The Bitcoin ecosystem today finds itself at a crossroad where the line between science & dogma is increasingly blurry. Fanatics are resorting to twisted interpretations of Bitcoin’s “holy scriptures” in an attempt to advance their political agendas.

“Satoshi’s original vision” and other religious slants are shamelessly promoted to confuse users about the workings of the system. Mischaracterizations of its technical blueprints are used to promote the notion that Proof-Of-Work timestamping, Bitcoin’s solution to the double-spending problem, was intended as the governance mechanism of the protocol.

While the idea that a 51% hashing majority should decide on changes to the rules of a consensus-based system is dubious on its face, the claim is worth exploring if only to figure out where the confusion lies. As always, it is helpful to dig into the archives and examine how the technical idea of using distributed timestamp servers to secure the history of a replicated ledger emerged and how we arrived at Satoshi’s implementation.

Distributed resiliency & Byzantine generals

A natural corollary is if that there exists a security protocol that can eliminate or greatly reduce the costs of a TTP (trusted third-party), then it pays greatly to implement it rather than one which assumes a costly TTP. Even if the latter security protocol is simpler and much more computationally efficient. — Trusted Third Parties Are Security Holes, Szabo, 2001

In 1998, right in the tracks of the failure of DigiCash, two cryptographers independently began exploring a new approach to digital cash, one that imagined an entirely new monetary system rather than attempt to fix existing ones.

In both cases, their motivation was to eliminate reliance on trusted third-parties so as to free up money from unilateral control by state actors and eliminate central point of failures.

Anyone can create money by broadcasting the solution to a previously unsolved computational problem. The only conditions are that it must be easy to determine how much computing effort it took to solve the problem and the solution must otherwise have no value, either practical or intellectual. — Wei Dai — B-money, Wei Dai, 1998

Wei Dai’s b-money announced a departure from early digital cash implementations by introducing the idea of a publicly shared global ledger. The accounts of ownership are maintained in a distributed way by all participants in the system rather than a centralized server previously known as the mint. Privacy is preserved through the use of pseudonymous identities.

The paper also proposes a Proof-Of-Work-like scheme to attempt to solve the issue of money creation. Interestingly, in an email to the cypherpunks mailing list, cryptographer Adam Back followed up on the proposal and suggested his earlier hashcash invention as “a candidate function for Wei’s decentralised minting idea.” Although it paved the way for a new generation of distributed cryptocurrencies, b-money was never implemented and seemed plagued by the cynicism surrounding these submissions at the time.

Coincidentally, Nick Szabo was privately coming up with a similar system which he would eventually coin “Bit gold”. He would later outline the idea in a blog post and refine some of the concepts explored by Wei Dai. Notably, he highlighted the importance of timestamping the proof-of-work function:

Thus, it might be possible to be a very low cost producer (by several orders of magnitude) and swamp the market with bit gold. However, since bit gold is timestamped, the time created as well as the mathematical difficulty of the work can be automatically proven. From this, it can usually be inferred what the cost of producing during that time period was. — Bit gold, Szabo, 2005

Additionally, Szabo re-emphasizes the importance of distributing both the ledger of accounts and the timestamping service across different “servers” to avoid the security holes of trusted third-parties.

The main limits to the security of the scheme are how well trust can be distributed —Bit gold, Szabo, 2005

In both proposals, the balance of power between the stakeholders of the protocol is a recurring theme. Wei Dai specifically mentions that to the extent only a subset of participants should be responsible for maintaining the ledger, users should be able to verify their own account balance and check the sum of them against the total amount of money created.

This prevents the servers, even in total collusion, from permanently and costlessly expanding the money supply — B-money, Wei Dai, 1998

In parallel to his work on Bit gold, Nick Szabo had been investigating the progress in distributed system technologies for years and would eventually formalize his observations in his paper Secure Property Titles with Owner Authority. There he underlines the social context of trust-based systems designed to uphold property rights. Using “replicated database technology” as a foundation, he introduces a framework where the boundaries of trust between “property clubs” members are carefully laid out so that everyone can “securely agree on who owns what.”

Crucial to this framework is the Byzantine-tolerant quorum system, a probabilistic approach to replicated database security involving threshold “votes” across protocol participants. This method has the purpose of solving the double-spending problem and minimizing censorship but Szabo specifically warns on two occasions against confusing it for a governance mechanism:

The voting is necessary not due to a democratic political ideology but because it is the optimal result in analysis of distributed databases with malicious attackers. Users of the titles (relying parties) who wish to maintain correct titles can securely verify for themselves which splinter group has correctly followed the rules and switch to the correct group. (…) Note that the key security feature of the club is not the voting, but a set of objective, often automated, rules and an unforgeable audit trail that allows both club members and relying parties to check whether each vote followed the rules. — Secure Property Titles with Owner Authority, Szabo, 2005

Much like b-money, Bit gold would remain confined to the annals of cryptography and the scheme would see no software implementation. We can safely assume though that someone somewhere was paying attention to these developments and would eventually be motivated enough to put it all together and achieve one of the cypherpunks ultimate goal.

Solving the Nakamoto puzzle

A decade following Dai’s original proposal, Satoshi Nakamoto released the Bitcoin whitepaper to the world. Whether or not Nakamoto arrived to this design on his own is up for debate but he remarkably succeeded in putting together every technological insights acquired before him in a way only the greatest inventors can.

The paper introduces a novel solution to the Byzantine Generals Problem by combining the concepts of signature thresholds inspired by quorum systems and the proof-of-work challenge required to introduce scarcity. The result has been referred to in Back et al.’s sidechains whitepaper as a dynamic membership multi-party signature (or DMMS).

In order to solve the double-spend problem, miners form an unidentifiable and unbounded set of signatories who use their vote to timestamp transactions into blocks and, in doing so, are rewarded with the opportunity of minting new coins and raking in transaction fees. Rather than relying on the knowledge of a private key associated to a signature, they exercise this vote by providing a proof-of-work derived from a hashing function.

Each vote is weighted in proportion to the amount of computational resources individual miners provide. The cumulative resources expended by miners on every blocks of transactions provide probabilistic guarantees about the consistency of the global ledger’s shared history.

Because the miners do not form an identifiable set, they cannot have discretion over the rules determining transaction validity. Therefore, Bitcoin’s rules must be determined at the start of its history, and new valid transaction forms cannot be added except with the agreement of every network participant. Enabling Blockchain Innovations with Pegged Sidechains, Back et al., 2014

This “consensus mechanism” is presented as a technical solution to the shortcomings of identity-based alternatives such as quorum systems. Nakamoto proposes a peer-to-peer system designed to “enforce” rules. It’s worth noting that the latter are never specified in the paper aside from the explicit objective of solving the double-spend problem. Neither are the terms of a potential protocol upgrade addressed.

As Nick Szabo observed early on, the implementation of Byzantine-resilient timestamping falls out of the scope of the constitutional arrangements agreed upon by all of the protocol users. Above all else, the integrity of the ledger is ultimately preserved by the ability for all of its participants to independently validate “whether each vote followed the rules.”