Bitcoin Technical History

Bitcoin didn’t appear in a vacuum but rather it built on the work of many in the previous decades. This module will explore the foundations of the internet that Bitcoin builds upon, as well as the research and development acknowledged in the whitepaper.

In the 70’s, a group of individuals looked at how the US Government in particular was trying to restrict access to cryptography, and set about ensuring that this technology would be made available for all people to protect their privacy online. Some of these early pioneers were also focused on the potential benefits of a digital ‘sound money’ system that could be used to store and exchange value over the emerging internet. Friedrich Hayek – a leading contributor to Austrian economics - envisioned what an ideal currency based on free market competition would look like well before the days of the internet, but decided that it was technically and politically infeasible. As well as digital privacy, this group, which evolved to become the Cypherpunks, attempted to realise Hayek’s vision for digital money, but these attempts had failed until Satoshi published his ideas on the mailing list.

• TCP/IP protocol (1976)
• Protocols for Public Key Cryptosystems - Ralph Merkle (1980)
• Digicash - David Chaum (1989)
• Digital Timestamping (90's)
• Hashcash - Adam Back (1997)
• BitTorrent - Bram Cohen (2001)
• Reusable POW - Hal Finney (2004)
• Bitcoin Whitepaper - Satoshi Nakamoto (2008) 

A key influence on the development of Bitcoin was the emergence of this Cypherpunk movement in the 1990’s. They developed several cryptographic technologies including public-key cryptography to allow users to securely and privately communicate and share information. Many of the developments described here and the people involved were part of this group. 

The need for digital cash was also identified and several attempts were made to create it, but these had limitations which stopped them from being successful. The genius of Satoshi Nakamoto was to pull these capabilities together, and along with some innovations of his own, built on them to create the Bitcoin protocol in use today. In the next sections we will explore some of these developments and explain how they helped inform the design of Bitcoin. We will also discuss what the missing pieces of the puzzle were that Satoshi managed to solve. 

Most of us are familiar with the TCP/IP protocols in use today as the foundation for the internet. Their origins date back to the late 70’s when scientists were exploring alternative designs to Arpanet – an even earlier network conceived by the U.S Department of Defense to enable resource sharing between remote computers. TCP/IP became the protocol standard for Arpanet in 1983, which led to it becoming the dominant networking model by the end of the 1990’s and the foundation for the internet that Bitcoin runs on today.

At the same time as the TCP/IP model was being developed, a similar but more comprehensive framework was being developed by the International Standards Organisation (ISO) and the Telecoms industry (CCITT). The process to develop new protocols or suggest changes was slow and unwieldy in comparison to the more decentralised approach used to develop TCP/IP, leading to the dominance of this approach today. 

Request for Change

Any suggested developments to existing protocols or ideas for new ones can be proposed in the TCP/IP model through a Request for Change process. These go through an approval process, managed by the Internet Engineering Task Force (IETF), and become open source once approved to allow anyone to implement and adopt them. Some examples of note:

• 1969 RFC 1 Documented how packets would be sent in the Arpanet
• 1981 RFC791 defined the Internet protocol V4 – still widely adopted today
• 1982 RFC 821 Simple mail Transfer protocol
• 1987 Domain Name System – how domain names are resolved to IP addresses
• 1999 RDC 2616 Hypertext Transfer protocol – essential for browsing the web

The Bitcoin Improvement Proposal (BIP) follows a similar approach to RFC, but focusing purely on improvements to Bitcoin itself rather than the development of new or alternate protocols. Bitcoin also borrows from this layered model, and you will see additional protocols described as layer two or three.

In the same way that the base layers of the TCP/IP model have changed relatively little in the last few decades, with the innovation happening at higher layers, the base Bitcoin layer is expected to change very slowly at this point, with scaling solutions such as Lightning and Liquid happening above. 

A good example of how base layer protocols become difficult to change over time is IPv6. The expected exhaustion of address space in IPv4 created a demand for a new protocol. The first draft standard was created in 1998, but not ratified as an internet standard until 2017. While it solved many problems with IPv4 and is far more future-proof, it has still seen very slow adoption in the industry today. During this time, many new protocols have been defined at the upper layers to enable multimedia, email etc. 

The Building blocks used by Bitcoin

This separation of the problems of interconnectivity allows protocols to be developed independently from the layers above and below it. Rather than having to reinvent solutions for each layer, Bitcoin the network can rely on the underlying capabilities of the network delivered at the physical and data link layers. 

Bitcoin is a neutral protocol to transfer value like HTTPS is a protocol to transfer information

• HTTPS: Secure Websites
• SMTP: Send Emails
• FTP: Transfer files
• DNS: Manage domain names
• BTC: Store and transfer value

Bitcoin enables value to be transported reliably and without requiring a third party between people or devices across the Internet. This is expected to unlock tremendous value.

The Internet today, and most modern computer systems, rely on cryptography, a method of obscuring information so that only the recipient of the information can decode it. The foundations for the cryptography used to secure Bitcoin can be traced back to the 70’s. 

The first issue to resolve is – how to send a shared secret over an unsecured medium.

This was first looked at by Whitfield Diffie and Martin Hellman.

The problem: the two parties – usually referred to as Alice and Bob – want to share secret information across a network where others may be listening in. To achieve this, they created the Diffie-Hellman key exchange process.

This shared secret can then be used as the seed value to create numerous symmetric keys to encrypt and decrypt messages to send to each other without sharing the key itself in the open.

As the private key never has to be shared, and different keys are used at each end to encrypt and decrypt, this is referred to as an asymmetric encryption algorithm.

Use cases:

• Alice signs a message with Bob’s public key – who is the only person who can decrypt it using his private key
• Alice signs a message with her private key – by decrypting with her public key anyone can verify that the message was sent by Alice, without knowing her private key
• Combining these two approaches with two layers of encryption, a message can be sent encrypted so that only Bob can decrypt it, and he can then verify the sender was indeed Alice 

Although not credited on the paper, Ralph Merkle was instrumental in helping to solve what was considered up until then this unsolvable puzzle – how to establish or reestablish private communication across an open and potentially hostile network.

This approach on its own is susceptible to a brute force attack, where an attacker can take the shared numbers and recreate a shared key eventually given enough time and resources, so it’s not the complete answer on its own.

Protocols for Public Key Cryptosystems

As well as contributing to the Diffie-Hellman public-key system described above, Ralph Merkle continued to contribute to this space for many years, and was instrumental in the development of some key components used by Bitcoin. 

A cryptographic hash function is a mathematical algorithm that takes inputs of any size and processes complex calculations to return a hash value in bits, which is usually represented by a fixed-length alphanumeric output using hexadecimal format. 

• Inputs can be any size
• The output is always of a fixed length and deterministic (same input creates the same hash each time)
• It is easy to verify but exceedingly difficult to reverse the process to determine the input
• A minor modification of the data completely alters the outputs 

Hashing is an integral part of the Bitcoin protocol. SHA-256, used in Bitcoin, was created by the NSA and is an example of a cryptographic hashing algorithm.

• Each block in the chain is hashed so that data can’t be changed – ensuring integrity of the distributed ledger
• The hash generated needs to meet the ‘Proof of work’ criteria to be considered a valid block
• Merkle trees – by employing branching and hashes of hashes, hash trees can enable the verification of large datasets with minimal storage
• Hash based Signatures and Keys can be used for wallets, addresses and authorisation of transactions 

Distributed verification of blockchain states and append-only ledger models resistant to revision is made possible by one-way hashing. Hash functions provide the dependable, deterministic approach to verify events on public ledgers such as Bitcoin in the absence of a centralised trust model. 

These new capabilities in the cryptography space were expected by its creators to usher in a new wave of innovation in this space.

Elliptic curve cryptography

One of these later innovations came in the form of elliptic curve cryptography.

Elliptic curve cryptography was introduced in 1985 by two scientists, N. Koblitz and V. Miller. They proposed the idea of using points defined by elliptic curves instead of the finite prime fields such that the Discrete Logarithm problem assumption holds, as commonly used in the standard Diffie-Hellman key exchange protocol. The details of how this works is beyond the scope of this section, but at a high level, an elliptic curve is the set of points that satisfy a specific mathematical equation.

The equation for an elliptic curve looks something like:

This has some useful properties:

• Horizontal symmetry. Any point on the curve can be reflected over the x axis and remain the same curve. 
• any non-vertical line will intersect the curve in at most three places.
• Compact key sizes are essential for efficient storage and transmission of public keys in the blockchain.

These properties can be used to create key pairs in a similar way to the Diffie-Hellman algorithm. Bitcoin uses ECDSA, which is short for Elliptic Curve Digital Signature Algorithm. It’s a process that uses an elliptic curve and a finite field to “sign” data in such a way that third parties can verify the authenticity of the signature while the signer retains the exclusive ability to create the signature. With bitcoin, the data that is signed is the transaction that transfers ownership.

The ‘finite’ part is similar to the ‘mod’ approach with Diffie-Hellman, where the output of the equation is divided and the remainder is used to ensure that it fits within a range of numbers.

One of the early participants in the ‘new wave of interest’ in cryptography was David Chaum. He spent his early years learning to break computer systems and his success built a distrust of supposedly ‘secure’ systems. He also recognised a problem not considered to date: "how do you keep secret the knowledge of who converses with who and when".

He designed an anonymous mailing protocol using public key cryptography that ‘mixed’ messages to keep the source and destination anonymous. This would become the basis for the TOR network. 

Chaum saw digital payments in the same light – recognising that ‘traceable financial transactions made by an individual can reveal a great deal about the individual’s whereabouts, associations and lifestyle’. In 1980 he patented a digital cash system secured by cryptography which would form the basis of cryptocurrency. He also started exploring the idea of using cryptography to create a fully decentralised economy based around the decentralisation of messaging and payments.

Governments are good at cutting off the heads of centrally controlled networks like Napster, but pure P2P networks like Gnutella and TOR seem to be holding their own.
Satoshi Nakamoto

Decentralised systems with no central authority – peer-to-peer - provides several advantages:

• They can grow quickly as anyone can grow the system by simply running a new node with no registration or approval needed
• Nodes are all the same so failure can be routed around
• No central authority to capture and compromise the system
• Are more difficult to capture, regulate, tax or surveil without centralised points of control 

A decade later he founded his company, Digicash to create ‘ecash’ the world's first digital cash system. Many famous names joined Digicash for a while, which saw some success but eventually failed and declared bankruptcy. 

Further developments in digital money

In a July 2010 forum post, Satoshi Nakamoto said: “Bitcoin is an implementation of Wei Dai’s b-money proposal on Cypherpunks in 1998 and Nick Szabo’s Bit Gold proposal.”

Whilst neither of these two ideas got past the proposal phase, some of the ideas found in them clearly influenced Bitcoin development: 

• Using Proof of work’ to assign monetary value to computational work
• The concept that the cost of computation changes over time and must be accounted for

But first we’ll look at Hashcash.

Hashcash was created by Adam Back, another of the early innovators in this space. Adam had a strong interest in free markets and privacy on the internet, and came across the Cypherpunks mailing list which he joined and became an active participant of.

He was very interested in digital money, and made some suggestions of how the group could potentially work more closely on DigiCash with Chaum, but these didn’t go anywhere. He then turned his attention to another emerging problem – email spam. He and the rest of the Cypherpunks wanted to find a solution to the problem of spam, where it was trivial for spammers to create and send thousands of emails that clog up networks. His innovative solution was based on hashing – the capability with cryptography to turn any piece of data into a unique and random string of a specific length, to create the equivalent of a digital ‘stamp’ that needed to be added to the email for it to be considered valid and transmitted across the network. A trivial cost for a genuine email, but prohibitive to a spammer.

The key innovation that Hashcash created was tying real world resources- computational power – to a digital network. Whilst digital resources up until this point could be replicated without limits, the number of ‘hashcash’ created was limited by how much energy people were willing to invest in it.

Although the solution met some of the criteria that Adam believed was needed in a digital cash system; it was anonymous, resilient and trustless, each hashcash was not reusable and not truly scarce. He suggested other ways that these issues could be addressed using external third parties.

BitGold

Nick Szabo built on the concept of Hashcash and proof of work to propose an alternate solution, which he described in a mailing list a year after Hashcash was published, in 1998.

Whilst moving closer to a solution, this proposal still had several challenges.

• Who would run the Registry of hash ownership and how can they be trusted?.
• Hashing would generally get cheaper over time, a challenge for HashCash too.

As the linked hashes would be time-stamped, he proposed some form of historical tracking of the difficulty of hashing at the time; an earlier hash would require more processing costs than a later one as costs have come down. Unfortunately, this meant that hashes would not be ‘fungible’ i.e. of equal value, considered a key attribute of digital money. To help resolve this Nick suggested some form of ‘free banking’ working on top of BitGold that could aggregate different groups of hashes that would be valued the same.

B-Money

Soon after the Bit Gold proposal, Wei Dai proposed a similar solution. He had already developed several other tools for the Cypherpunks, and had his own ideas about digital money.

His proposal resembled Bit Gold in that it used digital signatures to transfer cash, and the records of transactions would be stored on a ledger, containing public keys and the amount of currency units attributed to each. As with Bit-Gold, trusted third parties were considered security holes, and the belief was that an electronic cash system should not rely on a single entity to track balances, transactions or to prevent double spend.

Wei-Dai proposed several solutions to these issues, one of which was that instead of a central entity(ies) maintaining the ledger, ALL nodes would maintain a copy. If all users checked their own ledger and the validity of each transaction, as long as all nodes remain up to date then the ledgers should remain synchronised across the network. This highly distributed system would be difficult to corrupt.

Wei Dai recognised that this didn’t solve the Byzantine generals problem (1), as nodes could easily lose synchronisation or simply lie. He suggested alternate methods such as having a subset of ‘trusted’ servers that maintain the ledger, and creating financial incentives to keep these servers honest.

For monetary policy, he proposed pegging purchasing power of B-Money to some form of external consumer price index. He wanted the same amount of B-Money to be able to buy an equal share of the index over time, providing some price stability. So, anybody could generate new currency units by providing a valid hash, but the difficulty of generating a hash may change over time based on CPU costs and the price index, so that each unit would be ‘immutable’.

Another project that played a significant role in shaping cryptocurrencies leading up to bitcoin is BitTorrent.

In 2001, Bram Cohen released a design for a protocol named BitTorrent, which was made to power a peer-to-peer file sharing system. He started working at a company called MojoNation, which had been setup to allow people to break up confidential files into encrypted chunks which are distributed on computers running the software. A copy of the file would be downloaded simultaneously from multiple computers. Although it ultimately failed, it introduced Cohen to the file-sharing space, where he decided he could create a better protocol, which consisted of:

• Swarm: a community of machines that are downloading or uploading content
• Tracker: a dedicated tool that functions similarly to a search engine, but keeps track of the files contained within the swarm. This allows users to easily see and access whatever file they may need
• BitTorrent client: installed on a computer to access the tracker. Note the swarm is the only place where the files are actually kept
• An incentive scheme where users participating in the network as file sharers get faster downloads

Similarities to Bitcoin:

• Both protocols operate on a peer-to–peer basis
• Decentralised design
• BitTorrent files and Bitcoin ledger are distributed across the network
• Open-source origin (BitTorrent eventually became a closed-source software)

Hal Finney is another famous member of the Cypherpunk movement, who was very interested in the development of electronic cash and active on the mailing list.

He decided to have another go at the development of a proof-of-work based electronic cash system. Up until this point, the hash output had been unique to each transaction, but his idea was to create ‘reusable proofs of work’.

The drawback to this approach is the centralised server, which needs to be trusted not to double spend, or be shutdown. To get round this, Hal proposed using Free and open source software which could be hosted on a secure hardware component and independently validated.

The solution still faced some of the same problems as the other proposals:

• The ‘chicken and egg’ problem of getting adoption, where an incentive is missing for users to want to request tokens, and sellers don’t want to connect to the system unless users want to pay with these tokens.
• POW is also likely to get cheaper over time as computing performance improves, suggesting that the market would eventually be flooded with RPOW currency units

If Moore’s law continues to hold true, the cost of creating a (POW) token will drop at a steady, exponential rate. Keep in mind that this is not money and is not intended to be a store of value, but rather an easy-to-exchange representation of computer effort.
Hal Finney

These attributes limited the appeal and hence adoption of the project, and despite his best efforts the project ended up as another failed attempt at creating electronic cash.

After many years and failed attempts, the Cypherpunks had for the most part begun to lose interest in the idea of a digital permissionless currency, when Adam Back received an email linking to a draft white paper called ‘electronic cash without a third party’ from an anonymous person calling himself Satoshi Nakamoto. 

To recap at this point, we have at least the ideas of:

• Cryptographic signatures that could provide a level of privacy and anonymity
• Concept of an unbacked currency (B-Money)
• Proposals (but no means) for limiting the issuance of new currency
• Digital coins whose ownership was attributed by public keys (B-Money) and could be moved by signing and reassigned based on recipient address (RPOW and Hashcash)
• All nodes maintain a copy of a totally distributed ledger (B-Money) (dismissed at the time as impractical)
• Time-stamping protocol– using Merkle tree hashing to provide a mathematically provable chronology of events that is difficult to falsify if all users kept the same records
• Proof of work to tie real world effort to the system (but using the hash itself as the currency)
• Totally decentralised networks where all peers are equal and could come and go from the network (BitTorrent)
• Concept of tying new hashes to previous hashes (Bit Gold and time-stamping)

What was lacking at this time included:

• A viable solution to solve the ‘Byzantine generals’ problem
• A method to limit the amount of money in circulation despite continuous hardware improvements
• Incentives scheme for people to participate (chicken and egg issue)

The other major difference between recent attempts and Bitcoin was that Satoshi had been working on the code for some time in the true ‘Cypherpunks write code’ original ethos before announcing it on the mailing lists, unlike Bit Gold and B-Money which were more conceptual. 

What was the innovation that set Bitcoin apart from previous attempts at electronic cash ?

Proof of work would be used as a consensus mechanism and a way of providing security and immutability: Instead of using the hash as a form of money, it would be used by a new conceptual process called mining, where a node would batch together a set of transactions, add a random number and then apply the hashing to the ‘block’ of data. A valid block that met the hash requirement would then be advertised to the network. These blocks would be tied together using the hash of the previous block in each, and the longest blockchain would be used in the event of a tiebreaker where different nodes would validate and advertise different blocks at the same time to create chain splits. Proof of work became the distributed tie-breaker to resolve the Byzantine generals problem.

These miners were also given an incentive to provide the CPU required to carry out the proof-of-work by being allocated new bitcoin for each block. The amount of Bitcoin they are awarded is also programmed to go down approximately every 4 years until all Bitcoin has been created, creating a hard limit to the total Bitcoin that will ever be in circulation to 21M.

The most original idea was the way in which he resolved the issue of how much money is created as hardware improves and more power can be applied to the network. The timestamps of a set number of blocks (2016) would be averaged out, and if they are being created too quickly, the hash needed to create a new block would be made more difficult, if too slowly it would be made easier. This was built into the decentralised protocol that all nodes run and so any miner ignoring it would expend energy to mine a block for no benefit as it would be rejected by the rest of the network. This adjustment ensures that the creation of new blocks remains on the planned schedule of issuance, and provides incentives for miners to ‘play by the rules’.

Summary

Many of the pieces of the puzzle of what it takes to build a decentralised peer to peer electronic cash system based on sound money principles were in place before Satoshi released his whitepaper and soon after the initial release of the code. 

The nature of Bitcoin is such that once version 0.1 was released the core design was set in stone for the rest of its lifetime
Satoshi Nakamoto

Whilst many ideas for improvements (BIPs) have been proposed and adopted, Bitcoin has been working away in the background since 2009 following the protocol designed into the initial release and with barely any disruption. All improvements have been made whilst enabling backward compatibility with all previous versions.

Notes

1. For an explanation of the Byzantine Generals problem - see https://en.wikipedia.org/wiki/Byzantine_fault