Alternative History of Bitcoin

[kiba]

If the libertarians and crypto-geeks weren't there, would it be true that bitcoin could grow slower?

Wait a minute...if there's no cypherpunks, bitcoin wouldn't be invented?

[1713873153]

1713873153

[1713873153]

1713873153

[1713873153]

1713873153

[1713873153]

1713873153

[Timo Y]

Bitcoin could have been invented in 1997 and become a mass currency by 2000.

The theory was there, the technical tools were there, and the infrastructure to support it was there, since it's a low bandwidth application.

It was only a matter of an visionary like satoshi putting all the pieces together.

The fact that this took 12 years is a sheer accident of history. The internet economy would probably look quite different today if this had happened sooner.

[FreeMoney]

The fact that this took 12 years is a sheer accident of history. The entire freaking world would probably look quite different today if this had happened sooner.

[error]

In 1997 there was another digital cash application already; (Chaum's DigiCash) it got so popular that some brick and mortar banks started accepting it! But unfortunately it died out almost as rapidly since it was closed source, patented, and the company went bankrupt. Unfortunately at that time people were much less willing to shop online, and there weren't many places to shop anyway. Had they done it even a couple of years later, or opened up the technology, it might have succeeded.

That said, there's much in DigiCash that is good (e.g. it's much better at offline transactions than BitCoin) and it really deserves a second look.

[carp]

In 1997 there was another digital cash application already; (Chaum's DigiCash) it got so popular that some brick and mortar banks started accepting it! But unfortunately it died out almost as rapidly since it was closed source, patented, and the company went bankrupt. Unfortunately at that time people were much less willing to shop online, and there weren't many places to shop anyway. Had they done it even a couple of years later, or opened up the technology, it might have succeeded.

That said, there's much in DigiCash that is good (e.g. it's much better at offline transactions than BitCoin) and it really deserves a second look.

I had forgotten about them. I have looked into digital cash a number of times, and think the idea of digital bearer bonds has some real merrit. That said, well, real bearer bonds exist to close gaps in the cash system (traveler's checks, Gift cards), so I don't see any reason to be surprised that digital ones wouldn't be used to close gaps in digital systems.

I always liked the Digital cash protocol outlined in "Applied Cryptography" that allowed for a person to buy "money orders" that were not anonymous to buy, but utterly anonymous to actually use, unless the purchaser tried to double spend them.... in which case, the issuer could use the two spent orders to discover the identifying information of the cheat.

But..... getting back to history.... I think it shows that history does matter. Yes, technically speaking the main difference between bitcoin today, and what bitcoin would have been 10-15 years ago is the target hash would have to be much higher

Without having Satoshi here and "in character" (if the speculation is true) to say what the full motivations and inspirations were, its hard to say exactly what spawned it...however....

The time we are talking about was not just before EGold ran into problems, before DigiCash failed but also, before Napster was brought down. Before its direct descendants were slain. Each of these things can be seen as projecting requirements on any new system that doesn't want to repeat the mistakes of the past....

There is definite novelty in the way the peices are put together (if not the peices themselves) however, it is also the product of the problem that it was trying to solve, a problem that was posed by these failures. it is, their logical successor.

[kiba]

It seem that simultaneous invention for a system similar to bitcoin did not occur.

[Hal]

Actually if you look at Wei Dai's b-money or Nick Szabo's Bit Gold proposals, both from the 90's, you see a lot of the ideas of Bitcoin.

b-money:

In the first protocol, every participant maintains a (seperate) database
of how much money belongs to each pseudonym. These accounts collectively
define the ownership of money, and how these accounts are updated is the
subject of this protocol.

1. The creation of money. Anyone can create money by broadcasting the
solution to a previously unsolved computational problem. The only
conditions are that it must be easy to determine how much computing effort
it took to solve the problem and the solution must otherwise have no
value, either practical or intellectual. The number of monetary units
created is equal to the cost of the computing effort in terms of a
standard basket of commodities. For example if a problem takes 100 hours
to solve on the computer that solves it most economically, and it takes 3
standard baskets to purchase 100 hours of computing time on that computer
on the open market, then upon the broadcast of the solution to that
problem everyone credits the broadcaster's account by 3 units.

2. The transfer of money. If Alice (owner of pseudonym K_A) wishes to
transfer X units of money to Bob (owner of pseudonym K_B), she broadcasts
the message "I give X units of money to K_B" signed by K_A. Upon the
broadcast of this message, everyone debits K_A's account by X units and
credits K_B's account by X units, unless this would create a negative
balance in K_A's account in which case the message is ignored.

b-money used proof of work in a different way for money creation, but transfers are just like Bitcoin.

Bit Gold:

My proposal for bit gold is based on computing a string of bits from a string of challenge bits, using functions called variously "client puzzle function," "proof of work function," or "secure benchmark function.". The resulting string of bits is the proof of work. Where a one-way function is prohibitively difficult to compute backwards, a secure benchmark function ideally comes with a specific cost, measured in compute cycles, to compute backwards. 

Here are the main steps of the bit gold system that I envision:

(1) A public string of bits, the "challenge string," is created (see step 5).

(2) Alice on her computer generates the proof of work string from the challenge bits using a benchmark function.

(3) The proof of work is securely timestamped. This should work in a distributed fashion, with several different timestamp services so that no particular timestamp service need be substantially relied on.

(4) Alice adds the challenge string and the timestamped proof of work string to a distributed property title registryfor bit gold. Here, too, no single server is substantially relied on to properly operate the registry.

(5) The last-created string of bit gold provides the challenge bits for the next-created string.

(6) To verify that Alice is the owner of a particular string of bit gold, Bob checks the unforgeable chain of title in the bit gold title registry.

(7) To assay the value of a string of bit gold, Bob checks and verifies the challenge bits, the proof of work string, and the timestamp. 

Note that Alice's control over her bit gold does not depend on her sole possession of the bits, but rather on her lead position in the unforgeable chain of title (chain of digital signatures) in the title registry.

Bit Gold comes closer to the creation concept of Bitcoin. The way the blocks chain together is much like Nick's challenge problems.

[blastomere]

Humble Hal fails to mention that none other than Hal Finney was the first to actually go beyond theory and sketched designs to actually implement a bit gold system, called RPOW.  It had a very interesting way of using cryptographically signed attestations running in secure hardware, rather than the Byzantine tolerant distributed system Szabo proposed and Nakamoto implemented.    At least the Internet Archive still remembers RPOW:

http://web.archive.org/web/20071222072154/http://rpow.net/

The bit gold and b-money ideas both originated AFAIK by Szabo and Dai respectively in the mid to late 1990s and were inspired not only by the e-cash of Chaum (for whom Szabo had worked) but also by previous work on proof-of-work systems, one of which was called "hashcash".    Those proof-of-work systems from what I understand failed to have a trustworthy way of tracking ownership and instead generated the proof-of-work strings on the fly whenever they were needed.  For example it had been proposed that one prove computational work with hashcash to get e-mail through spam filters, so the e-mail sending software would consume some CPU time and then send the resulting proof-of-work string to the spam filter.  Recognize and solve the non-obvious problems of how to handle such a string such that one can prove when it was generated and continue to prove ownership of it until transferred, and so that the transferee can continue to prove sole ownership of it, etc.,  even though one cannot control physical possession of the bits, and one has bit gold, or reusable proofs of work, or BitCoin.

[carp]

Humble Hal fails to mention that none other than Hal Finney was the first to actually go beyond theory and sketched designs to actually implement a bit gold system, called RPOW.  It had a very interesting way of using cryptographically signed attestations running in secure hardware, rather than the Byzantine tolerant distributed system Szabo proposed and Nakamoto implemented. 

Signed attestations running in secure hardware. Yup, way to make it cheap, available, and easy to implement and boot strap

Classic over-engineering. I think its pretty clear that the current success of bitcoin is because it ends up being so much simpler. You don't need specialized hardware to mine (that can come later). Anyone can pretty easily run it, it simply doesn't require a central authority, aside from whichever client people decide to use.

It may take more time, effort, and resources to over-engineer, but that doesn't mean that simplicity is easy. Simplicity often comes from looking at a bad solution or three and seeing why they suck so bad.

[kiba]

This is fascinating stuff.

I would like to pay somebody to write a comprehensive exhaustive history of cyrptocurrencies and its evolution, 5 BTC an article and under the public domain.. (My magazine don't make me any money for now so excuse my poor pay rate)

[blastomere]

That's way too low a rate for me but I can throw out some freebies from off the top of my head.  From what I remember, most of the ideas that bridge the gap between proof-of-work functions to fight spam (e.g. hashcash) and creating a general currency and payment system like BitCoin were developed on a closed list I was on back on the 1990s, so it may be hard to recreate that history based just on what's published on the Internet.   It was a spin-off of the cypherpunks list.  Szabo was quite knowledgeable about the history of money and often wrote about how gold was insecure, and paper money even worse, and he wrote proposals for digital currency that mimicked what he called "unforgeable costliness" of gold rather than of paper money because gold doesn't rely for its value on a trusted third party.    And Wei Dai was also on that list writing about b-money, which I personally don't really understand except that its goals seem to be basically the same.   Szabo and Dai don't cite each other so there is some sort of soap opera going on there. These ideas were in contrast to credit cards, ACH, Chaum's e-cash, PayPal,  etc. that try to copy the characteristics of various kinds of paper money or credit and in particular rely on monolithic trusted parties.  If you read the following carefully the main breakthrough ideas between hashcash and BitCoin, especially Byzantine fault tolerance and transaction signature chains to solve the double-spending problem, are described in a more generalized context:

http://szabo.best.vwh.net/securetitle.html

This also gives us a useful way to think about the signature chains in BitCoin: as describing ownership of bits, which ownership can be transferred by digital signatures.

None of this AFAIK was actually coded and released until Finney and Nakamoto.