Cryptographic signatures and public-key cryptography, cryptographic hash functions, cryptographic proof-of-work, time-stamping, Merkle trees, chains of transactions blocks, Byzantine fault tolerance, smart contracts -- all of these ideas were old when Bitcoin was invented.

Satoshi Nakamoto's achievement lays in the complex, ingenious way in which he (or she, or they) combined these ideas into a new distributed algorithm.[1]

--

[1] For those who don't know, Satoshi Nakamoto's paper, "Bitcoin: A Peer-to-Peer Electronic Cash System" proposed the first known solution to the double-spending problem in a peer-to-peer network (i.e., without centralized control), with Byzantine fault tolerance (i.e., in a manner resistant to fraudulent nodes attempting to game the rules), via a clever application of cryptographic proof-of-work. The paper is available at https://bitcoin.org/bitcoin.pdf

As far as I understand it, PageRank reduces to "find the principal eigenvector of a stochastic matrix," in which matrix elements represent the probability of transition from each web page to every other web page. To me PageRank is a successful application of a well-known algorithm.

Bitcoin's peer-to-peer protocol, on the other hand, is a new distributed algorithm. Prior to Bitcoin, no distributed algorithm existed capable of maintaining an agreed-upon blockchain of transactions in perpetuity.

EDIT: Removed the word "kind of" in response to mayank's and axus's comments below.

1. Peer-to-peer algorithms: BitTorrent would like a word with you.

2. Distributed consensus: Paxos would like a word with you.

3. Proof of work: hashcash would like a word with you.

That said, I find the Bitcoin paper to be a delightful synthesis of a bunch of well known ideas.

Like saying that the first calculator was not a new kind of machine because valves existed and people made calculations before.

I love HN :-)

“I was also impressed by a similar research project called PageRank, which was proposed later by two guys at Stanford named Sergey Brin and Larry Page. Brin and Page dispensed with Kleinberg’s bipartite hubs-and-authorities structure in favor of a more uniform structure, and made some other changes, but otherwise their idea was very similar. At the time, of course, I didn’t know that CLEVER was going to languish at IBM, while PageRank (renamed Google) was going to expand to roughly the size of the entire world’s economy.

In any case, the question I asked myself about CLEVER/PageRank was not the one that, maybe in retrospect, I should have asked: namely, ‘how can I leverage the fact that I know the importance of this idea before most people do, in order to make millions of dollars?’

Instead I asked myself: ‘what other “vicious circles” in science and philosophy could one unravel using the same linear-algebra trick that CLEVER and PageRank exploit?’ After all, CLEVER and PageRank were both founded on what looked like a hopelessly circular intuition: ‘a web page is important if other important web pages link to it.’ Yet they both managed to use math to defeat the circularity. All you had to do was find an ‘importance equilibrium,’ in which your assignment of ‘importance’ to each web page was stable under a certain linear map. And such an equilibrium could be shown to exist—indeed, to exist uniquely.”

It's brilliant code. It's production-grade C++. There's nothing in it that hints at academic origins. Most people are either academics or professional coders -- to be both is a rare exception.

The codebase seemed to materialize out of nowhere. One of the earliest commits in the SVN repo contains 36 thousand lines of code. "Satoshi" (or this group of people) must have worked months or a year on this before putting it up on source control.

The code also uses irc to find seed nodes, which is amusing. It just connects to #bitcoin and assumes that some of the people in the channel are running bitcoin nodes. That's a cool way around the "What if all the hardcoded seed nodes fail?" problem. I know it's probably a standard tactic, but bitcoin integrates so many standard tactics so well in addition to its academic work.

Here it is as one gigantic file: https://gist.github.com/anonymous/b4d5d1ab333c5d6e238fdc2242...

My favorite is:

    IMPLEMENT_SERIALIZE
    (
        READWRITE(prevout);
        READWRITE(scriptSig);
        READWRITE(nSequence);
    )

Ohh, no, I take it back. This is my favorite:

    //
    // Compact size
    //  size <  253        -- 1 byte
    //  size <= USHRT_MAX  -- 3 bytes  (253 + 2 bytes)
    //  size <= UINT_MAX   -- 5 bytes  (254 + 4 bytes)
    //  size >  UINT_MAX   -- 9 bytes  (255 + 8 bytes)
    //
    inline unsigned int GetSizeOfCompactSize(uint64 nSize)
    {
        if (nSize < UCHAR_MAX-2)     return sizeof(unsigned char);
        else if (nSize <= USHRT_MAX) return sizeof(unsigned char) + sizeof(unsigned short);
        else if (nSize <= UINT_MAX)  return sizeof(unsigned char) + sizeof(unsigned int);
        else                         return sizeof(unsigned char) + sizeof(uint64);
    }

Again, it's a small thing -- very standard tactic. But there are dozens of tiny, effective decisions exactly like this all throughout the codebase.

There's a secure allocator for wiping your private key so that it doesn't hang out in memory, with hacks to work around MSVC8 problems. Which academics bother with MSVC8 hacks?

    //
    // Allocator that clears its contents before deletion
    //
    template<typename T>
    struct secure_allocator : public std::allocator<T>
    {
        // MSVC8 default copy constructor is broken
        typedef std::allocator<T> base;
        typedef typename base::size_type size_type;
        typedef typename base::difference_type  difference_type;
        typedef typename base::pointer pointer;
        typedef typename base::const_pointer const_pointer;
        typedef typename base::reference reference;
        typedef typename base::const_reference const_reference;
        typedef typename base::value_type value_type;
        secure_allocator() throw() {}
        secure_allocator(const secure_allocator& a) throw() : base(a) {}
        ~secure_allocator() throw() {}
        template<typename _Other> struct rebind
        { typedef secure_allocator<_Other> other; };

        void deallocate(T* p, std::size_t n)
        {
            if (p != NULL)
                memset(p, 0, sizeof(T) * n);
            allocator<T>::deallocate(p, n);
        }
    };

   case OP_EQUAL:
   case OP_EQUALVERIFY:
   //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
   {
       // (x1 x2 - bool)
       if (stack.size() < 2)
           return false;
       valtype& vch1 = stacktop(-2);
       valtype& vch2 = stacktop(-1);
       bool fEqual = (vch1 == vch2);
       // OP_NOTEQUAL is disabled because it would be too easy to say
       // something like n != 1 and have some wiseguy pass in 1 with extra
       // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
       //if (opcode == OP_NOTEQUAL)
       //    fEqual = !fEqual;
       stack.pop_back();
       stack.pop_back();
       stack.push_back(fEqual ? vchTrue : vchFalse);
       if (opcode == OP_EQUALVERIFY)
       {
           if (fEqual)
               stack.pop_back();
           else
               pc = pend;
       }
   }
   break;

The formatting of the code in that function also puzzles you for an instant, but then you realise just how much clearer it makes it over the "lame" but "consistently formatted" alternative of

    if ( )
    {
        ....
    }
    else if ( )
    {
        ...
    }
    ....

It's implemented at a higher level. For bitcoin, a 32 bit check field is appended to the data to serve as a checksum. If you want parity, I'd imagine that could be done as well.

>Confused characters in alphabet? Case sensitivity?

Some look alike letters are excluded, hence why base58 rather than base62.

That's really the only reason I was saying I liked base58. Because it removes those confusing characters compared to base64 or others.

Fun fact: I was contacted by the Computer History Museum in Mountain View since this tarball (and the .rar) hosted on my site is the earliest known public copy of the source code.

Anyone who has tried to do cross-platform development knows it's extremely difficult in C++. You can do it, but it's not a trivial thing. I guess it's no surprise that Satoshi used Visual Studio. If you start out writing code in not-Visual-Studio, it's far harder to go back and make it run on VS.

I vividly remember how maligned Windows programmers were in 2008. I felt like a black sheep getting my start in the gamedev industry, because if you wanted to do Big League Programming in gamedev, that meant one thing: Windows. Microsoft has finally made some inroads in hacker culture. It's far less common now to be dismissed as less talented just because you used Windows. But in 2008 this feeling was very much alive.

The bitcoin code looks and feels a lot like of their projects but could easily be some NSA programmers side project.

Any hacker can tell this was a one person project from looking at the code.

https://sourceforge.net/p/bitcoin/mailman/message/23827020/

I used to be a Wine developer so it didn't put me off when I first found the project, but I'm sure the fact that it was Windows only hurt the projects uptake in the first year. It wasn't until Bitcoin 0.2 that a Linux version was available.

If it helps, Satoshi was also an Outlook user ;)

It's been done before... for example, djb

It took 8 years before the first bug was found in these projects.

I highly recommend reading through the guidelines in https://cr.yp.to/qmail/guarantee.html for how to write secure software. In particular point 5, Don't Parse, is broadly applicable and under appreciated. A well-known class of bugs arising from this error are SQL injection attacks.

You mean like the IETF?

"Rough consensus and running code"

In one [0] of his emails to Mike Hearn [1] Satoshi Nakomoto wrote that he worked on Bitcoin for two years before releasing the paper and code:

> I must admit, this project was 2 years of development before release, and I could only spend so much time on each of the many issues.

His emails to Hearn and others make clear that his creative process consisted mainly of writing code until he was convinced things worked. In my opinion, Satoshi Nakomoto was a lone hacker.

0. https://pastebin.com/wA9Jn100

1. https://bitcointalk.org/index.php?topic=2080206.0

Satoshi maintains anonymity, by choice. Therefore, any information about Satoshi's identity, directly stated or inferred from things said by them, logically have to be treated as unreliable. With the goal of remaining anonymous, Satoshi has nothing to gain and a lot to lose from providing true information about themselves. It is in their interest to not provide any information about themselves, and for any information that is provided them be inaccurate.

None of this casts any aspersions on either Bitcoin or Satoshi.

Ah heck, I sound like Vizzini. Maybe I should just drink the damn wine ;)

Prescient words from Mike Hearn.

All the cryptocurrencies built on top of techniques that worked on other cryptocurrencies. I really like the iteration speed as well as how non-finite any limitation today is.

The same criticisms exist as since Zerocash was just a white paper.

I will say that there is the possibility that they can make the optional opaque transactions the more ready option, but you can look at the blockchain and see that nobody uses those addresses. Zerocash is just a bitcoin clone if you don't use the opaque addresses.

And Zerocash wasn't just a white paper, it was peer reviewed and analyzed by security and cryptography experts.

Not sure what you are trying to say about the papers. I saw they were academic and theoretical.

The academic paper you refer to had both a theoretical construction and an implemented system.

For example:

Multisignature transactions are just becoming available. The lack of multisignature made it a non-starter for many applications, including on darknet marketplaces, because rudimentary escrow or deposits were needed. When the operator goes down, all your funds are on their server and are gone with it, but with multisignature as seen in bitcoin and ethereum, you always have control of your funds and they are never in limbo.

Meta-assets are not possible yet. Asset creation is one of the big tenants of Ethereum right now, and there are many assets on bitcoin as well for even longer. Many organizations use this as a way to raise capital, bringing in a lot more capital into the base currency's economies. Monero and crypto note doesn't have this capability yet, but being able to issue and hold balances of these privately, with audit capabilities, will be powerful.

2nd layer scaling solutions are not even on the roadmap yet in any crypto note network. Cryptonote has the same scaling problems as bitcoin or ethereum, but the key sizes accelerate that. Cryptonote coins have dynamic block sizes already, but it may react too slow to really help periods of many transactions. Monero already encounters this issue. Bitcoin style cryptocurrencies have Lightning Network via Segwit. Ethereum has Raiden on the roadmap.

(HN hides the email field in your profile, so if you want to make it publicly visible you'll have to put it in your profile's "about" field.)

I also read through the original codebase and I came to a different conclusion. To me it looks like something that was hacked at for a year or so, and was all just glued together. It looked like the first iteration of a codebase, the thing that you usually don't release, but then re-work so it is presentable to the outside world and then release.

To me that says a couple of things. One is that Satoshi is one, normal, human. Another is that he is very human. For example, a lot of the OP codes have had to be disabled because they were totally insecure. In early versions of bitcoin there were bugs that allowed anyone to spend anyone's bitcoins, and so forth.

Not that I mean to attack Satoshi, he was a good coder who started what could become a revolution. But he was a human like the rest of us, and it shows.

What is it about his code that makes you consider it brilliant and production ready?

The code was clearly the work of one person though. There were not enough comments or other forms of code documentation for it to have been a team effort, even if the Satoshi personality was a composite. The idiosyncratic code is another hint: Windows only and Hungarian notation in 2008 is not something commonly seen. The early Bitcoin code gave me the feeling of an experienced developer who learned their craft in the 1990s and had probably been around for quite a long time, but who probably hadn't worked in large professional development teams in recent years. For example, there were no unit tests. Common in the 1990s, not so much in 2008.

It's incredible that he has managed to stay anonymous for so long, how on earth did he manage to do that?

Any thoughts on the scaling debate?

About 20 years ago I was interested in environmentalism. I was persuaded by arguments that humanity was damaging the environment because of the system of money it used, in which sustainably managing a forest might be profitable at, say, interest rates of 2%, but if interest rates went up to 5% then the rational thing to do was clear cut the forest and invest the returns.

This led me to a book called The Future of Money by Bernard Leitaer. This book talked about "community currencies". The idea you could design currencies to achieve particular social goals was very interesting to me. The book referenced a publication called the International Journal of Community Currency Research. This organisation turned out to have a Yahoo Group, which I joined. I felt that if there were other people discussing this idea, they would surely be found on the internet.

One day the Yahoo Group received a mail talking about a project called Ripple. This was an initiative by Ryan Fugger to create a system that could locate and manage debt in a decentralised way. It proposed an economic system without cash, in which all payments were in the form of debt in whatever units people found convenient (dollars, hours of work, loaves of bread baked etc). So I joined the Ripple mailing list too, and engaged in much fruitful discussion with Ryan about the nature of money.

The Ripple mailing list eventually received a mail that pointed to the bitcoin website and suggested we check it out. This was a few months after the project was launched. I did so, and started emailing Satoshi.

I don't know how Satoshi remained anonymous for so long. I suspect that if his identity is ever revealed, people will think: it was so obvious? Why didn't anyone see that? When the operator of the Silk Road was revealed, it turned out he'd made basic and obvious errors very early on and anyone could have figured out the Dread Pirate's identity through basic web searches. But only the FBI actually bothered to do it. I suspect Satoshi hasn't been looked for as thoroughly as people tend to imagine.

I discussed Bitcoin's scaling extensively two years ago. You can find those discussions on my blog if you like. Nothing has changed and I have nothing further to say on the matter.

>The fundamentals are broken and whatever happens to the price in the short term, the long term trend should probably be downwards. I will no longer be taking part in Bitcoin development and have sold all my coins.

That was written back in January 2016. I think you were wrong about that.

The statement about the price was deliberately vague ("long term", "should probably") because the Bitcoin price hasn't reflected the fundamentals for a very long time. You can't go straight from "this project is broken" to "thus the price will fall" because it's not an informed market, because of the large quantity of shady exchanges and so on. Take a look at what's been going on with Bitfinex to get a flavour.

If you assume that eventually, one day, reality re-asserts itself, then the price should come to reflect the systems actual utility, which is very low. But you know the old saying about how markets can remain irrational longer than you can remain solvent? I wouldn't try shorting BTC regardless of how much you know about it.

He used the cryptography mailing list. Then the P2P forums.

I highly recommend reading through the archives. There are several good observations to make there, like how scaling was basically the first issue he addressed (or failed to address, depending on your view).

Another interesting thread: https://bitcointalk.org/index.php?topic=1347.msg15121#msg151...

i wonder if stylometry could be (was?) applied to C++ code to have better evidence about authorship?

Most code produced is not open source.

But given he open sourced Bitcoin, he may have open sourced something else.

Code style does change over time, I know mine has. But I wonder if there are invariants as well. That would be a fascinating research project.

https://www.usenix.org/system/files/conference/usenixsecurit...

Here is the most updated bitcoin repo: https://github.com/bitcoin/bitcoin

(This causation is perhaps less true today when it is more common to use encrypted or even hardware wallets, but before that everyone just used the standard wallet.)

Yet none of this has happened. The odds of this seems vanishingly unlikely. Then there's the risk of consensus problems that would enable double spending, which is very difficult to test for.

At the same time original Bitcoin was far from perfect. Someone wrote up a summary of important changes Hal Finney did which I can't seem to find. He pointed out a lot of problems which would have made Bitcoin not work at all which resulted in some early redesigns and the removal of many opcodes.

Parts of Bitcoin also went nowhere, notably the marketplace, pay-to-IP and payment channels. The ideas live on as Openbazaar and Lightning but completely redesigned from the Satoshi origins.

In so many ways it is an enigma.

That's not true. Few people use the wallet included in the Bitcoin node, most people use nodes indirectly to broadcast transactions and sync the blockchain.

Even if you don't personally keep your coins online, a hacker that scores a million coins on a zero day is enough to plunge the value for a long time. You still lose either way.

The point is that this hasn't happened. Even though it sort of should have. That's remarkable.

Yes, the debts Satoshi owed to others were obvious right from the start. I made pretty much exactly the same argument as OP over 6 years ago in my then-widely-read essay "Bitcoin is Worse is Better" https://www.gwern.net/Bitcoin%20is%20Worse%20is%20Better - Bitcoin built on many established tools and concepts and its true contribution was putting them together in a way that was conceptually alien and disgusted people immediately on arrival. (Proof of Work still viscerally disgusts many people! _plus ça change, plus c'est la même chose_ eh? Anyone can invent something that everyone wants - everyone wants a cheaper or faster computer, for example - but it takes genius to invent something that everyone hates, thinks is useless, wasteful, evil, or all three simultaneously, and eventually wins grudging acknowledgement that it may actually be a good idea.)

It's nice that Arvind & Clark have gone into more detail about the predecessors, though, I suspect that most Bitcoiners these days have little idea about it (although I think they overstate a few of them - Satoshi didn't know about B-money until he was told by Back and so most accounts of Bitcoin's genesis overstate its influence).

What makes it special is that it was the first digital money that actually works.

There were lots of digital money systems that worked but were centralized.

All money systems are digital money systems. Source: 20 years in FinTech.

The same can be said for any good or bad idea.

And it came from outside the academy.

I mined a few satoshis in early 2014, stopped when hash difficulty got too hard and didn't pay Bitcoin much attention for the next few years.

A couple of months ago I decided to jump back in to the whole crypto coin ecosystem and check out what's going on and, honestly, it's staggering how fast this space is evolving. I'm getting the same feelings I had in 1997/1998 with the web: there's something big going on and it feels exciting.

Playing around with Ether Delta, watching smart contracts execute on etherscan, syncing my wallets up with blockchains, anonymously trading coins & tokens on exchanges, chatting to believers/trolls/curious peeps on forums. The whole vibe reminds me of geocities / audiogalaxy / slashdot in the late nineties.

I think the ideas (technical & political) Satoshi Nakamoto crystallised in to Bitcoin represent the beginning of something fundamentally transformative and can't wait to see where it ends up.

I get the same feeling, its as if we just discovered what we can do with Macromedia Flash after only having html and rudimentary JS + VBScript :)

When we released a draft of the Princeton Bitcoin textbook [1], one piece of feedback was that we focused on cryptocurrency technology as it is today, and ignored the juicy and tumultuous history of how the ideas developed over the last few decades. So I invited Jeremy Clark, who's connected to some of this history, to write a preface to the book. If you're interested in the history, you might enjoy that chapter. [2]

Jeremy and I then got together to develop the ideas further, resulting in the present article, where we also provide some commentary on the current blockchain hype and draw lessons for practitioners and academics.

[1] http://bitcoinbook.cs.princeton.edu/

[2] https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/p...

We need more people like you to write about and help demistify Bitcoin, to counter the hype surrounding blockchain technology.

I hope you get an opportunity to write about this for a lay audience too, because mainstream media, with few exceptions, has done a poor job at covering the technology.

[1] https://byteball.org/Byteball.pdf

https://eprint.iacr.org/2016/1159.pdf

One thing found interesting about the conclusion of OP's article is the role of academia vs practical implementation.

> Many academic communities informally argued that Bitcoin couldn't work, based on theoretical models or experiences with past systems, despite the fact that it was working in practice.

It will be interesting to see the Academically based SPECTRE competing with another DAG based coin such as Byteball. Well measured research and a peer-reviewed foundation against practical implementation, first to market and continuous improvement.

The industry solution tends to be to try things and see what works in practice. This is extremely expensive in time and only a small number of ideas can be tried. Furthermore the success or failure depends on the execution and marketing. If Bitcoin had not had the developer commitment in the early stage it would be dead and forgotten despite the great ideas.

The academic solution is that ideas should come with detailed arguments about why the solution works, what its flaws are and how it compares to other work. This allows ideas to be compared and judged more quickly at a lower expense. However constructing these arguments is hard, requires rare knowledge and is not always possible.

Academics dismissed Bitcoin because it did not have these arguments. They had no way to know if it would work when it was running with real money on the line. Distributed systems ideas are very hard to get right and Bitcoin had all sorts quirks that Satoshi didn't foresee, however PoW turns out to be a very robust mechanism.

I also thought that Bitcoin's asic-vulnerability (and thus mining centralization) would be fatal. It turned out to be not fatal (yet), but thats not something which could be determined on paper. It needed real-world use before people knew if it could work or not.

Also, Bitcoin is kind of a "dirty" solution to the consensus problem; if all the academics were looking for an elegant solution it's not surprising that they didn't discover it.

Everyone keeping a complete history of all actions is, like, consensus 101.

Research is based around not having to do that.

99.99% of all creation is Synthetic.

The other 0.01% is very rare and looks more like abstract art.

It would be nice if science had a term for its equivalent of "outsider art."

China is already well on their way to doing this, with Jihan Wu and the emergence of larger mining 'cartels'.

This has already been shown to be untrue, an anonymous pool has mined both bitcoin cash and the segwit bitcoin chains.

That used to be a mounting problem in the Bitcoin world which began to fade away with the introduction of FPGA-based miners, but it's still a problem with a couple of altcoins. There are pros and cons with both compute-hard and memory-hard PoW but many seem to lean towards compute-hard being the less bad choice.

Do you have a source for this? I'm not even sure what CPU based currencies you are talking about. GPU based proof of work seems like even more of a stretch seeing as particular high end cards that are better with integers and bit shifting are usually used.

That being the case, I think author's assumption that everyone in the bitcoin space thinks Satoshi as the one inventing everything and hence the article needs to prove otherwise is..well false at best.

Bitcoin is truly something worth more than the sum of its parts. I don't feel that the creative combination and implementation of existing ideas diminishes the achievement one bit. (Not that the article made it out this way, just my 2 satoshis)

https://www.gwern.net/Bitcoin%20is%20Worse%20is%20Better