The John Dillon leaks disclose a correspondence with anonymous John Dillon and Bitcoin developers like Peter Todd and Gregory Maxwell. They might be one of the most important sources for Bitcoin's history, revealing something like a conspiracy of smaller blockers in 2013. We redact and comment selected parts of it.

Recently on Yours an edited version of the infamous John Dillon Leaks has been published. This makes the leaked emails slightly better readable, but it is still hard put information from it. To make access to this important source for Bitcoin's history easier, we publish a redacted version.

The context

As context is everything, we start with it: The John Dillon leaks have been dumped on bitcointalk on November 16th 2013 in a thread titled Re: "John Dillon" We can leak things too you trolling piece of shit. This indicates Dillon leaked something before, but no details are known.

Peter Todd, who is a main subject in the leaked content and has been in close contact to Dillon, comments on the leaks:

Looks like his computer was compromised, including his PGP key; those are all private emails. In two instances people have tried to use webbugs on this forum, as well as the foundation forum in discussions about blacklists - I took that as a sign that people are resorting to some pretty ugly tactics. This just confirmed my suspicions.

Dillon was an active participant in discussion of Bitcoin in 2013. He posted fairly regular on Bitointalk between April and November. Some in the Bitcoin community liked his inputs, some, like Gavin Andresen, considered him a troll. The leak dumped a lot of emails, written between May and November 2013. Most of them are fragments of a correspondence of Dillon and Peter Todd, but there are also mails to Gregory Maxwell and Warren Togami as well as chat protocols.

A few notes about the year 2013 might help to understand the affairs: Bitcoin has gone throught two bubbles in this year, the first in April (260 Dollar), the second in late November / early December (1250 Dollar). 2013 was one of the strongest years Bitcoin ever had seen. The ecosystem was in the "wild west era", with Silk Road, Satoshi Dice and Bitfunder being the largest platforms, the Bitcoin Foundation still being in the center of Bitcoin and Asicmining took of pushing GPU mining into irrelevance.

Satoshi Dice was sold for 10 Million Dollars to an anonymous buyer, while MPEX, the shady rumanian future and share exchange, was still around, it's PR account accusing everybody and his mother being a scammer - mostly correct. 2013 was also the year of the revelations of Edward Snowden, in which the world learned about the scope of the NSA's global surveillance. In late summer the FBI busted Silk Road, seizing more than 140,000 Bitcoins from the wallets of Dread Pirate Roberts.

Who is John Dillon?

We don't know who John Dillon is. He cared much about his anonymity, as he wrote Peter:

As you have probably guessed my intent is to stay anonymous. This is my real name, but not my usual email, so the usual PGP web of trust procedures don't really apply. Basically, when you get down to it the question is if this PGP key corresponds to my identity, and that identity is Bitcoin John Dillon right now.

He is proud to be very strict with his anonymity: "I will say I have been very careful to date. Possibly satoshi-level careful?". However, in another mail however he tells Peter that he works in intelligence:

Please don't make this public, but my day job involves intelligence, and I'm in a relatively high position. You know, I went into the job years ago with very different thoughts about it than I do now. The last, well, decade really has changed a lot of minds in this field, in totally different ways. Myself I am on the side of Snowden and Assange, but... lets just say when you have a family your willingness to be a martyr diminishes. The same is true of many of my colleagues. Hopefully my support for Bitcoin can help undo some of the damage we've done, but I do have to be careful and it's tough to take all the precautions I need to to be able to communicate. If it was found out that I was involved with Bitcoin that way I have been, let's just say there would be consequences...

He participates in Bitcoin as an observer and commenter. He claims to have some silent partners,

just an small group who care deeply about financial freedom and privacy and are investing what we can afford to lose. I think I'm still the only one who has become active with the community.

He is not an active programmer, as "the usual management career track got me, but math and computer science theory hasn't exactly changed." In the forums and chats he seems to be focused on Peter Todd. Peter says in a chat to Gregory Maxwell:

I know, I'll admit he kinda creeps me out a bit sometimes... he's admitted he reads all my posts.

In late October 2016 Dillon seems to stop the correspondences:

Sorry, with the silk road and that NSA document on Tor and other things I decided to take a break. The atmosphere has been rather tense and paranoid in my industry lately.

The content of the leak

The leak consists mostly of Mails between Peter Todd and John Dillon, and a few mails with other developers, including Gregory Maxwell and Warren Togami. It also includes chat-protocolls and references to posts in forums. The content is ordered mostly chronologically, with some quirls at the end. It lacks a consistent format, which makes it sometimes confusing to get who writes when to whom.

The content is mostly technical and ideological, but also includes personal affairs and plans you could loosely describe as a conspiracy.

The ideological contents outline those mental models which are required to have as a good Bitcoiner in 2019. This is extraordinairy interesting, as it lays out an ideology, which was widely developed in 2013, but only became fully public in the later blocksize wars starting in 2015, until they became a dominant, unquestionable narrative in today‘s Bitcoin world.

Technically the mails mostly are about Peter Todd‘s plans and projects in Bitcoin, incuding Replace-by-Fee and improving mining decentralization.

Socially they hint to a formation and collaboration of the „small block camp“, including Gregory Maxwell, Luke Dashjr and Warren Togami, which is strongly opposed to Gavin Andresen and Mike Hearn. In a bit of a conspiracy Todd and Dillon plan DoS attacks on the network to shut down SPV nodes and – maybe – exhaust the connectivity of miners.

Further, the mails disclose economic interactions, for example John Dillon funding development work of Peter and Gregory.

The ideology

From the hindsight, it is extremely interesting to see some very dominant talking points of today emerge in 2013. John Dillon, who is not involved technically, seems to be a driving force of forming the small block narrative.

He has some kind of „democratic“ concept of Bitcoin:

Bitcoin is an idea, expressed in code, and a group of people who chose to accept and value that idea. The Bitcoin idea places as little trust in others as possible, and for what remains, the valid transactions placed into the blockchain, the decision is made by a democratic vote among everyone who possesses hashing power.

The core value of Bitcoin is decentralization:

It is decentralization that makes the Bitcoin idea valuable, and what makes it so fundamentally revolutionary compared to what came before it. Without decentralization Bitcoin is just another way to pay people over the internet.

Than he explains what he means with decentralization:

A Bitcoin where only a select few can participate in that democratic vote is simply not the Bitcoin Satoshi created, and is no different from the centralized systems that came before it.

In Dillon‘s view, decentralization is a state, not a process. Markets and democratic states are a decentralized process: Everybody has the same right to participate and to use the law, but he must be responsible to use his own resources for it. The outcome of the process - the state - must not be decentralized by itself. What Dillon wants, however, is a outcome of the process which complies with his definition of what‘s decentralized.

Decentralization is only possible, says Dillon, when you have anonymity:

Anonymity is a key part of true decentralized decision making. Without anonymity you can-not make decisions freely, decisions like what transactions you accept as valid Bitcoins, and what transactions you place into the blocks you mine. It is notable that Satoshi himself wisely decided to use a pseudonym rather than his real identity, allowing him to make choices about Bitcoin free of interference from authorities.

The obsession to keep blocks small

The mails disclose an early obsession of Peter Todd with keeping the blocksize small. For example, after Dillon puts his PGP fingerprint with a transaction, Peter answers:

Nice job with the PGP keys... maybe it's all the better that we have people like you making that kind of "dirty work" happen and demonstrating attacks in a relatively controlled way. Personally I'm of the opinion that *if* the 1MB blocksize is kept the way it is, allowing data in the chain isn't a disaster.

Later, Peter presents some ideas of decentralizing mining to Dillon:

Also, on decentralizing mining, I had the idea of adding a UDP method for very fast distribution of block headers and tiny full blocks. The idea here is the moment a new block is created, every miner should immediately start working on a block that would orphan that block with only the coinbase TX in it.

In some variants, these idea have become common in mining and are called „SPV-mining“ or „Headers-first-mining“. Peter points out the economic incentives such a change imposes:

This punishes blocks that take a long time to propegate, particularly for miners behind low-bandwidth links. It'll be a nice natural incentive towards smaller blocks, although I do worry a bit about how the idea could be latched onto as "well obviously we *can* increase the blocksize now.

John agrees:

Regarding your idea for fast block header propagation, and delibrate orphaning by miners, I like it and I too worry that it could be seen as an excuse to increase the blocksize. Maybe keep that one secret for now, but look into the infrastructure to make it possible?

Later Peter and John talk about another idea, which is not exactly reconstructable from the leaks, but aims to make it harder to increase the block size. John quotes Peter:

It's also nice because by doing so we make the dangers of a large block size very clear by making large numbers of miners see immediately how it makes it difficult for them to operate. We also make changing the size more difficult in general because the decision then becomes one that hundreds or even thousands of miners need to make individually, greatly slowing down any possible change. Of course, I didn't say any of that…

Against SPV Nodes

Nearly as bad as big blocks are SPV Nodes. It is not entirely clear who wrote what in a short fragment of the leaks. Most likely it is John Dillon quoting a discussion between Gavin Andresen and Peter Todd on bitcointalk.

First, Peter proposed to depriorize SPV nodes:

In any case given that SPV peers don't contribute back to the network they should obviously be heavily deprioritized and served only with whatever resources a node has spare.

Gavin Andresen answered:

This seems very much like a "cut off your nose to spite your face" solution. SPV peers are INCREDIBLY IMPORTANT to the growth of Bitcoin; much more important than nodes that have the bandwidth and disk I/O capability of being a full node. Bitcoin will be just fine if there are never more than 10,000 big, beefy, full nodes forming the backbone of the network, but will be NOTHING if we don't support tens of millions of lightweight SPV devices.

Ok, that's an exaggeration, Bitcoin would be just fine in an Electrum model where tens of millions of lightweight devices rely 100% on a full node to operate. But I would prefer the more decentralized, less-trust-required SPV model.

John Dillon comments this just with „hard to get“ without providing further insights. Later he writes a comment or mail to Gavin Andresen. Context is unclear.

So tell us how is your "vision" of 10,000 big beefy full nodes with SPV peer any different from the Electrum model? These days Electrum clients have block headers and verify that transactions have merkle paths to the block headers. The only difference I see is that SPV uses bloom filtering and Electrum can query by transaction. But Mike wants to add querying by transaction to full nodes anyway, and one of the purported advantages of this UTXO proof stuff is that you can query servers for UTXO's by address, so I see no difference at all. A patch to do bloom filtering on Electrum would be amusing to me.

The next part of the mail is another fine demonstration of the regulatorical aspiration of the small blocker forming in these days:

Here you have Peter talking about clever ways to actually get decentralization by having SPV peers donate back to the network with spare bandwidth, like relaying blocks, not to mention his partial UTXO set ideas, and you completely ignore that. But I guess that would raise ugly questions when people realize they can't now contribute back to Bitcoin, because the blocksize is a gigabyte of microtransactions...

So we are back to the desire to keep blocks small. This should allow developers to regulate the interaction between different parts of the network so that the outcome of the processes are what they wish the system to be.

It may also raise ugly questions with regulators that may find the idea of "full node == data chokepoint == regulatory chokepoint" an attractive notion. Why are there not any competent people other than Peter who really have the guts to bring up these proposals? I've little luck getting proof-of-concepts built for money anyway. Maybe we just have a darth of smart competent people in this space.

In this mail or post he directs an accusation to Gavin:

You do a good job of signaling your priorities Gavin. The payment protocol includes no notion that you may want to pay anyone but a SSL certified merchant. Yes I know the crypto can be upgraded, but it says volumes that you pushed for that first, without even the slightest token effort to allow individuals to participate in any way. Sad given you have made things *less* secure because there is no safe way to get money *into* my wallet with the payment protocol, but could have been.

The SPV attack

In May 2013 Peter and Dillon talk about an attack on SPV nodes. Peter Todds presentation of the attack is not in the leaks. They begin with John Dillons answer:

The SPV attack is a good idea! Lets do it, and lets do it anonymously. Tell me what your priorities are for after-conf work.

Peter proposes to not really do the attack:

SPV attack - lets be more clever about it... why actually do it when we can start a fake company offering the service?

Later, in August, Dillon and Peter write again about attacking SPV nodes. Dillon:

You sound more pissed off than usual... You realize this DoS attack stuff has ignited some pretty serious debate and desperate work to get things fixed right?

Letting things cool down a bit would help - best not to draw more attack attention for a bit you know.

Peter answers:

Anyway I was replying to your replacement message and said that yes I think you have a good idea with releasing, so go ahead and do that. Setup say 5 servers on EC2 for testnet for the testing.

We will say you have the money at this point to discourage others who may be less ethical about their release schedule. Let me know when the servers are ready and I will make a bigger post.

And in the next mail:

Get in touch with me before you decide to offer a reward or anything for actually making an attack happen... You have the support of a core dev FWIW, I'm sure you can guess who. Warren of Litecoin says he believes you as well, and asks you try the attack on a smaller alt-coin :P Strategy would be good here, especially because the same attack(s) can be used to take down the whole network too, but we more want to show how SPV specifically is bad. Implementing a darknet to resist network-wide attack is easily done, and it looks like doing peer prioritization will help for those for whome darknets aren't a good option. Some testing of the latter prior to an attack would be good. peter

Replace-by-Fee (RBF)

John Dillon suppports Peter Todds RBF proposal. Peter writes:

replace-by-fee: we need to make this usable. So incorporate wallet fixes so using it doesn't mess your wallet up, then add the "try to undo" and "change fees" feature

Dillon seems to fund Peter‘s work on RBF. Later, Peter releases RBF:

People can -addnode=testnet-replace-by-fee.bitcoin.petertodd.org to use it. Point out the usual stuff about why doesn't do recursion, or have any additional features. I setup about 25 micro servers, that's like $60-$100 a month or something? I'll see how it goes - fun to play around re: relaying.

However, the mails do not contain more information about the reasons why RBF is so important for Todd. On Bitcointalk there is an idea of John Dillon to use RBF in a complicated way to secure 0-confirmation-payments.

Hashcash for network messaging

Beside RBF and decentralized Mining, Peter explains a plan to add handcash proof of work to transactions:

P2P network messaging with hashcash anti-DDoS. Make this a general thing, with specific message types. The hashcash will be used for priority ordering.

This is more important then it seems. Sure, hashcash proof of work is a good method to slow down any kind of DoS-attack. However, it does this by slowing down all activity on Bitcoin – which seems to be something Peter Todd welcomes. This idea might go to the bottom of his ideology, which is that Bitcoin remains only strong, when it is inefficient. Efficiency of the network is not a goal, but a bug.

The company

At the beginning of the mails there is some talk about a company. Unfortunately, this is only mentioned once and in short. In May 2013 John Dillon presents a part of some kind of constitution of a company to be founded:

Section 2.2 Transact on Their Own Terms: The Corporation recognizes the decentralized, consensus-based nature of the Bitcoin technology. The Corporation will seek to protect and promote decentralization through legal and technical means, including, but not limited to, the fungibility of individual Bitcoins, the ability of individuals to participate fully in Bitcoin by running full validating nodes, the ability of individuals to operate a full validating node anonymously, and the ability to chose what level of privacy their transactions will have, including anonymously.

This smells a bit like Blockstream. At least you could assume that Blockstream would like such a company. However, due to the lack of more information, this fragment doesn‘t allow more than speculation.

The transaction with Gregory Maxwell

In autumn 2013 Gregory Maxwell created CoinJoin, a method to merge inputs of different transaction to break the trail of transfers. John Dillon was highly interested in this feature and promised to fund Maxwells work. In October he asks Peter Todd:

Could I please borrow just over 5.1BTC from you? I'm away from my coins and I could really use some for the CoinJoin bounty.

Peter answers positively, but the transaction seems to have not happened. Later, on October 26th, John writes to Gregory Maxwell:

I apologise for my tardiness, but here is the 5.11BTC I promised for the CoinJoin effort.

1BDSZMaUvrbTjWsSgLA4XqYUK4dDzxREEV

If you lookup this address, you‘ll notice something strange. It contains two transaction: The first is incoming, composed of 30 inputs and one output with 5.11 Bitcoin, confirmed on October 26th. This strongly indicates that it is the transaction with which Dillon paid Maxwell. The second transaction happens on November 16th. It takes the whole coin of 5.11 Bitcoin and transfers it to 1FfmbHfnpaZjKFvyi1okTjJJusN455paPH. This is the address the FBI sent around 140,000 Bitcoin on October 25th, after they shut down the Silk Road and got access to the coins of Ross Ulbricht aka Dread Pirate Roberts. On Blockchain.info the address is labeled as DPR Seized Coins.

This is strange. It seems like Gregory Maxwell send 5.11 Bitcoins – worth 500 Dollar each on this date – to an address controlled by the US government. For a joke this is a non-neglectable sum. The sequency of the events is interesting: The transaction is send at the same day the mails of Dillon have been leaked. Did Gregory Maxwell try to get rid of coins which could become toxic? But why? It was well-known that he invented CoinJoin. And why did he send them to the FBI, instead of using CoinJoin or the good old Bitcoineater-address? Such questions can‘t be answered from what we got from the leaks.

With Warren Togami about Peter Todd

In 2013, Warren Togami was a developer of Litecoin, before he later joined Blockstream. He paid Peter Todd to do an audit of the Litecoin code. John Dillon contacts him to learn more about Peter Todd:

I see that Peter Todd recently completed his audit report, even writing a small patch for Litecoin. Could you comment a bit on how that process went? I and someone else may want to hire him directly, as opposed to the bounties I've offered before, to implement some Bitcoin features and we want to get a sense of how it all went.

The hint that John and „maybe someone else“ wants to hire Peter directly is interesting, but leaves not more without further (unavailable) information. As interesting is Warren‘s answer:

To be entirely honest, Peter Todd does excellent work, but perhaps not in a timely manner. He seems to be easily distracted from tasks and fell behind stated deadlines a few times. It all worked out fine in the end.

About Gavin Andresen

There are a few parts of the mails which clearly point to a split in the 2013th Bitcoin community. One one side we find the small blockers like John Dillon, Peter Todd and Gregory Maxwell, on the other big blockers like Gavin Andresen and Mike Hearn.

In one mail John tells Peter that „Gavin really pissed me off here“. He links to a discussion on Bitcointalk. This discussion is – again – about mining centralization. Someone was afraid of mining centralization by some kind of attack which slows down solo miner by consuming more memory. Gavin answers that

knocking the slowest N% of solo miners/pools off the network every year [...] is not a crisis. That is the way free-market competition works.

Than Peter Todd steps in, just leaving the comment „BTC Guild“. BTC Guild was a very strong miner these days, and it seems Todd wants to point to the problem of existing mining centralization. That BTC Guild does no longer exist today rather shows that mining centralization is not a problem, as it is a market based red queen game.

Then Gavin gave the answer, with which he „really pissed off“ John: He asks

Have you contributed any patches to p2pool to make it more efficient / easier to install / etc? If not, why not if you're so worried about centralization?

Why does this piss of John so much?

One reason might be that Peter indeed proposed patches, but got rejected by Gavin:

I'm thinking of posting to the -development email list asking the developers point blank about why they don't challenge him on that stuff. I'll mention the distributed hash tables thing he was saying earlier for solving mining scalability too.

In other mails you find more short notes about Gavin, and a few about Mike Hearn, which mostly are negative.

About Peter‘s Video

In 2013 Peter Todd published a video „ Keep Bitcoin free “. You can watch the video on Youtube. It is rather propagandistic, laying out the dystopia of super centralized big block bitcoin and the utopia of keeping Bitcoin decentralized by scaling with second layers.

In one mail we learn that John funded Peter:

To clarify Keep Bitcoin Free! is Peter's project, not mine. I only contributed funds and offered to let him use my name publicly as a supporter.

A threat?

On August 5th we find a cryptic message from John Dillon to Peter Todd. You could inteprete it as a warning, but also as a threat:

In addition to what I said earlier, I mentioned your status to a friend of mine who is a former spook and well aware of the dangers of the business to anyone with a sense of ethics.

He told me to tell you this, word for word: "An old crow strongly advises you to consider the risks to yourself and your family, and stop what you are doing." I trust his judgement, and just as importantly, his ethics.

Be careful. Myself, I suggest you think hard about whether or not what you are doing has had enough of an impact on your goals to be worth it - I can't answer that question for you.



