Hacker News new | past | comments | ask | show | jobs | submit login
Dai/Nakamoto emails (gwern.net)
47 points by jc123 on April 3, 2014 | hide | past | favorite | 45 comments

the b-money paper is very well worth reading even today. appendix A hints at what we call today proof of stake. the property club in b-money is more of a political organization than the participants in the Bitcoin network:

"community is defined by the cooperation of its participants, and efficient cooperation requires a medium of exchange"

"I hope this is a step toward making crypto-anarchy a practical as well as theoretical possibility." http://www.weidai.com/bmoney.txt

amazing how mute Wei's reaction was and still is. b-money was a nice idea, but it seems he was never too much interested in impelementation. the request is obviously fake. Nakamoto was clearly well versed in the history of this topic and was very likely to be around in 1998.

other than that, gwern is still the authority on Bitcoin. "What’s wrong with Bitcoin is that it’s ugly."


That's a good quote: "What's wrong with bitcoin is that it's ugly." It refers to the protocol and the technical implementation, and it's quite true for the reasons mentioned in the article. For example, it seems possible that the world's largest mining pools may eventually try to unite in order that a single entity can control more than 51% of the hashing power invested into bitcoin. As mining technology becomes more specialized, the probability of this will continue to go up. Being able to control the fate of an entire currency is tempting, and it will get more tempting as bitcoin gains widespread adoption.

In spite of all that, it still works, and works reasonably well. The protocol is also full of all kinds of nice features planned for the future. There was an article that went into these plans in a lot of depth (which unfortunately I can't find offhand) but the point was that bitcoin is capable of far more than just being a simple money transmitter.

So that's the protocol aspect. But what about the social aspect? How has that fared?

It turns out that bitcoin is dangerous to its users. The reason it's dangerous is also its core strength: irreversible transactions.

There have been so many losses due to theft and fraud. Some guy on Reddit posted that he'd lost his 16BTC after he took his macbook into an Apple store for some minor repair. Some employee popped his harddrive into an external enclosure and scanned it for wallet.dat files, then made off with his coins by using a mixer. No one could prove anything, and that thief is now thousands of dollars richer while the victim is that much poorer.

One unexpected reason for the danger to consumers is the legal protections provided to corporations. It's relatively easy to start an exchange right now. It's as easy as starting a corporation and putting together a website. And if users are persuaded to send their coins to the exchange, and the exchange happens to lose those coins due to e.g. a massive technical problem, an unforeseen protocol problem like malleability, theft by an attacker, or even theft by the founders themselves, then the users are completely hosed. They lose everything. What happens to the corporation? It's dissolved, and that's that. No one from the failed corporation is exposed to any kind of legal risks. That's the whole point of a corporation: so that the people starting them aren't directly liable for the corporation failing. But when a bitcoin exchange or webwallet fails, all of the users lose their money.

This unfortunately happened to me on Mt. Gox. They recently discovered 200,000 BTC that they accidentally misplaced, so hopefully those will be distributed among customers in a few months and I'll get about 10-15% of my holdings back. In the meantime, it's pretty clear that the exchanges can basically do whatever they want. How can consumers know which exchange to trust? The answer is that you can't trust any of them. There is no mechanism by which to recover from disaster, and disaster is just a matter of time. Bitcoin The Protocol has the chance to last decades. How confident are you that your favorite exchange (or broker dealer like Coinbase) will last that long?

Beyond that, there is still no turnkey solution for consumers to manage their coins themselves. There are solutions, but they are uncomfortable. They require careful reading and time, both of which are inconvenient. The current best solution is a dedicated cold storage computer (or Raspberry Pi) running Armory, and to make multiple paper backups and store them yourself in various locations, so that it's unlikely your computer and your papers are all wiped out simultaneously.

And even with that kind of protection, someone can still hold a gun to your head and force you to send them your bitcoin, and there's not a damn thing you can do to protect yourself if they succeed. All transactions on the blockchain are public, so if someone gets wind that you control a 1,000 BTC wallet, suddenly you're a target. If they compel you to send your coins to them and somehow get away, you'll never get them back. Heck, if they force you to send them your coins and don't get away, it's still unlikely you'll ever get your coins back. They'll just sit in prison and bide their time, then enjoy your coins as a pension plan for when they get out of prison.

Is there hope? Perhaps. As far as I can tell, what's needed is for an exchange/dealer like Coinbase to purchase some kind of high-risk insurance which is guaranteed to pay out in the event of a disaster. The insurance plan would have to be able to cover all coins that the exchange holds at the time of the disaster. Since Coinbase has >1M user wallets, Coinbase probably controls quite a lot of coins. Let's say that they hold ~1/4th the number of coins Mt. Gox claimed to: about 200,000 BTC. Let's say the price per coin at the time of the disaster is $400/coin. That's $80M of losses which the insurance company would have to cover. And how precisely will they pay out to the exchange's users? Or even to the exchange themselves? Let's say the insurance company hands over $80M. Now the goal is to use that $80M to buy back enough coins from some other source in order to return all lost coins. Well, you can't do it! You'll skyrocket the price of bitcoin from $400 to $MASSIVE_NUMBER if you tried to buy 200,000 coins, especially if everyone realized what you were trying to do. So the exchange may still wind up hosed! And of course, that means the users will wind up hosed in the end.

To respond to one of your points:

> The current best solution is a dedicated cold storage computer (or Raspberry Pi) running Armory, and to make multiple paper backups and store them yourself in various locations, so that it's unlikely your computer and your papers are all wiped out simultaneously.

The Trezor, a hardware wallet that signs transactions without exposing private keys to the computer it is connected to just shipped its first unit: https://bitcointalk.org/index.php?topic=553818.0

Dedicated hardware wallets (which will hopefully be cheap and readily available) may be the future solution to malware related theft.

This is simply an infosec problem. Much like banks in the wild west. It's easy to set up a bank, but hard to keep the money, therfore lowering the value of having a bank.

The infosec industry needs to mature and bitcoin needs to thoroughly adopt it at every stage. This means consumers as well. There will be a knowledge-gap to participate in Bitcoin because of this for a long time.

To me, the argument from silence is compelling. Bit gold is not just similar to BitCoin - it is virtually identical. The only thing BitCoin has that BitGold doesn't is that concensus is formed by the holders of a majority of the computational power, rather than the majority of nodes. This is what makes BTC byzantine resilient. And the question Wei Dai asks - why would he cite b-money and not bit gold - is precisely why I'm inclined to think it is Szabo. For him to not mention Bit Gold in light of the similarity is highly suspicious indeed.

the citations of the paper is incomplete also, in that it does not mention finney's RPOW from 2004: http://www.finney.org/~hal/rpow/

quoting from there: "Security researcher Nick Szabo has coined the term bit gold for information objects which are provably costly to create"

bitgold as it was publicly described in 2005 was different than bitcoin in that there was a market for the tokens. bitcoin uses an agreement mechanism to establish the difficulty.

This would make sense because Szabo's initial post about Bit Gold does mention RPOW, so any search for RPOW would immediately lead back to Szabo.

Szabo also appears to have forward-dated his posts talking about implementing Bit Gold so that they appear to be written after BitCoin was released.

It's the worst date faking attempt in history if that was his intention - I think he republished his 2005 story after bitcoin to point out that he came up with these ideas.

A smart man, especially someone that understands security, would foresee the argument from silence. If anything, I think it is a deliberate red herring to make suspicion fall on Szabo.

Ah, you remind me the "battle of wits" scene from Princess Bride [0]. If he is that smart, he could have predicted people would reason as you did, in which case being silent about bit gold was the right thing to do... and so on ad infinitum :)

[0] http://www.gametheory.net/popular/reviews/PrincessBride.html

it worked pretty well. one way to think about it: did Nakamoto want to be known? then reason from there. then consider the negation. the deeper point in all of this: why do we trust people in the first place?

i think nakamoto/szabo is ambivalent on this point. i think he cared enough to cover his tracks enough so that no conclusive evidence of his identity can be found. but he did not care enough to clear certain circumstantial evidence from the picture, such as aspects of his writing style, and the times of day he posted which link him to szabo and the aforementioned forward-dating of posts.

i think some part of nakamoto wishes to have credit for BitCoin, or at least not permit someone else to take credit - which is part of why he came out of hiding to redirect people away from dorian nakamoto. to protect him, but also to ensure that credit was not conclusively misattributed.

Unfortunately, I don't follow Bitcoin a whole lot, but could someone please tell me what is the point of all this and why are people so 'excited' to find out more about Satoshi.

(the font of the website is fine @stephen)

Satoshi changed the world and the newsmedia and humans in general are obsessed with geniuses and successful people. It's also a natural phenomenon that people are drawn to something that's mysterious and forbidden (read the book "Artful Persuasion").

I doubt it has much to do with anything rational, such as benefiting from finding out who he is or obtaining more insight from Sathoshi. It's just deep rooted human curiosity.

Hey man,

thanks for the answer, totally hear what you're saying and I'll look into that book, thanks for suggesting it!

What is the reason for Satoshi wanting to remain anonymous? The others (hashcash, bitgold, b-money creators) didn't seem to bother with anonymity. This is why I highly doubt Satoshi is actually a pseudonym.

For one, his wealth will likely become monstrous.

If he anticipated Bitcoins success he has been wise to remain unknown.

While we're on the topic, does anybody know how many Litecoins its creator, Charles Lee, owns?

My theorie is that he worked under a contract that automatically transformers all created intellectual property to the company - even when done is his spare time. This is not unusual, especially for US companies.

One reason may be that bitcoin is a Ponzi scheme.

I wouldn't say it fits the technical definition of a Ponzi scheme.

Now, the technology (the opensource daemon, and the network of nodes running it to create a peer to peer ledger and all that jazz) is really an quite interesting experiment in distributed systems.

The culture around Bitcoin the 'currency' at the moment (and forseeable future) is more complicated.

At worst its a pyramid scheme, and at best its an asset bubble. In practice I would say it most resembles a sophisticated, decentralized Multi-Level-Marketing scheme (MLM) of a particularly novel and insidious variety (Note that MLMs such as Amway & Herbalife have plodded along for years). This can be said not just of bitcoin, but of the entire ecosystem of cryptocurrencies.

Ironically, the fact that it has value derives from its perverse incentivizes of its "investors" to create a cycle of pump and dump bubbles, that bring more people into the fold each time. These speculators provide a liquidity pool that makes bitcoin useful to those who actually use it because they are shut out of the traditional payment system. Alarmingly, it seems at the moment that this group deriving actual utility (over credit cards) consists primarily of hackers, drug dealers, gamblers, arms dealers, pornographers, and other participants of the grey/black market economy. Yes, there is a big pool of legitimate merchants accepting bitcoin because of low transaction fees & no chargebacks, but adoption by non-speculator 'legitimate consumers' is far beyond merchant adoption.

The end game is uncertain. If the liquidity pool eventually grows large enough (resulting in a stable, high value) such that people feel confident to start settling contracts denominated in bitcoin (see mpex.co for a particularly sophisticated example), this will represent a massive challenge to the power of the state to control commerce and enforce taxation. In other words, an crypto-anarchists wet dream.

Perhaps bitcoin will stay somewhere around the size it is now or perhaps an order of magnitude larger in which case it may stay a fringe payment technology with a shady reputation, much like Liberty Reserve and egold before it.

It is also possible that governments will regulate it away by requiring all addresses be registered (see: http://blog.gardeviance.org/2014/03/how-to-fix-bitcoin.html). Or maybe they will just get fed up and attack it by targeting it at its primary point of centralization: all mining ASICs are currently fabbed at TSMC. TSMC could perhaps could be coerced into adding some kind of backdoor or kill switch into the next generation of mining chips. Note that other cryptocurrencies have and will adopt ASIC resistant PoW schemes that limit this at a risk of allowing a 51% attack by a large botnet (or entity with massive computing resources like Google or the NSA).

Either way, Pandora's Box has been opened. Future cryptocurrencies are in the works that use cutting edge advances in zero-knowledge proving techniques to completely eliminate the need for a public transaction history. With regards to bitcoin (and other Nakamoto-chain based cryptocurrencies) specifically, the widely noted scaling problems will be solved by ongoing work on 2-way pegging to side chains, tree-chains, and other ways of 'sharding' the blockchain, while maintaining bitcoin's enforced scarcity.


So really, the reason why I want to know who Satoshi is, is because bitcoin is an incredible hack. Not just of computers and networks, but also of minds. To secure the network, mining has to be incentivized by giving the coins value, which means Satoshi anticipated not just the technical aspects of enforcing concensus in the ledger of coins, but also the economic & psychological aspects of getting people to think the coins are valuable (and that their value would increase). I'd personally like to know what motivated he/she/they to build & design Bitcoin, and what his/her/their thoughts were as it took off, and what he/she/they think of the current ecosystem.

Well, for one he probably owes hundreds of millions of dollars in back taxes for all the coins he mined.

Would he still owe them if he hasn't sold or otherwise used the coins for anything?

The situation is pretty unique which means there are pretty much no relevant rulings. In general, if you gained something of value, then yes, you owe the tax on that. OTOH this is a situation where someone gained a string of bits and only later this string of bits has gained value. On top of that - did it really? Some say it's just a bubble.

Actually the current guidelines are pretty clear. Mining is income. When you receive your coins from mining, that's a taxable event. Current value - mining expenses = income. After that any gains or losses are unrealized until you sell, creating another taxable event. Current price - cost basis = capital gains. Since bitcoins were worthless when Nakamoto was mining, he has no tax bill there. No taxes are owed for simply holding the coins. If he sold today, he'd be taxed at the long term capital gains rate of 15% for 100% of what he sold.

EDIT: but of course I'm making the silly mistake of assuming he's an American.

I'm fairly certain that it would work just like shares.

At the point a company is first created it's shares have zero value and so it's founders pay no tax when they receive them. The fact that they gain value later has no bearing on that situation.

Of course, creating shares at a later point in a companies life (when they may have value) does have tax implications.

Thus, any coins that were mined before there was any value you shouldn't need to pay tax on.

I think you're right(ish), with one caveat that I think you understand, but this time last year I would not have...

If you ever sold them, and long-term capital gains should apply, you would still owe the long-term capital gains tax on the proceeds from the sale. So, subtract your cost basis (which for THE actual creator of bitcoins is arguably more intensive than average miner who merely creates bitcoins), subtract that which has not been (depreciated?) on any other gains, and pay tax on those gains from the proceeds of the sale.

just me or was that page barely readable due to font, color, spacing, and width?

Someone posted that method on HN not too long ago. It's meant to increase readability by helping the eyes distinguish one line of text from the next. It's ugly and a tiny bit distracting at first but it really does work. Just give it a try. I zipped through those 2 paragraphs really quickly. I think it's Javascript based.

It's based on this: http://www.beelinereader.com/ by the looks of things (there's a beeline.min.js script included at the bottom of the page).

It looks very weird, but I can believe that it might improve reading speed.

It seems quite readable to me, although rather ugly.

its showing up as purple and blue as if text is links for some reason right? this is what i see http://monosnap.com/image/yMYvfejx4VK1gBMRb4zOvrlz9jyHdk

That's weird. There was a plugin for browsers that does that, because it apparently helps some people to read faster.

i remember that too but see no chrome plugins that do that installed...

edit... something def is installed on my chrome but for some reason only showed itself now.

What is the fascination with finding out the real identity of Satoshi? Mere curiosity or ... ?

We may soon see Satoshi on the Forbes list of billionaires. It'd be a journalistic scoop.

Also of interest is that posts about the identity of Satoshi have been removed from Hacker News because it is not tech news, or relevant.

I wonder if someone actually considered the possibility that Satoshi Nakamoto might not even be a single person?

Yes, everyone. From Wikipedia: "Satoshi Nakamoto (中本 哲史[1] Nakamoto Satoshi?) is a person or group of persons that created the Bitcoin protocol"

very unlikely. all the code is written uniformly. all the posts carry one style. it looks as if at the time there was only one person in the world who was crazy enough to think this could actually work.

hi there. i'm the management behind btcd, an alternative full node bitcoin implementation, and i can say that it is very unlikely the original code is the product of a single person. additionally, the amount of work that must have gone into testing and setting the myriad constants for bitcoin is huge, far more than a single person is capable of in a few-year period.

i won't share all the magic but consider this: have you noticed how there are big and little endian flips littered throughout the code, especially in the script code? do you think that a single dev would just arbitrarily assign endianness throughout the code, then have the script code be big endian?

"do you think that a single dev would just arbitrarily assign endianness throughout the code, then have the script code be big endian?"

I have seen crazier things. A single developer who works on the code a bit, takes a break, then works on it a bit more can easily have switched conventions.

All instances of BE are due to openssl bignum math. When serialized in bitcoin messages, ordinary ints are LE because it's just simpler (all popular CPUs are LE today). So it's a bit of a mess with endianness, but entirely possible to be done by a single guy, just because of the openssl and CPUs.

Author of CoreBitcoin, objc implementation of bitcoin.

It could be that a single coder took over or merged previous codebases from other people.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact