Hacker News new | past | comments | ask | show | jobs | submit login

This article correctly shows that virtually none of the ideas underpinning Bitcoin are new. They can all be traced to the academic literature going back decades.

Cryptographic signatures and public-key cryptography, cryptographic hash functions, cryptographic proof-of-work, time-stamping, Merkle trees, chains of transactions blocks, Byzantine fault tolerance, smart contracts -- all of these ideas were old when Bitcoin was invented.

Satoshi Nakamoto's achievement lays in the complex, ingenious way in which he (or she, or they) combined these ideas into a new distributed algorithm.[1]


[1] For those who don't know, Satoshi Nakamoto's paper, "Bitcoin: A Peer-to-Peer Electronic Cash System" proposed the first known solution to the double-spending problem in a peer-to-peer network (i.e., without centralized control), with Byzantine fault tolerance (i.e., in a manner resistant to fraudulent nodes attempting to game the rules), via a clever application of cryptographic proof-of-work. The paper is available at https://bitcoin.org/bitcoin.pdf

I've spent a lot of time reviewing the original Bitcoin codebase.

It's brilliant code. It's production-grade C++. There's nothing in it that hints at academic origins. Most people are either academics or professional coders -- to be both is a rare exception.

The codebase seemed to materialize out of nowhere. One of the earliest commits in the SVN repo contains 36 thousand lines of code. "Satoshi" (or this group of people) must have worked months or a year on this before putting it up on source control.

The code also uses irc to find seed nodes, which is amusing. It just connects to #bitcoin and assumes that some of the people in the channel are running bitcoin nodes. That's a cool way around the "What if all the hardcoded seed nodes fail?" problem. I know it's probably a standard tactic, but bitcoin integrates so many standard tactics so well in addition to its academic work.

Here it is as one gigantic file: https://gist.github.com/anonymous/b4d5d1ab333c5d6e238fdc2242...

> "Satoshi" (or this group of people) must have worked months or a year on this before putting it up on source control.

In one [0] of his emails to Mike Hearn [1] Satoshi Nakomoto wrote that he worked on Bitcoin for two years before releasing the paper and code:

> I must admit, this project was 2 years of development before release, and I could only spend so much time on each of the many issues.

His emails to Hearn and others make clear that his creative process consisted mainly of writing code until he was convinced things worked. In my opinion, Satoshi Nakomoto was a lone hacker.

0. https://pastebin.com/wA9Jn100

1. https://bitcointalk.org/index.php?topic=2080206.0

> It'd be worth implementing some kind of more robust auto update mechanism, or a schedule for the phase in of this [the block size], if only because when people evaluate "is BitCoin worth my time and effort" a solid plan for scaling up is good to have written down.

Prescient words from Mike Hearn.

I think I'm going to print this out and frame it on my wall.

Also, an unreliable narrator.

Hmm, I think this comment was taken little more negatively than I had intended. My fault of course for not expanding on the point, which is this:

Satoshi maintains anonymity, by choice. Therefore, any information about Satoshi's identity, directly stated or inferred from things said by them, logically have to be treated as unreliable. With the goal of remaining anonymous, Satoshi has nothing to gain and a lot to lose from providing true information about themselves. It is in their interest to not provide any information about themselves, and for any information that is provided them be inaccurate.

None of this casts any aspersions on either Bitcoin or Satoshi.

Ah heck, I sound like Vizzini. Maybe I should just drink the damn wine ;)

I recovered and archived version 0.1.0 (directly from Hal Finney): http://www.zorinaq.com/pub/bitcoin-0.1.0.tgz It has 19k lines of code. That's certainly a few months of work minimum.

Fun fact: I was contacted by the Computer History Museum in Mountain View since this tarball (and the .rar) hosted on my site is the earliest known public copy of the source code.

Notice how all the files use \r\n for newlines. Satoshi was a Windows programmer! They used Windows.

Anyone who has tried to do cross-platform development knows it's extremely difficult in C++. You can do it, but it's not a trivial thing. I guess it's no surprise that Satoshi used Visual Studio. If you start out writing code in not-Visual-Studio, it's far harder to go back and make it run on VS.

I vividly remember how maligned Windows programmers were in 2008. I felt like a black sheep getting my start in the gamedev industry, because if you wanted to do Big League Programming in gamedev, that meant one thing: Windows. Microsoft has finally made some inroads in hacker culture. It's far less common now to be dismissed as less talented just because you used Windows. But in 2008 this feeling was very much alive.

Bitcoin was originally a Windows only program. We used Wine to run it on Mac/Linux in the early days:


I used to be a Wine developer so it didn't put me off when I first found the project, but I'm sure the fact that it was Windows only hurt the projects uptake in the first year. It wasn't until Bitcoin 0.2 that a Linux version was available.

If it helps, Satoshi was also an Outlook user ;)

Most CIA and NSA code that has been leaked has been developed on Windows using Visual Studio IIRC.

The bitcoin code looks and feels a lot like of their projects but could easily be some NSA programmers side project.

Any hacker can tell this was a one person project from looking at the code.

It's mostly posers who malign others for their choice of platform or tools. Show me what you built. Usually guys like that have never built shit, but still ruthlessly criticize others.

I'm curious as to why you consider brilliant, production ready code.

I also read through the original codebase and I came to a different conclusion. To me it looks like something that was hacked at for a year or so, and was all just glued together. It looked like the first iteration of a codebase, the thing that you usually don't release, but then re-work so it is presentable to the outside world and then release.

To me that says a couple of things. One is that Satoshi is one, normal, human. Another is that he is very human. For example, a lot of the OP codes have had to be disabled because they were totally insecure. In early versions of bitcoin there were bugs that allowed anyone to spend anyone's bitcoins, and so forth.

Not that I mean to attack Satoshi, he was a good coder who started what could become a revolution. But he was a human like the rest of us, and it shows.

What is it about his code that makes you consider it brilliant and production ready?

in a codebase of tens of thousands of non trivial C++ after 8 years there was found one critical protocol bug. one. if this doesn't blow your mind - i don't know what will.

There was more than one critical protocol bug. But yes, it was an impressive effort. It used the STL well, was tightly written, and of the security bugs that did exist none were buffer overflows, stack smashes or double frees from what I recall. There were some issues in the interpreter opcodes but I think they may have been crashes (DoS).

The code was clearly the work of one person though. There were not enough comments or other forms of code documentation for it to have been a team effort, even if the Satoshi personality was a composite. The idiosyncratic code is another hint: Windows only and Hungarian notation in 2008 is not something commonly seen. The early Bitcoin code gave me the feeling of an experienced developer who learned their craft in the 1990s and had probably been around for quite a long time, but who probably hadn't worked in large professional development teams in recent years. For example, there were no unit tests. Common in the 1990s, not so much in 2008.

Since you were around in the early days, how did you get involved with Bitcoin and how did Satoshi get people interested in it since he was anonymous and did not have any social media following or email list?

It's incredible that he has managed to stay anonymous for so long, how on earth did he manage to do that?

Any thoughts on the scaling debate?

I had a long term interest in internet money, from before Bitcoin existed. The path to Bitcoin was kind of convoluted.

About 20 years ago I was interested in environmentalism. I was persuaded by arguments that humanity was damaging the environment because of the system of money it used, in which sustainably managing a forest might be profitable at, say, interest rates of 2%, but if interest rates went up to 5% then the rational thing to do was clear cut the forest and invest the returns.

This led me to a book called The Future of Money by Bernard Leitaer. This book talked about "community currencies". The idea you could design currencies to achieve particular social goals was very interesting to me. The book referenced a publication called the International Journal of Community Currency Research. This organisation turned out to have a Yahoo Group, which I joined. I felt that if there were other people discussing this idea, they would surely be found on the internet.

One day the Yahoo Group received a mail talking about a project called Ripple. This was an initiative by Ryan Fugger to create a system that could locate and manage debt in a decentralised way. It proposed an economic system without cash, in which all payments were in the form of debt in whatever units people found convenient (dollars, hours of work, loaves of bread baked etc). So I joined the Ripple mailing list too, and engaged in much fruitful discussion with Ryan about the nature of money.

The Ripple mailing list eventually received a mail that pointed to the bitcoin website and suggested we check it out. This was a few months after the project was launched. I did so, and started emailing Satoshi.

I don't know how Satoshi remained anonymous for so long. I suspect that if his identity is ever revealed, people will think: it was so obvious? Why didn't anyone see that? When the operator of the Silk Road was revealed, it turned out he'd made basic and obvious errors very early on and anyone could have figured out the Dread Pirate's identity through basic web searches. But only the FBI actually bothered to do it. I suspect Satoshi hasn't been looked for as thoroughly as people tend to imagine.

I discussed Bitcoin's scaling extensively two years ago. You can find those discussions on my blog if you like. Nothing has changed and I have nothing further to say on the matter.

I'm just reading your blog now. The first article has this statement in it:

>The fundamentals are broken and whatever happens to the price in the short term, the long term trend should probably be downwards. I will no longer be taking part in Bitcoin development and have sold all my coins.

That was written back in January 2016. I think you were wrong about that.

No, I think that everything in my blog post was correct.

The statement about the price was deliberately vague ("long term", "should probably") because the Bitcoin price hasn't reflected the fundamentals for a very long time. You can't go straight from "this project is broken" to "thus the price will fall" because it's not an informed market, because of the large quantity of shady exchanges and so on. Take a look at what's been going on with Bitfinex to get a flavour.

If you assume that eventually, one day, reality re-asserts itself, then the price should come to reflect the systems actual utility, which is very low. But you know the old saying about how markets can remain irrational longer than you can remain solvent? I wouldn't try shorting BTC regardless of how much you know about it.

Do you think you might write about Bitcoin's development ecosystem in the future? Since XT, Unlimited, and Classic, there has now been 2X and Bitcoin Cash. It's probably too early yet to see if things have/will change substantively, but I would enjoy reading your thoughts if the time comes where you feel like writing.

Are you tempted into joining vastly superior solutions like MimbleWimble, with a blockchain that doesn't always grow?


He used the cryptography mailing list. Then the P2P forums.

I highly recommend reading through the archives. There are several good observations to make there, like how scaling was basically the first issue he addressed (or failed to address, depending on your view).

Another interesting thread: https://bitcointalk.org/index.php?topic=1347.msg15121#msg151...

interesting points, thanks. also thanks for your contributions to the project.

i wonder if stylometry could be (was?) applied to C++ code to have better evidence about authorship?

thanks, sounds promising. might toy around with that over weekend.

Only if other open code exists?

Most code produced is not open source.

But given he open sourced Bitcoin, he may have open sourced something else.

Code style does change over time, I know mine has. But I wonder if there are invariants as well. That would be a fascinating research project.

stylometry of just bitcoin source code could at least establish if there was one author or multiple.

Thank you for your contributions.

It's worth repeating: This is a C++ codebase. It listens to open ports on the public Internet. One single remote exploit and you lose all your money. The author basically threw code over the wall and the open source community where contributors come and go all the time took over. And one single remote exploit is all it takes.

(This causation is perhaps less true today when it is more common to use encrypted or even hardware wallets, but before that everyone just used the standard wallet.)

Yet none of this has happened. The odds of this seems vanishingly unlikely. Then there's the risk of consensus problems that would enable double spending, which is very difficult to test for.

At the same time original Bitcoin was far from perfect. Someone wrote up a summary of important changes Hal Finney did which I can't seem to find. He pointed out a lot of problems which would have made Bitcoin not work at all which resulted in some early redesigns and the removal of many opcodes.

Parts of Bitcoin also went nowhere, notably the marketplace, pay-to-IP and payment channels. The ideas live on as Openbazaar and Lightning but completely redesigned from the Satoshi origins.

In so many ways it is an enigma.

> One single remote exploit and you lose all your money.

That's not true. Few people use the wallet included in the Bitcoin node, most people use nodes indirectly to broadcast transactions and sync the blockchain.

Hence the sentence in parentheses. It used to be true for everyone. Now there are other options, but there's still a lot of people who use the standard one in absolute numbers. Plus all the exchanges, payment processors and other third party services which all rely on it.

Even if you don't personally keep your coins online, a hacker that scores a million coins on a zero day is enough to plunge the value for a long time. You still lose either way.

The point is that this hasn't happened. Even though it sort of should have. That's remarkable.

I'm super curious why C++ was chosen when the risks are so high. Performance?

Likely experience. Most would write something so large in a language they are comfortable in.

That's a really bad reason for something you'll be working on for a few years where a single bad bug could ruin it when it goes live. You'd think picking a language where buffer overflows and memory management bugs were impossible would be a minimum requirement. If you're good at C++ most other languages are a breeze in comparison as well.

Which is why I wouldn't be surprised if "Satoshi Nakamoto" turns out to be, not an individual, but a tightly-knit team of people, including BOTH professional coders who write software for a living AND computer scientists with strong academic backgrounds. Bitcoin is in my view too impressive an achievement to be the work of a single person working in isolation.

From my experience truly visionary project never comes from a group of "talented" people but a single person who had a laser focused vision and did whatever possible to make that happen. Having a focused vision is what drives the brilliant solution, not some group of smart people who try to come to a consensus.

"... not some group of smart people who try to come to a consensus."

You mean like the IETF?

IETF doesn't create the vision (and the results are embarrassing when they try); it standardizes stuff (and lets people add tons of optional complexity) after the initial prototype is done. IEEE and ECMA have similar attitudes while ISO seems to do more design-by-committee.

Couldn't have said it better myself.

Yes, like IETF. Not discrediting their contribution. Organizations like those are needed, just like how a non-founder operator CEO can be beneficial once a startup takes off.

The problem I see is when in their supposed wisdom they discredit the potential contribution of some lone visionary. And this goes back to your original premise, with which I strongly agree. History shows that sometimes one highly skilled programmer working alone has accomplished things that teams of programmers could not.

> too impressive an achievement to be the work of a single person working in isolation.

It's been done before... for example, djb

Wow, this was a path I did not expect this conversation to take. Thank you for mentioning this.

Could you explain what his accomplishment was in terms a non-cryptographer could understand?

First of all djb is https://en.wikipedia.org/wiki/Daniel_J._Bernstein and the accomplishment was releasing a secure email server (qmail), a secure webserver (publicfile), and a secure BIND server (djbdns). Both qmail and djbdns became widely used, and the main alternatives were projects supported by large teams.

It took 8 years before the first bug was found in these projects.

I highly recommend reading through the guidelines in https://cr.yp.to/qmail/guarantee.html for how to write secure software. In particular point 5, Don't Parse, is broadly applicable and under appreciated. A well-known class of bugs arising from this error are SQL injection attacks.

Or Linus and Linux?

I think it's very hard for a group of people to coordinate behind a pseudonym that's so high profile.

It's hard to tell though. It may well be a single person who was inspired by multiple people's work and ideas. I like to compare works of single individual work is with how amazing Lord of the Rings is. I'm impressed it took a single person to write the whole thing.

Careful analysis of the source code might offer some clues regarding whether it's the handiwork of a person or a group.

Monero's codebase uses an array of subdomains which return a list of other seed nodes in a GET response, and then the codebase appends the appropriate port number onto those

All the cryptocurrencies built on top of techniques that worked on other cryptocurrencies. I really like the iteration speed as well as how non-finite any limitation today is.

Since you seem familiar with Monero, I would like to ask what you think of it? I ask from the perspective of one who thinks the anonymous function of cash is a key factor bitcoin doesn't provide, and I've heard monero is one of a few options that does.

Monero, and all crypto-note infrastructure, is about 2 years behind transparent blockchain technology, and thus has a lot of growth as it becomes a viable option for more use cases.

For example:

Multisignature transactions are just becoming available. The lack of multisignature made it a non-starter for many applications, including on darknet marketplaces, because rudimentary escrow or deposits were needed. When the operator goes down, all your funds are on their server and are gone with it, but with multisignature as seen in bitcoin and ethereum, you always have control of your funds and they are never in limbo.

Meta-assets are not possible yet. Asset creation is one of the big tenants of Ethereum right now, and there are many assets on bitcoin as well for even longer. Many organizations use this as a way to raise capital, bringing in a lot more capital into the base currency's economies. Monero and crypto note doesn't have this capability yet, but being able to issue and hold balances of these privately, with audit capabilities, will be powerful.

2nd layer scaling solutions are not even on the roadmap yet in any crypto note network. Cryptonote has the same scaling problems as bitcoin or ethereum, but the key sizes accelerate that. Cryptonote coins have dynamic block sizes already, but it may react too slow to really help periods of many transactions. Monero already encounters this issue. Bitcoin style cryptocurrencies have Lightning Network via Segwit. Ethereum has Raiden on the roadmap.

Do you have an email I can reach you at? I have a quick question.

(HN hides the email field in your profile, so if you want to make it publicly visible you'll have to put it in your profile's "about" field.)

Zcash has opt-in private transactions which are computationally very expensive. So, they do work, but being opt-in they might as well not exist. In my opinion full privacy must be mandatory for all participants for it to be truly effective. Monero is currently the only project that fits this criteria.

Monero is the -only- option that offers fungible currency. Monero Research Lab is actively employing full time PHD researchers to asses and improve where needed the strength of the underlying crypto and the implementation thereof. Zcash is not an acceptable substitute, as is the common opinion- I mention this only because you say "monero is on of a few options".

Zerocash was developed by (and is still being improved by) full time academics.

Which is probably why they have no idea that the user experience is irreparably broken to ensure privacy.

The same criticisms exist as since Zerocash was just a white paper.

I will say that there is the possibility that they can make the optional opaque transactions the more ready option, but you can look at the blockchain and see that nobody uses those addresses. Zerocash is just a bitcoin clone if you don't use the opaque addresses.

There is ongoing work to speed up private transactions that should make it possible to make privacy the default. At that point Zerocash will essentially be a completely private version of Bitcoin.

And Zerocash wasn't just a white paper, it was peer reviewed and analyzed by security and cryptography experts.

What are the current limitations of private transactions, are they slower than the normal ones?

Not sure what you are trying to say about the papers. I saw they were academic and theoretical.

The current limitations of private transactions are essentially that they are slow and that they don't support things like multisig or timelocks. All of these limitations are being worked on.

The academic paper you refer to had both a theoretical construction and an implemented system.

Just chiming in to say your username gave me a chuckle. Big Monero fan as well.

:) lets educate them all

Just clicked to check it out and was reminded about how much I like the base-58 scheme they used for addresses.

There's so much like that. I'm going to try to write a blog post highlighting all the gems.

My favorite is:

It's a C++ macro that implements reading and writing member variables to/from disk/network. It uses C++ templates to figure out the sizes of everything, so it winds up packing items efficiently. We used something similar in the gamedev industry, so this was a delightful surprise.

Ohh, no, I take it back. This is my favorite:

    // Compact size
    //  size <  253        -- 1 byte
    //  size <= USHRT_MAX  -- 3 bytes  (253 + 2 bytes)
    //  size <= UINT_MAX   -- 5 bytes  (254 + 4 bytes)
    //  size >  UINT_MAX   -- 9 bytes  (255 + 8 bytes)
    inline unsigned int GetSizeOfCompactSize(uint64 nSize)
        if (nSize < UCHAR_MAX-2)     return sizeof(unsigned char);
        else if (nSize <= USHRT_MAX) return sizeof(unsigned char) + sizeof(unsigned short);
        else if (nSize <= UINT_MAX)  return sizeof(unsigned char) + sizeof(unsigned int);
        else                         return sizeof(unsigned char) + sizeof(uint64);
When encoding an arbitrary value, if it's less than 253, it only uses 1 byte of space. When you read a byte off the network, if it's 253, you know there are two more bytes to read. 254 = 4 bytes, 255 = 8 bytes.

Again, it's a small thing -- very standard tactic. But there are dozens of tiny, effective decisions exactly like this all throughout the codebase.

There's a secure allocator for wiping your private key so that it doesn't hang out in memory, with hacks to work around MSVC8 problems. Which academics bother with MSVC8 hacks?

    // Allocator that clears its contents before deletion
    template<typename T>
    struct secure_allocator : public std::allocator<T>
        // MSVC8 default copy constructor is broken
        typedef std::allocator<T> base;
        typedef typename base::size_type size_type;
        typedef typename base::difference_type  difference_type;
        typedef typename base::pointer pointer;
        typedef typename base::const_pointer const_pointer;
        typedef typename base::reference reference;
        typedef typename base::const_reference const_reference;
        typedef typename base::value_type value_type;
        secure_allocator() throw() {}
        secure_allocator(const secure_allocator& a) throw() : base(a) {}
        ~secure_allocator() throw() {}
        template<typename _Other> struct rebind
        { typedef secure_allocator<_Other> other; };

        void deallocate(T* p, std::size_t n)
            if (p != NULL)
                memset(p, 0, sizeof(T) * n);
            allocator<T>::deallocate(p, n);
Another gem (note the comments):

   case OP_EQUAL:
       // (x1 x2 - bool)
       if (stack.size() < 2)
           return false;
       valtype& vch1 = stacktop(-2);
       valtype& vch2 = stacktop(-1);
       bool fEqual = (vch1 == vch2);
       // OP_NOTEQUAL is disabled because it would be too easy to say
       // something like n != 1 and have some wiseguy pass in 1 with extra
       // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
       //if (opcode == OP_NOTEQUAL)
       //    fEqual = !fEqual;
       stack.push_back(fEqual ? vchTrue : vchFalse);
       if (opcode == OP_EQUALVERIFY)
           if (fEqual)
               pc = pend;

Bitcoin is worth N billion dollars right now, and this codebase really is a billion dollar codebase. Is this really the work of a single person?

I really hope you make that post highlighting your favorite parts of the C++ Bitcoin codebase; it is super interesting! Keep up the great work.

That was probably inspired by ASN.1 or other serialisation protocols.

The formatting of the code in that function also puzzles you for an instant, but then you realise just how much clearer it makes it over the "lame" but "consistently formatted" alternative of

    if ( )
    else if ( )

No those weren't the work of a single person. You're quoting versions of the code base that post date the public introduction of bitcoin. Some of the things you call out were written by others, and others were written in response to public review.

Even people working on bitcoin aren't fans of base58. Variable length serialization? Bignums in the serializer? Poor error detection? No error correction? Confused characters in alphabet? Case sensitivity? Lots of reasons to dislike.

>Poor error detection? No error correction?

It's implemented at a higher level. For bitcoin, a 32 bit check field is appended to the data to serve as a checksum. If you want parity, I'd imagine that could be done as well.

>Confused characters in alphabet? Case sensitivity?

Some look alike letters are excluded, hence why base58 rather than base62.

> Confused characters in alphabet?

That's really the only reason I was saying I liked base58. Because it removes those confusing characters compared to base64 or others.

Ah, but it doesn't do a very good job of that. It only removed a few pairings, and made some odd choices at that. Hence why I list it as one of the issues.

Interesting code. Some first impressions. 1. This gigantic file can be split into multiple smaller files. It takes even a while for my browser to render the whole source file. 2. There is inline assembly in the code. Is this for performance or some other purposes?

The code is in smaller files but that link was for demonstration purposes I guess.

Here is the most updated bitcoin repo: https://github.com/bitcoin/bitcoin

My impression being in the bitcoin community and talking to some core dev is the opposite. The code was rushed and rather amateurish that there were bugs professional developers should not make.

> This article correctly shows that virtually none of the ideas underpinning Bitcoin are new. They can all be traced to the academic literature going back decades.

Yes, the debts Satoshi owed to others were obvious right from the start. I made pretty much exactly the same argument as OP over 6 years ago in my then-widely-read essay "Bitcoin is Worse is Better" https://www.gwern.net/Bitcoin%20is%20Worse%20is%20Better - Bitcoin built on many established tools and concepts and its true contribution was putting them together in a way that was conceptually alien and disgusted people immediately on arrival. (Proof of Work still viscerally disgusts many people! _plus ça change, plus c'est la même chose_ eh? Anyone can invent something that everyone wants - everyone wants a cheaper or faster computer, for example - but it takes genius to invent something that everyone hates, thinks is useless, wasteful, evil, or all three simultaneously, and eventually wins grudging acknowledgement that it may actually be a good idea.)

It's nice that Arvind & Clark have gone into more detail about the predecessors, though, I suspect that most Bitcoiners these days have little idea about it (although I think they overstate a few of them - Satoshi didn't know about B-money until he was told by Back and so most accounts of Bitcoin's genesis overstate its influence).

Hey gwern, it's you! I remember reading "Bitcoin is Worse is Better" and forwarding to quite a few friends. Great article, really like the pieces you've written over the years. Keep up the good work.

If that counts as "not a new idea, but just a new combination of existing ideas" then it's hard for me to think of anything that does count as a "new idea."

This. True originality doesn't exist if you want to be reductionist. This is a game people use to minimize contributions of others.

Isn't everything built in top of previous work?

Many people don't know this. Bitcoin in particular is often portrayed as coming out of nowhere.

What I'm saying is that nothing comes out of nowhere, and plenty of things are portrayed as coming out of nowhere. Bitcoin isn't anything special. I believe all the hate it receives is simply because all of the extra attention it gets and the unsavory people that surround it, and not because it is any more or less of an achievement than anything else.



The very first idea ever.

Everything is built on top of previous work which I do not intend to diminish here. But, Satoshi is a total genius. The complexity and ingenuity of Bitcoin are just amazing.

None of the ideas in PageRank were new either. We all stand on the shoulders of giants.

I view Bitcoin as a more impressive achievement.

As far as I understand it, PageRank reduces to "find the principal eigenvector of a stochastic matrix," in which matrix elements represent the probability of transition from each web page to every other web page. To me PageRank is a successful application of a well-known algorithm.

Bitcoin's peer-to-peer protocol, on the other hand, is a new distributed algorithm. Prior to Bitcoin, no distributed algorithm existed capable of maintaining an agreed-upon blockchain of transactions in perpetuity.

EDIT: Removed the word "kind of" in response to mayank's and axus's comments below.

From Eigenmorality (https://www.scottaaronson.com/blog/?p=1820):

“I was also impressed by a similar research project called PageRank, which was proposed later by two guys at Stanford named Sergey Brin and Larry Page. Brin and Page dispensed with Kleinberg’s bipartite hubs-and-authorities structure in favor of a more uniform structure, and made some other changes, but otherwise their idea was very similar. At the time, of course, I didn’t know that CLEVER was going to languish at IBM, while PageRank (renamed Google) was going to expand to roughly the size of the entire world’s economy.

In any case, the question I asked myself about CLEVER/PageRank was not the one that, maybe in retrospect, I should have asked: namely, ‘how can I leverage the fact that I know the importance of this idea before most people do, in order to make millions of dollars?’

Instead I asked myself: ‘what other “vicious circles” in science and philosophy could one unravel using the same linear-algebra trick that CLEVER and PageRank exploit?’ After all, CLEVER and PageRank were both founded on what looked like a hopelessly circular intuition: ‘a web page is important if other important web pages link to it.’ Yet they both managed to use math to defeat the circularity. All you had to do was find an ‘importance equilibrium,’ in which your assignment of ‘importance’ to each web page was stable under a certain linear map. And such an equilibrium could be shown to exist—indeed, to exist uniquely.”

I always thought it would be neat to use something similar to determine "UserRank" in order to solve Eternal September.

It's actually not a new kind of distributed algorithm:

1. Peer-to-peer algorithms: BitTorrent would like a word with you.

2. Distributed consensus: Paxos would like a word with you.

3. Proof of work: hashcash would like a word with you.

That said, I find the Bitcoin paper to be a delightful synthesis of a bunch of well known ideas.

The total is much more than the sum of the parts in this case. You get whole new dynamics that were unpredictable from the single parts.

Like saying that the first calculator was not a new kind of machine because valves existed and people made calculations before.

Prior to Bitcoin, there was NO distributed algorithm capable of maintaining an agreed-upon blockchain of transactions in perpetuity, in a manner resistant to attack by fraudulent nodes. Such an algorithm didn't exist prior to Bitcoin.

I think mayank wanted you to say "Bitcoin's peer-to-peer protocol, on the other hand, is a new distributed algorithm"

I can get on board with that :)

Me too. I updated my original comment to state exactly that.

I love HN :-)

The genius idea of bitcoin, afaik, is that Satoshi created a brilliant incentive scheme, which was the reason why the nodes decided to join the network. Without this factor it would have been impossible for bitcoin to grow this far.

That is known from the very beginning, Bitcoin is the culmination of years of research and prior work done in the fields of economy and cryptography.

What makes it special is that it was the first digital money that actually works.

You forgot an important word there that's also your username.

There were lots of digital money systems that worked but were centralized.


All money systems are digital money systems. Source: 20 years in FinTech.

The economic incentives underlying bitcoin mining, the Nakamoto consensus solution to the Byzantine fault tolerance problem, is new.

> This article correctly shows that virtually none of the ideas underpinning Bitcoin are new.

The same can be said for any good or bad idea.

To be 100% fair you should recognize that Wei Dai was very close.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact