed to the Mark Twain Bank. In 1996, Deutsche Bank and Credit Suisse went on board. Later also Norske Bank and Bank Austria followed. The banks were experimenting but didn't really push the technology.

“It was hard to get enough merchants to accept it so that you could get enough consumers to use it, or vice versa”, Chaum told Forbes in 1999, after DigiCash filed for bankruptcy. This observation highlights the significance of the network effect for popularizing a new financial system.

Today coin-mixing services use blind signatures, unlike Bitcoin. From a design perspective, Bitcoin and eCash have little in common. eCash was centralized around DigiCash. Banks were necessary for account balances and transaction confirmations. eCash provided privacy but was not as censorship-resistant as Bitcoin. Although eCash didn’t get traction, it paved the way for future iterations of electronic money, as the first electronic cash system.

Hashcash

Adam Back, a British cryptographer, focused his postdoctoral efforts on fighting spam online. In 1997, a 26-year-old Back submitted his Hashcash proposal to The Cypherpunks mailing list. In his message described a stamp equivalent for emails called a “partial hash collision-based postage scheme”:

“The idea of using partial hashes is that they can be made arbitrarily expensive to compute, and yet can be verified instantly.”
– Adam Back

Hashing takes any data and turns it into a hexadecimal number of predetermined length. The fact that cryptographic hashes can be verified instantly, but add an overhead to generate, was the basis of making spam computationally too expensive to send. Adding a hashing stamp to a single email was unnoticeable for a normal user. But hashing millions of spam emails, made the operation so expensive computationally that impossible to perform in any reasonable period of time.

Back elaborated on his proposal in the Hashcash white paper, five years later. Today, we call the technology underlying Hashcash, proof-of-work. The obvious downside of Back's solution was that hashes could not be re-used, so in Money terms, they could not be re-spent.

Over the years we got used to digital abundance on the Internet, where every resource can be easily copied. Proof-of-work introduced digital scarcity that doesn’t rely on a central authority. Scarcity, being a prerequisite for money, is achieved by tying digital resources to computing power limited by the laws of physics.

Bitcoin security is tied to proof-of-work, which makes an attack on the network extremely expensive. It’s a simple method, easy to understand. Good luck understanding the security behind the proof-of-stake consensus protocol.

B-Money

Wei Dai, an anonymous cryptographer, early noticed the problem with money systems using a central ledger, that it allows governments to control the flow of money through regulation, and proposed two alternative solutions.

"Efficient cooperation requires a medium of exchange (money) and a way to enforce contracts."
– Wei Dai in 1998

One solution was that instead of a central authority controlling the ledger, all participants keep separate copies of the same ledger. After each transaction, everyone updates their records. Thesedecentralized ledgers contain public cryptographic keys with associated amounts. Such an approach prevents any single entity from blocking a transaction. A decentralized ledger is fundamental to Bitcoin design, introduced 10 years later by Satoshi Nakamoto.

Dai considered the first b-money solution as impractical, “because it makes heavy use of a synchronous and unjammable anonymous broadcast channel”, he explained. The first b-money proposal didn’t solve the double-spending problem.

In the second solution, Dai proposed that not everyone maintains a version of the ledger. Instead, we have two types of users: regular and servers, and only the servers would maintain the ledgers. When users want to verify the transaction, they verify it against a random subset of these servers. Dai proposed that “each server is required to deposit a certain amount of money in a special account to be used as potential fines or rewards for proof of misconduct”. The second b-money proposal resembles what we call today aproof-of-stake.

B-money significantly differed from Bitcoin in monetary policy. Part of Dai’s vision for b-money was a stable coin value, coupled with a theoretical basket of goods. The process of issuing new coins was based on computational proof-of-work related to the value of the basket of goods. The first person to produce a proof-of-work indicating the basket value would be credited new b-money.

Bitcoin monetary policy is simple. To bring coins into circulation, it initially issued 50 new bitcoins per block, a number which has been already halved twice and currently dropped to 6.25 BTC. This number will continue to decrease over time with every 210.000 blocks – until the year 2130 – when the total amount of bitcoin issued will reach 21 million.

B-money was never implemented, and Dai acknowledged that “b-money wasn't a complete practical design yet”. He didn't expect b-money to take off in a big way and saw b-money functioning next to the fiat financial system:

“I think b-money will at most be a niche currency/contract enforcement mechanism, serving those who don't want to or can't use government sponsored ones”
– Wei Dai

Bit Gold

Nick Szabo is a computer scientist, cryptographer, and legal scholar, especially known for introducing the concept of “smart contracts” in his article for Extropy magazine. His writings are strongly inspired by economist Friedrich Hayek and introduce smart contracts as building blocks for digital markets. In smart contracts, advanced cryptography eliminates the need for trusted third parties.

“Trusted third parties are security holes.”
– Nick Szabo

Next to digital contracts, Nick Szabo also explored digital Money, as Internet money was a Holy Grail for Cypherpunks.

C“The problem, in a nutshell, is that our money currently depends on trust in a third party for its value. (…) As many inflationary and hyperinflationary episodes during the 20th century demonstrated, this is not an ideal state of affairs.”
– Nick Szabo

Clearly noticing the problem, Szabo wanted his creation to be both digital and scarce—a digital gold.

“Precious metals and collectibles have an unforgeable scarcity due to the costliness of their creation. This once provided money the value of which was largely independent of any trusted third party. Precious metals have problems, however. […] Thus, it would be very nice if there were a protocol whereby unforgeably costly bits could be created online with minimal dependence on trusted third parties, and then securely stored, transferred, and assayed with similar minimal trust. Bit gold.”
– Nick Szabo

Szabo first came up with Bit Gold in 1998 and fully described his idea in 2005. Bit Gold was based on a proof-of-work mechanism introduced by Adam Back in Hashcash.

To track the ownership of digital assets, Szabo proposed a digital ownership registry, inspired by Hayek. The ownership was to be tracked by dedicated servers, similar to Wei Dai’s second b-money proposal. Instead of Dai’s proof-of-stake mechanism, Szabo proposed a “Byzantine Quorum System”, known from security-critical systems. For such a system to operate correctly, the majority of connected computers need to operate correctly.

In 2008 Szabo asked on his blog if anybody want to help implement his proposal. Nobody responded (publicly) to his question, and the initial proposal of Bit Gold was never implemented. Bit Gold served as a key inspiration for Satoshi Nakamoto, who published the Bitcoin white paper later that same year.

While Bit Gold depended on third parties for its servers and timestamp services, Bitcoin solves this problem entirely by proof-of-work serving as an award system and a consensus mechanism in one: the hash chain with the most proof-of-work is considered the valid version of history. Moreover, Bitcoin has a fixed inflation schedule, which is a much simplified monetary model compared to what Szabo proposed.

Reusable Proofs of Work

In the 1980s, after graduating from the California Institute of Technology, Hal Finey was part of the techno-libertarian movement called Extropians. Members of this group drew inspiration from Austrian economists and libertarian authors and embraced futuristic technologies as tools to propel humanity toward the next evolutionary stage.

Finney was an early adopter and enthusiast of the Web, who saw not only the possibilities but also the risks associated with open online communication and transactions, as being a possible threat to human freedom. In his vision, it was inevitable for Money to go digital.

“One concern I have is that the move to electronic payments will decrease personal privacy by making it easier to log and record transactions. Dossiers could be built up which would track the spending patterns of each of us”
– Hal Finney in his 19 August 1993 essay

The internet obviously needed digital money. When Finney discovered that David Chaum is already working on eCash he explained the project in Extropy, the magazine at the heart of the Extropians movement.

“Cryptography can make possible a world in which people have control over information about themselves, not because government has granted them that control, but because only they posses the cryptographic keys to reveal that information.”
– Hal Finney, 1992

As a founding member of The Cypherpunks group, Hal Finney had the opportunity to review many of the early digital cash protocols. In Adam Back’s Hashcash proposal for an anti-spam system, each proof-of-work uniquely corresponded to a specific email, which meant that a Hashcash recipient couldn’t re-spend the same proof-of-work elsewhere. The lack of proof-of-work reusability was a potential waste of scarce energy from Finney’s perspective.

In 2004, Finney proposed a digital currency system called Reusable Proofs of Work (RPOW), which was a simplified version of Bit Gold and used Hashcash’s proof-of-work for currency generation.

Szabo and Dai didn’t implement their proposals, but Finney built a prototype. In his implementation, tokens representing a single proof of work could circulate indefinitely as a reusable proof of work. The obvious downside of his implementation was that it required trust in the operator of the RPOW server (verifying if the coins weren’t double spent), which could not only be censored but also taken down, rendering the circulating tokens useless. Finney didn’t want the users to trust the operator of the RPOW server, even if it was himself.

Where Szabo and Dai attempted to solve the inflation problem with layers of added complexity, Finney just accepted the inflation. This simplified design might have contributed to the project never taking off. Without financial incentive, there was no reason to hold RPOW tokens in the first place, so the project faced the chicken-egg problem and didn’t build the networking effect.

Bitcoin

In October 2008, Satoshi Nakamoto announced Bitcoin through The Cypherpunks mailing list. Bitcoin was based on Hashcash’s proof-of-work mechanism, but unlike RPOW, it didn’t depend on any central server. The Cypherpunks didn’t give Bitcoin much attention, as they early noticed that:

  • transactions weren’t instant,
  • adversaries with a lot of computing power could overpower the system, and
  • the solution didn’t appear to be very scalable.

Even with those clear limitations, Bitcoin seemed to Finney very promising. He especially liked “the idea of basing security on the assumption that the CPU power of honest participants outweighs that of the attacker. […] I also do think that there is potential value in a form of unforgeable token whose production rate is predictable and can't be influenced by corrupt parties”. RPOW tokens were losing value over time, and Bitcoin solved a big problem. Contemplating Bitcoin, Finney wrote:

“As an amusing thought experiment, imagine that Bitcoin is successful and becomes the dominant payment system in use throughout the world. Then the total value of the currency should be equal to the total value of all the wealth in the world. Current estimates of total worldwide household wealth that I have found range from $100 trillion to $300 trillion. With 20 million coins, that gives each coin a value of about $10 million.”
– Hal Finney

Finney noticed that the tokens could have value. Even if just speculative value at first. When Bitcoin launched, in early 2009, Finney was one of the first miners on the network, and he became the first person in the world to receive a Bitcoin transaction, from Satoshi Nakamoto himself.

Magic Money

The oldest roots of Bitcoin track back to the late 1980s. All those early digital money projects weren’t failures – there were lessons, that Satoshi Nakamoto learned from. Bitcoin is a technological equilibrium that becomes only stronger with time.



Bibliography