Satoshi Nakamoto’s seminal bitcoin white paper was published ten years ago today. Here, to mark the anniversary, we publish an excerpt from Brian Patrick Eha’s How Money Got Free: Bitcoin and the Fight for the Future of Finance, a narrative history of bitcoin’s early years.
A feeble man can see the farms that are fenced and tilled, the houses that are built. The strong man sees the possible houses and farms. His eye makes estates, as fast as the sun breeds clouds. —Ralph Waldo Emerson
Bitcoin came into the world fully formed, like Athena from the head of Zeus. It was announced on an internet mailing list for cryptographers in the fall of 2008 by somebody calling himself Satoshi Nakamoto—an event that some day, if bitcoin endures, may rank in the annals of invention alongside that moment on March 10, 1876, when a former teacher of deaf children, Alexander Graham Bell, who had already helped his father to disprove the commonly held belief that the deaf could not learn to speak, followed this miracle by forcing electric current to carry the sound of a human voice.
Like Bell, bitcoin’s pseudonymous creator must have spent years on his invention, working long hours against long odds to give people something they didn’t even know they wanted. He did it all backwards, writing the code in order to convince himself that it was possible, that it wasn’t just a pipe dream, before writing the paper that laid out the concepts realized by the code. When a famous cryptographer, Hal Finney, asked him to provide a detailed explanation of the bitcoin protocol, complete with algorithms and details of the data structures involved, Satoshi said it would take less time simply to release the first version of the software. Like everyone else, he had seen earlier attempts to create electronic cash go nowhere, or hit a dead end. So enough with theory and spec papers, he figured. He didn’t just want to tell them it could work. He wanted to show them it would.
“I’ve been working on a new electronic cash system that’s fully peer-to-peer, with no trusted third party,” Satoshi’s announcement began. It was 2:16 p.m. Eastern Standard Time on the first day of November and he was telling everyone on the mailing list that he had figured out how to do for money what the internet had already done for information—set it free as bits and bytes, without gatekeepers, making financial transactions as painless as email. He wanted his peers to know before anyone else.
To explain his invention, Satoshi had prepared a white paper, in which he outlined the features of bitcoin that were technical advancements on earlier forms of electronic money. It would be decentralized, meaning that a network of people running the bitcoin software would assume the dual role of a mint, producing the currency, and a central clearinghouse, reconciling and recording transactions. This arrangement was revolutionary. Until the invention of bitcoin, nobody had managed to overcome without a trusted third party the central stumbling block of electronic cash, which was known as the “double-spending problem.” With physical cash—U.S. dollars, say—it is easy to prevent someone from spending the same bill twice. If you hand your friend a $10 bill, everyone can plainly see that she, not you, now possesses the $10. You have spent it and can’t spend it again. Moreover, cash transactions are irreversible: once you have given your $10 away, you can’t get it back without your friend’s consent, unless you take it by force. Because cash has a socially agreed-upon value, and because cash transactions are final, it allows two parties who don’t trust each other to do business—making it useful for criminals and other untrusting types.
Before bitcoin, the solution to the double-spending problem was simple, though with unfortunate side effects: employ a trusted third party.
Electronic money, on the other hand, is like any other electronic data; it can be copied and distributed ad infinitum. This is advantageous when you want to send an important file to your boss while retaining the original on your own computer, but it’s absolutely ruinous when you want to establish a payment system. Imagine sending $10 of digital money to someone to settle a debt. Because you still have a perfect copy on your computer, what would prevent you from spending the same $10 again and again? It would be like counterfeiting, only worse, because each copy would be identical to the original. Like a man who, much to the chagrin of his genie, has cannily wished for infinite wishes, the bearer of electronic cash would be the richest man alive—if only his digital wealth weren’t worthless, since nobody in their right mind would accept payment under these terms.
Before bitcoin, the solution to the double-spending problem was simple, though with unfortunate side effects: employ a trusted third party. This is the role played today by PayPal, Venmo, and every other online payment processor. The company acts as an authority to verify transactions, debiting a balance from one customer’s account and crediting it to another’s account, and keeping track in its central ledger of where the money goes. Users trust these services to keep an accurate record of transactions, so that no double payments are possible. In so doing, users give up control over their money. The third party—PayPal, say—can choose to reverse any transaction at any time, and can even freeze customer funds if it finds cause. The final judgment call rests with PayPal, just as credit card chargebacks are at the discretion of the credit card company. Worse yet, the security and integrity of the entire payment network depends on the company operating it. Even as the once-novel idea of “online shopping” gave way to a booming global e-commerce sector, then, there was still no way to replicate over the internet the direct, ancient, peer-to-peer experience of money changing hands, finally and irrevocably.
Satoshi Nakamoto devised a way for people to spend digital cash permanently, and for everyone else to be able to check the validity of each transaction. Each bitcoin, as it passes from one person to another, is digitally signed by the person transmitting it. A coin therefore becomes, in Satoshi’s phrase, “a chain of digital signatures”—a record of ownership, like a logbook signed by each person who has ever held the coin. When you wish to transfer to your friend a coin you received from Satoshi, your friend can verify that you truly own the coin by checking that Satoshi’s signature on the previous transaction is legitimate.
But this on its own, Satoshi knew, would not be enough to solve the double-spending problem without relying on a bank or other central authority. He went further, requiring that all transactions be publicly broadcast to the entire network running the bitcoin software, so that anyone with an internet connection, at any time, might check an enduring record of every transaction that had ever taken place. One could even, at least in theory, trace every single coin back through all its transactions to the moment when it was first created. (This would be difficult for a layman, and actions could be taken to obfuscate the source, but it would be possible.) It was in the rules of bitcoin creation—a process known as mining—that Satoshi pulled off his most impressive feat, simultaneously establishing a decentralized mint for the cryptocurrency and nailing the lid shut on double payments.
When one person sends bitcoins to another, that transaction is broadcast to every node of the network, spreading worldwide from its point of origin. Each node that receives the transaction broadcasts it still further, amplifying the signal, as it were, so that in a very short time the transaction has been acknowledged by the entire network. If that person were to attempt to spend the same bitcoins twice, the second transaction would likewise be beamed out to the network, but the first would have such a huge head start on the second that it would be all but impossible for the fraudulent transaction ever to catch up, like a runner trying to win the 100-meter dash after giving his opponent a 50-meter lead.
But now suppose that a minority of judges are unable to see the first runner, the one who is in the lead. They might think the second-place runner deserves the gold medal. Just so, it is entirely possible that some nodes on the network will receive the second transaction first and broadcast it as being legitimate. By then, however, a majority of nodes will have already accepted the original spend and begun processing it into a batch of transactions known as a block. When that block is completed, it is added to the public ledger—the blockchain—and everyone begins processing the next block. Each block builds on all the blocks that came before. Even if some computers are processing a competing block that contains the fraudulent transaction, the blockchain containing the original spend will end up being longer, because it has a majority of the network’s processing power building it. Soon, the entire network will accept the longer blockchain as the true blockchain. As long as honest miners control at least 51 percent of the network’s processing power, Satoshi wrote, “the honest chain will grow the fastest and outpace any competing chains.” The judges with imperfect vision can accept the majority decision of the other judges as to the winner of the race.
Those who understood it at its inception were astounded. Here at last was the solution to a problem that had bedeviled computer scientists for years.
Processing and verifying transactions requires tremendously difficult computer calculations, analogous to factoring prime numbers. To reward those dedicating computer resources to the difficult process of verifying transactions, Satoshi decided that whoever solved the complex math problems required should be given new bitcoins. It would be a winner-takes-all race by every active node of the bitcoin network. Every 10 minutes, the race would begin anew. Like oil or gold, bitcoins have a limited rate of production and an upper limit on their supply. Every 10 minutes, a new block of transactions is added to the blockchain; every 10 minutes, a new batch of coins is created mathematically, like gold dug out of the ground. But where gold miners use manual labor and heavy equipment, with bitcoin miners, wrote Satoshi, “it is CPU time and electricity that is expended.” The ultimate limit is 21 million coins, though each coin is divisible to eight decimal places, or 100 millionth of a bitcoin. Like an oil well running dry, the supply of bitcoins will one day be depleted. As with other commodities, Satoshi knew, this scarcity would tend to drive up the price over time, assuming people found it worth using. Through cryptography, he had found a way to emulate the properties of a physical commodity. In the words of The New Palgrave Dictionary of Economics, bitcoin “allows for the first time the final transfer, not the mere copying, of digital assets in a way that can be verified by users without trusting other parties.” Those who understood it at its inception were astounded. Here at last was the solution to a problem that had bedeviled computer scientists for years.
So far, so elegant. But if all transactions are public, what then becomes of financial privacy? Here bitcoin is counterintuitive. With a bank, privacy depends not on hiding the fact that you have an account at Wells Fargo or Chase but on keeping to yourself the amount of money stored there. Bitcoin reverses the relationship. Anyone can see how much money is being held at a given address, but nobody knows to whom the money belongs. This works because bitcoin addresses are strings of random letters and numbers, with no identifying personal information attached. This, too, was revolutionary, allowing people who neither knew nor trusted one another to do business over the internet without revealing their identities. Anonymous donations to nonprofits would be possible; so would hard-to-trace drug deals. Even if it were necessary to reveal some personal information in the course of a transaction, say in order to take delivery of a physical product ordered online, the customer could simply generate a new bitcoin address for each new transaction. With no single address revealing their purchase history, and nothing to link their several addresses to each other, they could maintain their privacy.
Cryptographers spend their professional lives studying and creating techniques to keep communications private even when they are being spied on. Their field sits at the intersection of computer science, mathematics, and electrical engineering. The best of them are not easily impressed. Before introducing bitcoin to his peers, Satoshi was surely braced for criticism. But he may not have expected the chorus of disbelieving voices that rose up to shout him down. “I’ve noticed that cryptographic graybeards tend to get cynical,” one member of the mailing list would later relate. “When Satoshi announced bitcoin on the cryptography mailing list, he got a skeptical reception at best.” One of the earliest respondents voiced doubts that bitcoin could scale up to meet the needs of a large population. But the writer prefaced his critical remarks in a way that made it clear he hoped to be proven wrong. “We very, very much need such a system,” he told Satoshi.
A resident of the San Francisco Bay Area, who uses the name Ray Dillinger in computer programming circles and has a background in software quality assurance, accused Satoshi of failing to account for the increase in mining power that improved computer hardware would bring over time. A well-known computer science principle, known as Moore’s Law, says that computer processing power tends to double approximately every two years. Faster computers would mine more coins than expected, leading to a glut of new money, driving down the value of the existing supply. (It is worth noting that the same thing happens when central banks such as the Federal Reserve increase the money supply, which is why $40,000 in 1975 had the same purchasing power as $176,221 in 2015.) An annual inflation rate of 35 percent for bitcoin “is almost guaranteed by the technology,” Dillinger wrote.
But Satoshi had accounted for that. He explained that his system was designed to keep coin production constant by linking people’s efforts to mine new bitcoins to the difficulty of the mining function itself. The more processing power miners brought to bear—in order to crunch the numbers quickly and produce higher yields—the more difficult it would become to solve the math problems that generated the bitcoins. Moreover, the difficulty was designed to increase over time no matter what, keeping pace proportionally with improvements in computer hardware predicted by Moore’s Law. That was how Satoshi could be confident not only of the total number of bitcoins that would ever be created—21 million—but of the number of new coins that would be created every year in the future, with the last fraction of a coin being mined in the year 2140.
He had noticed that governments and entrenched corporate interests were quick to demolish any threat to their monopolies, just as the music industry had prosecuted Napster, the early music file-sharing service. But how do you stop a leaderless network whose members are spread across the globe?
“The fact that new coins are produced means the money supply increases by a planned amount, but this does not necessarily result in inflation,” he told Dillinger. “If the supply of money increases at the same rate that the number of people using it increases, prices remain stable. If it does not increase as fast as demand, there will be deflation and early holders of money will see its value increase.” That last statement was particularly important because, almost like a pyramid scheme, it gave people an incentive to buy into the idea as early as possible. And it would prove to be prophetic.
Another objection was more fundamental. Satoshi, whoever he was, appeared to have built a financial weapon against central banking, against the ability of governments to issue money and regulate their economies, and was explaining to his peers, in a calmly confident way, its destructive potential. Who did he think he was, to act as if a mere 31,000 lines of code could cut a Gordian knot that had persisted for decades? And even if bitcoin was a game-changing invention, was it right of him to have invented it? After all, Satoshi didn’t put bitcoin to a vote. Like other creators in the internet age, he simply wrote the code and released it into the digital scrum of the Web, where it would flourish or not to the extent that people found it worthwhile. “You will not find a solution to political problems in cryptography,” one correspondent admonished. It was a charge that would be echoed in various forms and in various forums over the next several years, and one that Satoshi had surely anticipated. Bitcoin, he replied, would at least allow its users to “win a major battle in the arms race and gain a new territory of freedom for several years.” He had noticed that governments and entrenched corporate interests were quick to demolish any threat to their monopolies, just as the music industry had prosecuted Napster, the early music file-sharing service. But how do you stop a leaderless network whose members are spread across the globe? No one knew who Satoshi was. If there was no central, identifiable figure to serve with a lawsuit, or to arrest and imprison, the government would be at a loss for how to stop bitcoin.
By the fall of 2008, the folly of launching an alternative currency seemed obvious to most people. Although developed nations were moving steadily toward a cashless future, alternative currencies, much less true digital cash, anonymous and stateless, seemed like science fiction. The field was littered with the bodies of those who had tried and been cut down.
Excerpted from the book How Money Got Free: Bitcoin and the Fight for the Future of Finance. © 2017 by Brian Patrick Eha. Reprinted with permission from Oneworld Publications.