The term “Blockchain” is everywhere. Forums and presentations about the topic are guaranteed to enjoy a packed room. Producers commercialize suitable products for Blockchain development or based on its own. Big cloud providers offer Blockchain as a Service.
This post will explain the origin of Bitcoin and Blockchain through its history:
- 1978: Non-anonymous electronic money
- 1982: Online anonymous electronic money
- 1988: Offline anonymous electronic money
- 1992: Cypherpunks
- 2001: BitGold, minimizing the need for trust
- 2008: Bitcoin, replacing trust for consensus
Bitcoin and Blockchain
Bitcoin is a cryptocurrency created in 2008 by Satoshi Nakamoto, a pseudonym for someone who still remains anonymous. It’s based on the management of a common ledger of all Bitcoin transactions through the consensus of multiple nodes, known as miners. The executed transactions made in a determined period of time are grouped together, forging an information block linked to the end of a chain of blocks secured by cryptographic techniques. This mechanism is commonly known as Blockchain.
So far, this is everything you may already know, were you interested either in Bitcoin or Blockchain. What they are, how they work, and what they offer are frequently talked-about topics in any conference, article or YouTube video. But, how have we got to this point? Has this all been created from scratch by an unknown figure?
Blockchain is a step forward in the long-running history of applied cryptography, and it is supported in previous solid works. Satoshi skillfully used the investigation developed by many cryptographers to create an anonymous system of electronic money. Thanks to this effort, he has provided us with a groundbreaking cryptographic tool that will revolutionize many processes and applications in diverse areas.
Unfortunately, it is quite hard to find work references prior to 2008. In this article we will go through the story before the arrival of Satoshi and honor those who allowed him take this great leap forward.
1978: Non-anonymous electronic money
After the birth of public cryptography, and specifically the RSA signature technique, created in 1978 by Rivest, Shamir and Adleman, it became easy to comprehend that digital signatures could be used for electronic money creation. Let’s see, in a simple way, how:
1.A minting entity signs a serial number to assign value to it as a digital coin. That is delivered to Alice.
2. Alice uses the digital coin to pay Bob for an item.
3. Before accepting the payment, Bob verifies the mint’s signature and asks him whether that particular digital coin is valid or not.
4. If the verification is correct, Bob closes the transaction.
This protocol has some important risks:
- Because it intervenes in all transactions, the mint is able to know many details about Alice’s consumer profile and Bob’s clients. In other words, he has access to the complete payment flow history.
- If in the 3rd step Bob does not verify the validity of the coin with the mint, he could become victim of a double spending fraud. That is, the coin is a digit string and Alice can make infinite identical copies that would produce a correct verification of the signature: all copies would then become “cryptographically valid” coins. This is the reason why Bob must check with the mint, before accepting the payment, that this particular serial number has not been previously used.
1982: Online anonymous electronic money
In the Crytpo’82 Forum, David Chaum (www.chaum.com) presented the “Blind signatures for untraceable payments” lecture. In this document, Chaum identified how a system like the one described would become risky for personal privacy. As a solution, he designed a new cryptographic mechanism; blind signatures that avoided the mint to have knowledge of the coin’s origin. Let’s see the protocol with a metaphor on paper. These examples are transferrable to cryptographic operations.
1.Alice generates a paper document in which she includes a random serial number.
2. Alice introduces the document next to a carbon paper in a closed envelope that she gives to the mint.
3. The mint signs the envelope and gives it back to Alice.
4. Alice extracts the document from the envelope. It contains a valid signature of the mint and therefore becomes a valid bill, but the mint has never seen the serial number.
5. Alice goes shopping and pays Bob with the bill.
6. Before accepting the payment, Bob verifies the signature and confirms the validity of the bill with the mint.
7. The mint will consider the bill as valid if the signature is correct and if he hasn’t seen that serial number before.
8. If the verification is correct, Bob closes the transaction.
In the 4th step of this protocol the traceability of the payment is lost. The mint can only be sure of the validity of the signature, but has never known the signed serial number. Therefore, the mint cannot trace the bill received from Bob and signed for Alice.
We still have the double spending risk, which is solved in the 6th step via an online verification before accepting the payment.
Chaum’ system improved the mechanism and solved the two main risks at that moment.
1988: Offline anonymous electronic money
David Chaum, Amos Fiat and Moni Naor presented in Crypto’88 the document “Untraceable Electronic Cash”. On it, the need for online verification previous to payment is avoided. For that, in the creation of a bill, Alice’s identity is hidden and it can only be revealed by the mint entity if Alice spends one bill twice. So, if Alice makes a double spending, the issuer could penalize her. Let’s follow up with the metaphor:
1.Alice generates various bill candidates in a paper document that includes a random serial number and a code that hides her identity by means of a secret sharing mechanism.
2. Alice introduces each document next to a carbon paper in several closed envelopes and gives them to the mint.
3. The mint opens all envelopes but one, and checks that all documents have been done in good faith and include the hidden identity in the correct way. This is done so that cheating becomes risky for Alice. It is unlikely that Alice is lucky enough to avoid a fraudulent envelope from getting revised. If any of the candidate documents fails validation the mint will stop the process since Alice seems to be trying to cheat.
4. The mint signs the lasting envelope and returns it to Alice. Since the mint has checked the validity of many randomly chosen candidate envelopes it can be statistically confident that this envelope also contains valid a valid document.
5. Alice extracts the document from the envelope. This document includes a valid signature from the mint and therefore a valid bill, but the mint has never seen the serial number.
6. When shopping, Alice pays Bob with the bill. In this process Bob challenges Alice to execute a random operation based on the identity code. The secret sharing mechanism allows to calculate Alice’s identity from two different responses, but a single response discloses no information about her.
7. Bob verifies the signature and accepts the payment.
8. Later, Bob gives the bill to the mint.
9. The mint will consider the bill as valid if the signature is legitimate and the serial number has not been previously seen.
What would happen if Alice duplicates the bill on the 5th step?
She will be able to pay with the same bill repeatedly but, in the second payment operation (step 6th) she will be providing information enough to disclose her identity. Both answers from Alicia will be available to the mint on step 9. Her identity will be disclosed and the mint may enact punitive measures against her.
This protocol introduced a mechanism to discourage double spending without the need for online verification. It may seem as if the protection given by disclosing Alice’s identity is not good enough, but let’s have into account that current cryptocurrencies must be validated online. This protocol is, in that sense, more demanding than current cryptocurrencies. But in the 80s, permanent Internet connection was not common. Maybe we shouldn’t rule out the risk of our economy requiring a full permanent connection for the future digital replacement for cash.
David Chaum’s ideas had a lot of influence in the spheres of applied cryptography and social rights. Numerous protocols based on blind signatures were designed, improving David Chaum’s original proposal. The same concepts were reworked to develop other applications in which anonymity was important, like the case of the electronic vote.
The interest for the protection of privacy and other social rights, and their defense via the use of cryptography, gave birth to Cypherpunks.
We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.A Cypherpunk’s Manifesto
Cypherpunks was an electronic mailing list to which cryptographers, social activists and researchers interested in the protection of privacy in the digital era subscribed to. On this list, protocols and technical proposals, political and philosophical discussions were developed in an open-minded and collaborative environment with participants from around the world. Anyone who lived during the 90’s and was interested in this matter was into Cypherpunks. And most surely, Satoshi Nakamoto too.
2001: BitGold, minimizing the need for trust
Generally, all proposals related with electronic money were focused on improving David Chaum’s original idea of protecting the anonymity of the participants as well as avoiding frauds such as the double spending. But they all had a common nexus: they were based on TRUST in a third party. It was necessary to involve a third party who was not taking part in the payment: generally the mint. Overall, this role is known as “Trusted Third Party” or TTP.
After some time the concern for the need of this role arose. Nick Szabo became the first that drew up the concern in “Trusted Third Parties are Security Holes”, in 2001. Szabo suggests banishing the tendency of relocating to traditional solutions the more complex aspects in the design of a security system.
The best “TTP” of all is one that does not exist, but the necessity for which has been eliminated by the protocol design, or which has been automated and distributed amongst the parties to a protocol.Nick Szabo. Trusted Third Parties are Security Holes. 2001.
In 2005 Szabo came up with Bitgold, the first anonymous electronic money model that did not precise trust in a particular subject. In Bitgold, many elements that would later on be a part of Bitcoin were introduced:
- money is minted by system participants instead of a dedicated mint,
- usage of a proof of work and,
- the transaction record in a distributed network of nodes
Money creation in Bitgold follows this protocol:
1.A public bit string is created as a challenge (Check step 4, since it is a cyclical process).
2. Alice generates a proof of work string based on the bit string. A proof of work consists in making a complex calculus that requires a resource consumption to solve a puzzle. The solution must be easy to verify.
3. Alice registers the challenge string and her proof of work string to a distributed property title registry. This constitutes her new Bitgold. This registry, also a Nick Szabo design from 1998, consists in a set of servers that maintain Bitgold’s transaction record.
4. The last Bitgold string created by Alice serves to generate the next string of public bits from step 1.
The payment protocol is simple:
1. In order to pay, Alice requests a change of ownership of her Bitgold in the registry, making it belong to Bob. To do so, she signs her Bitgold string along with Bob’s public key and sends the message to a minimum number of servers (determined by design) of the distributed property title registry.
2. Bob verifies that at least that minimum number of servers have accepted the transaction and consider him, therefore, as the current owner of the transferred Bitgold string.
3. Bob accepts the payment.
Bitgold eliminates the need for trust in single participant, replacing it for trust in a set of nodes that do not necessarily have to be submitted to a unique administration. The system is safe if there is an honest majority of nodes.
This model also presents certain issues:
- Money is created by users willingly and according to their capability to solve the proofs of work.
- Every operation (minting or payment) needs to be processed by more than half of the system’s nodes, which constitutes a scalability problem.
- Participants must trust the distributed property title registry and its honesty is not guaranteed by the protocol.
- Anonymity and untraceability depend on the implementation.
2008: Bitcoin, replacing trust for consensus
On the 31th of October 2008, Satoshi Nakamoto published on the mailing list “The Cryptography Mailing List”, heir of Cypherpunks, a message that went by:
With the design of Bitcoin, Satoshi managed to eliminate the need for trust on any participant. In Bitcoin, TRUST is replaced by CONSENSUS. It is a subtle yet fundamental change.
In Bitcoin, trust is replaced by consensus.
Bitcoin’s most susceptible users just have to verify the protocol and its implementation. No need to trust no one. Bitcoin unites:
- A universally defined mechanism of coin minting by the system
- A protocol that boosts participant nodes to act honorably and,
- A relatively scalable system in which transactions require communication with limited nodes
I have discussed in this article the past of Blockchain. The original question was: was Blockchain invented from scratch anonymously?
We do not know who Satoshi is. If this figure has remained anonymous so far, it is unlikely that it will go public either now or in the future. Personally, I think it must be someone who took part in Cypherpunks or The Crytography Mailing List for a long time and with more assiduity than he showed with this pseudonym. Satoshi built Bitcoin through the knowledge and concerns present in those mailing lists. The wisdom with which Satoshi combined different concepts to generate Bitcoin shows an ability hardly achieved.
One of the most rumored candidates is Hal Finney. I was lucky enough to meet him in the 90’s, in Cypherpunks, and he offered to help in my studies via chat or email. Hal explained his relationship with Bitcoin and Satoshi in many occasions. If the spirit of Cypherpunks was collaboration, Hal was its fiercest exponent. For me it is coherent to think that when Satoshi made his proposals in The Cryptography Mailing List Hal stepped in to help. I always had the feeling that Hal was an extraordinarily honest and gracious person. For all this, I believe his explanations are frank.
If the spirit of Cypherpunks was collaboration, Hal was its fiercest exponent.
I hope I have been able to shed some historic light about the evolution of anonymous electronic money. An aspect that is certainly overshadowed by the interest of the present and future of Blockchain and Bitcoin.
Satoshi designed the Blockchain technique to address non-solved problems by people who had previously put the effort in developing anonymous electronic money systems. The great virtue behind Blockchain and Satoshi’s work is eliminating the need for trust in the interaction between system participants, thanks to the design of the protocol.
Bitcoin and other cryptocurrencies are examples of Blockchain’s usefulness in a specific use; but from a wider perspective, the new paradigm that Blockchain represents is allowing to revolutionize numerous applications and processes because it offers security and automation without the need for trust in an individual or an entity.
In this sense, Blockchain is a step forward in the evolution of applied cryptography and in the efforts to bring the ideals of Cypherpunk to reality.
- Interested in Blockchain? Keep reading: Using Blockchain for file transfer. Case Study.
Author: Jaime Gómez García
Illustrations: María José Ruiz Félez
Thanks: Cynthia Serna Box, Alba Molina López, John Whelan and Steven Roose
Santander Global Tech