The First Thread — depicting the moment of divergence in perception of Bitcoin evolution

In a world of cryptocurrencies, the year 2017 was the most heated yet. Putting ICO rush aside, the two most significant events took place in the late summer. A fork of the Bitcoin network called Bitcoin Cash that was followed by another fork of the original network that enabled SegWit. A lot has been said and written to explain the consequences of these events and their exact mechanics, so in this article, we would not touch neither the political part nor the technical one. It should be clear to everyone that those forks were a culmination of a scaling debate that lasted for years, and that there are two distinct communities now both claiming their version of Bitcoin is the original one.

Some people had been following the debate for quite some time, and they likely do not need any explanation, yet others have just entered the field. For them, understanding what happened can be surprisingly uneasy. We believe the best way to find out who has the truth on their side is to look at the very beginning, and it turns out very few know when and where it became clear the community will have two radically different visions of the solution to scale Bitcoin to the whole world.

First of all, let’s look at how Bitcoin itself was presented to the world. In contrast to modern trends, Bitcoin was not unveiled on some popular conference with journalists covering the event to millions.

Bitcoin was not presented like this

How it all began

It was the last day of October in 2008 when Satoshi Nakamoto sent a message to a mailing list called The Cryptography and Cryptography Policy where people interested in crypto share and discuss their ideas and related stuff. It is not that hard to open the doors of the archive and find that exact message:

Bitcoin was unveiled like this

A concept of a mailing list may be uncommon to most people, so imagine it as a Reddit forum where anyone can start a discussion and others join it, forming different threads. The only different part is a lack of voting and rating systems due to the fact mailing lists became popular long before ratings did.

So here it is, the first thread that was formed just three days since Bitcoin was presented to the world. It is a 10-min read by itself, but no doubt you will enjoy reading it.


The First Thread

Satoshi Nakamoto, October 31

I’ve been working on a new electronic cash system that’s fully peer-to-peer, with no trusted third party.

The paper is available at: http://www.bitcoin.org/bitcoin.pdf

The main properties: Double-spending is prevented with a peer-to-peer network. No mint or other trusted parties. Participants can be anonymous. New coins are made from Hashcash style proof-of-work. The proof-of-work for new coin generation also powers the network to prevent double-spending.

Abstract

[…]

Full paper at: http://www.bitcoin.org/bitcoin.pdf

Satoshi Nakamoto

James A. Donald, November 2

Satoshi Nakamoto wrote:

I’ve been working on a new electronic cash system that’s fully peer-to-peer, with no trusted third party.
The paper is available at: http://www.bitcoin.org/bitcoin.pdf

We very, very much need such a system, but the way I understand your proposal, it does not seem to scale to the required size.

For transferable proof of work tokens to have value, they must have monetary value. To have monetary value, they must be transferred within a very large network — for example a file trading network akin to bittorrent.

To detect and reject a double spending event in a timely manner, one must have most past transactions of the coins in the transaction, which, naively implemented, requires each peer to have most past transactions, or most past transactions that occurred recently. If hundreds of millions of people are doing transactions, that is a lot of bandwidth — each must know all, or a substantial part thereof.

Satoshi Nakamoto, November 2

James A. Donald wrote:

We very, very much need such a system, but the way I understand your proposal, it does not seem to scale to the required size.
For transferable proof of work tokens to have value, they must have monetary value. To have monetary value, they must be transferred within a very large network — for example a file trading network akin to bittorrent.
To detect and reject a double spending event in a timely manner, one must have most past transactions of the coins in the transaction, which, naively implemented, requires each peer to have most past transactions, or most past transactions that occurred recently. If hundreds of millions of people are doing transactions, that is a lot of bandwidth — each must know all, or a substantial part thereof.

Long before the network gets anywhere near as large as that, it would be safe for users to use Simplified Payment Verification (section 8) to check for double spending, which only requires having the chain of block headers, or about 12KB per day. Only people trying to create new coins would need to run network nodes. At first, most users would run network nodes, but as the network grows beyond a certain point, it would be left more and more to specialists with server farms of specialized hardware. A server farm would only need to have one node on the network and the rest of the LAN connects with that one node.

The bandwidth might not be as prohibitive as you think. A typical transaction would be about 400 bytes (ECC is nicely compact). Each transaction has to be broadcast twice, so lets say 1KB per transaction. Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices.

If the network were to get that big, it would take several years, and by then, sending 2 HD movies over the Internet would probably not seem like a big deal.

Satoshi Nakamoto

James A. Donald, November 3

James A. Donald wrote:
To detect and reject a double spending event in a timely manner, one must have most past transactions of the coins in the transaction, which, naively implemented, requires each peer to have most past transactions, or most past transactions that occurred recently. If hundreds of millions of people are doing transactions, that is a lot of bandwidth — each must know all, or a substantial part thereof.

Satoshi Nakamoto wrote:

Long before the network gets anywhere near as large as that, it would be Safe for users to use Simplified Payment Verification (section 8) to check for double spending, which only requires having the chain of block headers,

If I understand Simplified Payment Verification correctly:

New coin issuers need to store all coins and all recent coin transfers.

There are many new coin issuers, as many as want to be issuers, but far more coin users.

Ordinary entities merely transfer coins. To see if a coin transfer is OK, they report it to one or more new coin issuers and see if the new coin issuer accepts it. New coin issuers check transfers of old coins so that their new coins have valid form, and they report the outcome of this check so that people will report their transfers to the new coin issuer.

If someone double spends a coin, and one expenditure is reported to one new coin issuer, and the other simultaneously reported to another new coin issuer, then both issuers to swifly agree on a unique sequence order of payments. This, however, is a non trivial problem of a massively distributed massive database, a notoriously tricky problem, for which there are at present no peer to peer solutions. Obiously it is a solvable problem, people solve it all the time, but not an easy problem. People fail to solve it rather more frequently.

But let us suppose that the coin issue network is dominated by a small number of issuers as seems likely.

If a small number of entities are issuing new coins, this is more resistant to state attack that with a single issuer, but the government regularly attacks financial networks, with the financial collapse ensuing from the most recent attack still under way as I write this.

Government sponsored enterprises enter the business, in due course bad behavior is made mandatory, and the evil financial network is bigger than the honest financial network, with the result that even though everyone knows what is happening, people continue to use the paper issued by the evil financial network, because of network effects — the big, main issuers, are the issuers you use if you want to do business.

Then knowledgeable people complain that the evil financial network is heading for disaster, that the government sponsored enterprises are about to cause a “collapse of the total financial system”, as Wallison and Alan Greenspan complained in 2005, the government debates shrinking the evil government sponsored enterprises, as with “S. 190 [109th]: Federal Housing Enterprise Regulatory Reform Act of 2005” but they find easy money too seductive, and S. 190 goes down in flames before a horde of political activists chanting that easy money is sound, and opposing it is racist, nazi, ignorant, and generally hateful, the recent S. 190 debate on limiting portfolios (bond issue supporting dud mortgages) by government sponsored enterprises being a perfect reprise of the debates on limiting the issue of new assignats in the 1790s.

The big and easy government attacks on money target a single central money issuer, as with the first of the modern political attacks, the French Assignat of 1792, but in the late nineteenth century political attacks on financial networks began, as for example the Federal reserve act of 1913, the goal always being to wind up the network into a single too big to fail entity, and they have been getting progressively bigger, more serious, and more disastrous, as with the most recent one. Each attack is hugely successful, and after the cataclysm that the attack causes the attackers are hailed as saviors of the poor, the oppressed, and the nation generally, and the blame for the the bad consequences is dumped elsewhere, usually on Jews, greedy bankers, speculators, etc, because such attacks are difficult for ordinary people understand. I have trouble understanding your proposal — ordinary users will be easily bamboozled by a government sponsored security update. Further, when the crisis hits, to disagree with the line, to doubt that the regulators are right, and the problem is the evil speculators, becomes political suicide, as it did in America in 2007, sometimes physical suicide, as in Weimar Germany.

Still, it is better, and more resistant to attack by government sponsored enterprises, than anything I have seen so far.

Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices.
If the network were to get that big, it would take several years, and by then, sending 2 HD movies over the Internet would probably not seem like a big deal.

If there were a hundred or a thousand money issuers by the time the government attacks, the kind of government attacks on financial networks that we have recently seen might well be more difficult.

But I think we need to concern ourselves with minimizing the data and bandwidth required by money issuers — for small coins, the protocol seems wasteful. It would be nice to have the full protocol for big coins, and some shortcut for small coins wherein people trust account based money for small amounts till they get wrapped up into big coins.

The smaller the data storage and bandwidth required for money issuers, the more resistant the system is the kind of government attacks on financial networks that we have recently seen.

James A. Donald, November 8

Satoshi Nakamoto wrote:

The bandwidth might not be as prohibitive as you think. A typical transaction would be about 400 bytes (ECC is nicely compact). Each transaction has to be broadcast twice, so lets say 1KB per transaction. Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices.

The trouble is, you are comparing with the Bankcard network.

But a new currency cannot compete directly with an old, because network effects favor the old.

You have to go where Bankcard does not go.

At present, file sharing works by barter for bits. This, however requires the double coincidence of wants. People only upload files they are downloading, and once the download is complete, stop seeding. So only active files, files that quite a lot of people want at the same time, are available.

File sharing requires extremely cheap transactions, several transactions per second per client, day in and day out, with monthly transaction costs being very small per client, so to support file sharing on bitcoins, we will need a layer of account money on top of the bitcoins, supporting transactions of a hundred thousandth the size of the smallest coin, and to support anonymity, chaumian money on top of the account money.

Let us call a bitcoin bank a bink. The bitcoins stand in the same relation to account money as gold stood in the days of the gold standard. The binks, not trusting each other to be liquid when liquidity is most needed, settle out any net discrepancies with each other by moving bit coins around once every hundred thousand seconds or so, so bitcoins do not change owners that often, Most transactions cancel out at the account level. The binks demand bitcoins of each other only because they don’t want to hold account money for too long. So a relatively small amount of bitcoins infrequently transacted can support a somewhat larger amount of account money frequently transacted.


The perception that blockchain cannot scale to support hundreds of millions of transactions per day was born as soon as Bitcoin was presented to the world — likely out of simple misunderstanding of the proposed solution. Almost at that same time there was a proposal to use multilayered network, where blockchain is the underlying layer that only handles settlements from bank-like layers above — what we now call a Lightning Network.

This is an important part to understand the drama surrounding Bitcoin ‘brand’. Bitcoin was never created to be solely a layer for settlements, and the plan to scale the network to hundreds of millions of users was outlined on day two. The version of the Bitcoin that continues the original proposal is called Bitcoin Cash, and there is not a single reason to believe that such a version cannot be called ‘Bitcoin’.

On the other hand, when Satoshi Nakamoto presented Bitcoin to the world, he was heavily criticized for not understanding how networking works, and how his solution is not suitable for the real world:

I really should provide a fleshed out version of your proposal, rather than nagging you to fill out the blind spots.

Bitcoin Core today, with SegWit enabled and Lightning Network around the corner — is such a «fleshed out» version of the original Bitcoin.


Written by Ivan Oparin, Jr. Blockchain Integration Architect at Billion Wallet