The last article in this series covered cypherpunks and their ultimate dream to build un-censorable digital money. No doubt you’re wondering how they went about that process. Read on to find out…
While digital money was a great idea, the cypherpunks were going to have to crack a very old problem — one that no one had ever cracked before: The double-spend problem.
The double-spend problem
When we exchange physical money, it is easy for us to verify whether a bill is real or counterfeit. However, the same cannot be said for digital money.
Digital money is represented as a series of bits stored on a hard drive. In order to send this series of bits from one person to the next, we send it over the internet in a secure message.
However, what’s to prevent a sender from sending the same digital money to two different people on the internet? So long as the recipients don’t know each other, it is totally possible for the sender to “double-spend” the money.
The only way this kind of criminal behavior could be stopped is if there were a central party responsible for verifying the authenticity of each transaction message.
But remember, the cypherpunks were trying to build a decentralized digital currency that could not be controlled or manipulated by any central authority.
At the time, it seemed like an intractable problem to solve, though the cypherpunks weren’t about to give up.
Let’s take a look at some of the early attempts the cypherpunks made at building such a technology.
Hal Finney was a computer programmer from CalTech who helped Phil Zimmerman develop PGP, which we learned about in the last post. Finney was a prominent cryptographic activist and was active in the cypherpunk mailing list and several other anonymous remailers.
He was a strong proponent of digital cash and privacy, as he explained in this blog post in August 1993.
“Already, when I order something over the phone or electronically using my Visa card, a record is kept of exactly how much I spent and where I spent it. As time goes on, more transactions may be done in this way, and the net result could be a great loss of privacy.
Paying in cash is still possible through the mail, but it is insecure and inconvenient. I think that the convenience of credit and debit cards will overcome most people’s privacy concerns and that we will find ourselves in a situation where great volumes of information exist about people’s private lives.”
Finney went on to propose a way to build digital cash:
“This is a place that I could see digital cash playing a role. Imagine a Visa-like system in which I am not anonymous to the bank. In this model, imagine that the bank is granting me credit similar to a credit card. But instead of giving me just an account number which I read over the phone or send in an email message, it gives me the right to request digital cash on demand. I keep some digital cash around and spend it for transactions as I described in my previous posts. When I get low I send some email to the bank and get some more cash.” — Hal Finney
While Hal Finney was dreaming up a private digital cash system, a man named David Chaum had already come up with a solution: eCash.
“When I found Chaum’s stuff, it just blew me away. It seemed so obvious to me. Here we are, faced with the problems of loss of privacy, creeping computerization, massive databases, more centralization — and Chaum offers a completely different direction to go in, one which puts power into the hands of individuals rather than governments and corporations. The computer can be used as a tool to liberate and protect people, rather than to control them. Unlike the world of today, where people are more or less at the mercy of credit agencies, large corporations, and governments, Chaum’s approach balances power between individuals and organizations. Both kinds of groups are protected against fraud and mistreatment by the other.” — Hal Finney
What Finney was referring to was eCash, an anonymous cryptographic electronic money invented by David Chaum in 1983.
David Chaum was essentially the father of the cypherpunk movement. In 1982, he wrote a dissertation, “Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups” which was the first known proposal for a blockchain protocol. It included every element of the Bitcoin blockchain, except for proof-of-work.
He also invented Blind Signatures, a digital signature in which the content of a message is disguised before it is signed. The signer can verify the message without revealing the author and content of the message, effectively making it impossible to link the message and the author. This scheme becomes very useful when the signer and message author are different parties, and it is important to maintain the sender’s privacy. For example, in an electronic voting system where each ballot is required to be certified by an authority.
Chaum then invented mix networks in 1984. Mix networks is a protocol that makes it hard to trace end-to-end messages by taking messages from multiple senders, shuffling them, and sending them back out in random order. This happens in a series of “mixes” at each node so that by the time a message gets to a recipient, tracing the sender becomes difficult.
The concept of mix networks became the basis for remailers and eventually, Tor.
In 1989, Chaum introduced “undeniable signatures,” a type of digital signature that allows the signer to limit who can verify the message.
In 1991, he introduced “group signatures,” which lets a member of a group anonymously sign a message on behalf of the entire group.
He made several other contributions, which I won’t go into in this post. But the takeaway is that Chaum’s work laid the technical roots of the cypherpunk movement that began in the late 1980s.
Then in 1990, he went on to found DigiCash, which he used as a vehicle to commercialize his research ideas, specifically, eCash. E-cash was designed as a privacy layer for existing currencies, and Chaum’s idea was to sell it to banks.
eCash wanted to eliminate the need for credit cards by allowing users to transact anonymously using the money held in a bank.
How eCash worked
- If users wanted to use the cash they had in a bank, they went to the bank and requested digital coins.
- The bank issued the users digital coins. Each coin had a serial number and was cryptographically signed by the bank.
- Users could spend the digital coins with any merchant.
- When a merchant received a coin from a user, the merchant relayed the coin to the issuing bank.
- The bank verified that the coin was valid and had not been double-spent.
- If both conditions were met, the merchant was paid for whatever the coins were worth.
Public-key signatures were used to help ensure security, and RSA blind signatures helped achieve unlink-ability between the coins withdrawn and where they were ultimately spent.
eCash was implemented in one bank in the US and a couple of others in Europe and Asia. Ultimately, however, credit cards and PayPal won, and DigiCash went bankrupt in 1988.
“As the Web grew, the average level of sophistication of users dropped. It was hard to explain the importance of privacy to them.” — David Chaum
eCash was headed in the right direction. But the timing was not right.
Yet another example of a peer-to-peer technology was MojoNation. MojoNation was a distributed file-sharing system developed by Jim McCoy. MojoNation developed two technologies:
- A general-purpose P2P messaging protocol called “Evil Geniuses Transport Protocol (EGTP)”
- The “Mojo Economy,” which was a distributed digital currency system (called “Mojo”)
MojoNation used “Mojo” to create an incentivized file-sharing system, where Mojo was rewarded for distributing and uploading files to the network.
Every user that wanted to be part of the system and earn Mojo was expected to contribute something, whether it be acting as a server, giving up bandwidth or disk space to be used to store files, etc. Buyers (e.g., consumers who wanted to access files) and sellers (e.g., service providers who managed and distributed files) could advertise prices for their services. This incentivized services to provide high-quality service such as good connectivity, proximity to servers, etc.
MojoNation was one of the first examples of a peer-to-peer technology that used incentives to coordinate random actors into storing and securing resources (in this case, files) online in a completely distributed manner.
While the technology was novel and innovative, the service did not end up taking off.
E-Gold was a digital gold currency system that was launched in 1996. It allowed users to buy, sell, and transfer digital gold. The digital gold was backed by real gold that was stored in a bank safe deposit box.
By 2004, e-Gold had over one million accounts. At the time, it was the only digital currency to achieve meaningful adoption. Beyond buying, selling, and transfers, the company also built APIs (to allow e-commerce business to build on top) and wireless mobile payments. Moreover, e-Gold allowed transactions as small as one ten-thousandth of a gram of gold, making it the first micropayments services in the world. e-Gold also offered instant settlement of transactions based on the current exchange rates.
Unfortunately, e-Gold suffered from a lot of abuse:
- Russian and Ukrainian hackers used e-Gold for criminal activity.
- Criminals and hackers in Romania used e-Gold to move money from victims in America back to the country from which the attacks were originating.
- Fraud artists from Western countries ran international Ponzi schemes by selling fake or nonexistent items on eBay.
In short, e-Gold became popular among criminals, terrorists, and child pornographers.
Eventually, e-Gold was prosecuted for money laundering and illegal money transmitting. After vigorously contesting the charges for a year, the company pleaded guilty, and eventually had to close its doors.
To this day, there is controversy on whether e-Gold should have been prosecuted. Originally, the US Treasury reported that e-Gold accounts were excluded from the definition of “currency” under the United States Congress and Code of Federal Regulations definitions. Therefore, e-Gold (the company) did not attain a money transmitter license. However, between 2006–2008, the U.S. Treasury and Department of Justice stretched the definition of money transmitter to include any system that allowed transfers of any kind of value. Under this new definition, they were able to prosecute e-Gold.
HashCash was a proof-of-work scheme invented by Adam Back in 1997 that was used to prevent email spam. The basic idea was that a sender would have to solve a proof-of-work algorithm in order to send an email. We will spend a lot of time understanding the concept of proof-of-work when we learn about Bitcoin. In simple terms, a proof-of-work algorithm requires solving for a hash that meets certain criteria defined by the algorithm.
The concept behind HashCash was that it would be trivial for a sender to compute the hash for sending one email, but a spammer who wanted to send millions of spam emails would have to spend a lot of resources (i.e., energy) to compute that many hashes. The cost of this would deter the sender from sending spam.
This system was very influential in Bitcoin’s own proof-of-work system.
What came next were two notable digital cash proposals that were based on proof-of-work: Nick Szabo’s “BitGold” and Wei Dai’s “B-money.” As you’ll learn next, these two proposals came even closer to Bitcoin.
B-money was an “anonymous, distributed electronic cash system” proposal created by Wei Dai in 1998. Dei was heavily influenced by crypto-anarchy.
“I am fascinated by Tim May’s crypto-anarchy. Unlike the communities traditionally associated with the word ‘anarchy,’ in a crypto-anarchy, the government is not temporarily destroyed but permanently forbidden and permanently unnecessary. It’s a community where the threat of violence is impotent because violence is impossible, and violence is impossible because its participants cannot be linked to their true names or physical locations.” — Wei Dei, 1998
Wei Dei described B-money as “a scheme for a group of untraceable digital pseudonyms to pay each other with money and to enforce contracts amongst themselves without outside help.” The system described in the paper was very similar in many ways to Bitcoin.
For example, broadcasting a transaction in B-money required solving an “unsolved computational problem,” where the solution must be verified by the community in a collective ledger and workers were then rewarded for their input. This is analogous to how proof-of-work works in Bitcoin. Moreover, B-money used digital signatures to authenticate transactions, also similar to Bitcoin.
Dei concluded the paper by stating:
“The protocol proposed in this article allows untraceable pseudonymous entities to cooperate with each other more efficiently, by providing them with a medium of exchange and a method of enforcing contracts. The protocol can probably be made more efficient and secure, but I hope this is a step toward making crypto-anarchy a practical as well as a theoretical possibility.” — Wei Dei, 1998
Despite the similarities, there was one notable difference between Bitcoin and B-money: monetary policy. In the Bitcoin protocol, new Bitcoin is created in every new block, and this continues until 21 million Bitcoin are created. Bitcoin is a deflationary asset, and its value is not tied to anything. Rather, the value is determined by the current supply and demand of Bitcoin.
In B-money, however, a stable coin value was explicitly part of Dei’s vision. The value of B-money was coupled to the value of a basket of goods. In other words, 100 B-money today would buy the same basket of goods in the past and in the future. Issuing new B-money coins required solving a new proof-of-work problem relative to the value of a basket of goods. For example, if I picked a basket of goods worth $110, I would need to complete a proof-of-work computation that would cost me $110 to compute.
Unfortunately, Wei Dei didn’t end up implementing B-money.
“I didn’t take any steps to code up B-money. Part of it was because B-money wasn’t a complete practical design yet, but I didn’t continue to work on the design because I had actually grown somewhat disillusioned with cryptoanarchy by the time I finished writing up B-money, and I didn’t foresee that a system like it, once implemented, could attract so much attention and use beyond a small group of hardcore cypherpunks.” — Wei Dei, 2014
Wei Dei later said in the LessWrong forum that:
“I would consider Bitcoin to have failed with regard to its monetary policy (because the policy causes high price volatility, which imposes a heavy cost on its users, who have to either take undesirable risks or engage in costly hedging in order to use the currency). (This may have been partially my fault because when Satoshi wrote to me asking for comments on his draft paper, I never got back to him. Otherwise perhaps I could have dissuaded him (or them) from the “fixed supply of money” idea.) I don’t know if it’s too late at this point to change the monetary policy that is built into the Bitcoin protocol or for an alternative cryptocurrency to overtake Bitcoin, but if it is, then Bitcoin is similar to self-improving AI in that it may be critical to get the first one right, and it offers evidence on how hard it is for an individual or small group working outside the mainstream to do that.” — Wei Dei, 2013
Satasho Nakamoto referenced B-money in the Bitcoin white paper. However, Wei Dei recently denied his connection to Bitcoin:
“My understanding is that Satoshi was not aware of either B-money or BitGold (both of which, BTW, were also developed outside of academia/government/industry) before he wrote his paper, and had reinvented the idea on his own.” — Wei Dei, 2013
The jury is still out on the connection between B-money and Bitcoin.
BitGold is a digital currency designed by long-time cypherpunk, Nick Szabo. Szabo had been contributing to the cypherpunk movement all along and knew he wanted to create a new form of money that did not depend on a centralized trusted party.
“A long time ago I hit upon the idea of BitGold. The problem, in a nutshell, is that our money currently depends on trust in a third party for its value. As many inflationary and hyperinflationary episodes during the 20th century demonstrated, this is not an ideal state of affairs. Similarly, private bank note issue, while it had various advantages as well as disadvantages, depended on a trusted third party.” — Nick Szabo, 2005
He believed precious metals had the properties desired in a currency:
“Precious metals and collectibles have an unforgeable scarcity due to the costliness of their creation. This once provided money, the value of which was largely independent of any trusted third party.” — Nick Szabo, 2005
Szabo also explored the downside of using precious metals, such as being hard to transport and the inability to pay online with metal.
“Thus, it would be very nice if there were a protocol whereby unforgeably costly bits could be created online with minimal dependence on trusted third parties, and then securely stored, transferred, and assayed with similar minimal trust. BitGold.” — Nick Szabo, 2005
BitGold, similar to HashCash and B-money, used computationally expensive proof-of-work hashes to generate new BitGold. The proof-of-work hashes presented new BitGold units. Moreover, the system used a digital asset registry to track ownership of coins, using public-key cryptography.
The design had a “Byzantine Quorum System,” where a voluntary quorum of distributed computers would maintain the digital asset registry. The overall design of the system was quite elaborate. Szabo put a great deal of time into envisioning how the system would function in a real-world scenario.
Many years after proposing the design, he went public to ask if anyone was interested in helping him build a prototype of the system.
“BitGold would greatly benefit from a demonstration, an experimental market (with e.g. a trusted third party substituted for the complex security that would be needed for a real system). Anybody want to help me code one up?” — Nick Szabo, 2008
Unfortunately, just like B-money, BitGold was never implemented. Nonetheless, Satoshi Nakamoto gave credit where it was due:
“Bitcoin is an implementation of Wei Dai’s B-money proposal […] and Nick Szabo’s BitGold proposal.” — Satoshi Nakamoto, 2010
Remember our friend Hal Finney? In August 2004, he, too, proposed a digital currency system of his own: RPOW (“Reusable Proof-of-Work”). His idea was to generate reusable tokens using proof-of-work computation.
Finney drew inspiration from Adam Back’s HashCash’s proof-of-work system for currency generation.
“The RPOW system provides for proof of work (POW) tokens to be reused. A POW token is something that takes a relatively long time to compute but which can be checked quickly. RPOW uses HashCash, which are values whose SHA-1 hashes have many high bits of zeros.” — Hal Finney, 2004
He also took inspiration from Nick Szabo’s BitGold:
“Security researcher Nick Szabo has coined the term BitGold for information objects which are provably costly to create. He suggests that these could even serve as the foundation for a sort of payment system, playing the role in the informational world of gold in the physical world. RPOW would facilitate the use of POW tokens as a form of BitGold by allowing the tokens to be passed and exchanged from person to person.” — Hal Finney, 2004
Unlike Szabo and Dai, who didn’t code up their proposals for BitGold and B-money, Finney actually went on to implement his solution. It worked, but still suffered from one major problem: it relied on a centralized server to prevent double-spend or forging of tokens.
The server was a high-quality secure processor that was tamper-proof and open-source. Even Finney did not have access to tamper with the server. Nonetheless, it was still a centralized IBM server. What if a rogue IBM employee tampered with it? Or what if the server went down? This would render all the tokens useless.
RPOW never saw significant use. Nonetheless, it showcases yet another example of how similar the predecessors to Bitcoin were.
If there is anything you should take from this article, it’s this: No invention — not even something as crazy as Bitcoin — is born in a dark, secret cave.
Typically, revolutionary inventions like Bitcoin are built off the shoulders of giants. In this case, the giants were people like Wei Dei, Hal Finney, Nick Szabo, Adam Back, among others.
Cryptographers and cypherpunks had been dreaming of an un-censorable digital currency and tinkering away at the problem for decades, slowly inching their way forward, finally culminating in Bitcoin.
Before we move on to Bitcoin, let’s take a brief detour (just one lesson) into distributed systems. Before we even get to talking about the Bitcoin blockchain, you will have already attained a high-level understanding of what a distributed system is and how it works. And then, we can finally begin learning about Bitcoin!
Hope you are as excited as I am for what comes next! But for now, we will spend a little time to understand the basics of what P2P networking and distributed systems are. It won’t take long, trust me!
In its simplest form, a peer-to-peer (P2P) network is created when two or more computers share resources directly, without needing to rely on a central computer to distribute the resources.
This is in contrast to the typical “client-server” model, where individual clients request resources from centralized servers.
The precursor of peer-to-peer networks was USENET, which was developed in 1979. USENET allowed users to read and post messages and news onto a forum (similar to online forums today) without relying on a central server. Instead, USENET worked by copying the same message/news to all the servers in the network.
But it wasn’t until Napster was invented in 1999 that the concept of peer-to-peer became popular and widely used. Napster was a popular p2p music-sharing application that allowed people to distribute and share music. You probably know, Napster eventually got shut down due to copyright infringement. Musicians weren’t happy about their music being shared without permission.
Let’s take a shot at understanding distributed systems
A peer-to-peer system that is designed to achieve a certain goal is a type of “distributed system.” A distributed system involves a set of distinct processes (e.g., computers) passing messages to one another and coordinating to accomplish a common objective (i.e., solving a computational problem).
Simply put, a distributed system is a group of computers working together to achieve a unified goal.
Why does this matter?
Well, because a blockchain is a type of distributed system, where independent nodes around the world are communicating to send and secure Bitcoin transactions. There is no centralized server that verifies and secures the transactions. It is all happening in a distributed manner. If you are a technical nerd that really wants to understand how blockchains work under the hood, a great grasp of the principles of distributed systems is essential — I’ve got you covered in another article here!
While that article isn’t mandatory reading, I do recommend you at least skim through this more in depth article on distributed systems, if you have a technical background or enjoy learning about technical things. But if not, no worries!
If you do choose to read on, I want you to go into it with the intention of trying to understand what it means for a distributed system to achieve “consensus,” because this will be useful when we learn about various consensus systems, such as Bitcoin’s ‘proof-of-work’ protocol, Ethereum’s ‘proof-of-stake’, and others.
Be assured, there is a lot more to say about peer-to-peer systems (e.g. architectures, routing, etc.), which we will learn in future lessons within the context of understanding Bitcoin.
Alrighty, folks, we are finally ready to learn BITCOIN! You’ve patiently followed all the articles in this series up to this point, and now they’re about to pay off. If you want to get even more technical, the perfect place to get started is the Bitcoin Whitepaper!
Onto the next article. 😊