Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why would a government have created bitcoin?
457 points by pg on April 14, 2013 | hide | past | favorite | 294 comments
I've long suspected bitcoin was created by a government. Bulletproof protocols usually require peer review, yet there have been zero leaks from the reviewers. Pools of crypto guys who don't leak stuff are usually employed by governments.

The part that puzzles me is why a government would do this. I can imagine several possibilities:

1. To finance their own black operations.

2. Because they thought digital currencies were inevitable, and they preferred bitcoin to some potentially more malevolent form. (Could bitcoin have been worse from a government's point of view?)

3. A friend suggested this: because they felt their currency would never become the standard reserve currency, and they felt it was better that no one's be if theirs couldn't be.

4. A variant of the above: the US did it because it seemed inevitable that the dollar would eventually lose its place as the standard reserve currency, and better to have it replaced by bitcoin that the yuan.

I realize some of these explanations are pretty far fetched, but so is an individual cooking up bitcoin as an intellectual exercise. Whatever the explanation of bitcoin's origin turns out to be, it will probably be pretty weird.

Anyone have opinions about these possible explanations, or other ones?

Bitcoin was not created by a government. There are two groups that are on the suspects list for having engendered bitcoin, one group centers around Trinity College, another is a bunch of loosely affiliated international collaborators. Both groups are on the record with precursors to bitcoin (papers, software), neither has admitted openly that they were the ones.

If you read their papers in the run-up to bitcoin then there is no doubt that either group had the technical ability and the means to execute on the idea.

To posit that a government did this would need to come with some proof that is stronger than the proof pointing at these two non governmental groups.

Setting aside whether the two groups you name are likely suspects, the fact that both public identities and open institutional affiliations does not contradict the hypothesis that a government did it.

For historic precedents, see for example Wikipedia on "Project MKUltra", or the book "Subversives: The FBI's War on Student Radicals and Reagan's Rise to Power" by Seth Rosenfeld.

PG remarks that there were probably peer reviewers but none has stepped forward. Either of the two examples I gave illustrates how long and how tightly private-sector collaborators with secret government projects can keep their mouths shut.

Well, time will tell, eventually. Secrets have a habit of coming out over time there are enough hints and bits of fact here that eventually the people behind bitcoin will not be able to deny their involvement and this will likely happen while they are still alive.

Any fact to back that up? Any economical analysis? I fail to see how it answers the question so I downvoted (bad me)

Taking a similar example, in 2010 it was unlikely Stuxnet was government made - people talked about the black market and high school students from Panama http://en.wikipedia.org/wiki/Stuxnet#History

Yet now, it seems to be.

I share part of your opinion, as in "unlikely to be from a government" but I would NOT jump to conclusions and exclude this possibility.

I've spent more time on ID'ing the character(s) known as 'Satoshi' than is good for me and think I have a fair idea who they are, but it isn't bullet-proof. Even if I had it I would not publish their names here. HN'ers are smart enough to do their own work without having it done for them, and clearly those people prefer to be anonymous, so if you do figure it out better keep it to yourself.

The section on Satoshi's identity found in the Wikipedia article [1] for Bitcoin seems rather persuasive:

Investigations into the real identity of Satoshi Nakamoto have been attempted by The New Yorker and Fast Company. Fast Company's investigation brought up circumstantial evidence that indicated a link between an encryption patent application filed by Neal King, Vladimir Oksman and Charles Bry on 15 August 2008, and the bitcoin.org domain name which was registered 72 hours later. The patent application (#20100042841) contained networking and encryption technologies similar to bitcoin's. After textual analysis, the phrase "...computationally impractical to reverse" was found in both the patent application and bitcoin's whitepaper. All three inventors explicitly denied being Satoshi Nakamoto.

[1] http://en.wikipedia.org/wiki/Bitcoin#Identity

Did any, or all three, of those individuals all of a sudden become wealthy over the past couple years? I imagine whoever created BTC is a multi-millionaire now due to having all the initial mined coins.

If they were smart enough to stay anonymous this long, they are smart enough to not suddenly park a bentley in their parking spot at the office.

Those initial coins have mostly not been used. You can verify that for yourself.

This is actually one of the strangest things about it tbh. How can there be over 1 million unsold early adopter bitcoins? They can't all be lost and the people who held on to them through the $250 peak have some serious self-restraint

Why is this strange? The early clients did mining by default in the background, and per-block difficulty was very slow. It does not take very many people playing with it for a few weeks and throwing away wallets to get to 1 million lost bitcoins

I read on bitcointalk.org (so take with a grain of salt) that a new wallet was used for the initial blocks, so there are 50 coins in each of ~40k wallets.

It's entirely possible that early on they used throw away wallets while testing and the alleged $100m in "early coins" are all inaccessible.

The client uses a new address for each block.

Maybe they're (a) not particularly interested in money and/or (b) waiting to see how the legal situation for Ⓑ turns out in another decade or so.

>"the people who held on to them" //

Or person presumably?

To be fair, only braindead or highly misinformed people thought Stuxnet could have been high school students. No one who looked at it thought that.

Care to speculate on their motivation for remaining anonymous?

Bitcoin has the potential to upset a lot of applecarts depending on how successful it eventually will turn out to be.

Consider me amazed at how far it's already gone, if it goes much further it may very well be extremely wise to not be known as one of its creators.

Yeah, cypherpunks were worried about being extrajudicially killed in the 90s just for developing the code for something better than btc.

Far worse to be an operator than a software developer.

Also some people are at more risk, even if they wouldn't be killed or even arrested for creating ecash. If you were at all legally questionable for drugs, taxes, politics, or had a day job with a clearance, a company with pr exposure, etc....

>Consider me amazed at how far it's already gone

Not very far, in the grand scheme of things.

The whole amount of money involved is less than what some LOCAL restaurant chains make in a year.

There have been more widespread regional alternative currencies in the past. Given that this one also has all those internet-technology advantages to spread, it's surprisingly minuscule and insignificant.

Yeah ok but this is not regional, this is global. It has done quite well so far and I can't think of a better global currency with no one controlling it and with the same utility as today.

Maybe gold a long time ago but still doesn't fully compare

>It has done quite well so far and I can't think of a better global currency with no one controlling it and with the same utility as today.

Well, how about gold?

>Maybe gold a long time ago but still doesn't fully compare

Why not? In addition you have:

a) no logs b) no reason to trust some advanced crypto stuff (that might collapse 10 years from now due to some hole/collision/whatever discovered in the algorithms). c) acceptable everywhere already

Oh, and it doesn't lose 70% of it's value in 2 days, like BitCoin has done in the past (from what I read).

Gold is heavy, easy to counterfeit with (cheap) tungsten, difficult to take across borders, easy to steal, etc.

Bitcoin won't be so volatile after it has been more widely adopted.

And the "advanced crypto stuff" of Bitcoin can never collapse. It is already partially post-quantum and was designed to be easily upgradeable to fully post-quantum algorithm set.

You would do yourself some good if you took a minute to learn some things about crypto.

Not clear how the creators would, or could, be blamed for any perceived misuse of the currency. Publishing some software and specs isn't illegal, and if the creators have any further control over the bitcoin trade, that in itself is a dealbreaker for bitcoins-as-currency.

A culture of anonymity and unaccountability may be a good thing with respect to the users of a currency, but not for its creators and backers, IMHO.

Are you familiar with the pesecution of Phil Zimmerman?


This is probably going to end a lot worse:

(1) bitcoin survives, lots of parties angry

(2) bitcoin is broken, a fatal flaw is detected, lots of people lose money, lots of parties angry

In either scenario there will be a lot of parties pissed off at bitcoins creators. Anonimity seems to be a smart move, just like many other pre-emptive strikes that are embedded in bitcoin.

Phil Z.'s problems are part of the distant past, at this point. Going forward, nobody is ever going to catch that much grief for releasing encryption software. You might as well refrain from publishing role-playing game manuals about bitcoins for fear you'll be targeted by the Secret Service, a la Steve Jackson.

Trust me, no governmental entity gives a hoot about who created the bitcoin standard. They probably will give a hoot about how it's used.

There are plenty of examples of more recent vintage.

Better safe than sorry seems to be a good strategy in cases like this, if there is no upside to claiming credit, why would you claim credit?

You say that there's no upside to claiming credit, whereas it seems to me you could comfortably retire to the lecture circuit, or enjoy sinecure directorships on just about any business that was heavily dependent on crypto, or get tenure in the university of one's choice, or...

There are plenty of examples of more recent vintage.

Not really. All of the ones I'm aware of involve DMCA pissing matches, which aren't relevant here.

>Going forward, nobody is ever going to catch that much grief for releasing encryption software.

Citation needed.

>Trust me, no governmental entity gives a hoot about who created the bitcoin standard.

Are you talking of the same government agencies that had 10,000 page files on people such as John Lennon and such?

No, that was a long time ago. Everybody who maintained those files on John Lennon is either retired or dead.

Also, I don't think John Lennon would have turned down his opportunity for celebrity if he'd known that J. Edgar Hoover was going to open a file with his name on it. He might have thought twice if someone had told him about that Chapman fellow, though.

>No, that was a long time ago. Everybody who maintained those files on John Lennon is either retired or dead.

The people die, the practices do not.

Government agencies have Harry Potter long files on all kinds of peaceful activists, from tree-huggers to EFF members, to authors and free press writers, and such. Even more so than back in the day, because they can get tons more info through electronic means.

>Also, I don't think John Lennon would have turned down his opportunity for celebrity if he'd known that J. Edgar Hoover was going to open a file with his name on it.

Lennon might not, other people that would only get the negatives without any benefits of that celebrity, would not.

The creators of Bitcoin were very critical of central governments. The entire project rests on the notion that fiat money is a bad idea.

Like a lot of libertarian activists, or indeed activists in general, they may have overestimated how much governments would feel threatened by their actions. Or, maybe they were prescient. Hard to say right now.

Well, considering what was happening to the founders of e-gold[0] at the time of Bitcon's creation, remaining anonymous was a very rational choice on the part of Satoshi. It now seems like the US Gov has accepted Bitcoin as a proper currency, but that outcome was never certain, and the potential legal implications of a negative outcome were very clear after the e-gold fiasco. 0. http://en.wikipedia.org/wiki/E-gold

Could be the ultimate scam, maybe they're waiting to sell the coins they mined in the beginning? Could be they were afraid it would work (and therefore possibly make them a lot of powerful enemies), and didn't want to be known to be responsible?

If BitCoin 'wins' and becomes very popular, these early adopters are sitting on massive amounts of bitcoins. That's a very tempting target for robbery (& more).

It's easy to envision that the creators are making lots of money off the bubble and that one wouldn't want to be linked to a ponzu scheme.

Tax evasion.

As an alternative currency, Bitcoin is very, very illegal in various countries. For example, I believe the Federal Reserve Act in the US outlaws all non-Reserve currency.

That's not how FinCEN treated it. In the guidance[1] they released there's almost a tacit approval, as long as exchanges are properly registered, keep proper records, and report.

1. http://www.fincen.gov/statutes_regs/guidance/html/FIN-2013-G...

It does not; Bitcoin is currently legal in the US. In what countries is it illegal?

you are two or three years out of the loop, buddy

Mind sharing any links / citations?

You're going to have to do your own homework on this one, I got burned once before on HN for id'ing someone that preferred to stay anonymous and clearly these people don't want to be out in the open with what they built.

But I can tell you my starting points: there are few threads on bitcointalk that try to ID satoshi, start with those, then read a bunch of papers, figure out who the co-authors are and sooner or later you'll end up with the same set of names. The interesting bit to me is that those two groups are both roughly equally likely but I can't find any clear signs of collaboration between the two.

If I email you, will you tell me in private?

If PG emailed you, would you tell him in private?

All you need is in the GP, expect to spend about a week, maybe two. And it will be a useful way to spend your time, you'll learn more than you ever will otherwise about digital currencies. One thing that came out of this research is that digicash could have easily succeeded more than a decade earlier with significant backing if only mr. Chaum had been a bit more steadfast. I know some people that worked there and I knew there were funny things going on there but never realized how close they got to success.

This is a pretty good starting point:



Assuming all this stuff (the original research) was published, perhaps it was a third party that just connected the dots?

It is definitely true that all the pieces were already there, and that bitcoin is more of an integration effort than a from-scratch design. And yet, there is a lot of subtlety going on there, more than I would credit an integrator with. This was no accidental affair.

Out of curiosity, how much did they personally sock away from BitCoin?

Was this done out of some ideological commitment, or just to get rich as the first movers?

Yesterday there was created topic questioning the initial amount mined by the founder, so see yourself, its not perfectly clear. https://bitcointalk.org/index.php?topic=175996.0

Same with the reason behind creating this particular crypto-currency. Since the creator is not known to public we can only assume.

I've long suspected bitcoin was created by Paul Graham. Bulletproof protocols usually require peer review, yet there have been zero leaks from the reviewers. Pools of crypto guys who don't leak stuff are usually employed by startup funds.

The part that puzzles me is why Paul Graham would do this. I can imagine several possibilities:

1. To finance his own black operations.

2. Because he thought digital currencies were inevitable, and he preferred bitcoin to some potentially more malevolent form. (Could bitcoin have been worse from Paul Graham's point of view?)

3. A friend suggested this: because he felt his currency would never become the standard reserve currency, and he felt it was better that no one's be if his couldn't be.

4. A variant of the above: Peter Thiel did it because it seemed inevitable that the PayPal account would eventually lose its place as the standard Internet currency, and better to have it replaced by bitcoin than Liberty Reserve.

I realize some of these explanations are pretty far fetched, but so is a government cooking up bitcoin as an political exercise. Whatever the explanation of bitcoin's origin turns out to be, it will probably be pretty weird.

> Pools of crypto guys who don't leak stuff are usually employed by startup funds.

That's not true, and it's the crucial difference between your version and the original.

Here's my conspiracy theory:

BitCoin was created by a group who found a way to reverse SHA 256. They considered how to monetize this invention. The idea of building a currency around that secret was originally a joke, but a proof of concept got taken seriously by one member.

These people can compute bitcoins directly instead of mining, and will therefore control the future money supply. And by enforcing a limit on the supply of Bitcoin, they also figured out how to avoid the inflationary problem inherent in owning an actual currency mint.

I knew those people researching quantum computation were up to no good.

Are we overestimating how much crypto is involved?

I'm not a crypto guy, but as I understand it, the crypto in Bitcoin is relatively simple and well-understood. The genius idea was how to verify transactions using proof-of-work in a peer system. At least this is what an acquaintance of mine, Paul Bohm, says (http://www.quora.com/Bitcoin/Is-the-cryptocurrency-Bitcoin-a...). Bitcoin lets other people worry about performance and implementation; the protocol just poses a problem. And apparently the first miners, produced by the entity known as Satoshi Nakamoto, were really slow.

So maybe one person, or a small group of people, could have made that conceptual breakthrough?

Came here to say this. I really think it may have been one person. It was a brilliant idea, and as you all know, it only takes one person to have an idea, but would it really take that much work to implement? Would it really require an elite highly-funded team of programming geniuses?

When the Linux kernel was first posted, a lot of people, including RMS, couldn't believe that one man got a kernel up and running so quickly. Normally, up until that point, only large well-funded companies were thought to be capable of producing robust kernels. Linux happened despite this preconception. Imagine if Linux had been released anonymously. I wonder what rumors would have started.

Hang on a minute. Writing toy kernels for an OS is an exercise that grad students do. The other Unix OS for PCs at the time, Minix, was the work of a single individual, Andrew Tanenbaum. There are plenty of other examples.

I don't really know what I'm talking about when I talk about crypto or Bitcoin. I was just musing out loud. In fact, don't even read this comment that I'm writing. :)

BTW, I think the best comment in this thread so far is by myprasanna, who seems to be saying that the premise of the entire question is wrong. Those of us who came late to Bitcoin marvel at how this brand new idea and an implementation came out of nowhere. But it seems to have had a history on crypto mailing lists, and implementation ideas were even discussed in public. Maybe the idea has a longer gestation than it appears.


I specifically said "robust" kernels for this reason. While I wouldn't call Minix a toy kernel, it definitely was not as robust as Linux after a while into Linux's infancy. I'm guessing it was considered something a single person could probably manage due to its size.

I think this actually furthers my point as well. Minix was created by a world-renowned computer scientist. Linux was created by a college student. Did it really require an elite genius computer scientist to make Linux? No, it just required a kid who was interested in programming (as it happens, he was also very smart). Couldn't the same be true of bitcoin?

It is way more novel crypto than virtually any other implemented system. Usually you have papers, then protocols, then reference implementations. Bitcoin is a pretty coherent thing, borderline what one great individual would do; more plausibly a small team.

What novel crypto is there in Bitcoin?

The distributed proof of work and ledger system at the core of bitcoin is fundamentally more novel than, say, a new block cipher mode of operation, and less novel than e.g. the concept of asymmetric cryptography.

It would certainly be worthy of a PhD or two in theory alone. The practical deployment could get an econ PhD too I think.

The distributed proof of work / ledger system is an extremely cool insight, but that's what it is - an insight. Typically, a computer science PhD involves doing a lot of actual _work_ proving things and so on, which hasn't happened here.

This isn't to put it down, at all. It's just to say that the two things are kind of orthogonal.

No PhD-granting econ department would grant a PhD for this. They'll just keep laughing and nay-saying until bitcoin goes out of fashion, or proves them completely obsolete and out of touch with reality. At which point they'll just keep going on, just as the philosophy departments have despite their proven irrelevance.

This thread is full of claims like this... without evidence to back them up.

"I know who wrote the protocol, but I can't tell you. Do your homework."

"The protocol is years ahead of everything else, but I can't talk about it."

"Novel" or "difficult to implement" doesn't actually mean better or years ahead. Researchers tweak things to be novel when standard tools will work just for the purposes of experimenting sometimes. I've been arguing that 1981-tech is superior to Bitcoin, even though Bitcoin is novel.

From what I know, I agree with you.

Bitcoin is fundamentally a heuristic to approximately solve the Byantine Generals Problem.

So many weird assumptions baked into this question.

* Why do you think Bitcoin is bulletproof?

* What kind of peer review do you think Bitcoin has had?

* Who are the crypto review firms that routinely leak things?

* Why would a non-leaky crypto review imply that Bitcoin was bulletproof?

* What about the pools of crypto guys at IBM, at Google, or at Microsoft?

* What would make one think Bitcoin is a comparably hard problem to other cryptosystems?

* Why is a cryptocurrency, which is a problem that has been tackled repeatedly by both hobbyists and researchers, more far-fetched as an intellectual exercise than, say, Tor?

SSL/TLS is the best-reviewed cryptosystem in the world. The USG relies on it in a myriad of different ways. What's the longest stretch we've gone without discovering some horrible flaw in it?

I disagree with the governement conspiracy thing, but the bitcoin protocol has been incredibly secure. This is pretty common knowledge. People can't "hack" into the bitcoin network and make themselves millionaires.

Howdy Kapura. (A bit of background knowledge: It might not be obvious if you haven't been here for a while, but the guy you're talking to is something of an expert in making systems dependent on cryptography do horrible, horrible things.)

It may be "common knowledge" that the bitcoin protocol is secure, but this is largely because a) most bitcoin users and advocates are not competent to make any determination of security, b) you should probably include an asterix to the claim like "Well, secure if you don't count the successful double-spend attack which necessitated a holy-shit-drop-everything-and-downgrade response by several mining pool operators", and c) acknowledge that one of the main reasons people don't attack the protocol is because Bitcoin exchanges have been coughing up everything one could possibly want, and more, with far less work.

I should probably write a blog post digging into what people mean when they talk about "the Bitcoin protocol", by the way. Bitcoin isn't a protocol like HTTP is a protocol. Bitcoin's entire protocol specification is the Satoshi bitcoin client, which you have to warts-and-all emulate to be accepted by the network, because if you ever disagree with the Satoshi client about the validity of any single transaction in history then you're suddenly building off a blockchain which is incompatible with the one used by all the businesses that one would theoretically want to spend Bitcoins at. It is entirely possible for "the Bitcoin protocol" -- the series of steps by which clients agree on the status of the blockchain -- to be bulletproof while the Satoshi client (i.e. the only instantiation of the protocol that matters) to get busted like a pinata via e.g. a buffer overflow attack. One would hope that when that happens, it does not happen on every computer using bitcoin simultaneously, which strikes me as a very plausible scenario given that the designed intent of bitcoin is to fan attacker-chosen executable instructions to every node on the network.

Just a few points here, although most of your comment is valid.

> Well, secure if you don't count the successful double-spend attack which necessitated a holy-shit-drop-everything-and-downgrade response by several mining pool operators

You're getting your history wrong. There was a problem with older satoshi clients that caused a fork in the block chain. The fork was serious enough that all miners with newer clients were asked to temporarily downgrade. There was also somebody who took advantage of that fork to create a double-spend.

So, 1) The double spend was caused by the holy-shit moment, not the other way around. 2) There is no proof anybody lost money. Most big merchants stopped processing transactions during the fork, who knows if the transactions on the losing chain were accepted.

> designed intent of bitcoin is to fan attacker-chosen executable instructions to every node on the network

This is just fear-mongering.

The intent is to create a medium of exchange between untrusted parties. There is a scripting system that used to be run by clients when checking whether a transaction output could be spent. That system has a) never been able to do much of anything except manipulate numbers and b) been disabled for quite some time now.

It is "incredibly secure" in the same sense as the banks that use TLS are using "military grade" encryption.

Bitcoin isn't nearly as anonymous as many believe. The ever-shifting addresses make it look anonymous to average folks... just like a Three-Card-Monte game might look fair. But, with TLA levels of traffic analysis, plus the cooperation or compromise of a few major entry/exit/exchange points, it's probably quite transparent. So I can buy the theory that it was thought to be a 'manageable' variant drawn from the possibility space of all cryptocurrencies.

But also, it may have just been an experiment that grew far beyond expectations. Some deep-secret think-tank group was playing with digital cash scenarios, perhaps as part of scenario-planning about possible futures where a cryptocurrency arises from far-left-field. Bitcoin was one of the ideas that got a lot of review and generated some vibrant internal debate: could this work? A proponent got approval to release it, under a pseudonym, to see how unaffiliated people reacted. So indirectly from a government... but not part of any master plan.

(See also my prior comment at https://news.ycombinator.com/item?id=5501803 for why I think tax collectors may be very comfortable with Bitcoin in the long run.)

Copying my other comment here:

There's already zerocoin, a proposed extension of bitcoin, which guarantees completely anonymous bitcoins.


Yes, there's already the Zerocoin proposal... which will require big buy-in from existing stakeholders to get grafted into the protocol.

What if big Bitcoin operators get a message from the tax-and-law authorities that they welcome Bitcoin just the way it is, thank you very much, but will start to use the levers at their disposal if large remixers or Zerocoin-like extensions are added?

Or what if the authorities just say, Bitcoins that have never been Zerocoined are great, but those that have been through the Zerocoin-blinding are contraband, and can only be cleaned by declaration and payment of a significant punitive excise tax? The nature of Bitcoin and the Zerocoin proposal leaves completely transparent which coins are 'tainted' by participation in a previous verboten transaction.

bitcoin is designed so that miners have an incentive to work on it and not alternatives. The result being much the same as that predicted by Austrian theory: a single money winning in the market, and the rest being demonetized. (A caveat however, when it is easy to convert between the moneys, this need not occur to the same degree.)

One would therefore predict low-to-zero chance of monetizing zerocoin/litecoin/namecoin if they compete for the same resources that bitcoin would compete for, namely miner processing power.

(edit: zerocoin is not subject to this criticism, I stand corrected; thanks nawitus)

Zerocoin works with bitcoins, though, it's not a different currency. 1 BTC = 1 "zerocoin", that you can convert back and forth.

Some alterna-coins may not rely on the same sort of processing power as Bitcoin. For example, Bitcoin mining has migrated to specialized GPUs and ASICs. Litecoin specifically chose 'scrypt' memory-hard hashing, for which the same GPUs/ASICs provide no benefit. Other 'proof-of-stake' proposals for maintaining the ledger emphasize staying actively connected to the network – pulling your own weight in verification and distribution – rather than raw hashing power.

Bitcoin's proof-of-work-during-verification trick is neat, but may not be the only way, and thus viable alternatives may emerge that don't face the barrier of an early miner decision to redeploy computational power elsewhere.

true, agreed.

though processing power would seem to be the best proof of stake, as say compared to network connectivity.

In the proof-of-stake proposals, actually holding old balances, and actively helping to certify transactions when challenged to do so, is what earns you the right to 'mint' new ledger-extensions. (And if you don't, your future transaction fees go up.)

Not sure all the kinks are worked out, but competing based on who best enables the fastest, most consistent, most-fraud-resistant global log seems to more directly benefit the community, than proving who's burned the most resources on electricity and specialized hardware.

The truth is that the groundwork for bitcoin was laid down long before it appeared as a specific project. Bitcoin is a classic case of all the threads hanging there, but needing someone to come and tie them together.

Wei Dai published his work originally on crypto-currency in 1998 (in fact some suspected that Wei Dai is Satoshi). Moreover Szabo was mirroring lots of the same thoughts with his bitgold proposals.

From an economic perspective, the Austrian school has been gaining more and more creditability as it becomes increasingly clear that monopolistic control of currency is unworkable in the long-term.

Therefore, there was nothing specifically revolutionary about it. It was really just one of those things that it was just waiting for someone to come tie these things together into a coherent project (I'm not at all minimizing the work satoshi did).

This all does beg the larger question; Who is Satoshi and why would he disappear. Personally, I think it was a nom-de-plume of several people who intelligently made the decision to 'disappear' (even though they may still be active on the project using different names). Leaderless projects are very difficult for the various state monopolies to fight.

The people I suspect the most are Wei Dai, Adam Back, Nick Szabo, Ian Goldberg, or a few people of that era. Look at people who did interesting stuff then stopped for a few years... (Zooko, Jim McCoy, some Dutch people, Ian Grigg, etc are all candidates too)

I think we can rule out Zooko. I've been reading his stuff and interacting with him for a while, and between his personal life and Tahoe-LAFS, I simply don't think he had the time; and his delayed reactions to Bitcoin are not at all what I would expect from the creator. He and Satoshi simply sound different.

For some reason Hal Finney is missing from the list.

If Zooko has had challenges in his personal life over the past half-decade, Hal's had even huger challenges! IIRC, Nakamoto was active well after Finney announced his ALS diagnosis (October 2009). Also worth noting is that Finney was an active participant in the first email thread started by Nakamoto announcing Bitcoin, and seemed relatively hostile (I suppose Finney could have been arguing with himself, but you'll agree that it makes the hypothesis a little less likely).

Hal's still active, and his version of his early involvement in Ⓑ is a little different:https://bitcointalk.org/index.php?topic=155054.msg1643833#ms...

He says he was more positive? Well, he was more positive than the other reactions, that is true... You can read the emails for yourself.

>Personally, I think it was a nom-de-plume of several people

See also: Nicolas Bourbaki for a historical example of such an occurrence (minus the disappearing / remaining anonymous part).

> Wei Dai published his work originally on crypto-currency in 1998 (in fact some suspected that Wei Dai is Satoshi). Moreover Szabo was mirroring lots of the same thoughts with his bitgold proposals.

I've been saying this for a long time (http://www.gwern.net/Bitcoin%20is%20Worse%20is%20Better), but people don't seem to usually agree with me.

The funny thing is I am pretty sure your hypothesis is very false, but most of the points are true!

1. You haven't worked in government. Their code is worse than Yahoo! or virtually any startup. Bitcoin isn't.

2. Bitcoin is far from the most malevolent possible form for governments. Chaumian blinded money, what I want to build next, with open, non monopolistic exchanges, and protocols designed to be hidden, instant, etc., is the most powerful possible form of anonymous cash.

3. No clue, but probably not, since the concept of a reserve currency is irrelevant. With electronic exchanges, you can separate out the different roles of money.

4. A subset of 3.

1: There are absolutely pockets of absolute brilliance in government. Not big one, not a lot of them, but they are there. Also, Bitcoin primarily a crypto research project, not a software engineering one. The government absolutely has a lot of brilliant crypto researchers on staff.

2: It might just be because I don't understand it completely, but as I understand it, every single transaction in Bitcoin is public and traceable - so if you compromise the identity of a wallet (from computer seizures, wiretap etc) you can monitor a target's transactions. A more perfect (or malevolent, depending on your POV) system would not have this traceability.

I agree there are good cryptographers, but the bitcoin implementation is surprisingly good as well. On point 2 I think you restated what I said.

This is very interesting, could you comment on what impresses you about bitcoin implementation?

> could you comment on what impresses you about bitcoin implementation?

Obviously I don't speak for rdl, but what impresses me is the level of anticipation of future developments.

Indeed. Mike Hearn's talk at Bitcoin 2012 is a great overview of all that: http://www.youtube.com/watch?v=mD4L7xDNCmA

All these goodies just waiting in there to come out and play.

Same reasons as Kaminsky, if nothing else.

There is a lot I hate about BTC but mainly due to it having wrong design goals, vs a wrong implementation.

The essential thing they got wrong was lack of using the market to price risk, and trying to be all or nothing.

1. You haven't worked in government. Their code is worse than Yahoo! or virtually any startup. Bitcoin isn't.

I bet the NSA and NASA both write code that's orders of magnitude better than anything Yahoo does, just to pick two counterexamples.

Sadly not particularly true of the NSA of 2013.

And this wouldn't have been their A team.

Can we please hear a little more about this, rdl?

Talk to Binney. They contract out everything, and don't even oversee shit well anymore. They have regressed to the USG mean.

Rdl is correct. Smart people often get hired by small firms which do contract work for government organizations. It allows the smart people to live outside of the hierarchy imposed by a large institution.

The motivations are very similar to startups working outside of larger companies. You get more freedom in work choices and pay scale.

I mean I am overstating the case for effect here, and I am sure there are small cliques of competent people hidden within big organizations everywhere, but if this were a government official project, it wouldn't have been done by those people. I knew brilliant people in the military in Iraq, but they weren't brilliant due to their jobs. If we did awesome stuff on the side it wouldn't have been a product of the US government.

Government also discourages small side projects, especially in the classified world, and particularly discourages them from becoming production. They would far prefer to run a program of record, or pay for (well defined) innovation by third parties.

I'm curious, are you saying that with some particular examples in mind?

> Their code is worse than Yahoo! or virtually any startup. Bitcoin isn't.

99% of code written by Government is subpar, the other 1% is like Stuxnet

In other words, Government code is no different from anyone else's code.

Stuxnet is not actually "great code" from what I've read, it's just expensive and overkill use of 0-days (which you'd expect from a government with limitless money), and implemented in a fairly heavyweight/inefficient way.

It was exceedingly redundant, resilient, and worked very well at the one thing it was meant to do and was only caught by sheer luck.

So yeah, I am going to call that "great code."

A truly dismal scenario would be something like (hobgoblin)-coins being released where the country known as (hobgoblin) has a really handy exploit to punish the big players later. The dominant economic players have a not so hidden agenda to remain dominant. The best game theory solution for a small player is release a bitcoin like protocol, called (hobgoblin)-coins, then benefit at the expense of the larger players by crashing the whole deal later.

So bitcoin was probably not released by a tiny .gov. Most likely by a big player like .us, .ru, .cn, .uk, .jp, .de. Probably not the .us because its hard to encourage a replacement if you're the reserve currency see above. So it could be from the .gov of one of the five countries above, maybe a couple others.

I've just assumed that Neal Stephenson's next novel is so large that we're actually living inside it.

I can't wait for all of Snow Crash to come true (even though it's just an intermediate step).

that makes slightly more sense than a government conspiracy.

Alternative hypothesis: Bitcoin was created by a group of quants at some investment bank for a laugh and/or money.

Bitcoin has well-known built-in weaknesses, e.g. the limited supply; it was designed to be exploitable, and we see this being done in the real work as we speak. You find the knowledge how to work markets at investment banks.

> it was designed to be exploitable

That's a pretty bold statement for which I'm not aware of any proof whatsoever. Bitcoin is pretty rough and ready when you first look at it but on closer inspection it is actually remarkably solid.

I suspect -- putting words in the OP's mouth, admittedly -- that the argument isn't that Bitcoin is exploitable in terms of software engineering, but rather in terms of BTC market manipulation, given that he mentioned the arbitrary cap on the total number of Bitcoins possible as a limitation. (I recognize that whether this is a flaw or virtue, or perhaps some of both simultaneously, depends on who you ask.)

I assumed that's what he meant too. The total market cap of the entire bitcoin economy today is a bit over $1 billion USD. That is a small enough number that a large financial institution, or maybe even a few rich people, could manipulate the price with large transactions.

>Bitcoin has well-known built-in weaknesses, e.g. the limited supply; it was designed to be exploitable, and we see this being done in the real work as we speak.

Why do people not realize this?

Rant time: Bitcoin's large amount of deflation was a fucking stupid decision and is playing a very large part in its own price volatility. Whoever made it was so blinded by their own economic ideologies that they figured since inflation's a problem, massive deflation must be the answer! Never mind the currency's very design will prevent it from ever really being effectively used for credit or payment installments, like rent or financing for something.

I'm so sick of people talking about "investing in Bitcoins." If it rises greatly in price (more than a few percent a year!) it's really bad, not good! If it rises that quickly then it's not a currency because nobody will be incentivized to spend it! And the worst part is, that's the very way it was designed.

Can Bitcoin ever be used as a real currency? Someday, once the market cap gets big enough to limit the deflation to a reasonable amount. That won't happen for years. Years and years and years. Until then it will be a volatile, bubble-prone commodity with almost zero intrinsic value, because the creators made the fucking ridiculous decision to cap the supply in a global economy that we expect to (presumably) grow in real terms for at least hundreds of years.

Why would a government create Bitcoin? Simple! To help them track money launderers and penetrate black marketplaces like Silk Road.

Many assume that Bitcoin is anonymous. It's not. At best, it is pseudonymous because every transaction is published in the blockchain for all the world to see. That means that users can be identified by conducting network analysis on the blockchain - see http://anonymity-in-bitcoin.blogspot.co.uk/2011/07/bitcoin-i... - and matching the results up with data from other sources (e.g. credit card payments records, emails, intel from spyware, etc.).

It doesn't actually matter whether Bitcoin was created by an agency like the NSA or not - there is no doubt that they (and probably at least two there intelligence and security agencies) are doing this.

> To help them track money launderers and penetrate black marketplaces like Silk Road.

Which explains why the Silk Road is still around...? Creating Bitcoin would be incredibly short-sighted if that was the goal: if you read indictments of other drug markets or illegal markets like the Farmer's Market or the carder.su busts, it's clear that the government gets all the financial info it wants.

Let me add to the complexity. What if Silk Road is also gov't? We have had proof of CIA drug-running. And the so-called Drug War is a failure. You don't get failure on that magnitude without gov't complicity, even if it's simple bribery. See: Alcohol Prohibition.

I think the Armory (Silk Road's sister site for weapons) is evidence against that. It was shut down because it wasn't profitable for the owner(s). Funding obviously wouldn't be an issue if it were the government, so if the Armory were good for their strategic objectives, why would they have shut it down? And if it were bad for their objectives, why would they have created it to begin with?

> We have had proof of CIA drug-running.

Absolutely, but that was usually part of proxy wars against China and Russia and drugs being the best source of funding in regions like Afghanistan or SE Asia. What proxy wars, where the US is on the side of the insurgents, are going on now?

  Could bitcoin have been worse from a government's 
  point of view?
Yes, it could have been designed to be a viable currency, rather than a lesson in basic economics for crypto-anarcho-libertarian-nerds.

Please, tell us Bitcoin's economic flaws. I do hope you're not going to parrot the same worn-out, fallacious complaints about deflationaryism, volatility, etc. that we've all heard and dismissed.

I don't think your tone is appropriate here. Concerns about deflation and volatility have not been unanimously "dismissed", at least not "here" (hn). They've been actively debated, without resolution. I'm curious about why you think those arguments are fallacious, but another thread might be a better place for that. Though I agree that the GP was unnecessarily snarky as well.

Deflation and volatility do not make bitcoin nothing more than "a lesson in basic economics for crypto-anarcho-libertarian-nerds".

Contemporary dogma surrounding deflation is broken in multiple ways. The idea that deflation is bad is only considered credible (imho) is because it is touted so loudly. There are very few examples of deflation in history to draw from (as opposed to inflation, which there are many more), and further, many of the existing examples of deflation, while "on paper" are bad are not particularly harmful to the median-income'd person.

One rhetoric for deflation-is-evil is predicated on this idea that if consumers know their capital is going to be able to aquire more tomorrow than today, they will wait till tomorrow "too much" for the economy to function. (The analysis tends to get very hand-wavy after this part..). Interestingly, for the past 50~ years we have experienced rapid deflation in computer prices. Consumers have not shied away from purchasing an iphone 5 the second it comes out because it will be cheaper next year and their iphone 4 is basically the same thing. The idea that inflation is 'necessary' to keep an economy going is essentially conjecture; and I disagree; I think a deflationary currency (especially when there are other local currencies competing) will be very good for the economy and encourage more businesses that create things as sexy as the iphone5 (or services equally as appealing to consumers) as it will be the only way to get that currency out of people's hands. When people are hungry or trying to imprss someone, or really desiring of something.. they will spend today even if next year they might be able to get a couple percent more.

Anyway, perhaps deflation is the nail-in-the-coffin, but I don't really see evidence of it, just a lot of people really insisting that it's true.

As for volatility; I think volatility both a) has a potential to lessen over time, and b) is not an insurmountable barrier depending on how much people want to use bitcoin specifically (if you need to send money somewhere privately) ; they can be exposed to exchange rate for only a few minutes, or, use an escrow service that is also willing to hedge (the silk road does this).

bitpay exposes merchants to zero% exchange risk; they get lower rates than cc's and zero charge backs.. no merchant account necessary.

However, beyond even all of that, these arguments are dismissed because by every measurement available: bitcoin is acting as a currency, despite deflation* and volatility. People have so deeply ingrained that 'deflation==dead' that when they see a functioning currency that doesn't have the characteristics it is "supposed to" they define it as a " a lesson in basic economics for crypto-anarcho-libertarian-nerds" as if they can predict the future. Quite pompous.

Bitcoin has had several major crashes which easily could have dropped bitcoin to zero if it were indeed worthless. Yet it continues on, acting as a medium of exchange between --hundreds-- -thousands- -hundreds of thousands- millions of people; some as a toy, some are betting their lives on it.

Your point about deflation in electronics sounds to me like a great one. That still doesn't account for what I've heard as the bigger complaint of investor fear (because no, they really don't have to invest in a vehicle that underperforms deflation because it's so shiny, like in iPhone). But there may be other mechanisms/responses out there that I just don't know about.

Outside of a fringe group of Austrians, economists essentially agree that having a flexible money supply is a good thing.

One of the first pieces of evidence is typically that those countries that left the gold standard earlier also recovered from the Great Depression earlier.

Good for whom? One can certainly see how it is good for the powers that be. You'd have a rather harder time financing non-stop invasions of faraway countries if you had to pay for it through overt taxation.

>>>One of the first pieces of evidence is typically that those countries that left the gold standard earlier also recovered from the Great Depression earlier.

By ramping up production for WWII.

Now I'm going to go orthogonal and mention something I've never seen addressed. Germany was economically a shambles. How did Hitler manage its economic comeback? Have any books been written on that subject?

EDIT for a typo. As usual.

Disclaimer: Germany in the period of '33 to '45 was not a capitalist society and aggregate measures of markets can be grossly misleading.

In the Great Depression the German chancellor Bruenning did try to keep a balanced budget, kept essentially a gold standard [1] and cut unemployment insurance. This resulted in 30% unemployment and a very high multiplier. Additionally Weimar Germany was on brink of civil war in the end.

Hitler then did introduce the Reichsarbeitsdienst, essentially forced but payed labor for the unemployed. And he did ramp up spending, first mostly for infrastructure later shifting to the military. [2] And he was rather reckless in consolidating his power, which probably lead to increased 'investor confidence.' With these policies he managed to get more than 5% real GDP growth each year, [3] together with steeply falling unemployment. [4] ( Wikipedia has an article with more details. [5])

And this is probably the reason why this is rarely addressed, economic policy was an area where Hitler did have some success, at least by modern metrics which are not easily applicable. ( And therefore it is actually quite hard to discuss without getting awkwardly close to not damning Hitler. In fact I am wondering at the moment, if this posting needs a stronger disclaimer.)

[1] The Rentenmark introduced after the hyperinflation of '23 was backed by land.

[2] The details are actually quite interesting, the regime was trying to hide a substantial part of the dept as 'Mefo bills.'

[3] https://en.wikipedia.org/wiki/File:BSPDRWeltkriseEngl.PNG

the datasource is

https://www.destatis.de/DE/Publikationen/WirtschaftStatistik... [German]

[4] http://archive.is/JXNR

[5] https://en.wikipedia.org/wiki/Economy_of_Nazi_Germany

>>>In fact I am wondering at the moment, if this posting needs a stronger disclaimer

Don't worry about that. We are discussing strictly economic policies and ideas, not politicians/dictators. Thanks for the reading.

EDIT to add: Having now read, I see there is nothing there for sane people to duplicate. Thanks.

1. Only the goldbugs dismiss the problems with deflation.

2. What is the ultimate driver of demand for Bitcoin? Fiat currencies have laws to create demand for them -- taxes, debt laws, etc. What legal business has any particular reason to accept Bitcoin payments, when they must then turn around and convert those payments to their nation's currency (at cost)?

What is the ultimate driver of demand for Bitcoin?

Free instant global money-transfers that can not be charged back and are optionally anonymous? And you ask for demand?!

What legal business has any particular reason to accept Bitcoin payments

Any business that currently pays the >2% Visa/Mc/Amex/Paypal tax on every transaction?

>What legal business has any particular reason to accept Bitcoin payments, when they must then turn around and convert those payments to their nation's currency (at cost)?

You should ask the hundreds of businesses that do so.

The most obvious reason is the fact that it actually costs less. There are substantial fees associated with using credit/debit cards or paypal. The fees for converting BTC to fiat are much smaller.

Would you mind parroting out the reasons for dismissal of those ``fallacious'' complaints?

deflation - Hayeks

volatility - infancy

That's about as silly as pointing to the Bible when somebody asks for evidence of Jesus.

Sure. How about "Everyone is using it as a commodity instead of a currency?"

That is patently false. The number of successful bitcoin businesses increases every day. Just take a look at Bitpay's success.

I personally have spent hundreds of dollars in BTC on various products.

So I'm a hacker currently at MIT Sloan and have been analyzing bitcoins for sometime, so take my views with a grain of salt (I.e.: I not a Phd. I the field)

Basically, no government would like to have a electronic curency like the Bitcoin because it impedes them from controlling the money supply and therefore be able to apply monetary policies. A central bank with no monetary policy is limited in its function, consequently, the notion of a Bitcoin is like you having to program in an OS where you do not have root access or can't change versions of certain libraries etc.

China and other countries have suggested having a global currency that is backed by a "basket of currencies" -- other governments have suggested different solutions, but I can't imagine a Bitcoin to have been plotted by a government.

So, the only piece of evidence pointing to a government is the lack of reviewers, which IMO is a pretty weak indicator. Why would Bitcoin need a ton of reviewers? It's not like it was designed to replace critical parts of the economy overnight. Tons of non-academic "research" is released into the wild (such as nearly all commercial software) with zero peer review. I mean, there's no peer review of AirBNB, that doesn't make it a NSA operation (or does it? Hmm..).

My impression is that BTC is a relatively simple application of existing (peer reviewed) crypto-tech, and could therefore have been invented by a single, or small group of, dedicated crypto scientists.

> so is an individual cooking up bitcoin as an intellectual exercise

Is that really far fetched? Seems it's no more far-fetched than an individual coming up with the initial version of Linux. As I understand it, Bitcoin is just one implementation of the "crypto-currency" line of thought. E.g. http://www.weidai.com/bmoney.txt

It's 2007. The economy is in increasing turmoil, with the housing bubble ripe for bursting and concerning news coming from overseas regarding the stability of the Eurozone. The CIA relays some troubling discoveries in the distribution of risk in the largest banks, and the Bush administration makes a request for proposals for contingency plans in the event of a global economic collapse.

Enter the NSA's contribution, a distributed proof-of-work currency that provides early adopters with a majority share of the wealth and has the potential to revolutionize currency in general. The CIA is authorized to develop and deploy a series of operations, including the fabrication of a social structure that results in a viably large computing network to sustain the technology long-term with a mind-numbing pace.

Enter Bitcoin, wherein the U.S. maintains a majority share of wealth in the event of a global economic collapse.

An interesting question, and option 2 seems to be the likeliest option. However, I would qualify it and say that it was created with the intention of having it fail. This would ease the introduction and attractiveness of any regulation, or prohibition, of virtual currencies.

If a government were to create it with the intention of it lasting, then I would imagine they would have designed it such that the supply of the currency increased with the number of transactions; I'd like to hazard the guess that this is both possible, and would prevent both inflation and deflation. Why is preventing both of these necessary? Had they included inflation, it is unlikely bitcoin would have attracted its initial users - that is, the libertarians et al. Similarly, had it been deflationary, then this would possibly constrain government; no seignorage, and the real value of debt rising over time.

to presume that in 2008 someone would be doing this "with the intention of having it fail" is a little far-fetched, isn't it?

From Hal Finney's "Bitcoin and Me": https://bitcointalk.org/index.php?topic=155054.0

When Satoshi announced the first release of the software, I grabbed it right away. I think I was the first person besides Satoshi to run bitcoin. I mined block 70-something, and I was the recipient of the first bitcoin transaction, when Satoshi sent ten coins to me as a test. I carried on an email conversation with Satoshi over the next few days, mostly me reporting bugs and him fixing them.

Today, Satoshi's true identity has become a mystery. But at the time, I thought I was dealing with a young man of Japanese ancestry who was very smart and sincere. I've had the good fortune to know many brilliant people over the course of my life, so I recognize the signs.

I do agree that the inception of bitcoin is probably more interesting than we realize, but there are a few premises here I'm questioning:

1. That the sophistication of bitcoin implies a government effort. I'd actually argue it's just as likely to be a corporate effort. This is more of a gut feeling, but modern government seems much more reactive than proactive, and so if they were to have created this, my suspicion would be that it was in response to something. But since I don't see an obvious "something", I'd imagine some sort of corporate entity is more likely to be proactive about an effort like this.

Or, maybe even more likely than that, some sort of organized crime effort. I mean the classic stereotype of the "mafia" makes that seem funny, but I imagine modern organized crime entities would be very interested in something like bitcoin. Especially since, outside of idealistic libertarians, I imagine the only reason right now to spend bitcoins is if you want to buy something that can't be tracked back to you.

2. I don't quite buy the premise that bitcoin is a bulletproof protocol. For instance: https://en.bitcoin.it/wiki/Weaknesses .

Some of these are sophisticated problems, but a lot of these things are exactly the kind of problems that could have been caught if there had been a proper peer review.

> I imagine the only reason right now to spend bitcoins is if you want to buy something that can't be tracked back to you.

Why wouldn't they have baked in anonymity if the reason for Bitcoin was anonymous purchasing?

Bitcoin solves one problem and solves it well.

One way to make it anonymous:


Side note: if you buy something and it is physical at some point the package will have to be handed to you. That's a pretty tough nut to crack if you want to stay anonymous. At a minimum you're going to have to be proximate to the drop-point which makes playing 33 bits on you a lot easier.

You have to route the cash-out through an anonymising network. Surely that's possible, eg the fabled "Swiss bank account" in the world today?

Would a bank offer such an anonymising service; there's surely some level of transaction fee that would make the risk exposure worthwhile?

>Bulletproof protocols usually require peer review, yet there have been zero leaks from the reviewers.

Aside from leaking their identities (for reputational reasons) I am having a hard time thinking of anything these hypothetical reviewers would be motivated to leak. The best I can come up with is, "The main architect of Bitcoin hates the U.S. government, and his main motivation was to weaken it by depriving it of tax revenue."

As to why they are not leaking their identities: they run the risk of being kidnapped and tortured for their BTC if everyone knew who they were -- since (from the point of view of the average Bitcoin-literate thug) it is highly likely that those who got in on the ground floor of Bitcoin hold a lot of BTC.

they run the risk of being kidnapped and tortured for their BTC if everyone knew who they were

Doesn't any rich person have the same risk?

Maybe I am wrong, but I get the impression that the average wealthy person keeps their most liquid assets in an institution where the employees know him or her and there are institutional safeguards against that kind of thing. (ADDED. ATMs for example, have cameras.)

Also, the rich do tend to make a point not to let it be publicly known that they are rich if they can. (ADDED. Officers of public corporations for example cannot hide their incomes from the public because of the financial-reporting requirements imposed on the corporations.)

There's plenty of movie plots about "leave a large suitcase full of cash at location X or bad thing Y happens" but I guess large quantities of cash are more difficult to hide and large withdrawls from a bank account would raise red flags.

It's very difficult to receive and enjoy the proceeds with traditional assets. Not so bitcoin.

5. It was a small project at a federal agency, unappreciated by top management. They had access to experts who could keep it quiet, but there was no particular political agenda behind it.

Seems more likely bitcoin was created by a big bank:

- Immediate use for it to launder money (HSBC already does this but recently got flagged by the US gov)

- Long term (if it became successful) it would enable them to reduce dependency on governments / regulation. Big banks are already more powerful than most governments and are rumored to cause political turmoil in countries to increase dependency on the bank. Why just control transactions when you can control the money itself?

- Have the financial knowledge / data to design a currency + have the technical expertise to implement it (due to the masses of quants joining banks in the past 10 years)

Very very unlikely (if you ask me), generally a contender is unable to even see radically new technologies after they're up-and-coming. That they would design it, design it properly, and launch without fanfarre is extremely unlikely to me.

You're right, we see this a lot in tech, because start-ups are easy to start. But in other places / industries people who want to innovate have no choice but to work in R&D at a big company. For example, in India, it's really hard to start new companies, so big companies (like TATA) continue to out innovate everyone and disrupt themselves. It's really hard to start a new bank, so if you're smart and interested in innovating in finance, you don't really have much choice but to work for a bank. Plus governments are really the incumbents here, so it's less likely for them to start a currency to rival their own than it is for a bank

> - Immediate use for it to launder money (HSBC already does this but recently got flagged by the US gov)

Actually, considering the circumstances, I don't see the incentive there. Cash is much easier to move (if you have the power of a bank that size) than bitcoins are. The HSBC example proves this point.

Here is my theory. The US did behind the backs of the Federal Reserve, which is currently it's biggest enemy and threat and it's an internal enemy, controlled by the Private Banking economy. The Federal Reserve remains an economic black hole, sucking out money from the US system (at 6% of Profit on Interest in Bonds Raised).

Consider the system where the 6% dividend paid out to the share holders of the Federal Reserve is untaxed. Further as US debt spirals, the bonds raised increases and the 6% dividend increases further. It's like a sequence 1.0001 Raised to the power of n will finally start diverging very fast beyond a certain point.

Bitcoin takes you back to the days of the US around the Boston Tea party. When the British asked how do you deal with currency, the colonists replied - We print our own notes (not backed by debt paid to the UK). The Federal Reserve represents a similar debt trap. Bitcoin breaks free from this. That's my 2 bit coins.

Consider the following hypothetical conversation between President Barack Obama and the Intelligence team.

President: Hey guys - what's going on. In my presidential campaign I promised to clean up this financial mess, so todays team meeting is about how we clean this up. Can someone please enlighten me on this.

Agent 1: Well sir the main problem is US debt, it's a monster gone out of control. When the act was created in 1913, they forgot at 1.00000001 raise to n for sufficiently large n will diverge to infinity. We have unfortunately crossed the point of no return.

President: Well, is there a way out, like an alternative currency?

NSA Agent 2: Well sir, there is something, but it's kind of weird and requires a system reboot.

President: Explain, anything is better than this shit.

NSA Agent 2: Well the last president who tried to mess with it got asssinated.

President: I have no plans on going up this way, can we sneak it in.

NSA Agent 2: Well we need a new currency, but if we say that aloud, the whole world will blow up. And we need it to not be backed by debt. Let the old currency work for a while, then we will kick the new one in when it spreads really well.

President: What about currency control.

NSA Agent 2: Well it works on 256 bits crypto.

President: That doesnt translate, english dude.

NSA Agent 2: Well we can control the currency, we can do 2048 bits with our computers for a while now, which means that we can generate new currency whenever we need it.

President: Well, in that case, you have my permission, go for it. God speed, you have my presidential blessings.

A few points to add to the argument above

Consider the following scenario:

I am a very rich man : i have 1 trillion dollars, everybody else has < 1 million dollars. Goal : I want to continue being the richest man on the planet and control its resources An easy way: Whatever new assets are created, I raise the price far above the value that normal people can afford. If they can afford 1 million, I offer 50 million. It doesnt make a difference to my life, because I have 1 trillion, but I put it out of reach of all the people who have 1 million.

In 1977 my parents bought a 1 bedroom apartment for INR 47000. At that time, my dad told me, salaries for average jobs were about INR 600. 100 times 600 = 60,000, so the max leverage was about 100 times.

Today in 2013, an average white collar salary in India is about 50,000 a month. Today In Bombay in my locality a 1 bed apartment is 85 lakhs (INR 8.5 million). What's the leverage?

50,000 x 1000 = 50,000,000 = INR 5 million. My leverage is > 1000 times. But wait, if you consider the dollar (my dad was a marine engineer who earned in dollars), I have seen it go up from INR 18 to today's INR 50. So multiply that another 4 times, my leverage is about 4000 compared to 1977. What happened? Inflation.

a. Now consider the 6% dividend the Federal reserve share holders pay themselves on the interest gained by bonds raised. b. I need an asset where I do no work, but earn money.

Every year people do economic business activities and generate wealth. Private equity companies invest in these companies and hence are able to increase their investors holdings.

But consider the extra income from 6% dividend. This is money that gives them an extra edge over everybody else. If the US raises 1 trillion dollars in bonds from the FED at 1% interest, the FED income is USD 10 billion. 6% of USD 10 billion is 600 million USD. But that income is only for the year 2013, to understand the total interest you must add up for all the bonds raised where the debt has not been paid back. The private banks have this extra money to play with, which keeps increasing their ability to jack up prices and decrease the common man's leverage.

One reason a government might do it is to shine a light into the dark corners of the online black market. As I understand it (not a crypto expert by a long shot), bitcoin transactions are traceable but not personally identifiable. So even if they cannot see who is transacting, they could build models of the networks that are transacting. Perhaps this could be married up with other sparse data to improve their understanding.

Another reason would be pure research--not a specific goal in mind, but simply to see what happens when this sort of tool is released into the Internet.

One thing a government would have going for it is a complete lack of interest in the actual monetary value of bitcoins--it's a tiny drop in the bucket of most large governments, and top-secret-level crypto teams are not likely to spill their guts for a few millions dollars...particularly if they know that their transactions would be easily traced.

My best guess would be a bunch of friends in a crypto lab cooked it up. It's not that there were no leaks. There were reviews done in the cryptography mailing list and changes were made. Just that they happened publicly online. The first idea was proposed in 2008, while the client was first launched in 2009.

1. why not just finance the way they normally do, by borrowing (selling bonds), or taking money from the taxpayer?

2. currencies today are already essentially digital. the vast majority of transactions are handled electronically. the value of a bank account are just bits on a disk.

3. bitcoin can't become a reserve currency, there is no such thing as bitcoin bonds. the growth of the bitcoin money supply has been predetermined. government wants to be able to control the money supply, because it gives them power.

4. the usd as a reserve currency will probably be replaced by a global currency, SDR's, to the detriment of humanity.

i don't think it is farfetched to cook up bitcoin as an intellectual exercise. i think it is more likely to be 2, or 3 people in collaboration, because design by committee never works.

government is too short-sighted to have created something like bitcoin.

The possibilities you list are interesting, yet I suggest you read another essay posted here about "legal/illegal" bitcoins, where governments could force one to "declare" what its bitcoin accounts are, and treat all incoming payments and outgoing payment to "undeclared" accounts as illegal, and tax accordingly.

This would the the perfect scheme to ensure orwellian control of the economy, with a complete history of the transactions. It is a possibility - that bitcoin is touted as a "libertarian dream" while it can be in fact used for complete control by the governement.

Today's currencies are too many and transferts not properly traceable. Make that one currency and add in the design that all transferts are to be logged, and it does not matter whether one uses a bitcoin address or its full identity.

With enough social network analysing and recouping information, especially with the governement weigth and files, it should not be hard to "uncover" the true id.

I find this possiblity interesting, even if far fetched.

EDIT: see the actual thread on https://news.ycombinator.com/item?id=5501803

Another possibility would be to reduce the "weight" of the financial sector. Having IIRC 10% of the GDP used for allocating resources is wasteful when there is technology available to do this very thing. I commented on Krugman article on https://news.ycombinator.com/item?id=5541189 along with additional details on https://news.ycombinator.com/item?id=5543308

Basically, using bitcoin instead of the current financial sector would remove frictions and transaction costs, improving efficiency. It is compatible with the standard economic approach, especially on grow theory, where growth is explained by technical change and human capital in many models - from the augmented Solow growth model to Romer and Lucas.

Bitcoin could then be seen as a way to "reallocate" the human capital "spent" in the financial sector to new productive endeavours - the lack of inflation being added to make sure that there would not remain any incentive to waste human capital on looking for ways to speculate.

That is the explanation I prefer at the moment - Bitcoin as an experiment created to improve efficiency of our economical system as a planetary level, by someone well versed in economy and computer science.

Yet out of your list of possible explanation, I would say (2) is the most likely. But if indeed it was government made, I would not say the US is the most likely author.

Look at how the european currencies tried and failed to replace the dollar as the world currency - sum up the Euro currencies place in world commerce before and after the Euro, and you'll see they failed. A bit like HP-Compaq merger, with total share of the market less than their initial shares.

This could support (3) and (4). It is also quite interesting to see how EU-wide directives about virtual currencies were implented and voted were created before BTC became very popular- see http://ec.europa.eu/internal_market/payments/emoney/

The second EU electronic money directive, 2009/110 dates from 2009. Considering how long the political process usually takes, I find having a directive voted and ready in its SECOND version in 2009, then implemented with only a year and a half delay in say France, "unusual". http://www.bryancave.com/files/Publication/515cae04-f1c0-46c...

The only thing that would not match this is how the ECB follows a Friedman like monetarist approach, with a 4.5% M3 monetary aggregate growth target, while bitcoin is not inflationary.

But when you consider the FED bad habits of "quantitative easing" (printing money), it make the US even less likely to be the originator.

TLDR : ranked from most likely IMHO:

1- it was created by someone familiar with economics and computer science to improve efficiency (compatible with the current analysis and the initial comment about central banks)

2- it was created by a public organisation, considering virtual currency inevitable, to make the most of them, but in that case, it is more likely from the EU than from the US

3- it was created by a public organisation, either aiming for, or having a side objective of, orwellian control.

EDIT2: about this 3rd option, I know the records list Trinity College as one of the potential "epicenters" based on published papers and software, but it does not excludes the possibility the effort was funded with this very goal in sight - give students money, incentive, ideals, and watch while they develop what you wanted.

Just like how BTC can be touted as a libertarian dream while it could also be very dangerous, initial creators could have been fooled by only knowing a part of the plan.

So I share pg opinion there. Some possibilites should not be discarded too quickly ; if it was possible to create STUXNET to harm Iran nuclear program, with all the complexity involved, and then keep the official involvement hidden for like 10 years, this gives a priory evidence that such a feat could be done as a government project.

I am quite concerned by this last "orwellian" option, as unlikely as it may be.

One of my side projects at the moment is examining this possibility - not shouting that too loud, because I don't want to be taken as a conspiracy theory nutcase :-)

Also, I only have an interest in economics - I'm not a professional economist, so there must be some flaws in my analysis.

>With enough social network analysing and recouping information, especially with the governement weigth and files, it should not be hard to "uncover" the true id.

There's already zerocoin, a proposed extension of bitcoin, which guarantees completely anonymous bitcoins.


There's also bitcoin tumbling services that further obfuscate transaction to the point where it's incredibly computation/time intensive to track transactions...if at all possible.

They breakup transactions between hundreds of wallets before sending back to one address, similar to money laundering.

How would this work? Having the whole blockchain available, one could write a program fairly quickly to take all of those transaction splinters and narrow it down to the real source and destination addresses.

Since you can make new wallets at any time to spend from, the key is paying your btc into a wallet that others are paying into, and then extracting multiple different amounts to new, different wallets (and then using those for spending).

If I have two accounts, one with 0.5 btc (newly created, never tracked by authorities, purchased with a relatively disposable account from somewhere like virwox) and one with 1.5 btc (potentially tracked, need to launder it), I'd pay both into a tumbler and then extract into 3-5 different accounts (like 0.2, 0.45, 0.9, 0.18, and 0.27).

How do you prove, as a tracker, that those 5 accounts paid out to, involve btc from the original 1.5 tracked account? Especially when you consider the hundreds of other accounts being paid out to at the same time.

Still paranoid? Rinse and repeat.

> Since you can make new wallets at any time to spend from, the key is paying your btc into a wallet that others are paying into, and then extracting multiple different amounts to new, different wallets (and then using those for spending).

1mdc was a similar service to this that I used as did many others about 10 years ago for the purpose of obfuscating and anonymizing e-gold transactions between various accounts. http://en.wikipedia.org/wiki/1mdc

One interesting comment from the wiki page: "1mdc's e-gold was held in unallocated (pooled) storage (in several e-gold user accounts) which allowed for extra privacy from e-gold's administrators. However, this increased storage risk, as the client had no precedence on the e-gold they entrusted 1mdc to hold, and there was virtually no way for a user to ensure that 1mdc is maintaining full reserves of their e-gold."

Zenocoin argument stands. If you have access to the full bitcoin chain, can you write a mathematical proof that allows one account to transfer anonymously to another account, without using a "tumbler" mixed account?

IMHO, you can't.

That's the flow in anonymity, because, how do you ensure the tumbler properly operates? There is an incentive to try and "steal" from the tumbler pool.

Even if it works, the tumbler could be marked as "tainted" - or any undeclared BTC account by default could be declared tainted, and taxation imposed on any incoming bitcoin, unless then come from an untainted account to another untainted account.

The same logic currently applies in the real world - ie if you receive say 500k wired to your account from an account in the cayman islands, the taxman will want to have a word with you.

Do you see the logic there? It was previously discussed in the thread reference in the original message.

> Zenocoin argument stands. If you have access to the full bitcoin chain, can you write a mathematical proof that allows one account to transfer anonymously to another account, without using a "tumbler" mixed account?

Surprisingly, yes: that's exactly the accomplishment of Zerocoin, though it's currently too inefficient to be practical. (It still requires many participants, but the "tumbling" is global and does not require any trusted pool.)

There's also the fact that there is zero incentive to use a tumbler unless you're doing something that you don't want being tracked, since using the tumbler has a non-zero cost.

wanting anonymity does not imply guilt.

it s not the case that if you have not done anything wrong, then you have nothing to hide.

But guilt does imply wanting anonymity, and because actually setting up secure anything is hard, J. Random User isn't going to really do it.

Look at how hard it is to get many people to set up a password manager, or encrypted email. You can't hide in the crowd if the crowd isn't there.

Correlation doesn't have to imply causation in order to give you an accurate prediction.

Indeed, it does not. However, there does not seem to be much of an incentive to pay the tumbler's fee if someone has nothing to hide, so it's likely that only people who do have something to hide that will use such a service.

I think the basic idea is that you have a whole bunch of people who want to launder money (and maybe some who don't). They all transfer into a single wallet, then they all pay separately from that wallet. Now it's impossible to tell who paid what on the other side

So then it becomes a gentleman's agreement on who owns what proportion?

Yes, as everyone knows, money launderers are gentlemen, who will stick to their word in a gentlemen agreement.

And this valuable process will be generously provided for free, by another gentleman, thus making the whole money laundering a costless operation.

Basically, this whole complex service will fully guaranteed by the trust each money launderer have on their good fellows also engaged in this benevolent operation.

Even without any government action or the tracking of tainted/untainted accounts, I just don't believe it may ever work that way - not with human beings at least :-)

or even "open transactions" -- the OT-issuer would then be the "offshore tax haven" of today's financial system.

> Having IIRC 10% of the GDP used for allocating resources is wasteful when there is technology available to do this very thing.

With regard to that 10%, don't forget that much of it is spent on the salaries of the individuals actually allocating capital (i.e taking money from some source, such as depositors or investors, and acting on their behalf to invest or loan it elsewhere), such as bank managers, fund managers and investment bankers. Bitcoin cannot decide whether a firm or individual has a good chance of paying capital back, and so its role in allocating capital in nil I would say. An algorithmically-determined money supply would however render infeasible the idea of discretionary or near-discretionary monetary policy, which would free up many economists from the ECB, Fed and Bank of England, and so would free up resources in that regard (whether that is optimal would depend on the algorithm of course).

For any computer system to do allocate capital optimally, it would need to have to sort of assessment ability a human has - or else have a very, very good dataset.

With regard to that 10%, don't forget that much of it is spent on the salaries of the individuals actually allocating capital

This, in itself, is worth considering. This 10% doesn't disappear from the economy- a good part is distributed to salaries, which are in turn spent on the economy. Not as efficiently as it could be of course, but still.

Wrong way to look at it. Paying a brilliant guy 300k/yr to execute noops is a 300k/yr waste even if he uses the money to support himself. The broken window fallacy.

True, but the key point is that it is his brilliance that is being wasted, not the 300k.

"waste" yes, but no wealth is being destroyed.

except the wealth that could be created if the brilliant guy spent the year on other pursuits instead of noops

Well by that logic, we shouldn't work for startups that have the potential to fail... because you could be creating negative value!

The expected return of a startup is usually higher than the expected return of a bigco job and almost always higher than doing nothing. The actual return is more often lower, but sometimes turns out to be really high.

Which is why you should evaluate the risk/reward of a start up carefully.

It's also why, for example, bank robberies aren't worth it.

The problem isn't that the currency disappears when you pay it. We aren't suffering from a lack of currency! The problem is that expenditure of money represents an expenditure of resources, namely, the time and attention of these individuals allocating capital, some of whom maybe just have rich daddies but many of whom actually have to be among the best and brightest to win those positions; and as a result, those brilliant people are not able to spend their time and attention doing something that would actually be productive for society, such as sending rockets to Mars, inventing new ways to harness solar energy, remediating nutritional deficiencies that turn poverty into mental retardation, or writing peer-to-peer discussion-group software.

>But when you consider the FED bad habits of "quantitative easing" (printing money), it make the US even less likely to be the originator.

Regarding the Fed, QE and USG. The Fed is a private bank (it pays its shareholders 6%, which no government department does!).

USG is different, and currently in thrall to the Fed. Now _I'm_ going to sound like the conspiracy nutcase when I add "in much the same way European sovereigns were to the Rothschilds".

I'm not very familiar with how the FED operate, related to the US government.

I just know the textbook stuff- that it takes order from the politicians (ex: obama and the congress could ask for a trillion coin, pretty please), can be forced to buy government debt, and as a goal of helping employment.

I'm most familiar with the european ECB : by construction it follows a monetarist policy (M3 grows at a fixed 4.5%), is independent of political power (you can't ask it to mint a trillion coin for you), and doesn't care about employment.

Before 2012, it also could not be forced by politicians to buy "toxic assets" like sovereign debt (greek debt anyone?), so they created the european stability mechanism, guaranteed by the "federal" EC budget to do this very same thing!

It is even better : now they are not forcing the ECB to buy sovereign debt on political orders, they buy sovereign debt by themselves!


Could you please elaborate on the US situation? (I'm checking wikipedia at the moment)

If the Fed is a private bank, and I understand correctly your Rothschilds example, that makes the situation in the US similar to the one of the Bank of France prior to 1945 when it was nationalized - it was a private bank, with a monopoly on sovereign currency emission.

Only it's even better and more lucrative, because the Bank of France had to deal with the gold standard (even in the 1929 great depression) while the present day FED is doing fiat money.

Who are the FED shareholders who get to benefit 6% returns, backed by the US government? How do you compare that to the french situation before WW2?

The whole point of the trillion dollar coin idea was that it allowed the executive (aka the president) to create money without asking the Fed (and thus by pass the congressional deb-ceiling debate). This only illustrates the point that president doesn't directly control the Fed - he does appoint the chairperson (Bernanke, Greenspan et al) but he cannot order them to print money. The treasury however does have responsibility for minting actual coins, usually treated as a minor housekeping type matter (because the vast bulk of money is not actual physical coins and notes, of course) and even then only under congressional mandate.

In the case of the trillion dollar coin they had passed legislation that the Treasury was to be given the leeway to print a new platinum coin - if they wished, and at their discretion as to its denomination.

All of which is to say that this whole trillion dollar coin thing only emphasizes the extent to which the president does not control the Fed.

FWIW this is very common in western democracies. Even when the central bank is not a privately owned institution it is almost always managed in a very hands-off way, ostensibly (though perhaps not practically) to stop short term administrations from playing with things in a way that might affect long term currency stability.

*Fed(eral Reserve {System,Banks}), as opposed to E(uropean) C(entral) B(ank)

Few people ask where politicians obtain their insights, ideas and policy positions. More should. When the current minority leader HOR, and former majority leader HOR, stated, "we have to pass the bill to see what's inside" and the individual politicians base their policy votes on the testimony of industry captains and fed economists, I hardly call the politicians independent or objective.

Politicians are mostly mouthpieces for constituent groups and don't understand any of the laws they pass at the granular, much less atomistic level. Their briefs, talking points and speeches are all prepared by others.

The individual can only be as smart as his information input and analytical framework.

what's amazing is that laws are added as riders onto unrelated legislation. at least, that's my understanding[1,2].

i suspect that the only people who read the bills are those trying to sneak something in, or watchdog groups like the eff.

everybody else in washington is there for the hookers n'blow.

[1] Plenty of references: http://en.wikipedia.org/wiki/Rider_%28legislation%29 http://www.politifact.com/truth-o-meter/promises/gop-pledge-...

[2] These last two are Monsanto and firearms related bills being snuck through via the "avoid government shutdown" scare: http://www.npr.org/blogs/thesalt/2013/03/21/174973235/did-co... http://www.npr.org/blogs/itsallpolitics/2013/03/21/174969923...

and obviously eff and alike are not enough.

What we need is full decentralization in govs too

You made me realise that it is suspect that they were cheaper to farm at the start. However, it could be argued (and I think it is) that making them cheap at the start encourages early adopters and increases the likelihood of the currency catching on.

Hey if you're doing extensive research, I think it'd be great if you put up on Microryza.

It's not that extensive at the moment, just a side project fueled on my curiosity.

I have to evaluate my knowledge of economics before I can commit to creating value up to the amount it would cost to the crowdfunders, but then crowdfunding could be an option.

Meanwhile, I can certainly accept BTC donations to jauge public interest on this project. Click on my name to get the BTC address, since I don't want to "spam" the thread.

[In fact, I'm very selfishly more interested in discussing the proposed explanations than taking commitments at such an early stage.]

"jauge"? Is that a typo or do you speak French?

I am not sure I understand you- it is both actually. Making typos and being a french speaker are not exclusive.

It seemed to me that "gauge" was generally accepted use in that meaning. The American Heritage College Dictionary, Fourth Edition says: gauge also gage (gāj) n. (...) 3. To evaluate or judge: gauge a person's ability.

Anyway, if the original phrasing bothers you, please excuse my french :-) and read that as an evaluation of interest before engaging in formal work.

I am concerned that the idea of bitcoin as a government black flag operation, while not fully impossible (I'm glad pg posted this), may sounds like a nutcase conspiracy theory.

Even if the topic is interesting, since from this discussion it seems to be quite unlikely, it does not seem very logical to investigate the issues as more than a side project unless there is a minimal number of people sharing the opinion that it is indeed worthy of further analysis.

See that as a threshold: time is finite while possible projects are infinite. Proper research, as suggested by another poster, will require organisation - even the basic task of setting up a microryza page.

One must use a ranking function. I am uncomfortable with committing to work of doubtful quality and interest. I frequently use HN as a source of "external reasoning", ie a place to submit ideas and see if they are plausible, if the reasoning is sound, ie whether they pass the scrutiny of a technical audience.

I spent many minutes writing down my opinions on this idea, I read with great interest the replies and the other comments, now I'll rest and estimate whether I should spent more time on that.

As jacquesm said in this very thread, even if I don't fully share his conclusions "I've spent more time (...) than is good for me".

There are questions about possible vulnerabilities in the secp256k1 (the Koblitz curve) I did not know about and whose investigation will consume time. Also, the relation between the US and the Federal Reserve shareholders, with the 6% interest rate are interesting. Being french, I know a little about the ECB. Increasing my knowledge about the inner working of the US system will take time.

Even if I'm glad I'm not the only one with such questions, I am wondering if I am spending more time on the topic than it is worth, and how productive any work on such issues could be

I'll sleep on that.

Sur ce, bonne nuit (and that's french)

"gauge" yes, is English. You typed "jauge", which is the French cognate of the word (and I typed "jauge" which is the dyslexic version of the French word), and I was curious if that meant that you spoke French - it was just a curiosity.

As for your meaning, I really like your analysis, and I think that you've made some of the best theories in this thread, and I hope that you keep spending time on it, because your discoveries might be good for all of us.

Reserve currencies have come and go, but sometimes over spans of hundreds of years.

Bitcoin has been around fewer than five.

Maybe we should wait a minute or two before discussing its role as a global reserve.

No smart government would make the currency dependent upon predictions about its impact on global monetary policy, because that would involve a heady series of presumptions.

Also challenging these presumptions: Bitcoin is essentially a proof of concept, which could be copied or forked or reimplemented from scratch at any time. Some alternate coins have been developed already, maybe not enough to exceed the network effects, but these improvements pile up. Something destabilizing could easily unseat Bitcoin over the span of time required to scale to cover a plurality of human transactions.

It's way more traceable than cash.

but no less anonymous, maybe more so.

If it's traceable, how is it anonymous? I.e., you could have a wallet full of BTC that no one knows is yours, but the moment you buy anything with it that's linkable to you then all of your BTC becomes non-anonymous.

If you put every incoming transaction into a separate wallet, and create a new intermediary wallet for every outgoing transaction, then only a minimal amount of Ⓑ becomes non-anonymous with each outgoing transaction. But statistical methods can still probably bear fruit.


* if you were a gov't who was consistently on the losing end of problems caused by the current regime,

* you'd failed to get relief by diplomacy,

* couldn't or wouldn't seek relief by open warfare,

* and didn't mind the remote prospect of making your situation worse,

Why not?

Personally, I don't think a gov't did it. I've always liked Kaminsky's "it's a group of quants" hypothesis. Or maybe Michael Clear. Or maybe some other Physics/CS type. But I really have no idea, and haven't really looked into it more than reading random internet news.

You have a currency that requires a history of every transaction ever. Perhaps the hypothetical government is confident in its ability to unmask pseudonyms, and it will soon have access to everyone's financial history.


My understanding is that whoever built bitcoin was pretty darn good at what they were doing. I question whether the best of the best in cryptography would choose to work for a government over earn enough money to spend time building something awesome, like bitcoin. This is coming off watching the video Gary Tan posted recently [1].

To me, the only question left is about leaking. What's a greater incentive against leaking: coercion by a bureaucratic, nontechnical employer (ie; a government), or the bonds of secrecy between close friends in a common cause? Call me an idealist, but I think the latter has a pretty good shot. The number of leaks coming from Apple vs the number of leaks from Google (higher from Apple, IIRC) seems to support this viewpoint.

[1] http://sub.garrytan.com/hackers-can-be-business-guys-and-oth..., around 12:30 iirc.

EDIT: sentence structure.

I question whether the best of the best in cryptography would choose to work for a government over earn enough money to spend time building something awesome, like bitcoin.

I question whether the best of the best in cryptography couldn't just work for the government TO earn enough money to spend time building something awesome. I mean, at least in the field of cryptography, it has always seemed like the government would be high on the list of places to work anyway. Crypto is a big deal to government, so they are going to be on the cutting edge, and plenty of other top crypto guys work there.

Fair point. I rescind the first paragraph of my post. Thanks

I may be wrong, but I don't think that being an amazing cryptographer is necessarily that lucrative of a career. Most of your options are going to be government employment (intelligence services/military) or working in academia.

If bitcoin was a top secret government development then it's quite likely they would assign different people to different parts of the project with a minimal number of people overseeing the entire thing.

I think you're way over-thinking this.

Governments do a lot of things.

While some things governments do are a top down strategic plan, every person at every level of every part of every government is an intelligent actor capable of doing things for bizarre or obscure reasons. Sometimes these things serve large nefarious purposes. Sometimes these things serve small nefarious purposes.

If BitCoin was created by a pool of secret government cryptos, it's possible their mandate was very different from anything related to BitCoin: The Digital Currency. Maybe their mandate was to start an open sourced project which would optimize a cryptographic algorithm. And then one of the guys handed this assignment said to another, "Hey, we should totally do that BitCoin thing you're always talking about at lunch." And they did it, because they thought it was cool, and it technically satisfied the requirements of their assignment, and their manager signed off on it so they thought they might not get fired.

> Pools of crypto guys who don't leak stuff are usually employed by governments.

You're pretty on with this.

I do believe it was created by a crypto guy employed within the UKUSA intelligence community, but as a side project -- perhaps even a side project based off of his/her work.

I think the theories about the US and the American dollar don't pan out because there are more efficient ways of dealing with this than creating a new, solid (thus far) cryptocurrency and gaining acceptance and real-world value out of it. All this while maintaining absolute secrecy within the IC (where I have friends and acquaintances studying BitCoin, looking for theoretical attack vectors and de-anonymization techniques). SOMETHING should have leaked somewhere (most likely a politician, as they can't seem to keep their mouths shut.)

As to #4, the United States is usually in denial about things like the dollar losing its status as the standard reserve currency. If a government is behind bitcoin, you have to give them credit for it.

Some people think the US government invented crack cocaine to fund CIA operations. Who knows...

There's plenty of strong allegations of CIA drug involvement that you can just look up: http://en.wikipedia.org/wiki/Allegations_of_CIA_drug_traffic...

There would be one really good reason to invent a crack epidemic. Before that, there was a pretty strong anti-capitalist black nationalist movement. The men behind the curtain would not want that growing.

It would also increase the value of raw cocaine as a pre-cursor to highly valuable (from a cost vs. resale perspective) crack. The CIA being involved in, or simply turning a blind eye to, cocaine smuggling when the funds were to be used to fund things they viewed as necessary but those "idiots" in Washington wouldn't fund is not entirely looney. The angle of increasing the value of a fairly easily smuggleable drug is more compelling to me than a conspiracy targeting African-American communities in particular, like the CIA is run by some crude caricature of a southern grand dragon.

Agree. It was the FBI that was concerned with domestic black militants. The CIA just wanted a way to get cash anonymously to fund weapons-for-Iran and the Contras in Nicaragua.

If the CIA was behind Bitcoin, they would have done a better job with the unlinkability.

I like the food for thought but as a lot of people have stated I don't know that it totally all adds up. The idea that a gov't would create a currency that is currently not being taxed doesn't seem like its at the moment that beneficial of a government project (looking at you, USA). However, I suppose it could be a different government (any of the PIGGS countries, Israel, Iran, or any other country that is having a money crisis and wanted a black market way out. That said, couldn't the author also be a big bank? I know big banks here in the US have thousands of coders on staff and while most do meaningless chores more than cool projects perhaps banks in other countries aren't so bad (looking at you Switzerland).

Don't you think a corporate entity or government would patent the code?

The most lucrative formulas are never patented. Coca-Cola, for example.

> I've long suspected bitcoin was created by a government.


> Bulletproof protocols usually require peer review, yet there have been zero leaks from the reviewers.

Bitcoin isn't bulletproof, it has (and, as I understand, originally had more) well-known vulnerabilities. These are deemed acceptable by people who decide to use bitcoin (almost by definition, as those who don't deem them acceptable are unlikely to also choose to use bitcoin.)

> The part that puzzles me is why a government would do this.

There's a whole lot of reasons a government might do something like bitcoin, but its far from clear that a government did it, much less what the motivation was if a government did. Really, this seems to be looking for supposition to pile on supposition to create a conspiracy theory.

I was in a bank yesterday and there were all these animals in cages shuffling paper around, worried that their customers would yell at them if they were off by a single digit, (because doing so would be tantamount to robbing the customer of their hard work) and it struck me that all that the shuffling accomplishes is moving tokens of value around, mere accounting entries.

And it doesn't even do that well! It's breathtakingly inefficient.

For instance, one can't tell how many shoes are sold in a country.. that would require a totally different, feet-on-the-ground statistical survey, or an industry association (voluntary reporting). We can't tell who's doing what at all. We're like the suckers in The Wire Season 1 (which seems so quaint by today's standards) trying to reverse-engineer IRL networks.

The hacker solution would be so much more elegant, so much less messy (no meatspace!). It's like your example of hackers in dorms doing voip way before Skype. No self-respecting hacker could (even on the wildest bender) have come up with pushing pieces of paper around as value-tokens. What a hacker cooks up today is what the world will use in the next decade.

With bitcoin, unravelling a network is trivial. Bust one node (a snitch or an undercover sting op) and the rest unravel.

The combination of government and hackers sits somewhat oddly in my mind. So I shall refrain from pursuing that line of thought.

However, in this spirit of prognostication, I like possibility #4. But you understate the case. It's not about USD vs RMB, it's about fractional-banking vs fixed-quantity money.

If #4 is the case, some might argue that USG must have pre-mined a bunch of coins (and conversely, that if they didn't, #4 is not the right answer). This need not hold, of course. One can make some predictions if #4 is indeed the case: with bitcoin, taxation is easy and automatic. Smaller governments would result (State, Local & Federal), deficit spending would end, the free-market would still work, but command-and-control would be much easier.

edit: I see I'm largely of the same opinion as user guylhem.

Already so many comment mine will be buried deep. Anyway: I am happy to see that in fact pg has no China-blindspot.

I feared pg and others (eg Fred Wilson) were never talking about China because they droped half of the world out of their sight, as so many people sadly do. In fact it seem to not be the case. It was more of a strong reticence against saying stupid things, and a righteous understanding that not saying stupid things about China is very hard.

But still, the nearby horizon is inevitably a confrontation between US and China, and we need clever and trusted people to state their best bets about how to handle this issue, which, left alone, can rot in the wrong hands and have a bad ending for everyone.

This reminds me of a theory I heard of that Bitcoin was created to secretly try and crowd-source the breaking of seemingly impossible encryption protocols (encrypted files not meant for anyone other than the intended recipient). I wonder if such a theory is actually plausible though considering the client is open source, what if the block chains people are mining are actually encrypted files and the government are using people as bot-nets for breaking encryption? This is one reason I would suspect the government of creating Bitcoin.

I very much doubt that Bitcoin was created by any government. Having said that, one reason why government could be interested in fomenting Bitcoin is because it makes some forms of tax evasion nearly impossible. I've written to some length on this often neglected side of Bitcoin; see the section "On the upside: Bitcoin is transparency friendly" in the following blog post: http://nleyten.com/post/2012/10/24/Announcing-OCaml-bitcoin-...

If I were in control of a sovereign entity, I might be motivated to create a cryptocurrency at this point. This could be a way to increase a small country's currency reserves. The US government and other major powers would be against this, however, for the same reason why they squashed bearer bonds.

Also, given how bad Bitcoin is in some ways, I could believe it wasn't created by crypto experts working for a government. There is no good theoretical basis for secure hashing algorithms.

my 2 cents:

along the "far fetched" lines, it is definitely a possibility that this was a govt initiative, and possibilities 1 and 2 (not 1 or 2) seem to fit my reasoning.

countries that fit my argument are those with large trade deficits; have little or no natural resources; are known to run smuggling networks of drugs, counterfeit money, etc.

countries with little or no economic resources are constantly under economic pressure to trade in "trusted" currencies. they need to purchase commodities and resources where counter-parties only accept strong currencies (usd, eur, gbp, chf, nok, etc.). it's impossible doing business with a large/influential commodities trader unless you trade in any of the currencies above.

given that these countries are unable to generate enough foreign reserves via exports, large undercover networks that smuggle all kinds of illegal goods/services are unofficially permitted. e.g. class a drugs, counterfeit money (sold at a discount. think for a second why some top notch usd counterfeiters are located in africa and asia), free/subsidised drugs sold back to developing countries by 3rd world countries, etc.

consequently the creation of a virtual currency, that does not require an export, and that it can be easily printed with ubiquitous technology/computing power is a great way to make up for the real economic shortfalls.

final remark: still, i think the chance of this being the case is very slim. right now the trade deficits/currency needs by many countries that fit this profile are orders of magnitude larger than the overall value of the bitcoin market. unless the size of the btc market grows at a very high rate i seriously doubt this can be an effective tool to run the above operations.

Most if not all governments believe a fixed money supply leads to deflation. They also believe that deflation is a bad thing that should be avoided. (Whether you believe this is completely irrelevant. What matters for this argument is what the government believes.)

Since Bitcoin's supply is fixed, Bitcoin is inherently deflationary. A government that creates and releases Bitcoin is a government that creates and releases something it believes is seriously flawed.

Why would a government release something it believes is seriously flawed? (The most likely answer is 'it doesn't', but let's play along.)

Perhaps that government believes the adoption of Bitcoin would damage its rivals more than itself.

Perhaps that government fears the adoption of truly-effective digital currency, and therefore chose to release and publicize one with inherent problems that will prevent its widespread adoption - delaying the onset of a truly-effective currency. (Again, dear reader, you might think Bitcoin is fine - but I suspect most government economists are more in line with Paul Krugman.)

Finally, perhaps the government truly thinks Bitcoin is a bad idea - but not everyone who works for the government agrees with the government. It only takes one person to leak something. Perhaps the group who created and reviewed Bitcoin were hired during one administration, and then, being unhappy with a future administration, someone decided to leak their what they were working on.

Note, for those of you who enjoy tinfoil hats, that the first paper on Bitcoin came out just days before the 2008 presidential election, when the polling was almost uniformly predicting a Barack Obama victory. Is Bitcoin a release from someone who believed both in the project they were working on and that they were about to be unemployed?

Ultimately, keeping a conspiracy under wraps is an n^2 problem, where n is the number of people behind it.

If it's a government, it is not a constitutional one with democratic elections. Checks and balances make it much more difficult to carry out a conspiracy with elegance and grace. I'm not saying it's impossible, but if the US did it, it will come out very soon. There are too many conflicting interests in government to keep this under wraps for long.

Essentially, crypto-guys who don't leak stuff would have to have been acting at the bottom of a chain of command that does leak stuff clumsily, and is opposed by political forces with the incentive to find stuff out. Plus, no major agency of the government has yet commented, which suggests that they are trying to get their heads around the phenomenon before choosing how to act.

All the same, I doubt it's an individual, as you suggested. It's certainly a group or entity with it's own agenda, external to, but perhaps sponsored in some way by a government (perhaps even the US, for the reasons you mentioned).

>>>Ultimately, keeping a conspiracy under wraps is an n^2 problem, where n is the number of people behind it.

Stuxnet. How long before anyone outside of the group that created/deployed it knew it existed?

EDIT to add: I typed too soon. You did specify "conspiracy." Stuxnet was an approved project. Those are easier to keep secret.

Actually, Stuxnet was outed pretty quickly (less than a decade, if the speculation is correct).

An the target of Stuxnet was an single program of a fairly obnoxious state (Iran).

The "target" of btc is an entrenched system of currency used by nearly everyone on earth. Much harder to contain.

>>>The "target" of btc is an entrenched system of currency used by nearly everyone on earth. Much harder to contain.

I wonder if I'm the only person who sees Bitcoin as just as alpha test?

The "if this conspiracy were real, somebody would have leaked it by now" argument gets repeated all the time, but it's bogus. If correct, it would mean there were no covert ops. And we know that's not so.

The reason why "conspiracy theories" sound silly is that the term itself is reserved for possibilities the speaker doesn't believe in [edit: changed that wording to make it more neutral]. Well-documented conspiracies are called "history".


Covert ops usually have a small, well-defined purpose (taking out Osama, for example).

The creators of bitcoin could have one or more purposes, picked from a fairly large set of possibilities.

I don't wish to express contempt for the possibility, just that it is unlikely.

> Ultimately, keeping a conspiracy under wraps is an n^2 problem, where n is the number of people behind it.

I'm puzzled by this statement. You need n people to keep the secret...

I believe his argument is that if you have n people in on a conspiracy, than you have possibility of any of the n^2 communication channels becoming compromised, and n^2 more chatter going on. You can mitigate this by having only one person keep track of things, and ensure that no one else knows anyone else is in on it (yay! Star topologies!)

Also, each of the n individuals knows that there are (n - 1) others who could also leak. Attribution for the source of the leak becomes harder and everyone involved knows it. So the motivation to keep the secret is reduced along with the sense of accountability.

3 can keep secret only if two of them are dead

Generally, n can keep a secret if n-1 are dead.


That'd be 2^n, then. n^2 is 'geometrically harder'.

Yeah, that's what I meant .. thanks.

Of course, we don't know how good the government really is at keeping secrets, because we only know about the failures.

In general, however, I would argue that it is incredibly naive to think that we know even remotely all there is to know about what our government does.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact