At Expensivity, Bernard Fickser, who has explained how to sell non-fungible tokens (NFTs) now offers “The Truth About Cryptocurrencies: A Clearheaded Guide to the Crypto World.” (January 15, 2022) For your convenience, we are serializing his work, which can be read in whole here. Here’s Part 3:

3 A Concise History of Cryptocurrencies

The use of cryptography to make digital financial payments has been around for decades, but that by itself does not make a cryptocurrency. A cryptocurrency is not just an electronic or digital form of money, even if the two are often confused and even though they all use cryptography to secure transactions. For something to be a full-fledged cryptocurrency, it must satisfy the following four conditions. Spoiler alert: Bitcoin, created in 2008, was the first cryptocurrency to satisfy these conditions.

1. It must be self-contained, not requiring recourse to some other already existing currency;
2. It must allow people to use the cryptocurrency with nothing more than a public and private cryptographic key;
3. It must have a mechanism for controlling the proliferation of the currency; and
4. It must function without a third party being able to deny transactions for reasons extrinsic to the transaction protocol.

Let’s consider these points in turn. The first point about a cryptocurrency being self-contained instantly separates it from the ecash and digital forms of money that predated Bitcoin. Essentially, all the precursors to Bitcoin were payment schemes denominated in a conventional currency (such as U.S. dollars). Payments would be transmitted using cryptographic protocols, perhaps with tokens, but in the end they always had to be unpacked in terms of the conventional currency.

The only exception prior to Bitcoin was Bit Gold, which typically is written uncapitalized as “bit gold.” Invented by computer scientist Nick Szabo in 1998, ten years before the release of Bitcoin, bit gold limited the proliferation of its currency by, like Bitcoin, requiring computational puzzles using hash functions to be solved in order for currency to be created.

Bit gold was a proof-of-work system, and it drew inspiration from Hashcash, which had been developed in 1992. Perhaps misnamed, Hashcash was never actually a currency or cash but rather a way of compelling internet users to prove that they had done some computational work in order for an electronic communication (such as an email) to get through to an intended user. Without this proof of work, the communication would be automatically ignored. Hashcash’s aim was therefore to control against spam and denial of service attacks by imposing a computational cost on each email or attempt to gain user attention.

In creating bit gold, Szabo repurposed Hashcash’s proof-of-work system to deliver a form of digital cash. Bit gold’s approach to proof of work using hash functions became a key component of Bitcoin. But bit gold lacked the immutable decentralized ledger of blockchain and depended on one computational puzzle to be solved before the next could be solved, rendering it unwieldy. Bit gold was never implemented, but it proved a fruitful conceptual link in the evolution of cryptocurrency — so much so that its inventor Nick Szabo is to this day regarded as the best candidate for the pseudonymous Bitcoin founder Satoshi Nakamoto (despite Szabo’s persistent denials that he is Satoshi).

Compared to bit gold, other precursors to Bitcoin looked a lot less like what we’ve come to expect and know of cryptocurrencies. Back in the 1980s and 1990s smart cards were often used to handle financial transactions. Once the Web really started to take off in the mid 1990s, many worried that credit card transactions over the Web would be too insecure to rule out massive fraud. This led to proposals such as David Chaum‘s DigiCash, which offered greater security than giving one’s credit card over the Web. DigiCash ended up going bankrupt in 1998, but Chaum did introduce a memorable idea with it, namely, the use of blind signatures to maintain anonymity by rendering payments untraceable.

Interestingly, one of the most successful digital payment schemes was developed the year DigiCash went bust: PayPal. With the rise of the smartphone, conducting financial transactions digitally has become ever easier, as we see with services like Venmo (a PayPal subsidiary) and Zelle (owned by some of our big banks such as Bank of America and Wells Fargo). But in the end, conventional money running through a central source must be used to make these systems work. Conventional money needs be front-loaded or guaranteed via a promissory note to ensure that adequate funds are in place, which can then be securely transferred, perhaps via digital tokens, to complete the transaction.

The visionaries responsible for cryptocurrency as we know it today, however, didn’t just want a quick and easy scheme for moving conventional money around electronically. They were cypherpunks, who wanted to use cryptography to ensure privacy, especially in remaining free of government and corporate surveillance. Moreover, they distrusted conventional fiat currency and were looking for an alternative to it, one that was fully decentralized. David Chaum was a key player in this movement, and his idea of blind signatures was designed to ensure anonymity and privacy.

But anonymity in Chaum’s DigiCash applied to buyers, not sellers. Blind signatures were used to keep otherwise trusted third parties (such as banks) in the dark about buyers’ identities. Blind signatures gave buyers anonymity by getting banks to digitally sign and thereby authorize transfers of money, but because the signatures were blind, transactions involving DigiCash would be untraceable back to the buyer.

DigiCash, in giving banks and established financial institutions the authority to transfer money through blind signatures, centralized its digital currency. In the evolution of cryptocurrencies, however, the move was to eliminate such centralized trusted third parties. Blind digital signatures have therefore assumed a peripheral role in today’s blockchain-based cryptocurrencies, though digital signatures as such have remained central. As it is, blind signatures remain of interest to this day in election security (where election workers are able to use blind signatures to authorize voter ballots, thereby ensuring that the election workers don’t see who the voters are voting for).

Before 2008, when the pseudonymous Satoshi Nakamoto published his white paper on Bitcoin, all the digital money schemes that had been proposed either fell flat or merely expanded the transactional range of conventional currency (fiat money).[5] But the cypherpunks always aimed higher than merely making conventional fiat currency more digitally tractable. So what finally happened in 2008 that made Bitcoin the revolution in money that it is?

It’s not that Satoshi invented anything fundamentally new in cryptography or computer science. Rather, it’s that he took items off the shelf and put them together in a novel way to create in Bitcoin a decentralized self-contained cryptocurrency. Satoshi’s abstract in his white paper is worth quoting in full because he lays out there all the key elements that Bitcoin, and its many successors, use:

ABSTRACT. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

I’ve highlighted in bold the key elements that Satoshi took off the shelf to build Bitcoin. Let’s say something about each of them.

Digital signatures are essential to all cryptocurrencies in that they enable one party to securely sign over currency to another party. Digital signatures became possible with a crucial breakthrough in cryptography that happened in the 1970s. In 1976, Whitfield Diffie and Martin Hellman proposed the idea of public-key cryptography, which was then followed quickly in 1977, through the work of Ron Rivest, Adi Shamir, and Leonard Adleman, with the first successful implementation of this idea, namely, the RSA public-key cryptosystem.[6]

Before public-key cryptography, encryption and decryption were symmetric operations, so that if you knew how to encrypt a plaintext, you would also know how to decrypt a cyphertext, and vice versa. Consider a Caesar Cipher, where you treat the letters of the alphabet as positioned evenly around a circular wheel, and then move every letter a fixed number around the wheel. If encrypting a text means moving the wheel a fixed number clockwise, then decrypting it means moving the wheel that same fixed number counterclockwise. Cryptographic schemes developed through most of human history have been a lot more complicated than the Caesar cipher, but they all shared this feature of being able easily to reconstruct encryption from decryption and vice versa.

Public-key cryptography eliminated this symmetry so that decryption could for all practical purposes not be reconstructed from encryption. Thus a public key, call it E for “encryption,” could be widely disseminated and people could encrypt messages with it, but only a select few with knowledge of the private key, call it D for “decryption,” could decrypt the messages. Public-key cryptography depends on this asymmetry between public and private keys.

Such a scheme would be useful for spies in the field, who no longer had to worry about their cryptosystem being compromised in case their public key was discovered. But it quickly became clear to cryptographers that private keys could be applied to messages and thereby show that only someone who knew the private key had indeed applied that key to the message. How so? Because the public key would be widely available, and by applying the public key after the private key had been applied, one would not only recover the original message but also demonstrate that the private key had indeed been applied. And who else could apply the private key except its owner? Just as a physical signature is unique to the person writing it, so digital signatures would be unique to the person knowing the private key.

Hashing, or cryptographic hash functions, can be thought of as assigning a digital fingerprint to data. Thus we may speak of “hashing the data” and the output of doing so as producing a “hash.” The analogy to fingerprints is actually quite good (and not original with me). There’s nothing in nature that guarantees that two different people can’t have the same thumbprint, for instance. But as a matter of probability, it’s just extremely unlikely that they will. So too with hash functions, it’s not that two different items of data can’t have the same hash. But as a matter of probability, it’s extremely unlikely that they will. Extreme unlikelihood here is like picking the right grain of sand by chance from all the earth’s beaches and doing so five times in a row!

Bitcoin uses the hash function SHA-256. The National Security Agency released this version of the Secure Hash Algorithm (= SHA) in 2001 and published it with the National Institute of Standards and Technology. SHA-256 maps arbitrary text strings onto strings consisting of 256 bits, or 64 characters in hexadecimal notation (bit to hex conversion: 0000 = 0, …, 0011 = 3, …, 0111 = 7, …, 1111 = f; hex uses all ten ordinary numerals plus the letters a through f) . Let’s apply this algorithm, using an online SHA-256 calculator, to the following text taken from the opening of the Wikipedia entry on double-spending:

Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. Unlike physical cash, a digital token consists of a digital file that can be duplicated or falsified.

The hash, in hex notation, returned for this text is as follows (line feed and spaces were inserted for readability):

c53d9dd4 1700bb4c db47fe4b 24052d7f
abded201 236e8c5a dece4275 d7fe714d

But now, take the same text as above, the one on double-spending, but substitute a comma for the period at the end following the word “falsified” (in the actual Wikipedia entry, a period appears at the end, not a comma). Do this but make no further change to the text. Now the hash that gets returned is

4b5ea01f c694ab3f 1cd4e5cd 6f7b4ed4
61f41b9e eb297bfd a5e0b11a 1f60d84b

Even though the two texts strings to which SHA-256 was here applied are very similar (semantically as well as by any information-theoretic metric for determining similarity of symbol strings), the outputted hash values are very very different. That’s exactly what we want from hash functions: by being extremely sensitive to changes in inputted values, they can effectively guarantee that if an inputted value outputs a given hash, then that hash was constructed from that inputted value in the first place and not by some other means. Hashing thus guarantees data integrity and data origination.

Digital signatures and hashing represent the foundation pillars for Bitcoin. They are the conceptual breakthroughs in computer science that make Bitcoin possible. The remaining key elements, identified above in bold in Satoshi’s abstract for his white paper, derive from these foundational concepts or had been well understood previously. Let’s turn to these next.

Peer-to-peer networks are well understood, with successful implementations of them going at least as far back as 1999 with the original Napster (not to be confused with the music streaming service previously called Real Rhapsody and renamed Napster when Roxio acquired the Napster brand and logo). A peer-to-peer network is a networked collection of computers, run by people or groups of people, known as nodes, that interact according to certain mutually agreed upon protocols. Protocols are well-defined rule-governed procedures where it’s clear if the procedure is being followed or if it’s not.

Bitcoin introduced peer-to-peer networks to eliminate trusted third parties, such as banks and credit card companies. But in fact, Bitcoin’s peer-to-peer network does constitute a trusted third party, albeit one that is decentralized. Decentralization guarantees that with a large number of nodes, no individual node will be able to subvert the network (in the way that a centralized authority might be able to subvert a payment scheme).

Majority of CPU power in the Satoshi abstract identifies the main potential point of failure for Bitcoin. A majority of CPU power, if cooperating in an attack on the network, could subvert it. Traditional trusted third parties are like monarchies. A competent and benevolent monarch can keep a monetary scheme moving forward happily. But there’s the danger that the monarch will become corrupt, debasing the currency and arbitrarily confiscating people’s money, sending the monetary scheme into a tailspin.

Peer-to-peer networks promise instead a democracy. Yet even though moving to a peer-to-peer network can safeguard against one or a few bad actors, democracies invariably depend on the good will of the majority. And what if the majority turns bad? What if, for instance, governments hostile to Bitcoin start turning up their CPU power to such a degree that they assume the role of the majority and subvert the network (one can imagine cubicle after cubicle at the NSA serving as nodes on the network)?

To call peer-to-peer networks “trustless,” as is often done and as though to suggest “trustlessness” were a virtue of cryptocurrencies, is naive. There’s always trust. The question facing Bitcoin is whether trust in its peer-to-peer network is misplaced.

Blockchain, the key concept associated with Bitcoin, is a term that appears nowhere in Satoshi’s whitepaper. Even so, the term block appears often in the actual paper and the terms ongoing chain and record that cannot be changed appear in the abstract. These all refer to the same idea, namely, a cryptocurrency blockchain, or simply blockchain.

A blockchain is a ledger of transactions that grows in real time and that is validated at the end of each block, so that each existing block as well as the entire chain of blocks to date is validated (in the form of a Merkle tree). Validation takes the form of hashing applied to blocks individually as well as across blocks, and thus ensures that the ledger formulated as a blockchain has not been tampered with (such as someone modifying bookkeeping entries for past transactions).

Cryptocurrency blockchains constitute a complete record of all transactions ever conducted in the underlying cryptocurrency. For instance, to see every Bitcoin transaction ever conducted, go to the “explorer” feature at Blockchain.com.

Proof of work is the final piece of the Bitcoin puzzle. A question that naturally arises is why nodes (and the people working them) on the Bitcoin network should want to maintain the network in the first place, facilitating transactions and keeping a record of them. Bitcoin uses a proof-of-work consensus mechanism where miners (those nodes that maintain and govern the network) engage in solving computational puzzles (recall Hashcash) that calculate the winning hash that validates the most recent block and thereby are awarded bitcoins. Note that nodes are also incentivized to maintain the network because of transaction fees in moving bitcoins from one wallet to another.

The reference to “miners” suggests a digital parallel to mining for gold, and certainly Bitcoin miners expend a lot of computational effort to generate this cryptocurrency. As it is, only one miner is awarded bitcoins in validating any given block, with a new block being validated ever ten minutes. Winning miners are decided by whichever node best solves the computational puzzle (which roughly consists of finding a block hash with the most leading zeros).

When Bitcoin started in 2008, 50 bitcoins were awarded to winning block hashes. This number gets divided by two every four years so that in 2012 it went down to 25, in 2016 it went down to 12.5, and in 2020 it went down to 6.25. The resulting geometric progression ensures that the total number of bitcoins ever produced cannot exceed 21 million.

That’s Bitcoin in a nutshell. It’s clear that Bitcoin satisfies the four defining conditions of a full-fledged cryptocurrency that started this section, namely,

1. It must be self-contained, not requiring recourse to some other already existing currency;
2. It must allow people to use the cryptocurrency with nothing more than a public and private cryptographic key;
3. It must have a mechanism for controlling the proliferation of the currency; and
4. It must function without a third party being able to deny transactions for reasons extrinsic to the transaction protocol.

All the blockchain-based cryptocurrencies that have succeeded Bitcoin, from Ethereum to Solana, satisfy these conditions as well. Some use proof of stake or proof of history or proof of something-or-other rather than proof of work as their consensus mechanism and way to incentivize the maintenance and advancement of the underlying blockchain (proof of stake being the most common alternative to proof of work).

The one exception to these four conditions in the post-Bitcoin world is what are know as stablecoins. Stablecoins violate the first of these conditions. That’s because stablecoins, despite having the same blockchain-based transaction mechanism as Bitcoin, are also pegged to a conventional currency, units of which typically collateralize the stable coin by means of reserves. Tether, for instance, is supposedly pegged one-to-one to the US dollar, assuring its owners that “Tether’s reserves [are] fully backed.” The Wall Street Journal, however, recently questioned Tether’s full backing. In any case, stablecoins are there to assist full-fledged cryptocurrencies by allowing quick convertibility into both crypto and conventional currency.

Satoshi Nakamoto, whoever he is, did not invent any fundamentally new concept of computer science or cryptography. Nonetheless, in creatively putting together existing concepts from these fields and thereby creating the first full-fledged cryptocurrency, one that to this day dominates the crypto world (Bitcoin), his influence is enormous. For his impact, he surely deserves the Nobel Prize in economics. Unless he is dead or incapacitated, perhaps awarding him the prize would draw him out of hiding. Or perhaps not: if he’s alive and well, he seems to value his privacy.

The whole series in order:

Part 1: Some brute facts about Bitcoin and other cryptos Crypto is transforming money and finance. Like the computer, you don’t need to use one but you’re wise to know the basics. Start here. Crypto functions much like cash, avoiding or minimizing the increasing ability of government or other big institutions to snoop on who you give money to.

Part 2: If you want to stick a toe in Bitcoin’s world … read this first. This short guide offers a quick introduction to the two biggies, Bitcoin and Ethereum. Whether you are investing or just using the system, you need to be very cautious with passwords. It’s not your street corner bank.

Part 3: As money slowly transitions from matter to information… Let’s look at a brief history of cryptocurrencies — which is not quite what we might think. The mysterious Satoshi Nakamoto, founder of Bitcoin, did not invent new concepts in computer science or cryptography; he put them together in a way that worked.

Part 4: How and Why Cryptocurrencies are Revolutionizing Money The trouble is, cryptos are an immature technology at present and that fact may doom many of the current ones. Bernard Fickser looks at the “hard forks” where things went badly wrong. There are problems that decentralization and minimizing the need for trust can’t solve.

Part 5: Is cryptocurrency selling out to centralization? Crypto wealth is radically centralized in the hands of a few, compared to more conventional forms of money. A bit like the politician who goes to Washington to change things and leaves it unchanged — but has become a millionaire in the meantime…

and

Part 6: Why cryptocurrencies like Bitcoin are not ready for prime time Bernard Fickser at Expensivity — friendly to cryptos in principle — offers an unsparing look at the current problems. Unsolved problems include insane energy consumption, dead coins, and the potential of government subversion, if not suppression.