Book Read Free

Digital Gold

Page 3

by Nathaniel Popper


  In their efforts to design a new currency, the Cypherpunks were mindful of the characteristics usually found in successful coinage. Good money has generally been durable (imagine a dollar bill printed on tissue paper), portable (imagine a quarter that weighed twenty pounds), divisible (imagine if we had only hundred-dollar bills and no coins), uniform (imagine if all dollar bills looked different), and scarce (imagine bills that could be copied by anyone).

  But beyond all these qualities, money always required something much less tangible and that was the faith of the people using it. If a farmer is going to accept a dollar bill for his hard-earned crops, he has to believe that the dollar, even if it is only a green piece of paper, will be worth something in the future. The essential quality of successful money, through time, was not who issued it—or even how portable or durable it was—but rather the number of people willing to use it.

  In the twentieth century, the dollar served as the global currency in no small part because most people in the world believed that the United States and its financial system had a better chance of surviving than almost anything else. That explains why people sold their local currency to keep their savings in dollars.

  Money’s relationship to faith has long turned the individuals who are able to create and protect money into quasi-religious figures. The word money comes from the Roman god Juno Moneta, in whose temple coins were minted. In the United States, the governors of the central bank, the Federal Reserve, who are tasked with overseeing the money supply, are treated like oracles of sorts; their pronouncements are scrutinized like the goat entrails of olden days. Fed officials are endowed with a level of power and independence given to almost no other government leaders, and the task of protecting the nation’s currency is entrusted to a specially created agency, the Secret Service, that was only later given the additional responsibility of protecting the life of the president.

  Perhaps the most famous, if flawed, oracle of the Federal Reserve, former chairman Alan Greenspan, knew that money was something that not only central bankers could create. In a speech in 1996, just as the Cypherpunks were pushing forward with their experiments, Greenspan said that he imagined that the technological revolution could bring back the potential for private money and that it might actually be a good thing:

  “We could envisage proposals in the near future for issuers of electronic payment obligations, such as stored-value cards or ‘digital cash,’ to set up specialized issuing corporations with strong balance sheets and public credit ratings.”

  IN THE YEARS right after Greenspan’s speech, there was a flurry of activity in the Cypherpunk world. In 1997 a British researcher named Adam Back released on the Cypherpunk mailing list his plan for something he called hashcash, which solved one of the most basic problems holding back the digital-cash project: the seeming impossibility of creating any sort of digital file that can’t be endlessly copied.

  To solve this problem, Back had a clever idea, which would later be an important building block for the Bitcoin software. Back’s concept made creative use of one of the central cogs of public-key cryptography: cryptographic hash functions. These are math equations that are easy to solve but hard to reverse-engineer, just as it is relatively easy to multiply 2,903 and 3,571 using a piece of paper and pencil, but much, much harder to figure out what two numbers can be multiplied together to get 10,366,613. With hashcash, computers essentially had to figure out which two numbers can be multiplied together to get 10,366,613, though the problems for hashcash were significantly harder than that. So hard, in fact, that all a computer could do was try out lots of different guesses with the aim of eventually finding the right answer. When a computer found the right answer, it would earn hashcash.

  The creation of hashcash through this method was useful in the context of digital money because it ensured that hashcash would be scarce—a characteristic of most good money but not of digital files, which are generally easily duplicated. A computer had to perform lots of work to create each new unit of hashcash, earning the process the name “proof-of-work”—something that would later be a central innovation underpinning Bitcoin. The main problem with Back’s system, as a type of digital money, was that each hashcash unit could be used only once and everyone in the system needed to create new units whenever they wanted to use any. Another problem was that a person with unlimited computing power could produce more and more hashcash and reduce the overall value of each unit.

  A year after Back released his program, two different members of the Cypherpunk list came up with systems that solved some of hashcash’s shortcoming, creating digital tokens that required a proof-of-work, but that could also be reused. One of these, a concept called bit gold, was invented by Nick Szabo, a security expert and Cypherpunk who circulated his idea to close collaborators like Hal Finney in 1998, but never actually put it into practice. Another, known as b-money, came from an American named Wei Dai. Hal created his own variant, with a decidedly less sexy name: reusable proofs of work, or RPOWs.

  The conversation around these ideas on the Cypherpunk list and among related groups sometimes resembled the bickering of rivalrous brothers trying to one-up each other. Szabo would snipe at other proposals, saying that they all relied too much on specialized computer hardware instead of software. But these men—and they were all men—also built up deep respect for each other. And even as their experiments failed, their ambitions grew beyond just anonymous money. Among other things, Back, Szabo, and Finney sought to overcome the costs and frustrations of the current financial system in which banks charged fees with every transaction and made it difficult to move money over international borders.

  “What we want is fully anonymous, ultra low transaction cost, transferable units of exchange. If we get that going (and obviously there are some people trying DigiCash, and a couple of others), the banks will become the obsolete dinosaurs they deserve to become,” Back told the Cypherpunk list soon after releasing hashcash.

  The Cypherpunk seekers were given a platonic ideal to shoot for when science fiction writer Neal Stephenson published his book Cryptonomicon in 1999. The novel, which became legendary in hacker circles, imagined a subterranean world that was fueled by a kind of digital gold that allowed people to keep their identities private. The novel included lengthy descriptions of the cryptography that made it all possible.

  But the experiments that the Cypherpunks were doing in the real world continued to hit practical hurdles. No one could figure out a way to create money without relying on a central institution that was vulnerable to failure or government oversight. The experiments also suffered from a more fundamental difficulty, which was the issue of getting people to use and value these new digital tokens. By the time Satoshi Nakamoto came onto the scene, history had made many of Bitcoin’s most likely fans very jaded. The goal of creating digital money seemed as much of a dream as turning coal into diamonds.

  IN AUGUST 2008 Satoshi emerged out of the mists in an e-mail sent to the creator of hashcash, Adam Back, asking him to look at a short paper describing something called Bitcoin. Back hadn’t heard of it or Satoshi, and didn’t spend much time on the e-mail, other than to point Satoshi to other Cypherpunk experiments that he might have missed.

  Six weeks later, on Halloween, Satoshi sent a more fleshed-out proposal to a specialized, and heavily academic, mailing list focused on cryptography—one of the main successors to the Cypherpunk list, which was defunct. As was typical in this community, Satoshi gave no information about his own identity and background, and no one asked. What mattered was the idea, not the person. In careful, dry language, Satoshi opened with a bold claim to have solved many of the problems that had dogged the long search for the holy grail of universal money.

  “I’ve been working on a new electronic cash system that’s fully peer-to-peer, with no trusted third party,” the e-mail began.

  The nine-page PDF attached to the e-mail made it clear that Satoshi was deeply versed in all the previous efforts to create a sel
f-sustaining digital money. Satoshi’s paper cited Back and Wei Dai, as well as several obscure journals of cryptography. But Satoshi put all these earlier innovations together to create a system that was quite unlike anything that had come before it.

  Rather than relying on a central bank or company to issue and keep track of the money—as the existing financial system and Chaum’s DigiCash did—this system was set up so that every Bitcoin transaction, and the holdings of every user, would be tracked and recorded by the computers of all the people using the digital money, on a communally maintained database that would come to be known as the blockchain.

  The process by which this all happened had many layers, and it would take even experts months to understand how they all worked together. But the basic elements of the system can be sketched out in rough terms, and were in Satoshi’s paper, which would become known as the Bitcoin white paper.

  According to the paper, each user of the system could have one or more public Bitcoin addresses—sort of like bank account numbers—and a private key for each address. The coins attached to a given address could be spent only by a person with the private key corresponding to the address. The private key was slightly different from a traditional password, which has to be kept by some central authority to check that the user is entering the correct password. In Bitcoin, Satoshi harnessed the wonders of public-key cryptography to make it possible for a user—let’s call her Alice again—to sign off on a transaction, and prove she has the private key, without anyone else ever needing to see or know her private key.*

  Once Alice signed off on a transaction with her private key she would broadcast it out to all the other computers on the Bitcoin network. Those computers would check that Alice had the coins she was trying to spend. They could do this by consulting the public record of all Bitcoin transactions, which computers on the network kept a copy of. Once the computers confirmed that Alice’s address did indeed have the money she was trying to spend, the information about Alice’s transaction was recorded in a list of all recent transactions, referred to as a block, on the blockchain.

  The exact method used to add blocks to the blockchain was perhaps the most complicated part of the system. At the simplest level, it involved a sort of computational race between all computers on the network, modeled after the contest that Adam Back had invented for hashcash. The computer that won the race was responsible for inscribing the most recent block of transactions onto the blockchain. Equally important, the winner also received a bundle of new Bitcoins—50 Bitcoins when the network actually started operating. This was, indeed, the only way new Bitcoins could be brought into the world. The reward of new coins helped encourage Bitcoin users to set their computers to partake in the communal work of recording transactions.

  If there were disagreements about which computer won the lottery, the record of transactions that had already been adopted by the most computers on the network would prevail. If, for example, most of the computers on the network believed Alice won the latest race, but a few computers believed that Bob won the race, the computers that used Bob’s record of transactions would be ignored by other computers on the network until they joined the majority. This democratic method of decision making was valuable because it prevented a few bad computers from going rogue and assigning themselves lots of new Bitcoins; rogue elements would have to capture a majority of the computers on the network to do this.

  Alterations to the Bitcoin software, which would run on the computer of every user, would also be decided by means of this democratic model. Any user could make a change to the open source Bitcoin software, but the changes would generally be effective only when a majority of the computers on the network adopted the altered version of the software. If a lone computer began running a different version of the Bitcoin software it would essentially be ignored by the other computers and would no longer be part of the Bitcoin network.

  To recap, the five basic steps of the Bitcoin process were laid out as follows:

  •Alice initiates a transfer of Bitcoins from her account by signing off with her private key and broadcasting the transaction to other users.

  •The other users of the network make sure Alice’s Bitcoin address has sufficient funds and then add Alice’s transaction to a list of other recent transactions, known as a block.

  •Computers take part in a computational race to have their list of transactions, or block, added to the blockchain.

  •The computer that has its block added to the blockchain is also granted a bundle of new Bitcoins.

  •Computers on the network start compiling a new list of unconfirmed recent transactions, trying to win the next bundle of Bitcoins.

  The result of this complicated process was something that was deceptively simple but never previously possible: a financial network that could create and move money without a central authority. No bank, no credit card company, no regulators. The system was designed so that no one other than the holder of a private key could spend or take the money associated with a particular Bitcoin address. What’s more, each user of the system could be confident that, at every moment in time, there would be only one public, unalterable record of what everyone in the system owned. To believe in this, the users didn’t have to trust Satoshi, as the users of DigiCash had to trust David Chaum, or users of the dollar had to trust the Federal Reserve. They just had to trust their own computers running the Bitcoin software, and the code Satoshi wrote, which was open source, and therefore available for everyone to review. If the users didn’t like something about the rules set down by Satoshi’s software, they could change the rules. People who joined the Bitcoin network were, quite literally, both customers and owners of both the bank and the mint.

  But so far, at least, all Satoshi had done was describe this grand scheme.

  DESPITE ALL THE advances described in the Bitcoin paper, a week after it was posted, when Hal Finney chimed in for the first time, there were only two responses on the cryptography mailing list. Both were decidedly negative. One noted computer security expert, John Levine, said that the system would be easily overwhelmed by malicious hackers who could spread a version of the blockchain that was different from the one being used by everyone else.

  “The good guys have vastly less computational firepower than the bad guys,” Levine wrote on November 2. “I also have my doubts about other issues, but this one is the killer.”

  Levine’s concern was a valid one. The Bitcoin system Satoshi described relied on computers reaching decisions by majority rule. Early on, when there were fewer computers on the network, it would be easier to become the majority and take over. But Satoshi’s hope was that there wouldn’t be much of an incentive to take over the system early on, when the network was small. Later on, if there was an incentive to attack the network, that would hopefully be because the network had attracted enough members to make it hard to overwhelm.

  Another longtime veteran of the Cypherpunk debates, James Donald, said that “we very, very much need a system,” but the way he read the paper, the database of transactions, the blockchain, would quickly become too big for users to download.

  In the weeks that followed, Hal was essentially Satoshi’s only defender. On the cryptography list, Hal wrote that he wasn’t terribly worried about the attackers that Levine talked about. But Hal admitted that he wasn’t sure how the whole thing would work in practice, and expressed a desire to see actual computer code, rather than just a conceptual description.

  “This does seem to be a very promising and original idea, and I am looking forward to seeing how the concept is further developed,” Hal wrote to the group.

  Hal’s defense of the program led Satoshi to send him an early, beta version for testing. In test runs in November and December they worked out some of the early kinks. Not long after that, in January 2009, Satoshi sent the complete code to the list. The final software made some interesting tweaks to the system described in the original paper. It determined that new coins would be assigned a
pproximately every ten minutes, with the hash function lottery getting harder if computers were generating coins more frequently than that.

  The software also mandated that the winner of each block would get fifty coins for the first four years, twenty-five coins for the next four years, and half as much again every four years until 21 million coins were released into the world, at which point new coin generation would stop.

  On the first day, when Hal downloaded the software, the network was already up and running. For the next few days, not much activity was being added to the blockchain other than a computer on the network (usually belonging to Satoshi) winning fifty coins every ten minutes or so. But on Sunday evening the first transaction took place when Satoshi sent Hal ten coins to make sure that this part of the system was working smoothly. To complete the transaction, Satoshi signed off with the private key associated with the address where the coins were stored. This transaction was broadcast to the network—essentially just Hal and Satoshi at this point—and was registered in the blockchain a few minutes later when Satoshi’s computers won the next round of the hash function lottery. At that point, anyone who downloaded the software would download the entire blockchain up to the point, which included a record of the ten coins that Hal had received from Satoshi, as well as the fifty coins that Hal had won on Saturday.

  In the first weeks, other early adopters were slow to buy in. Satoshi was using his own computers to help power the network. Satoshi was also doing everything possible to sell the technology, responding quickly to anyone showing the slightest interest. When a programmer in Texas wrote to Satoshi late one night, expressing his own familiarity with electronic currency and cryptography, he had an answer from Satoshi the next morning.

  “We definitely have similar interests!” Satoshi wrote with innocent enthusiasm, before describing the challenge that confronted Bitcoin:

 

‹ Prev