Exploring The Origin Of Bitcoin – Bitcoin Magazine

Watch This Episode on YouTube

Listen To This Episode:

[00:00:07] AG: Hello, everyone.

[00:00:09] CK: What's up, Alex? How's it going?

[00:00:11] AG: Going very well today. Very excited about this.

[00:00:15] CK: Me too. Let's get Adam in here and I'll go ping Aaron really quick. Rizzo is going to be a little bit late. He has a bit of a refrigerator emergency, it seems. Yeah. Can we get P up as a co-host, too, Eli? Thank you. Let me go ping Aaron really quick. Gladstein, if you don't mind following up really Oh, here's Aaron. If you don't mind following up really quickly with Adam, that'd be fantastic. P, I don't know if you want to do some schilling for the conference while we try to get settled in here. Or not. I guess, I could do it. That's fine, too.

[00:00:46] P: I was going to say, yeah, man, we talk about it a lot, but this conference is going to be the best Bitcoin experience you could possibly have. It's going to be a combination of the best thing that's ever happened in your life, and also Disneyland, and also Twitter Spaces/Clubhouse, all the best conversations. There's going to be stuff everywhere. It's going to be the thing where even over two full GA days, you're not going to be able to see all of the amazing stuff that's going on.

Lightning is going to be a major feature. Everything else that you'd expect is going to be there. Everyone you'd expect is going to be there. If you want to buy a ticket, if you haven't already, first of all, shame on you. Then, second of all, you can use the conference code HFSP for have fun staying poor, and that will get you 10% off.

[00:01:27] AG: Okay. Adam's coming in shortly. Aaron, I figure maybe we can steer this conversation together and maybe rotate questions. I think it's important for people listening to know that Aaron is basically a historian of early Bitcoin technology. I've tried to do a little bit of that myself and we're going to have here someone who is essentially, one of the founding fathers of Bitcoin. You could think of it that way. I think, we got to start at with the beginning. Adam's here, so we'll get him up and we'll get going. Adam, welcome.

[00:02:00] AB: Hi. Hello, everyone.

[00:02:02] AG: Thank you so much for being here. We have Aaron from Bitcoin Magazine. I think, Aaron and I will just start to steer a conversation with you, Adam, that takes us from the beginning to today. It's ambitious, but we really want to start at the beginning. Let's go back to the late '80s, early '90s, to the beginnings of the crypto wars and the beginning days of the Cypherpunks.

Would love to hear Adam, if you could just give the audience today some color as to what that was like, and what was the big battle at the time and what intrigued you to start joining the list and contributing?

[00:02:36] AB: Yeah. What intrigued me to join the list, the Cypherpunks List and get interested was the release of PGP, email encryption program. You could use it to encrypt files as well. And the change in the balance of power that brought about that individuals could coordinate online and exchange messages that the establishment and the spy apparatus couldn't decrypt. That caused quite a lot of discussion about the gradual change in the balance of power.

I happen to be aware of that RSE encryption algorithm that PGP is That's the main building block is this public key cryptography technology that had been invented in the late 70s. Because a friend of mine who's doing a master's degree while I was doing a PhD was trying to implement faster, because CPUs werent as fast back then. RSA was CPU-intensive. He was doing it on a distributed system, like a system with communication at work and many cause. We were both working in distributed systems. My PhD was in distributed systems.

Yeah, I thought that was a very interesting and intriguing combination of positive, societal value and mathematical cryptography, computer science. I went to see where people were talking about such things, and find out where people are talking about that and further things you could build on it. I found the Cypherpunks List and certainly, people were interested in a lot of related things, like disk encrypted, anonymity and privacy, so how Finney is well-known in Bitcoin circles, was already active.

At that time, there was a remailer technology that would provide you with anonymity to post, to send emails, or post on the discussion list, basically by sending your email through multiple hops. It didn't have any encryptions. Somebody who had the ability to read everything on the Internet, or a lot of things on Internet, like the NSA and GCHQ. People like that were probably be able to do, would be able to tell where the message came from.

How Finney implemented P2P encryption into that remailer technology, so that it would be a lot harder. Well be looking at messages. They would be encrypted. Then there was a batching, so that each remailer would receive, let's say, a batch of 20 or 50 mails, shuffle them and send them out again, so you wouldn't be able to tell which email, in corresponds to which email. I dont know, if you're watching it as a black box. That technology improved over time to become Mixmaster, which was a way to standardize, to make a fixed size message chunks, so that you couldn't tell which message was which based on the size, which was in case, the original one.

[00:05:24] AG: Adam, it's interesting for us to reflect back on the fact that a lot of the contributors, to what would later become the Bitcoin Project started in the privacy space, and they were obsessed with privacy and intrigued by it. I guess, the background for the audience would be that cryptography used to be the domain of the military and of governments.

As you mentioned, that late '70s, academics in various places, but especially at Stanford came up with this idea of public key cryptography, which about a decade later was actually implemented in a way that made it easy for PC users to exchange private messages beyond the control of spy agencies.

As you mentioned, Hal Finney, who was essentially, the first person to receive a Bitcoin transaction from Satoshi was an early, I think, the second PGP contributor technically. You have a lot of people like yourself working in this space before it became about money. I don't know if Aaron wants to weigh in on that transition as well. Would love to just focus in on this a little bit, this provenance of the people who fought for digital cash and how meaningful it was that they started out as privacy advocates.

[00:06:29] AVW: One of the interesting tie-ins here is that Adam Back just met the remailer system. One of the problems that the remailers were facing was at that time, spam. Anyone who was operating a remailer was essentially doing it as a free service, but that free service was starting to be abused. That's one of the reasons why the Cypherpunks started to look into, how do you make it, so that running such a system, running a remailer is actually incentivized. For that, you might need some digital cash system and a post-its scheme, right? You're paying post-its to whoever a form of post-its to whoever is running these servers.

That's, at least, one of the reasons why the Cypherpunks started to think about that, including Adam, very specifically, of course, with Hashcash, which was meant to be an anti-spam system to counter exactly that spam that the remailers were facing. Maybe Adam wants to expand on that.

[00:07:27] AB: Yeah. As you said, the remailers were volunteer of things and it was not without legal risk. Sometimes people would send something threatening, or obnoxious to the remailers, and the authorities would come to the exit remailer. The last one in the hop that would actually send the email and try to push them to reveal the previous hop. Of course, they wouldn't know because there's no logs and it's encrypted and stuff like that. Nevertheless, I think the EFF maybe ended up helping defend a couple of people in that position, but there were lots of them and when one failed, another one took over. There were 50 to a 100 of them at various times. I operated one for a while, which I rented a shell account from a one-man ISP, basically, that was in Switzerland at a time when I was living in the UK. I had some jurisdictional complexity to it, to make it more difficult to work your way back.

Just figured that I would operate it, until such time as there was a major issue. Then I would shut it down and that would be most likely the end of it. That's actually how it progressed. It ran for a few years, some years. Then the Swiss Federal Police turned up at the fellow whose many ISP it was and demanded to know more. He told me and I switched the remailer off. I don't think either of us heard any more about it. We don't know what threatening email was sent, but it was shut down and it did its job for a number of years. That was the remailer.ch was the domain. I bought a Swiss domain for it as well.

[00:08:56] AG: I was just going to ask Adam, before we get into your practical implementation of and thinking about how you would address this issue of spam with remailers and improving that, can you give us insight in just the cultural moment, like science fiction authors had started to write about e-cash. You had David Chaum and his team out in Amsterdam around 1990, starting to work on DigiCash. Was there an excitement among privacy advocates about the idea of government of cash beyond the control of governments? Was that something that immediately interested you, or was that only something that came later for you?

[00:09:29] AB: Yeah. That was a were different applied crypto and perhaps, enhancing technologies as they were called. There were a conference series on that. Of course, the Cypherpunks list itself, which was very applied. Now, that'd be more interested in writing code than writing papers.

Apart from disk encryption, email, encryption, anonymous messaging, pseudonymous messaging, so that you could receive a reply, like reply with a remailer, that was another piece of technology they built, various people in the Cypherpunks list. Steganography was another one, so that you could hide an encrypted message in an image and people wouldn't be able to tell, but it was a message, even without the keys.

Electronic cash. I think really, electronic cash was the elusive one. It was the hardest thing to build. It's very difficult to know how you would bootstrap it. Cause people originally assumed that you would need a partnership, or service from a bank to send money in. Then you would have electronic cash tokens that you could transfer between users very anonymously and then convert them in and out of fiat at some point in between. People were very excited about building that, but it was a very difficult thing to build. DigiCash tried to commercialize that. They implemented the technology. Divisional technology dates back to a 1985 paper by David Chaum, called 'About Blind Signatures'.

It's quite elegant and a simple piece of technology, but it started the strongly private electronic cash, which could be both sender and receiver anonymous. It was a centralized protocol. It went through a central server that was your double spend database. There was no way to audit it, so you had to trust that central server to not create more coins than there were fiat in a bank account. They operate a demo server. People try to bootstrap of value actually, because they said that there'll be no more than a million of these currency units. They would email you, somewhat like a Bitcoin to force it. You could email them and they'd send you a few coins. They promised, there'll be no more than a million.

[00:11:32] AVW: Yeah. To be clear, sorry for interrupting, but just to make it clear to the audience, this is basically another The first one that you just mentioned that essentially had to be backed. Then they also had this demo version, the cyber box, which they just promised, there will only be a million of this. It basically had no value. I think, that was their intention. It was just a demo thing, but they said there will only be a million.

[00:11:54] AG: We're talking about David Chaums DigiCash company and the currencies that they were issuing in the early '90s.

[00:12:00] AB: In fact, their thought was, this is like a Bitcoin test net right. Don't place value on these, but you can play with them. We will issue a million of them. I don't know why they thought of that, but it created a scarcity concept. A number of people on the Cypherpunks had a go at selling, but just selling things for them. We figured it's only, like there weren't that many people involved, but it's only a million dollars. If we just treat them only a million units, if we treat them as dollars, as a starting point and just sell things, well, and if enough of us do that, maybe it will bootstrap a value.

People had a go at doing that. I had some t-shirts, which were actually about the export restrictions on encryption software. Had a small implementation of RSA on the t-shirt, which was short enough that you could type it in. Thats the protest at the silliness of that restricted that export restriction from the US.

I was selling those online anyways, so I figured out I'll try selling them for these DigiCash demo coins and other people did similar things. Before we got very far in this rogue, unauthorized experiment, the DigiCash went bankrupt and the double spend database went offline. Now, you wouldn't be able to tell if your coin you, wouldn't got to prove to somebody else that your coin was valid or not, because the way you spend coins in the system is you send them to the person and they check if they're valid by a redepositing them on the server and getting a fresh coin as all the server was gone. That was the end of that.

[00:13:26] AG: If I'm not mistaken, when you originally released the Hashcash concept, which we'll get into, you mentioned at the time that DigiCash type projects may run into trouble. In the meantime, maybe this could spark some parallel structure that could help, in the meantime. I think, it's also worth noting that the creator of Bit gold, and Nick Szabo, he was also contributing to DigiCash.

It seems like, quite a few of you who ended up contributing to what later would become Bitcoin were intrigued by DigiCash, but then saw the problem with the centralized mint. Then, that was the next great challenge. Is that correct?

[00:13:58] AB: Yeah. I think, this demo server didn't have the banking connection. Then, the fact that it was centralized and failed showed and perfectly to people that this single point of failure was a problem, and it wasn't going to be a very robust electronic cash system, even if they did get a banking service. There wasn't a demo server that was real dollars, or something. That started people thinking about whether you'd be able to distribute it, distribute it, double spend database.

Im not quite sure of the sequence, but in any case, I was operating this remailer and this is how I came about with Hashcash and then these distributed versions of Hashcash design concepts came about in the next year after that. In 97, I was operating a remailer and dozens of other people operate similar remailers. There was some systematic spam, which was not commercial spam, like not trying to sell Viagra pills or things like that, with incredibly low success rate, but email is essentially free. These were just nuisance spam. It would just be random numbers and sent to Usenet, which is a very distributed broadcast chat system. That's still around, but less popular. It magnified the denial of service. They could send some random numbers through a remailer, remailer would send it to Usenet, Usenet would broadcast it to thousands and thousands of sites around the world.

Then, the system of administrators of those sites would get annoyed about the spam. I suppose, the people doing it wanted to create a backlash against privacy. They were hostile to privacy. This was our operating theory. The spam was trying to discredit remailers and create a system administrative backlash, so that they would try to block the remailers as exit points, as send us to Usenet or something like that.

It caused me to think about, normally at that time, and still, anti-spam is done by just blocking IP addresses, centers. Of course, you can't do that with anonymous system, because the whole point is you don't know who the center is by design. It caused me to think about it in a different way, which is what's the real problem. The real problem is it's free. It's a pity that DigiCash didn't make it. Credit cards, or credit card processing was difficult and centralized and not everybody has one.

[00:16:10] AVW: There was one more problem, if I can jump in real quick. Because I want to ask, I want to ask if you remembered this. You mentioned the problem of centralization of DigiCash. There was another problem, which was that it was patented. This was a huge source of frustration for the Cypherpunks, including yourself. I've read messages of you, where because the Cypherpunks had this idea that, you have this really cool technology. The way to improve this, and the way to actually make this work is to let people experiment with it and let people figure out how to make it work better, but that was actually blocked off by these patterns. At one point, you grew so frustrated that you offered on the Cypherpunk list, let's just by this patents then. Do you remember this?

[00:16:50] AB: I'd forgotten that. But it was definitely a point of contention and there was a party when patent expired. It was the first upfront cash patent to expire, because it was so early. Its where that spiraled sometime after 1985. Around 2000

[00:17:04] AVW: I think even earlier, Adam, I think the original paper was 1980.

[00:17:10] AB: Could be. The blind signature paper?

[00:17:11] AVW: The paper that's referenced as Big Brother. I'm not sure. He had a couple, of course. But I think the earliest digital cash proposal by Chaum was 1980.

[00:17:20] AB: Ah, youre right. Here we go. 1983, blind signatures on untraceable payment. There you go. Yeah. I guess, after the 20 years or whatever the rule was like, that the patent associated with that, which presumably was great sometime after it expired and there was a party for the expiring of it.

Before that time, people were trying to think of different ways of achieving the same result. There was another, actually better scheme by somebody another cryptographer who was actually David Chaums PhD student; a friend of mine, Stefan Brands. He got to discrete local way of doing the same thing, which is more flexible and powerful, but unfortunately, it also patented it.

Yeah. I think, part of the problem with patents is that for Internet protocols, the ITF Internet engineering task force likes to have royalty free and patent technology, because it presents a barrier to adoption. I think, it's actually counterproductive to patent something. Their argument of patenting is well, they can use it to present to investors to raise money, to commercialize and build the technology, but it tends to do the opposite, which is, after DigiCash went bankrupt, it was bought by a large company and put in a big patent portfolio and never used until it expired. That was the end of that.

[00:18:31] AG: Before we get deeper into what the next e-cash projects were, when we spoke, you talked a lot about how you were maybe disenchanted by the mainstream approach to fighting the surveillance state, which started to emerge in the '80s, which said that maybe we should just ask governments to stop it. You basically said, there's this other option, which is we could just seize our rights with code.

Could you talk a little bit about that strategy and how the Cypherpunks, basically, took a different line than others who are also concerned with the surveillance state at the time? Just the two different strategies of lobbying the government and trying to work to make better public money, or better public communications versus creating open-source alternatives?

[00:19:14] AB: Yeah. In a lot of cases, you would actually have right and legal sense, legal and regulatory sense, but they will be ignored, or eroded online. The other thing is, when you want to improve the balance of power for the individual, if you ask permission from the establishment, the answer is going to be no. You're getting mission creep from establishment and government and regulators. It has its own inertia. Typically, the way that things work out in practice is, society reaches a new norm. The archaic laws say, it's illegal to do things, but 90% of the population are doing. Eventually, its an egregious test case and they havent turned it.

There are various people victimized by these archaic laws in the meantime. You can view the legal landscape as a trailing indicator of society's views and it never almost never leads. That, from that perspective to affect change, it seems like, society is led by adoption, innovation and just doing things becoming popular, and eventually, the laws will catch up, your regulations will catch up.

On the one hand, a lot of these things, the rights to freedom of association, freedom of speech and things are entrenched in laws and regulations in many countries. Nevertheless, the online trend was actually depriving you of those. The way to raise it up to a certain is to protect them with cryptography. That's what the segments were about. Certainly, this concept of just building it and don't ask permission was something that to me and John Cornwell, who were some of the Cypherpunks co-founders and Eric Hughes wrote about Eric Hughes wrote a Cypherpunks manifesto. I think, it says something pretty much explicit along these lines like, We don't care what you think we're going to build and do, or something like that, paraphrase.

Yeah, that's that direction. You can see a more modern version of that. Well, that's old news now. When Skype first started doing online audio and video voiceover IP things, the telecom regulators and the telecom companies, many of which are government-owned, hated it, because it was going to erode their long distance egregiously expensive, long-distance calling plans. They lobbied against it. Skype didn't try to become a telephony provider and get all the licenses internationally. It just built the app and went for it and dealt with the legal attacks behind their backs. That just became too popular to stop and say, the online use of voice things, effectively, such as were doing now, you got to be effectively able to bypass a lot of restrictive telephony rules.

[00:21:44] AG: What was it like to watch the gradual concession, essentially, or defeat of the US government and the Clinton administration with regard to the clipper chip and basically, its plans to try and penalize, or criminalize citizen cryptography, over the decade, over the '90s? What was it like to be a part of that and watch that?

[00:22:04] AB: Yeah, it was interesting, because in principle the restrictions seem laughably pointless, because the fact, too, everybody had all the encryption software they want, and the Internet has no borders. As John Gilmore had observed, actually one of the Cypherpunk co-founders, the Internet view censorship was damaged and routes around it. That's famous quote that he said at some point.

The fact that people were using it using encryption software and encryption libraries, and some of it was written internationally and not in the US it seemed frustratingly stupid, but I think the pragmatic, kind of what the US national security apparatus, like the NSA and their counterparts in other countries. In some countries, there were also restrictions. Mostly not. Was actually to impede the adoption of encryption. They knew that it wouldn't stop it, cause incidents porous, but they figured that it would be harder to inter-operate and harder for companies to make encryption related software available for download. It would just slow adoption, and more encrypted things with less control. That's why.

It became an impediment to finance, basically. Eventually, it was overturned, because enough companies lobbied. The US has a strong free speech and anti-censorship, or printed books. For example, some people have printed the PGP source code in some thick books, but some people in Europe scanned. There wasn't really much they could do about it, because they couldn't quite bring themselves to ban a book. That would have been difficult politically. It made a bit of a mockery of the whole situation until they gave up.

[00:23:38] AG: Would you say that the to whatever extent that US has a free society, relatively speaking, that made a difference then in terms of the courts, the judges vis-a-vis had this happened in China, or some other country. Maybe that did matter.

[00:23:51] AB: I mean, it was certainly a correlation between the civil rights records, independence of courts and the freedom metric the metrics for countries being civilized places to live in, where you have rights and you can rely on courts. Countries on the worst end of that would be the ones that would have in place a ban on encryption, and some anomalies, like France had one, the US had one. Other places in Europe didn't.

I think, it seemed like the strong precedent for not censoring written and spoken speech in the US health, because people, basically, transferred, they blurred the line between software and speech by printing it in books. In my case, putting it on a t-shirt. There are a few people who've got a tattoo of that program as well, because it was three lines of space optimized pole code, basically. The point was to make it as small as possible to show how silly it was that this could be restricted.

[00:24:47] AG: Aaron. Just going to ask Aaron, if theres anything else you wanted to hit on that, the crypto wars before we move on to other digital cash projects?

[00:24:54] AVW: No. Let's move on.

[00:24:56] AG: All right. Adam, we have this decade between the failure of DigiCash, or creation of Bitcoin, or little more than a decade. Obviously, you were continuing to work on digital cash projects. You kept looking at your own Hashcash design. We had Wei Dai. We had Nick Szabo and then we had Hal Finney all come out with interesting new concepts. There was still this, again, decade plus gap. Can you talk to us a little bit about this gap and what was happening there and what you were up to on the digital cash front, let's say, from the late '90s, till you got that email from Satoshi?

[00:25:27] AB: I would say that, Hashcash itself was a stop gap, because it wasn't really re-spendable, but it did impose a cost. It had a metering benefit, and it was anonymous, because you could just mine them yourself, like freshly mine Bitcoins anonymous. Hashcash stamps were anonymous, and it was very scalable and distributed, because there's the double-spend databases are tiny ones on the recipients, so if we scale. It was interesting that it seemed like, multiple people recognized almost immediately that Hashcash could be an interesting ingredient in trying to decentralize the electronic cash system, like DigiCash, like that.

People were commenting within the next day, that looks digital gold, it's got some scarcity. There's a cost associated with making it and yet, it's electronic. It started a multi-year conversation about how to on the Cypherpunks list, mostly, about how to control inflation in it. People were worried that if you build a system that was based on it, as computers get faster, you'd get hyperinflation. That people struggled with how Bitcoin solves this is where the difficulty just then, but nobody figured out at the time.

By the next year, so it was 97. By 98, there were two proposals by one by Wei Dai called b-money and one by Nick Szabo called Bit gold, which were candidate solutions for this, which were, somewhat decentralized, but lacking enough detail to implement and involving some human, or market judgment. B-money had basically, supernodes, so people would run servers and vote amongst themselves how many coins would be mined, or the cost of mining coins in the next month or something like that. Nick Szabo had the other idea, which was just, you make stamps and let people make them as fast as they want. If a lot are made in a month, those are not rare. A few are made, they're rare. Then, you assemble a standardized bundle of stamps and that becomes acquaint standardized by total scarcity of it or something.

He envisaged a collectible market, like physical stamp collectors. There are people that specialize in making a fixed value book out of a mixture of scarce and non-scarce stamps. Its complicate and indirect. Also, in the b-money case, hard for both cases, hard for a piece of software to automate that, that involves human judgment in both cases. In my mind, that's one of the key things that Bitcoin solved, because if you look at the b-money and Bit gold discussions, particularly Nick Szabo had written about a lot of related things. He'd actually, originated the idea of smart contracts five years before Hashcash, or pria, something like that.

He talks about in a distributed database, by sometime general's problem, the coordination problem and using Hashcash to create stamps and b-money uses Hashcash. Basically, the realization was as Wei Dai put it, you could have an electronic cash system without a banking interface, if you could mine the coins into existence. All of these systems, b-money, Bit gold and Hal Finneys RPOW used proof of work to mine coins.

I think, the 98 to 2004, actually, I did try continue to try to find solutions to a lot of these things. In my spare time, I actually worked for zero-knowledge systems in Canada around 99 to 2001. They had licensed Stefan Brands electronic cash system, which is another very private electronic cash system. They made an implementation. There's also a central server model. I tried to find a way to make that offline re-spendable. It turned out that the idea I hit on was actually already discovered by somebody else. Described it to Stefan Brands and he said, Oh, yeah. There's a footnote in this page of his thesis that describes it. At least, I found something.

That was still a reactive security model and relied ultimately on a central server. Basically, it was hard and nobody found a solution. Then Hal Finney in 2004, made use of a new technology, which is the trustworthy computing. A lot of people weren't very keen on trustworthy computing, because it meant that there was a hypervisor in your CPU, or connected to your CPU that could run code that you couldn't inspect, or modify. It was intrusive in a way and controlling. You couldn't fully program and control your machine anymore.

Hal Finney found a way to use it to security advantage, because you could make this thing called a remote attestation, which would prove to a third-party what software was running in this hypervisor. That would allow you to trust it, assuming that the hardware vendor hadn't colluded with a server operator to extract the keys from the hardware, and the hardware generated its own keys, a little [inaudible 00:30:07] device. He bought one of these things and implemented RPOW.

Basically, he built a Chaum electronic cash server, where the way you would pay for cleanse, it was not with fiat, but by sending it Hashcash stamps, and then it would send you a Chaum coin and you could re-spend the Chaum coin by giving it to somebody else, who would check if it's valid against the server that he ran. It indirectly solved the inflation trust for the server, because you could be sure that the server wouldn't create more coins than work was done, because you could audit the code and the code would prevent that. That was interesting innovation. Unfortunately, it's also has the centralization.

[00:30:46] AG: Aaron, do you want to just you've explored and written a lot about this time and these innovations. Do you want to color in some context for the audience on these kinds of success of innovations that built on each other?

[00:30:57] AVW: Let's see. One thing about RPOW that's interesting. It didn't solve the inflation problem that was mentioned. I think, that was something that Hal Finney at that time, just skipped over. You have to double spend inflation in a way, if you double spend, you're creating more coins. Then you have the other type of flip-flaking, which Adam mentioned, which is computers got faster over time. Hal didnt solve the second. Maybe that was a longer-term plan for him, but that was still a weak spot in RPOW. No, I think Adam gave a very good overview. I'm not sure what else to add to that.

[00:31:29] AG: I guess, what I want to get at here is that you start to see this concept of scarcity come in, and there's been this tension between privacy and scarcity, always. Not just technologically and from an engineering trade-off perspective, but also culturally, because it seems like even today, a lot of the privacy community is hostile to the scarcity component of Bitcoin.

Going from 2004 to 2008, Adam, we have Satoshi reaching out to you, not after a surveillance scandal, but in the middle of the great financial crisis. Indeed, a few months later when he launched, or whoever it was launched the actual software in the Genesis block, there's a critique of a central banking in there. Could you talk a little bit about how Bitcoin merged these two ideas, or communities together, Adam?

[00:32:18] AB: Yeah. I think, actually, maybe Hal Finney and Nick Szabo were a bit interested in hard money, like gold, and I had some interest in a return to a gold standard, that kind of thing. Most of the electronic cash systems, which just assuming previously, that you would connect it to fiat with a bank. Doing the proof of work to get into it, it does create the opportunity that there can be independent scarcity. The system can run under its own steam and it can create scarcity control in the supply curve, and that's what Bitcoin does.

If you make that leap, which nobody did before Satoshi, that you could just control the supply curve of direct production of new coins, and a distributed system could do that all by itself without reference to human concepts. What is a dollar? What's the price, that kind of thing? That can be all outside the system. Instead, it could be all automated. Then, you just see what the market does, right? The market will adapt and that will indirectly control the amount of work that's done, but it weren't very dim out coins that created. There's very interesting concepts.

I think, that certainly, Bitcoin was novel and different to the previous systems in the way that it uses proof of work to solve the race condition tiebreaker of the Byzantine General's problem. Basically, that it's distributed system. There's no one in charge. It's not even clear what is accurate time, what time is it right now? That's not clear. People got to lie. Yet, you have to coordinate which of transactions gets processed and ensure that nothing gets undone and redone.

The way Bitcoin uses proof of to address that was all new. Bitcoin has a lot less privacy than the previous electronic cash systems, and the security model took getting used to for academic cryptographers. I would say, the first few years of Bitcoin's interaction with academic, like mathematical cryptographers was rough. They thought it was not very good. They thought it wasn't very private, because there was a idealized, mathematical set of assumptions about how electronic cash system should look.

There've been dozens of incremental improvements over the years that included the visibility of clients. Always the same privacy assumption that Chaum and Brands had. Bitcoin didn't have any of that. Each coin is like a pseudonym, so you can link the history of coins a bit, without names attached, but it didn't have this unlinkable payment privacy. The security assumption was also a little different. Looking at it from that time period, people would assume that it's pitting the good guys against the bad guys. If the bad guys had more money, or more hash rate, they could overwhelm the system and undo transactions and steal things, stuff like that.

It took people a while to get used to that, bounce of things. Of course, with Bitcoin itself to have a market price at all, the first few years, there was no price ranges. People are doing it as a hobby, for amusement, and a bootstrap event somewhere on the

[00:35:22] AG: I think, we'll dive more into the goal of trying to make Bitcoin more private. First, it would be remiss for us to not ask you to reflect on the day you got this email from this person you ended up a few months later being one of the eight citations in the Bitcoin white paper. Obviously, this person thought what you had to say was useful. Can you just walk us through what it was like to get this email? Did you initially ignore it, or downplay it, or were you like, Huh, this is really interesting?

[00:35:50] AB: I'm pretty sure that the design and most of the implementation was probably already done at that point. The paper was there. From time to time, people will say that, such and such person helped Satoshi. It seemed like, as far as I know, I'm the first person to get an email and he'd already built it. He did it by himself. As far as anybody knows, it was one person. I wouldn't really claim to having influence design, because the design is already built. What he did cite was Hashcash. Bitcoin uses that as the proof of work mechanism and as the type, as a way to finalize and submit transactions under large amounts of work. To create a finality guarantee and distribution system and a risk condition, a tiebreaker, or things that happened by accident at the same time.

The email thread was really just about talked about this online. There's a guy called Gwen who has a blog and he's collected some of the emails from Wei Dai and other people from that time. Basically, he was trying to cite things, and so he wanted to know what how he should cite Hashcash, and if I had any comments on the paper, which he linked.

Yeah. I read it enough to realize that it seemed pretty related to b-money, and didn't mention b-money. I was aware of Bit gold, but I think, b-money was published somewhere where I was more active. I remembered that one first. I mentioned that he might want to look at b-money, because it's related. I think, that is what caused Satoshi to add the b-money citation to the paper. Wei Dai has published his email, so it seemed like he turned around and emailed Wei Dai immediately and asked him for a citation for b-money. B-money is it's not like a paper or something. It's like a text, one-page webpage, like a blog entry or something. It's a very interesting idea, but it wasn't formally published. I think it just referred to the URL.

In terms of, again, email, I think, it didn't occur to me that Satoshi was a pseudonym, that that wasn't a real name, or it wasn't a real name of a person. If you have open-source software, or applied crypto, papers or observations online, you get emails from once every month or two from somebody who's got a question about something you did, or is using something and wants you to make you aware of it, so that you might find it interesting to look at it. It just felt like that to me. I think, my view on Bitcoin was that, like other people doing, and I was more of an applied person, but the academic authors and I read all many of the academic papers on this electronic cash topic and implemented some of the protocols in the past, that wow, it's really not very private, is it?

Then you've got these good guys versus bad guys hash rate. Because of the DigiCash experience, it did seem to me that it had one strong advantage, which is it's decentralized. It should be more survivable and slated. It would be interesting to see if it would bootstrap. That's where I got to.

[00:38:41] AG: You said something interesting to me, where you said that there was a paper that came out in 99 that built on some of the zero knowledge, digital cash experiments. You said actually, in retrospect, you're glad you didn't mention this to Satoshi because by trying to use this privacy technology, it makes transactions much larger and it would have hurt the ability for Bitcoin to be as decentralized as it is. Do you want to just address also this ongoing tension between the size of transactions, privacy and how Bitcoin would ultimately be a system that users could control by running a node at home?

[00:39:13] AB: Yeah. Actually, I sent the Bitcoin system in early 2009 to some former colleagues, who were applied crypto people. I said, This is interesting. You should have a look at it, kind of thing. A few of them for my trouble, accused me of being Satoshi. I said, No, because if I would have done it, I would have used this paper, because it has a privacy solution that still works in a distributed system. Most of the previous electronic cash systems, the cryptography would only work on a single server, because you'd need the private key to operate it.

This particular system, so sovereign [inaudible 00:39:44] auditable electronic cash, anonymous auditable electronic cash, it has no keys. It's just using zero-knowledge proofs, and of set membership and things like that. It could be used in a distributed system, instead of having a central bulletin board, you can just broadcast it. Immediately, it occurred to me that wow, Bitcoin could have used that and it wouldn't have such bad privacy. I guess, that occurred to me later, like in early 2009. Curiously, other people made that connection later. There's a paper called a Zero Coin by Matthew Green and others.

Some of the old coins today, picked up the technology and used it. Some other academics made more efficient versions of it. They are actually optimizations of that paper indirect. For myself, I would certainly like to see Bitcoin it's just technically difficult. To find a way to make a scalable and very private solution, like David Chaums original protocol, but in a decentralized way. The problem is the crypto is CPU-heavy and makes large proofs that maybe have a log scaling, like they get bigger the more coins there are. The systems which are able to achieve a lot more compact proofs are using very novel, new crypto and create a risk that they end up being proven to be incorrect and have a defect and lose all the money, or suffer unresolvable inflation, or something like that. It's at the bleeding edge of what's possible at the moment.

[00:41:13] AG: This tension is essentially, part of why you created Blockstream and why you got back into Bitcoin is you were like, I want to find a way to make it more private, right?

[00:41:22] AB: Yeah. I was working in another startup of early 2009 onwards, from before then, but up until 2013. I got very interested in Bitcoin in 2013. That the usual thing that people do, get down the rabbit hole and realize there's a lot more to this than what I had seen in the original paper. It clearly bootstrapped at that point. It was going somewhere. I tried to read everything there was, to try to understand the details. There wasn't much written at that time, so I ended up finding the Bitcoin Wizards IRC, and just peppering them with questions and they were very helpful.

It enabled me to catch up with more than was written down and look at the source code and things. What I was interested to do, so okay, it looks like it's bootstrapped. There's really not very much privacy, but this is my background, right? I've implemented electronic cash papers. I'm very familiar with privacy and hops technology, electronic cash protocols. I'm like, surely, there's some way to improve it after the fact, retroactively fit a linkable privacy, or some forms of confidentiality into it. I found a way to do what later became known as confidential transactions. that doesn't hide the history, but it hides the value, which makes it a lot easier to do conjoin, because you don't have to make the amount standard.

I makes it ambiguous, what's changed and what's not. It's really an interesting incremental privacy improvement. That somewhat helps the [inaudible 00:42:52], but definitely helps hide values. I thought, this would be interesting and try to explore with people who are closer to the implementation, or working on improvements, what it would take to integrate it in Bitcoin. It became apparent that they were dealing with complexity and security first, and it'd be difficult to get something as large as that into Bitcoin in a fast timeframe. That calls me to is instead of giving up to change topics, to try and find a way to make the coin more modular, Linux kernel has modules where you can write kernel modules that extend the core functionality, like many systems have layers of modules where you can do extensions.

I figured then that it would be very useful for Bitcoins to have a way to do modular extensions. That's where the sidechain concept came from, and indirectly Blockstream, because I wanted to build that and it's quite a large undertaking. I needed to recruit some very technical people, and all kinds of skillsets. People to build wallets, software and hardware, do applied crypto, do user interface, do the whole thing. That's where Blockstream.

[SPONSOR MESSAGE]

[00:44:00] ANNOUNCER: Yo. What is going on, plebs? Were going to take a break from our programming to tell you about the resurrection of our print magazine, starting with the El Salvador issue. Starting this fall, Bitcoin Magazine will be available on newsstands nationwide, and that retail stores, such as Barnes & Noble.

Read this article:
Exploring The Origin Of Bitcoin - Bitcoin Magazine